1. Project Management Process Improvement:
Risk Management Processes
A dissertation submitted in partial fulfillment of the requirements
for the award of
Post-Graduate Diploma in Management
by
MadhumantiSamaddar
Roll No. – 12EX-023
IMT
Post Graduate Diploma in Management-Executive
Institute of Management Technology
Ghaziabad 122 001
October, 2013

2. Project Management Process Improvement:
Risk Management Processes
A dissertation submitted in partial fulfillment of the requirements
for the award of
Post-Graduate Diploma in Management-Executive
by
MadhumantiSamaddar
Roll No. - 12EX-023
Under the guidance of
Dr. K. K. Sharma
Assistant Professor
IMT, Ghaziabad
IMT
Post Graduate Diploma in Business Management-Executive
Institute of Management Technology
Ghaziabad 201 001
October, 2013

3. .
Certificate
This is to certify that Project titled "Project Management Process Improvement: RiskManagement
Processes" submitted by “MadhumantiSamajhdar” (12EX-023) for the partial fulfillment of the
requirement of Post Graduate Diploma in Business Management-Executive is a bonafide work carried out
by him, under my guidance and supervision.
The work has not been submitted by him/her elsewhere for the award of any other degree/diploma.
Dated…………
Dated__________
Dated…………..
Signature of the faculty guide
Signature of external guide
Counter signed by
Chairperson, PGDM-E

4. .
ACKNOWLEDGEMENT
Here I want to express my sincere thanks to my project mentor Prof. Keshav Kumar Sharma for his
kind help and interest in my study. Without his support it would not be possible for me to present this report
in front of the board.
I also want to express my sincere gratitude towards the officials in the industries, well performing
in their own positions, for discussing with me freely the trend and the status of risk management in the
industries.
In addition, I am also thankful to our Program Chairperson Prof. ReshmiAgrewal and the body of
Institute of Management Technology for granting me with this project.
Madhumanti
Roll No.- 12EX-023
PGDM (Executive), 2013
IMT, Ghaziabad

5. Table of Contents

6. Abstract
Project Management Process Improvement:
Risk Management Processes
by
MadhumantiSamaddar
This study is done solely to fulfill the partial requirements for the award of the degree of post
graduate diploma in management (executive), 2013.
This study focusses on the risk management practices in the Indian industries and suggests some
improved approaches. We come to know about risk management through PMBoK. It is described as a part
of project management. In PMBoK we can see two approaches to cater risks in individual projects. The
approaches are: qualitative approach and quantitative approach.
These are good enough for individual projects and can be converted into common practices to cater
risks in similar projects also. But they have no connection with the organizational strategic goals and they
are unable to cater the „project risk‟ also.
Hence, we bring the concept of project management maturity here. There are various models for
achieving project management maturity. The two majorly accepted models are Berkeley‟s PM2 model and
OPM3 model. Both models talks about the increase of the capability of the project management processes.
Thorough this we can achieve the connection between organizational goals and the project risk
management.
They talk about various levels to define the maturity of the organization as well as the project
management. They give the broad picture to manage risks. They suggest that through systematic approach
we can increase the organizational maturity and also improve the maturity of risk management by making it
into a good habit of doing works.
We also have collected information from the industries about their approaches and awareness of
risk management and process maturity. From there we can call the levels, as per Berkeley‟s model, as 2.5
for construction industry, 3 for financial industry and 4 for information technology industry and also for
management consultancy industry.
We can also derive from the results of our survey that the higher the knowledge and
implementation of organizational maturity models, the lower the number of unsolved risks. Hence we can
conclude that,
1. Project management should be approached as a part of organizational strategy.
2. Project management maturity models should be employed along with individual project
management plans
3. Risk management is a part of project management, hence a part of project management
maturity also
4. Awareness should be created within the organization about the approach towards risk
management through organizational and project maturity models.
5. This wholistic approach can convert risk into opportunities and demolish the fear towards risks

