Article Preview
TopIntroduction
In the Project Management body of knowledge, risk management is defined as “the systematic process of identifying, analyzing, and responding to project risks” (Project Management Institute, 2004). Many studies have shown that there is a direct relationship between risk management practices and success of a project (Elkington & Smallman, 2002; Raz et al., 2002; Hongxia & Baihua, 2010). Failure to identify risk events and develop an appropriate risk response/management plan may result in failure to meet time, budget and quality goals of project.
A project risk analysis/evaluation process aims at assessing the impact of identified risk events on given projects. Traditionally, several rules of thumb, derived from experience and intuition, have been used to do so. Such approaches rarely deal with uncertainty, do not systematically address risks, and are useful only in specific contexts and cases. As complexity and uncertainty in projects increase, using rules of thumb and intuition is no longer helpful, and is sometimes misleading. In this sense, the development of systematic project risk evaluation processes has received a growing attention (Mustafa & Al Bahar, 1991; Barki et al., 1993; Miller & Lessard, 2001; Bodea & Dascalu, 2010; Locatelli & Mancini, 2010).
Current evaluation techniques can be classified into two groups: qualitative or quantitative. Some of the most commonly used qualitative methods are probability impact risk rating matrices, and risk breakdown structure. Quantitative methods include simulation, decision trees, and sensitivity analysis (Kerzner, 2001). Both groups of methods are associated with some limitations. In probabilistic models, for instance, detailed quantitative information is usually required, which is not often available in real-world projects; moreover, since in many cases decision making may heavily rely on experts’ judgments, the models should be capable of dealing with subjectivities, in addition to quantitative aspects.
To deal with the multidimensionality of project risk analysis, multi-criteria decision models have been proposed for project risk evaluation (Dey, 2002; Millet & Wedley, 2002; Tüysüz & Kahraman, 2006). The Analytic Hierarchy Process (AHP) is the most cited multiple criteria decision making approach (Wallenius et al., 2008); this method allows considering both subjective and objective factors in an evaluation process. The literature reports many instances where AHP has been applied in evaluating project risk. In Mustafa and Al Bahar (1991), Dey (2002), Dey and Ogunlana (2002), and Zayed et al. (2008) AHP is used to estimate the likelihood of various risk events. Millet and Wedley (2002) applied AHP in risk modeling through several case studies. Tüysüz and Kahraman (2006) proposed the use of fuzzy AHP to evaluate project risks on the basis of heuristic knowledge of project managers. The main criticism of AHP is the fact that it can give rise to “rank reversal,” that is, it may happen that when additional alternatives are added to the decision problem, the ranking of the previously considered alternatives may change. Although this is a controversial issue and there are two schools of thoughts about it, it is worthwhile mentioning that there exists a version of AHP (the “ideal synthesis”) that prevents rank reversal (Forman & Gass, 2001; Saaty, 2001).
The general outline for using AHP in project risk assessment consists in defining risk levels (e.g., high, moderate and low) at the bottom of the hierarchy, risk factors (events) and their sub risk factors as the second and third layers, and the collective project risk evaluation as the top overall goal layer. Note that in such applications, there are some differences with the classical AHP approach, as the impact of a risk event is the confluence of the event’s likelihood and magnitude.