CIMA E2: Risk Management
Project management, as you are probably aware due to the nature of may recent blog articles, plays a significant part in the CIMA E2 syllabus. Managing projects in the finance department (or office) is becoming increasingly common place and it’s an area of the syllabus I can actually relate to my work experiences directly.
A key theme in the project management section of the E2 paper is based around Risk Management and how to manage the risks you have identified in the planning stage of the project.
The main model or acronym you should remember is TARA.
Once you have drawn up a list of the risks you need to manage they should all fall into one of the above TARA categories. To get a clearer picture of how this works, each category can be placed in a matrix.
If the risk you have identified will have a LOW impact of the business and the probability is also LOW then it would make sense ACCEPT the risk in this instance.
Risk Management Example:
You are running a project that aims to improve the reporting process of the finance department and you have identified a RISK that;
- The support staff on your IT help desk may become overloaded when your new project commences.
- This will have low impact on the project itself as the project will be given proirtiy bu the IT helpdesk but this would affect their other duties.
- Meanwhile, it has a very probable chance of happening due to the small resources on the help desk.
So this risk would be HIGH probability with LOW impact.
Therefore, using the TARA model we would need to take action to REDUCE this risk.
- This can be done by employing temporary support staff on the IT help desk during the time when the project is up and running to ensure the project support is covered as well as the regular tasks by the IT help desk.
TRANSFER: this would be the case of transferring the risk to another party. This risk would have a HIGH impact of the business but in reality it has low chances of happening i.e. an insurance policy is a common way to transfer the risk.
AVOID: if you have identified a risk with HIGH impact and a HIGH chances of happening then urgent attention would be required to ensure the risk was avoided. In most cases, the task should be not be carried out if an alternative solution can not be found. i.e. the option of renting machinery is an alternative from buying the machinery.
REDUCE: reducing the risk can be carried out in many ways – we’ve used one example above on how risk can be reduced. It’s the type of risk that would have a HIGH impact but is unlikely to happen. i.e. the threat of your IT equipment being stolen, therefore this risk can be reduced by buying additional security for the office.
ACCEPT: or risk retention. Here we are saying we have identified the risk but it’s not feasible to try to reduce the risk (could be cost related), so we will just have to accept the risk. Projects could take on lots of small risks that will just have to be accepted as it doesn’t make sense to insurance or negate against this risks.