7. List of Figures
Description
Page
PMI project management processes
Evolution of project knowledge through project development
Risk management cycle
Berkeley‟s PM2 model stages chart
OPM3 model maturity cycle
List of Tables
Description
Page
Table – 1: Demographics of the sample
Table – 2: Analysis of the findings
Table – 3: Correlation chart from Minitab 15
List of Appendices
Description
Page
Appendix 1. (Questionnaire)
List of Abbreviations
PMBoK
OPM3
PMI
EPC
IT
CMMI
PM
PMM
Project Management Book of Knowledge by Project Management Institute
Organizational Project Management Maturity Model by PMI
Project Management Institute
Engineering Procurement Construction
Information Technology
Capability maturity model integration
Project Management
Project Management Maturity

8. 1. Introduction:
To sustain an organization over decades the main focus should be on markets. Here the term
„markets‟ means the space congested with consumers and customers. We all know here that apart from
direct consumers there are various types of customers directing the „trend‟ of „market‟. This trend is
continuously changing; the rate of changing may be slow for some industries and fast for some others. But
the important point here is the „changes in trends of markets‟.
So, the obvious point here is how to detect the changes. The answer is more or less same for all
type of industries and customers. We have to track it, perform market researches, and talk to customers or
by feeling yourself as a customer. There are many other precisely technical techniques, marketers can
explain better. These techniques help organizations to gather data and understand where it is going. Now,
after detecting the trends, we have to move ourselves at those same directions.
The problems start from here. We have an intact processset-up in our organization. The KPIs,
KRAs are all set. And change means new things. So, to make the change map in our own way we need
some other process, which may be temporary. But it will make the organization adjust with the change with
all its existing operational processes. This temporary process is known as „project‟.
So the project is required only when there is a change. But we got to know above that „change is the
only constant‟. Hence, in these days companies have to run projects in continuous basis, one after another.
This is the reason that these days project management process are becoming most important for companies.
Project helps companies not only to keep up with changing trends of markets but also in expansion,
diversion, capacity increment, mergers & acquisitions and in many other ways.
2. Concept and Methodology:
Here we will be discussing about the risks and how to take care of it. „Risk management‟ is in itself
a vast domain to discuss. We will try to understand the framework for risk management. Then we will also
try to see it as a part of „project management maturity‟. There are models to implement it. We will be trying
to analyze how to do it better and how organizations are doing it in good ways.
2.1. Problem Statement:
In India industries do not take risk management seriously, mainly in EPC or construction domain.
But risks are the reason for many delayed projects or many unsuccessful projects. This costs a lot to the
company; not only in financial terms but also in reputational measures. Hence it is time to look into risks
systematically and think of how to improve risk management.
2.2. Research Purpose:
There are methods of risk management in project management processes. Level one is qualitative
methods, level two is quantitative methods. But project management maturity methods can form higher

9. levels for risk management. Our purpose here is to find out relationship between risk management and
project management maturity.
2.3. Research Objective:
The objectives are,
From literature,
1. To know about the risk management practices in project management
2. To know about PMM and its models
3. To know how PMM is connected to risk management
From industry survey,
4. To understand risk management awareness in EPC industry
5. To understand risk management practices in EPC industry
6. To understand levels achieved in PMM in EPC industry
7. To compare above understandings with other industries
8. To understand relationship between PMM and risk management
2.4. Research Questions:
The questions are,
1.
2.
3.
4.
What are the risk management practices in EPC industry?
What is the level achieved in PMM in EPC industry?
Where the industry is standing as compared with other industries?
What is the relationship between PMM and risk management?
2.5. Conceptual Framework:
Individual project risk
management
Risk management as a part of
financial strategies
Risk management combined
with firm‟s strategic objectives
Organizational maturity level increases
Qualitative risk management
Quantitative risk management
Risk management through PMM
Risk management level increases
This framework describes that the higher the organization is matured, the higher the risk
management practices are being used.

