The distribution of the literature based on its source.
The majority of the approaches to managing project risk follow the logic of process groups. Project Management Institute (PMI) has 29 tools and techniques related to risk management process groups. Consequently, engineering and business schools have been accused of educating managers with sharp analytical skills but little understanding of social problems. The literature suggests that too much attention is focused on learning the techniques and formalities of risk management but not enough on the advanced issues of management. Also, the literature argues that there are two approaches to project management (hard and soft). The hard side only covers part of the managerial aspects which helps to manage foreseeable uncertainties. However, unforeseeable uncertainties need skills that related to soft side approaches such as emotional intelligence, navigating the organization’s culture, risk attitude, participative leadership style, and managing the relationship with stakeholders. This study provides an intensive review of the literature to discuss the need for integrating the hard and soft sides of management to achieve an effective risk management process. In addition, it proposes a conceptual framework that provides guidelines to enhance overall risk management efficiency.
- risk management
- unforeseeable uncertainties
- risk attitude
- emotional intelligence
- organization’s culture
The last decade showed an industrial engineering growth toward nontraditional industries, particularly information technology (IT) and service-related industries that add considering technical, organizational, ethical, social, legal, and economic factors to the project management process [1, 2, 3, 4, 5, 6]. Moreover, Industrial engineering is known for creating new systems to solve problems related to waste and inefficiency .
Project management is a critical area of knowledge in the Industrial engineering curriculum around the world . An increasing number of private and public organizations start adopting formal principles of project management to develop and deliver new or improved products, services, and organizational process changes . Further, many researchers investigate ways to develop and enhance the organization’s management practice .
The current studies of the project management process focus strongly on project risk management . The current focus toward integration between partners, lean production, and outsourcing within industrial engineering has led to increase uncertainties and spike the number of accidents in the industry . Consequently, organizations are giving more attention and value to risk management for improving project efficiency and effectiveness . In [13, 14, 15, 16], risk management was described as a continuous process that supports the completion of the project on time, within budget, to the required quality, and with proper provision for the safety and environmental standards.
The relationship between risk management and project success or failure has been studied extensively in the last decades [10, 12, 14, 17, 18, 19, 20]. However, the risk management process shows a wide gap between theory and practice [21, 22]. The theory focuses on learning the techniques, planning methods, and formalities of project management while unintentionally overlook the nontraditional soft approach of management [2, 3, 22, 23, 24].
Effective project risk management obliges a wide-ranging involvement and integration across all segments of the project teams and their environment . The results of previous studies that focused on risk management impact on the project success show that there are contradictions in the findings . This contradiction can be explained by the tendency of the researchers to neglect aspects of uncertainty management such as considering the soft side of project management and its impact on the overall performance [10, 22].
The project management process can be categorized into hard and soft sides/approaches/skills [22, 26, 27, 28, 29, 30, 31]. The hard skills focus on applying tools and techniques within project management and usually described as a science and comprise processes . On the other hand, the soft skills are largely intangible, not associated with a deliverable or a concrete output, and enable working through and with people along with handling the associated human factors [22, 30].
The distinction between the concept of risk and uncertainty is still not fully clear in the context of project management [10, 32, 33]. In  the uncertainty was classified according to the project management techniques related to it into variation, foreseen uncertainty, unforeseen uncertainty, and chaos. Consequently, the management approach must be generated according to the types of uncertainties [10, 32, 34, 35]. In , it was suggested that the hard side of risk management covers the part that can manage variation and foreseen uncertainties while unforeseen uncertainties and chaos need other skills that related to the soft side.
The mere existence of accepted principles, well-defined processes, and widespread practice is not sufficient to guarantee success . The hard skills just started to be viewed by many organizations more as baseline competencies rather than an additional practice that needed to improve the management process . Moreover, the hard side should be considered as a necessity for the survival of the organization but not a sufficient tool in managing project risks . Consequently, effective project management needs a balance between hard and soft skills [2, 28, 30].
