Methodology for risk analysis of projects

The risk in the organization activity as an economic and social system open, adaptive, with varying degrees of permeability to the influences from the current business environment, which is increasingly unpredictable and in which the only constant is the change, refers to the probability of not complying with the objectives set in terms of performance, execution and cost. The insufficient application of the recognized project management methodologies can be one of the main causes of projects failures in the organization with major influences on the activity efficiency and the performance recorded. Therefore, the methodology proposed in the paper, wants to be an effective tool, a formalized risk management tool, considered as a cyclical process, with several distinct phases, indispensable to the current organizational practice which should contribute to optimizing the project performance and its successful completion.


Introduction
In the specialty literature the concept of project is presented in a variety of ways, but a jointly accepted definition is that a project is an ensemble of actions or works designed to achieve a single and measurable objective [1].
Thus, the main features of a project are the following: time limits (well set start and end date) and well-defined location in space; it has well-defined objectives and a unique purpose that must be fulfilled in response to an identified problem; it has an approved budget within which must fall; it goes through several phases (design, planning, execution, assessment, completion); it consumes resources (human, material, time, money, which are known from the beginning of the activities); it is an ensemble of activities that involve specific risks; it has a responsible -the leader or project manager, and responsibilities of each team member participating in achieving the project aim are well defined; it has a certain degree of risk that must be well managed for the project to be realized in the timeframe set; it creates a new value -product / service / idea / structure -unique and with a high degree of novelty; it requires interdisciplinary collaboration within a particular organizational structure.
The goal of project management is to prevent or predict as many of the problems that arise and to plan, organize and control the activities so that the project can be completed as effectively as possible and at the time set.This process starts before moving to the allocation of resources and should continue until the whole activity ends.
According to ISO Guide 73:2009, Risk management -Vocabulary, risk is defined as "effect of uncertainty on objectives" where "an effect is a deviation from the expectedpositive and/or negative".Usually, risk magnitude is expressed as the combination of likelihood and consequences of an event [2].
Risk management is a "method of managing that concentrates on identifying and controlling the areas or events that have a potential of causing unwanted change" (Caver 1985), cited by [3].But, in the same time, risk management is an integral part of project management and should be considered a component of any project management methodology [3].

Process of risk management
During the project, the risk management will be treated as an iterative process based on the continuous improvement principle being permanent monitored.All risks which can arise during the project implementation will be taken into account, including those encountered in the preparatory phase of the project proposal.Because some risks are unknown in the proposal stage or emerging, this process will be iterative, see Figure 1.

Risk identification
The first step in this iterative process is to identify as many risks as possible that can be recognized and associated with the project objectives.In order to manage and complete the project successfully risk identification is a critical step and the entire project team should be involved from the beginning of the project.
For risk identification the authors recommend techniques and methods such as: Brainstorming, Checklists, Structured or Semi-Structured Interviews and Scenario analysis.

Risk number
Risk description
Project team modification 3.
Poor experience of the project manager in the relation with the team members and with the persons responsible from the target company 4.
Risks related to the methodology and the development technologies 5.
Lack of interest from potential users for project outcome 6.
Bankruptcy risk of target company

Risk evaluation
The risks identified in the previous step should be assessed in a process of analysis based on the previous experience of the project manager and implementation team.The results of this process of assessment must be considered during the whole project implementation.Risk evaluation can be done by qualitative, semi-quantitative and quantitative methods [5].Thus, it is estimated the probability of the risk emergence, the impact it can have negative or positive on the project's activities and trigger factor of the risk emergence.Risk evaluation should consider the affected activity, the control you have over the risk, potential losses and any benefits or opportunities presented by the risk.In prioritization process the project manager should be the ultimate decision maker by establishing which risks are the most worrisome [3].

Risk evaluation
For the risks identified in the previous stage and presented in Table 1, the trigger factors and the affected activities will be identified.This step is summarized in Figure 2.

Risk response
Risk response development is a critical element in the risk management process and requires finding the best solutions to prevent or response to the identified threats.In this stage are established if any and what action will be taken to address evaluated risks.
Since some risk events have potentially positive outcomes, it's recommended to consider responses for both threat and opportunity [2].

RISK DESCRIPTION PROPOSED STRATEGY
The project team has the competencies needed to implement the activities Team members' skills provide project activities development when a member leaves the team It is necessary that the project manager should be an experienced professional in project management or have experience in monitoring and coordinating activities Have been provided acquisitions for hardware components which ensure project activities development Have been analysed with target company the benefits they expect from the purpose of project.It is necessary to discuss the modality though which the project results fit into their strategic plans or in their work practices It is targeted another company with which there were held preliminary talks in this regard.The literature [3], [4], [10] classifies response strategies for threats as follows: avoidance -the threats are eliminated by removing the cause or chancing the approach; transferencethe impact and management of the risk are transferred to a third party (insurers, subcontractors, and partners); mitigation -it is the process of taking specific actions to reduce the probability and/or reduce the impact of a risk so that if it does occur, the consequences are smaller and easier to fix; acceptance -is the decision to deal with the consequences if a risk event occurs.
The implementation of measures aimed at attenuating the risk consists in applying strategies to eliminate the trigger factors that can generate a risk.Figure 3 shows the proposed strategies for eliminating, attenuating or accepting risks for the case analyzed.

Risk monitoring
For an adequate monitoring of the risks that may emerge during the development and implementation of a project it is necessary to develop a risk management plan as presented in Table 2.It is a synthetic picture of most risks that must be taken into account during the development / implementation of a project.
The Risk Management Plan is a response to the possible events arising from the risk and to the way in which action should be taken to eliminate the potential risks that may emerge during the projects implementation.For a more accurate analysis of the effects generated by the risks we should consider possible scenarios for the project evolution depending on the emergence of the identified risks, on the reactivation of the risks that have been attenuated and even on reconsidering the risks which have not been given particular importance during the evaluation.
Therefore, the process of identifying and monitoring risks in the development and implementation of projects is an iterative process that may suffer major changes from one stage to another.

Conclusions
In this paper we have proposed our own methodology for identifying and attenuating risks that may emerge during the implementation of projects.This methodology was based on the authors experience on coordinating projects and, in particular, research projects and can be apply for any type of projects in the same mode.
So, the risk management of projects is essential to all organizations who implement all types of projects.Many projects fail because in the initiation phase there are not identified all the risks that can emerge during the development and implementation of the project activities.Some risks may have a negative effect on the project evolution and some of them can have positive effects.
Thus it is very important: to integrate the risk management in all the projects; to develop a methodology that identifies "almost all" the risks that may emerge during the project implementation, the risk elements identified must be quantified in order to assess and measure the risk and finally appropriate measures will be provided to attenuate or eliminate the risk.
This methodology can be adapted to any kind of project by identifying all the risk elements that can influence negatively the projects implementation.

Table 1 .
Table1presents a number of risks that may emerge during a project and we refer mainly to research projects thanks to the authors experience in this field.Identified risks.

Table 2 .
Risk management plan.