10. 2.6. Methodology:
The methodology is mainly research based. We have a vast number of research papers, articles etc.
and most of all books like Project Management Book of Knowledge etc. From these sources we will try to
understand the risk management processes. Then we will discuss about project management maturity and
try to discuss the advantages of risk management through this.
Here we need some industry connect. A questionnaire has been prepared. These questions were
asked to my personal industry contacts. The survey was done through mail and through telephonic
conversation also. For contacts‟ organizational privacy the names and contacts cannot be listed here.
The questionnaire is attached here in Appendix 1. This is solely prepared to serve the purpose of
our study. Hence this is focused on risk management, through conventional processes and also through
project management maturity. „Minitab‟ software has been used to find out the „correlation‟ between risk
management awareness and PMM level of organizations.
The industries covered are mainly EPC and construction; but there are entries from IT industry,
financial firm and management consultancy also.
3. Literature Survey:
3.1. The Risks and Project Management:
There may be various types of projects like, new product development project in medicine industry,
capacity expansion projects I power plants or new channel development projects of selling in financial
organizations. All kind of projects follow some simple phases which are same for all types of industries.
These phases/ steps we can find in PMBoK (Project Management Book of Knowledge) as shown below.
These are very generic. To execute project we have to design the deliverables in each steps. These
will vary as per the industry, the nature of the project and the corporate strategy of that particular
organization.

11. 3.1.1.The Risks:
Every project manager wants his/ her project to be problem free. Every team member also wants the
same as well. But still there some problems remain. We get to know from PMBoK that project is associated
with various stakeholders. They all have different interests, may be conflicting some times. This is one of
the most critical types of problem.
There are many other types of problems. As we now know project flows through processes. The
phases are nothing but the major processes. There will be innumerous sub-processes within them. These
sub-processes will be inclusive of other different sub-processes. By this way, going to micro level of project
processes we finally reach to activity levels. These are the real parts which we have to execute. This may
sound like project processes are entirely manual as activities are to be done by persons only. But the design
of processes and sub-processes makes the total system machine like; reducing manual error. Well, though
the percentage of manual dependency is different from industry to industry.
Let us understand it in more details. We have seen above the basic steps of project management
process. The first one is „initiating process‟. In this step we initiate project. Discuss the scope, requirements,
extent, feasibility and other basic things of the project. As example, we can think of „extent‟ of the project.
The project owner already knows why he/ she have to initiate the project. He/ she can calculate the entire
pros & cons in financial terms. But there may be some zone of implications which is not in the viewing
angle of him. Hence while calculating the „extent‟ he may overlook it entirely by lack of knowledge. Like,
if we can think increasing employee efficiency by increasing variable pay may be a human resource project
process, but there may be some special terms of employee agreement in finance department which may
reduce employee efficiency through variable pay. The project owner in human resource may be completely
unaware of this fact; hence this project may have negative effect in finance department.
So, this is an example of a „problem‟ which is a „risk‟ as well. The difference between „problem‟
and „risk‟ here is, the problem which has a financial implication is called as a „risk‟. There may be problems
with non-financial implication also. Those are not „risks‟ and hence not critical for project management
processes.
Hence there will be risks at each and every step. These are mainly either process related or manual.
We have to understand, brainstorm for these risks from the very beginning.
3.1.2. Types of Risks:
There are two types of risks, anticipated and unanticipated. As we have already understood that the
initiating process also has risks; but we have overcome this by brainstorming in cross-functional teams. In
planning process, we try to understand the risks at execution phase. But the planning phase also has its own
risks.
We may try to think of a situation where we know delay will occur. Like if we are trying to
construct a new highway across country there may be some issues may not had seen at planning stages;
only can be understood at execution stage. Here we can‟t help but delay will come along. One can argue
that if all the influencing factors we can imagine at planning stage, this will never happen. But we also have
to remember that human error occurs at least 15% time. And also planning stages also may have undergone
some risks.

12. This is a situation of anticipated risk. As here we know delay will occur. Hence we may schedule
some extra time, over required, for this particular process; so that the entire project will not suffer. There are
situations for unanticipated risks also. Like in any branding campaign project the theme mat hurt the sense
of the local belief. A foreign company may be entirely unaware of that risk. In such a situation we have to
redesign the project baselines as per new ideas.
Hence the anticipated risks may not be known at the start of the project; but can be catered by some
special means like keeping fire-fighting funds etc. But the unanticipated risks are more dangerous in nature.
They affect the cost, quality and time, which in turn results into financial terms. But here we should know
some projects are repetitive type in nature; like new medicine development. The processes and subprocesses are more or less same. Hence the percentage of anticipated risks is more than unanticipated risks.
But entirely new projects or rare projects, like building Eifel Tower, have percentage of more unanticipated
risks than anticipated ones.
Still companies like to take some measures to cater any kind of risks in later stages. Some of the
measures are here,
Allocating additional time to some activities
Keeping up contingency funds
Implementing alarms to some critical stages
Keeping prevention methodology for quality etc.
But all the plans ultimately leads to fund management, as we all know that implication in time or quality
will lead to cost.