Effective project risk management can be achieved depending on the involvement of the project team in the management process, which required a good understanding of the team environment . Hence, the last decade presented a competitive global market creating a changing work environment that demands engineers who possess soft skills . Further, the current risk management practices require investing more time and effort on the soft skills in order to advance the risk management process [10, 22, 24, 28, 37, 38].
This study aims to create a deeper understanding of the project risk management process by exploring the literate to investigate the potentials of integrating the hard and soft sides of risk project management. In addition, propose a broader conceptual framework for assessing and enhancing the project risk management process by including comprehensive risk management tools and techniques adopted from both sides.
This review covers academic publications based on theoretical and empirical findings on the concept of Risk Management. Literature was obtained through electronic searching strategy from major databases available to the researchers. The database used for this research includes but not limited to Web of Science, Science Direct, and Scopus. In other words, the database offers extensive studies on the risk project management process. However, relatively few studies were to be found concentrating on the soft skills acclimation and integration during the risk management process.
The initial search was broad enough to allow for as many results as possible including words that could identify as part of the risk management process. English was chosen to be the medium of communication. Therefore, publications that are not written in English were excluded. Moreover, this research focuses on the current research studies, studies that were published after 2005, unless if specific research offers a unique point of view or valuable contribution. Table 1 shows the distribution of the literature, which were included in this research, based on its sources of publications.
|International Journal of Project Management||9|
|International Conference on Industrial Engineering and Engineering Management. IEEE||4|
|John Wiley & Sons, Inc.||4|
|Journal of Loss Prevention in the Process Industries||3|
|Project Management Journal||2|
|Informing Science & Information Technology||2|
|Engineering Management Journal||1|
|European Journal of Engineering Education||1|
|European Journal of Industrial Engineering||1|
|PMI Global Congress EMEA Proceedings||1|
|Association for Project Management (APM)||1|
|International Conference on Industrial Engineering Theory||1|
|International Journal of Industrial Engineering and Management (IJIEM)||1|
|Project Management Institute||1|
Finally, qualitative and quantitative methods were used to analyze the review findings. The qualitative method presents a broad narrative of the findings from the literature, while the quantitative method was used in presenting the findings with tables and figures.
3. Project risk management
In , the risk management process was defined from the literature as a formal orderly process for systematically identifying, analyzing, and responding to risk events throughout the life of a project to obtain the optimum or acceptable degree of risk elimination or control and to achieve the project objectives. Further, project risk management is known as an integrative process, where it continues throughout the project life cycle [10, 16]. However, the intensity of the risk management process might decrease as the project progresses, but still, the threat of an unforeseen emergent risk should not be ruled out until the project is completely over . Hence, this definition predominantly emphasizes the hard skills at the expense of soft skills .
3.1 The hard side of risk management
There is a wide consensus on the indispensable elements for a risk management process . This can be observed by the growing range of proficient tools and techniques, research base, and practical implementation across many industries [16, 24]. The literature offers several risk management standards, such as Risk Management Standard by the Institute of Risk Management (IRM); Project Risk Analysis and Management (PRAM) by the Association for Project Management (APM); the Project Management Body of Knowledge (PMBoK®), Chapter 11, by Project Management Institute (PMI); and Risk Management—Principles and Guidelines by the International Organization for Standardization (ISO) [16, 39, 40, 41]. These standards have well-defined processes and widespread practices that originally cover the hard side of management with few exceptions. For instance, PRAM identifies the functional roles of the organization’s members during the risk planning process and considers it as an element of risk management.
The hard side of risk management demonstrates pre-specified approaches that have tools and techniques within four major process groups (identifying, analyzing, developing a response, and monitoring and controlling risks) and it is feasible if adequate information were available [10, 32, 39]. In the last decades, these process groups branched out from the original four groups into identification, qualitative analysis of risks, quantitative analysis of risk, risk response planning, and risk monitoring and control [12, 16].
