Risk Management as an Immune System



By Pascal Bohulu Mabelo

South Africa


While there are indications that many project organisations, including those involved in Large Infrastructure Projects, do not take Risk Management (RM) seriously, a closer look would suggest they would rather relegate it to an ad-hoc, optional extra, or nice-to-have practice. For instance, on a multi-billion Rand capital programme, the executive committee once turned down a seasoned RM practitioner; instead, an individual with no proper training was assigned to learn on the job.
It is rare to come across a properly constituted RM team, with Risk Management professionals; if they have not merely appointed a lone ranger practitioner, RM would be neglected altogether.

To many organisations, Risk Management is like a buckler one shall only raise when the situation around the project gets “risky”, not something that should always remain activated. As a result, the entire concept of Risk Management is typically employed either at the project’s outset or, more commonly, when setbacks or impending massive cost and schedule overruns threaten the project.
The author contends that Risk Management should serve as the “immune system” for the project, not only when a threat lurks around—not like the near-blind man who only puts on his pair of glasses afterwards, to figure out how to come out of a ditch he could not see and has fallen in it. Is prevention (i.e., an ongoing approach to RM) not better than cure (i.e., a sporadic approach)?

Risk Management and Project Delivery

Organisations involved in “risky” initiatives (e.g., projects) should implement risk treatments to reduce residual risks to levels acceptable to stakeholders and ensure efficiency and effectiveness —to protect an organisation from potential losses or threats to its continued operation (Ang, 2023). Both the PMBoK (on Project Management) and ISO 31000 (on Risk Management) concur that the aim of Project Risk Management (PRM) should be to increase the “likelihood of success” in projects:

  • “The objectives of Project Risk Management are to increase the probability and impact of positive events, and decrease the probability and impact of negative events in the project.” (PMBoK, 2013)
  • “Risk Management increases the likelihood of an organisation [e.g., project] performing as planned by [1] identifying and [2] managing barriers to meeting objectives in advance […]” (ISO 31000, 2018)

However, poor Risk Management is a constant feature of project failures, even in well-established organisations. Thus, in a previous PRM article, the author laments that Project Risk Management is usually not an integral part of core delivery activities, especially in Large Infrastructure Projects.

“One of the pernicious causes of ineffective application of PRM could stem from its processes not being reconciled to Project Life Cycle methodologies—it shall become an integral part of every phase, process group and aspect of managing the project.” (Mabelo, 2023a)

Especially in Large Infrastructure Projects, given their VUCA properties (Volatility/Vulnerability, Uncertainty, Complexity, Ambiguity), it is not a matter of whether project outcomes might stray from objectives, but rather the extent and impact of these deviations. Risk Management constitutes a tool of choice in ensuring that investments in infrastructure delivery will provide benefits to the various stakeholders by meeting objectives. A failure to manage project risks will often lead to complications and failure of the project; things ought not to be happening in this unfortunate way.

“Research has proven […] that project performance could be improved considerably through the use of Risk Management. This is simply because 70% to 90% of the problems encountered on most projects are predictable and preventable. Risk analyses at the onset of any project will highlight these problems and will increase the chance of completing the project successfully. It will also enable project managers to reduce the time they spend putting out fires.” (Intaver)

Many project teams still fail to identify and manage “predictable and preventable problems” due to three shortcomings or flaws in Risk Management methodologies and approaches, two of which were previously discussed by the author in separate publications, the third being the object of this article:

  • “A major drawback of common Risk Management standards (e.g., ISO 31000, AS/NZS 4360) is in their leaving it to delivery organisations to incorporate the elements of the PRM processes into their project delivery framework […] our current experience is that most organisations fail to articulate ‘how much’ Risk Management should be applied at a specific phase of the Life Cycle. As a result, project risk practitioners either only apply it at the onset (i.e., to produce a Risk Register), or will regurgitate risk-related activities over and over—focussing generally on [the same] construction risks.” (Mabelo, 2023a)
  • “Seeing that ‘Establish Context’ as a Risk Management assessment step provides the understanding that supports the interpretation and appreciation of the outcomes of any ensuing processes, as well as the validation of proposed Risk Treatment measures, a holistic outlook of the Project Context is required. The author argues that any blind spots in the ‘context’ will reflect in and cripple the PRM; treating both wrong (i.e., irrelevant) and false (i.e., inapplicable) risks is detrimental to the project.” (Mabelo, 2023b)

The Large Infrastructure Projects (LIPs) industry will benefit from the greater awareness of fallacies, flaws, and remedies in the management of project risks these three insights provide in their totality.

In a recent Project Risk Management survey, 45.5% of respondents observed that 10% to 50% of their projects have failed—while 54.5% perceived it to be between 50% and 70% (Mabelo, 2023b). Most organisations experience project failures; they just seem to diverge as to how many are failing. Owing to a few shortcomings, PRM continues to disappoint, even across the Southern Africa region.


To read entire paper, click here

How to cite this paper: Mabelo, P. B. (2024). Risk Management as an Immune System; featured paper, PM World Journal, Vol. XIII, Issue II, February. Available online at https://pmworldlibrary.net/wp-content/uploads/2024/02/pmwj138-Feb2024-Mabelo-Risk-Management-as-an-Immune-System.pdf

About the Author

Pascal Bohulu Mabelo

Johannesburg, South Africa


Pascal Bohulu Mabelo, MBA, MSc (Industrial), BSc (Civil), Pr. Eng, Pr. CPM, Pr. PMSA, PMP, has more than 25 years of professional experience and possesses a wide range of technical and managerial skills on large and complex infrastructure projects. He has worked in large infrastructure projects as a design engineer, project/programme manager, project consultant and project management executive. Pascal was honoured to serve as the national chairman of Project Management South Africa (PMSA), the leading Project Management professional association in Southern Africa.

Pascal has published the book: “Managing Engineering Processes in Large Infrastructure Projects” (Cambridge, 2021); he has also published, “How to Manage Project Stakeholders—Effective Strategies for Large Infrastructure Projects” (Routledge, 2020) and “Operational Readiness—How to Achieve Successful System Deployment” (Routledge, 2020). Through various other publications and journal articles, he assiduously promotes the application of Systems Thinking and/or Systems Engineering principles, concepts, and practices to unravel complexity in Large Infrastructure Projects (LIPs) to address their persistent risks of failure and their massive, even pernicious, cost and schedule overruns.

Pascal is currently a Director and Principal Consultant at E 6 Project Consulting or E6PC; for comments, further information, and clarifications he may be contacted at Consult@e6pc.com