13. 3.1.3. Managing Risks:
Apart from just being precautional, we have to go systematically to cater risks. Here, we can see in
PMBoK and other project management guides that we have to first assess risks, map them properly and
then we can think of plans to execute. There may be a huge number of risks. We have to identify which one
just needs some more time and which one needs a complete plan of action. This process is known as risk
assessment.
There are mainly two types of approaches for risk assessment; qualitative and quantitative. The
preferences depends upon industry types, risk types etc. Though, it is good to know that the financial firms
and information technology firms prefer the quantitative approaches mostly. But the construction or
mechanical firms and any other types of firms prefers the qualitative approach.
These qualitative approaches help us to map the risks as per their severity. Here we try to
understand the occurrence probability, severity, impact etc. Then we mark them on a relative scale. The
risks appear on top, we focus on them first. There are several methods to go with this approach. Some
organizations may have developed their own charts and methods for qualitative risk assessment. FMEA is a
well-known and mostly used method or tool for qualitative risk assessment. Here we can find a RPN (Risk
Probability Number) at the end. This helps us to identify the most problematic ones.
The quantitative approaches are mostly bound by numbers. Here we have to know the exact value
of that risk. There are also several methods; but all of them depend upon some common factors. These are:
tangible or intangible asset values, threat frequency, vulnerability, safeguard effectiveness, safeguard cost
or impact and uncertainty or probability of that risk. Here risk is defined as a dependent variable on these
independent variables. Various formulae are being used here, which also depends upon industry and risk
types. The generic formula is,
R = f ( AV, V, I, T, P, etc…)
Where, R = risk
AV = asset value
V = vulnerability
I = impact
T = threat
P = probability
Clearly, the qualitative approach is very objective. The team has to put effort to make it
realistic and attainable. The quantitative approach is more subjective one comparatively. But here also we
have to go objective to some extent like in probability etc.
After proper risk assessment, we have to plan a course of action. We also have to generate some
methods to monitor risks. PMBoK has listed and described these methods. The plan of action is to be in line
with the risk assessments. Then we have to first study risk responses. Depending on the responses we are
getting we have to monitor and control risk. One can plan and assess risks very well; but only through
proper monitoring and control risk can be catered.
This is a cyclic process. Every time we see there is a problem in the risk response, we have to
start it again or modify it again. The cycle is as below,

14. 3.1.4. Challenges:
Though risk management by this process is suggested by most project management guides; but this
is mainly dependent on the team. From the very beginning we have to identify the risks correctly and
completely. If we overlook some, it may become critical afterwards.
Then also in planning process, we have to detect the most appropriate plan to cater risks. In all the
steps, assessment, responses, controlling, the process depends upon manual intervention.
We have talked about the risks in the project. There are some projects which is risky in nature. This
is called the „project risk‟. The process described above does not help us to cater the project risk. This
process is helpful for risks in the project.
Hence, we can see at the time of defining the project, we are discussing about the strategic goals of
the firm. But after commencement of the project, there is no option to relate the project decisions with the
corporate strategies. Hence the project may be successful, but there no guaranty remains that it will also
fulfill the needs of corporate strategy as was thought previously.
There is one more ambiguity. This process, we discussed, is project oriented. This does not guide us
about the repeatability and reproducibility in an entirely different project. We have to again generate all the
documents; benchmarking is least possible. Hence, due to these problems the search for best practice of
project management still remains.