In the early stages of the project, risk identification should be implemented, and any further process in risk management would be performed on these identified potential risks . Therefore, all possible sources of potential risks must be identified as early as possible to help the organizations in choosing the suitable strategy . One of the best methods to identify the risks is by developing a checklist categorizing the risks that might evolve during the project . Also, historical records (lessons learned) and knowledge of risks from the experience-based of project personnel should be gathered and reviewed [12, 24, 43]. Further, the risks should be identified and classified by its nature and its potential impact on the current projects .
For risk identification, it seems that there is an agreement between researchers on the meta-classification approach, which identifies the risk factor based on three levels according to the project lifecycle environment [11, 18, 43, 44, 45]. First, the macro-level which consists of risks sourced externally (exogenously); second, the meso level which consists of risks sourced endogenously (self-developed) and project-related; and third, the micro-level which consists of risks found in the stakeholder’s relationships. The final step of the risk identification should be a risk category summary sheet by using the risk breakdown structure and checklist, wherein the participation of every individual in the management team would be integrated [16, 46].
The next stage of the risk management process is analyzing the risks. This stage, introduced by the Project Management Institute, includes qualitative risk analysis and quantitative risk analysis [16, 47]. As an intermediate process, it incorporates uncertainty quantitatively and qualitatively to evaluate the potential impact of risk . In this stage, the risks with high probabilities, associated with a substantial impact on the project, should be focused on. Therefore, by the end of this stage, risk and uncertainty would be identified, then rating should be accomplished by forecasting the probability of occurrence and severity of the risk impact as well [45, 48, 49].
To estimate the probability, scholars note two main approaches: subjective judgment and objective analysis [48, 50]. Subjective judgment is done by using the experience and scrutiny to make a direct estimate which allows the management to use the logic, intuition, and experience or it can be driven by the means of an educated guess [16, 45, 46]. Objective analysis usually needs historical data. Sometimes this can be impractical since it is difficult to find comparable information . Therefore, scalers such as one-in-ten and one-in-hundred are often used.
In the last decade, several methods and techniques have been developed to analyze risk on an industrial plant . Risk analysis has three main requirements: recognize what to expect as output data, collect the available data, and then select a suitable method for the analysis . There is an agreement that these methods can be categorized into two groups: qualitative and quantitative . Further, it can be described as deterministic, probabilistic, and a combination of deterministic and probabilistic .
More than 60 methods and techniques were identified by the scholars, one of the most used methods to estimate the impact of the risks is the analytic hierarchy process (AHP) . This technique breaks down the risks into small groups, constructs a hierarchical structure, compares the impact of each factor with other factors in the same group on a pairwise base, and allocates a comparison ratio to them. Hence, the same concept used between groups, and the final impact for each factor can be determined by multiplying the ratios. Table 2 shows some of the common methods and techniques used to analyze risks. Consequently, the estimates should be clarified and improved on an ongoing basis .
|Classification of risk analysis methods||Methods of risk analysis||Literature|
|Quantitative||Accident hazard analysis (AHA)||[16, 50, 52, 53]|
|Quantitative||Event tree analysis (ETA)||[50, 54, 55, 56]|
|Quantitative||Monte Carlo analysis||[16, 50]|
|Quantitative||Method organized systematic analysis of risk (MOSAR)||[50, 57]|
|Quantitative||Optimal risk assessment (ORA)||[50, 58]|
|Quantitative||Simple additive weighting (SAW)||[49, 59, 60]|
|Qualitative||Failure mode effect analysis (FMEA)||[16, 50, 61, 62]|
|Qualitative||Hazard and operability (HAZOP)||[50, 63, 64]|
|Qualitative||Plant level safety analysis (PLSA)||[50, 65]|
|Qualitative and quantitative||Technique for order preference by similarity to ideal solution (TOPSIS)||[49, 66]|
|Qualitative and quantitative||Complex proportional assessment (COPRAS)||[49, 67]|
Quantifying the qualitative analysis can be performed in several ways. One of them is by integrating a specific qualitative method with the Fuzzy Analytic Process [47, 55, 61, 68]. In  the integration was illustrated by combining the traditional AHP with fuzzy logic by giving a fuzzy scale to the AHP crisp values. Following the fuzzy ranking technique, the fuzzy scales were converted to crisp numbers by considering α-cut and expert opinions to ensure the precision of the paired comparison, which lead to have criteria weight. By using an interval scale, a fuzzy decision is initiated to develop a matrix that would help in evaluating the risk, ranking the risks, and facilitating decision making. Typically, risk scales have a mapping matrix commonly used during the qualitative analysis [47, 51]. Further, there are five types of risk scales: nominal scales, interval scales, ordinal scales, calibrated ordinal scales, and ratio scales . For instance, a nominal scale would identify the cost, schedule, and quality impact of the risk, assuming it occurs. Then, the dollar cost to remedy the problem(s) would be estimated. Finally, the product of probability and consequence (the cost to remedy) would quantify the risk to this particular project.