15. These problems can be accounted to some extent through the methods of „project management
maturity‟. Through this not only we can get in touch of corporate strategies all the time but also we can run
through a proper channel of processes. Hence, „project risk‟ and „risks of the project‟ both can be catered.
3.2. Project Management Maturity and Risk:
In Oxford Advanced Learners‟ Dictionary (2004), the meaning of „mature‟ is as below,
(1) fully-developed or grown up
(2) to develop emotionally and start to behave like a sensible adult
(3) of plans or theories, it can mean that they are fully considered or perfected
(4) ofinsurance policies or bills, it can mean due or payable
(5) of fruit, wine or cheese, it can mean ripe or fully aged
This means when a project is fully grown is can be called as project maturity stage. But from the
models like Berkeley or OPM3 etc., it is known that the definition is somewhat different from the original
English meaning. Previously we have discussed that no state is constant in this changing world. Hence one
perfect process also is not sufficient to say „mature‟. The whole learning from this concept is the project
management processes also have to be improved constantly to keep up with changing organizational goals.
The higher the perfection is, the mature the model is.
These models help us to connect the project management processes with the organizational goals
and strategic plans. These models have their guidelines starting from project management through program
management till portfolio management. Let us discuss in details.
These models are known as „capability-maturity models‟. Here the useful terms are, „capability,
outcome, best practices‟ etc. As per CMMI Product Team the proper definition is “the extent to which an
organization has explicitly and consistently deployed processes that are documented, managed, measured,
controlled, and continually improved. Organizational maturity may be measured via appraisals”.
Here „capability‟ is the key concept. Every process has a limit of capability. This capability leads
the process to desired results or „outcomes‟. These outcomes define the perfection of the process and also
„level of maturity‟ of the process. This relates to the organizational goals and strategic intents. This
capability can also be improved through proper planning, monitoring and controlling. The two major
models, Berkeley‟s and OPM3, give standards and levels to attend the process maturity.
In the Berkeley‟s model we can see the level of maturity ranges from 1 (low) to 5 (high) using a
Likert scale for both key project management processes and major organizational characteristics. Each level
breaks PM processes and practices into nine PM knowledge areas and five PM phases, from PMBoK. Each
level looks like the chart below,

16. Whereas the OPM3 model clearly focusses on the improvement through project, program and
portfolio management. This method describes a cyclic process to be followed through „knowledge,
assessment and improvement‟ through process improvement stages of „standardize, measure, control and
continuous improvement‟. This cycle is to be followed in each stage and improving towards portfolio
management from project management through program management. The cycle is,
3.2.1. Connecting with Risk:
Now question arises „how to manage risk through these?‟ and „how the challenges are being take
care of?‟ Here also risk management appears as a part of project management. All these processes talk of
process capability enhancement through continuous improvement. Capability decreases whenever there is a
problem unsolved or not solved properly. This is nothing but a risk.
Let us discuss point wise. Here project management is seen as a part of the strategic plan of the
organization. Through the levels of project management maturity we improve the outcomes towards the
strategic goals. Hence there is no loss of understanding remains between the organizational processes and
project management processes.
The „project risk‟, as described above, is also being catered in the plans from the right beginning.
When we start planning through the levels of the maturity models, we have to think about the entire project
also. While developing knowledge, as per OPM3, we have to gather the knowledge of the projects and their
connections with organizational processes. Hence the „project risk‟ has to be defined properly and
obviously plan has to be made according to that only.
These maturity models are cyclic processes, as we have seen above. We have to repeat each and
every activity in each level of maturity. We have to prepare standard practices for project management at
the very beginning. And improve this standard further through consecutive levels. Hence our project
management practices become similar for each kind of project in the organization. This standard may vary

17. from industry to industry and from organization to organization. But for a particular organization this
remains standard. These standard processes now have to be used in each project, similar or new. Here
increases the repeatability and reproducibility of the project management processes by standardization.
These standards also have to keep improving to attain the highest level of maturity. This means
improvement of the process to attain the desired capability and after attaining this improvement of the
capability towards higher levels of maturity. This is cyclic as we have already discussed. Hence project
management becomes not a fire fighting job; but a well-designed process to flow free.
This is how the human intervention is also can be reduced. The settled the process is, the less it will
be dependent on human intervention. At lower stages of project management maturity the human
intervention may be high. But as the level increases the intervention decreases and the orientation towards
process improves. This is how the risks can be managed methodically through project management maturity
models.
4. Industry Survey:
4.1. Hypothesis:
Here the null hypothesis will be „risk management is dependent on PMM‟ and the alternate
hypothesis will be „there is no relation between risk management and PMM‟.
4.2. The Sample:
The demographics of the people, who supplied information is as below,
Industry
Construction
Information
Technology
Consultancy
Financial
Male
92.3%
62.5%
55.56%
80%
Female
7.7%
37.5%
44.44%
20%
25 - 35
34.62%
81.25%
22.22%
60%
35 - 45
46.15%
18.75%
66.67%
40%
45 above
19.23%
--
11.11%
--
Gender
Age groups
Table-1
Sample has been chosen based on my personal contacts in industries; like, engineering college
alumni/ alumnae, officials from my previous client organizations, officials from engineering consultancy
firms, seniors of my management college, my social network contacts etc. Number of persons, who was
approached for this study, is above hundred. Number of respondents is fifty six, in which 47% are from
EPC/ construction industry, 29% are from IT industry, 15% are from consultancy and rests are from finance
industry.