After analyzing the risk, risk response planning should be implemented. Hence, risk response planning was identified in  as “the process of developing options and determining actions to enhance the opportunities and reduce threats to the project objectives.” The level of risk impact is directly related to the effectiveness of the risk response process [16, 51, 69, 70]. However, the risk response process is rarely addressed in the current research related to risk management .
There is an agreement between scholars that the risk response process has four strategies [16, 51]. These strategies include avoidance, transfer, acceptance, and mitigation. In addition, contingency planning could be considered as a fifth strategy . Moreover, it is also considered as part of the risk acceptance strategy . During the risk response process, transfer and mitigation are the only strategies that involve a real investment and require budget allocation. Consequently, proactively defining an appropriate strategy would help to improve the project outcome and may result in obtaining additional benefits [51, 70].
As mentioned earlier, the project may evolve, the risks may change, the likelihood and severity of identified risks may change, new risks may emerge, identified risks may disappear, residual risks may arise, and new risks may emerge [13, 15, 16, 45, 51, 70]. Monitoring and controlling process include: tracking the identified risks, monitoring residual risks, identifying new risks, ensuring and assessing the effectiveness of the selected risk response strategies [15, 16, 51]. Therefore, the risk monitoring and controlling process are crucial for the risk management plan, and it should be developed proactively and continually during the project life cycle [16, 45, 51].
The hard side of project management is well documented between the scholars [16, 28, 39, 41, 45, 51]. In this study, several tools and techniques were investigated. In addition, this chapter would collect the most common and efficient tools and techniques to create a framework that would help to assess the risk management process and provide a guideline to ensure an effective risk management process.
3.2 The soft side of risk management
The soft side of risk management embraces the process of managing and working with people, guaranteeing customer satisfaction with the purpose of retaining them, forming a favorable atmosphere for the project team to deliver high-quality products . Further, creating a favorable atmosphere in the workplace would encourage the project team to deliver a high-quality product on time and within budget [26, 27, 30, 31]. The soft side of management aims to deliver such an atmosphere [9, 10, 31].
Several soft skills dimensions were discussed and identified by scholars for the management process [10, 22, 26, 30]. These soft skills include, but not limited to, communication skills, team-building skills, flexibility and creativity skills, leadership skills, the ability to manage stress and conflict, risk attitude, awareness of emotional intelligence, and navigating the organization’s culture [9, 10, 22, 26, 27, 30, 31].
In , the soft approach of risk management was categorized into context, strategic approach to risks and uncertainties; risk communication and information; attitude, assignment, and relationship with stakeholders; and crisis management. However, one of the most significant success factors for an effective risk management process is the one most often lacking, an appropriate and mature risk attitude [24, 28, 71]. Both researchers and practitioners agree that the attitude of individuals and organizations has a significant impact that influences whether the risk management process would deliver what it promises [24, 71]. Consequently, it is important to not ignore the fact, that risk management is undertaken by people, acting individually and in various groups [28, 71].