18. 4.2. Findings:
We have already revealed that we have collected information about the current risk management
practices from the industries. The results are as below,
Poor
Moderate
Good
Construction
Finance
IT, Consultancy
Contingency funds
Finance, IT
Construction,
Consultancy
Qualitative approach (only)
Construction
IT, Consultancy
Risk Awareness
Quantitative approach (only)
Construction
Consultancy
Finance, IT
Project Management Maturity
awareness
Construction
Finance
IT, Consultancy,
Levels achieved in PMM
Construction
Finance
IT, Consultancy
Table-2
Hence from the above table, we can see that though construction industry is majorly project based
in general view, the maturity level is considerably low here. Whereas, in IT and consultancy industry, the
project management is being taken more systematically. In financial industry the concept of project
management is also not lagging behind. We can also see that the higher the concept of maturity, the more
the percentages of solved risks.
But the awareness of maturity models is mostly found in IT and consultancy industry. There are
proper project process enhancement teams, who are involved in the internal project management process
improvement only. They are well aware of risks and continuously improving the risk management
processes also. They are also well knowledgeable about the connection between portfolio management and
risk management; and satisfactorily practicing those measures. Through the level as per Berkeley‟s model is
not more than 4, the practice is good here.
In finance the process review and mapping of projects with organizational goals is found; but not
through proper theoretical models available. Hence the level as per Berkeley‟s model can be called as 3.
There are industry standards to manage risk and also to connect to portfolio management through project
management.
In construction industry the picture is poorer. The process improvement activities are not very well
practiced here. Hence standardization of project management processes through learning and improvement
is also almost absent here. The common practice here is approaching the projects as individual basis only.
Hence the level as per Berkeley‟s model can be called not more than 2.5.
The construction industry generally takes the help of management consulting firms to improve their
processes. They are also trying their level best. Hence it can be told that the improvement is in process. But
the rate is too slow as the awareness is not good in this industry as compared with IT industry.

19. 4.3. Correlation:
Let us check the table available from Minitab 15,
Correlations: Q-1, Q-2, Q-3, Q-4, Q-5, Q-6, Q-9, Q-10, Q-11
Q-2
Q-1
0.648
0.001
Q-2
Q-3
Q-4
Q-5
Q-6
Q-9
Q-10
Q-3
0.491 0.834
0.024 0.000
Q-4
0.383 0.805 0.715
0.086 0.000 0.000
Q-5
0.513 0.702 0.728 0.707
0.017 0.000 0.000 0.000
Q-6
0.575 0.797 0.803 0.663 0.865
0.006 0.000 0.000 0.001 0.000
Q-9
0.491 0.834 1.000 0.715 0.728 0.803
0.024 0.000
* 0.000 0.000 0.000
Q-10 0.502 0.811 0.802 0.793 0.770 0.725 0.802
0.020 0.000 0.000 0.000 0.000 0.000 0.000
Q-11 0.360 0.773 0.767 0.836 0.697 0.713 0.767 0.795
0.109 0.000 0.000 0.000 0.000 0.000 0.000 0.000
Cell Contents: Pearson correlation
P-Value
Table-3
From the above table, we can see that things are well positively correlated to each other. Number of
person responsible for risk management is almost related to other issues. From this analysis it is getting
clear that risk management maturity increases along with organizational maturity levels.
6. Suggestion and Conclusion:
We have discussed about the risk management practices in project management as suggested by
PMBoK. We have also discussed how it can be done better through project management maturity models.
Hence as conclusion we can say that the basic approaches of risk management are good enough for
individual projects. But we have to go for maturity models for entire organizational process improvement.
The maturity models are nothing but continuous improvement through PMBoK risk management
approaches. These also take care of organizational strategic goals. Hence the approach should start with
maturity models and then into micro levels like individual project risk management. There a sense of risk
management through maturity process management should be created throughout the organization. To
enable people look towards risks more systematically without fear. This not only will help the organizations
to achieve strategic goals but also will help to manage risk in more efficient ways. Hence, risk can be
converted into opportunities and will not become nightmare of the project manager.

20. Appendix 1.
Questionnaire
1.
The responsibility for risk management is documented and understood throughout the organization
Strongly disagree
Disagree
Neutral
Agree
Strongly agree
2.
Number of person responsible for risk management especially
The project manager only
One for maximum projects
One for each project
One team is there
Centralized team handling each project separately
3.
Starting point of risk assessment planning
When a problem is there
Contingency fund is there
Starting of the project
Starting of the program
It is a continuous process now
4.
Number of documents being used
What document
Whatever and whenever required
As per PMBoK
5.
Contingency fund as a % of total project cost
Dependent on the project risk
< 3%
3% – 10%

21. 6.
% of qualitative approach
Totally qualitative/ not possible to be quantitative
>70%
70% - 30%
7.
Method of qualitative approach
8.
Method of quantitative approach
9.
Number of times tallying risk plan with corporate strategy
Risk is project management thing
At the beginning of the program
At the beginning of the project
Whenever bigger problem comes
It is a continuous process now
10.
Availability of risk management plan
Whenever required it is prepared
Contingency fund is there
Inclusive in project management plan
At the starting of the project
It is a continuous process now
11.
Availability of project management maturity plan
Project management plan is there
At the starting of the program
It is a continuous process now
12.
Levels achieved in PM maturity

22. References
1. Project Management Book of Knowledge (4th Edition) by Project Management Institute
2. Project Risk Management Handbook by Risk Management Task Group of Caltrans
3. Project Management Guidebook by Method123 Limited.
4. Project Risk ManagementGuidance for WSDOT Projects, October 2013 by Washington State
Department of Transportation
5. IT Risk Assessment: Quantitative and Qualitative Approach by Artur Rot
6. Qualitative Risk Analysis Method Comparison by HrvojeSegudovic
7. Risk Management and Analysis: Risk Assessment (Qualitative and Quantitative) by Valentin P.
Mazarenu
8. Qualitative Risk Assessment for Dendrobium Mines by Illawara Coal Carbon Steel Materials
9. Managing Risk in EPC Contracts – The Hitachi Approach by Yukio Nakagawa
10. Managing Risk in Projects by David Hilson and Gower
11. Journals from Sans Technology Institute
12. Risks and Mitigation Measures in Build-Operate-Transfer Projects by Syed KamarulBakri Syed
Ahmad Bokharey, KalaikumarVallyutham, Narayanan Sambu Potty and Nabilah Abu Bakar
13. The Berkeley Project Management Process Maturity Model: Measuring The Value of Project
Management by Young HoonKwak and C. William Ibbs
14. Project Management Process MaturityPM2Model by Young HoonKwakand C. William Ibbs
15. Project Maturity in Organizations by Erling S. Andersen and Svein Arne Jessen
16. Measurement of Organizational Maturity by Terence J. Cooke-Davies
17. Organizational Project Management Maturity Model OPM3 by Project Management Institute
18. Organizational Project Management Maturity Model OPM3 byJerry Wright andMilt Jones
19. Projects and Organizations by Nathalie Drouin and Claude Besner
20. The Role of Project ManagementMaturity and Organizational Culture in Perceived Performance by
Hulya Julie Yazici
21. Benchmarking Project Management Maturity in Two Organizations by CarlHellered
22. Management of Networks of Projects by Roland Gareis
23. On a New Philosophy of Project Management by Stephen Jonathan Whitty
24. Project Management Maturity: An Industry Benchmark by James S. Pennypacker and Kevin P.
Grant
25. The Theoretical Approach to Project Portfolio Maturity Management by BroniusNeverauskas and
RutaČiutienė
26. Assessing Project Management Maturity by Young HoonKwak and C. William Ibbs
27. PM Baseline by Projekt Management Austria