Attitude refers to what motivates the decision-maker to choose responses to different situations . Furthermore, attitudes often might be deeply rooted and represent the core values of individuals or groups. However, the attitude represents choices that differ from personal characteristics (they are situational responses rather than natural preferences or traits) [28, 71, 72]. Risk attitude was defined as “chosen response to uncertainty that matters, influenced by perception” . Therefore, risk attitude may differ depending on a range of different influences. These influences can be identified and understood, which introduce the possibility of managing them and modify the risk attitude [71, 72, 73].
An agreement between scholars can be observed, risk attitude exists on a spectrum . The response to uncertainty has two dimensions: comfort level that is divided into risk-tolerant, risk-seeking, and risk addicted; and discomfort level that is divided into risk-tolerant, risk-averse, and risk paranoid [24, 71]. Hence, different risk attitudes would trigger different responses to the same situation, since attitude drives behavior.
Risk attitudes are usually adopted sub-consciously . Several practitioners are accustomed to their risk attitude to the point where they behave as if there is no choice . For instance, if they consider themselves with a risk-seeking or a risk-averse attitude, they would act accordingly without assessing the current situation. On the other hand, some organizations have learned to assess each situation internally, and then choose a risk attitude which is most appropriate to the current situation to offer the best chance of reaching the project objectives . Consequently, risk attitude can be integrated with the risk response process group to ensure effective risk response planning.
In , a process that applies emotional literacy to assess risk attitude was proposed and can be used to modify the organization’s risk attitude when it is needed. Accordingly, emotional literacy is the process of using emotional intelligence components (recognize, understand, and appropriately express emotions) to manage the individual and group emotions to help them succeed.
The first step in assessing the risk attitude of an organization is assessing the individuals’ risk attitude toward a situation. The proximity toward risk and the influence that an individual has can be used as a proxy measure to assess the individual influence on the organization’s risk attitude [71, 74]. The literature provides several methods for stakeholder mapping that includes these two variables. For instance, in , the stakeholder cube method was discussed as a subjective assessment of the influence and interest of an individual and how it can affect their decision-making process.
The same concept can be used to assess the individual potential influence in a group. For example, an individual with high power (power can be gained through referent power, expert power, reward power, coercive power, and legitimate power [74, 75]) have a higher influence on the behavior and outcomes of a group . At the same time, the proximity to a situation drives the individual to be more active and interested in the outcomes, which encourages to influence the organization’s attitude toward a situation.
The group risk attitude is influenced by other factors than the individual’s risk attitude. The organization, as a group, behavior can be influenced by group dynamics, organizational culture, national culture, and societal norms [71, 77]. The group dynamic and organizational culture can have a huge impact on the organization’s risk attitude and it can lead to adopting different perspectives or risk attitudes by the group from that taken by individual members. Comparing to the individual attitude, the group attitude could be influenced to become “risky shift” where the group tends to be more risk-seeking than its individuals or “cautious shift” where the group becomes more risk-averse .
In addition, subconscious and unmanaged risk attitudes pose a significant threat to the ability of individuals and groups to achieve their objectives [71, 76]. Therefore, understanding how the risk attitude influences the organizational behavior and the decision-making process; being able to adopt a suitable risk attitude for each situation; and if needed being able to modify the current risk attitude, are steps that help the organization to improve their risk management efficiency .
The organization culture could be influence by the leadership style of the top management [74, 77]. In the last decade, several studies emphasized the importance of internal communication within the organization, where the voice of lower-level employees can offer an important source of information to organizational learning and change [73, 77, 78, 79, 80]. Further, locally held knowledge can help in risk identification and evaluation. Therefore, top management should provide a safe environment (one that shows interest and willingness to act on the provided information), even sometime, with an incentive to encourage the employee to speak up about organizational issues and potential risks [77, 80].
In general, employees tend to be intimidated to speak up since risks tend to have negative implications and often implies a need for a change [78, 79]. In , it was concluded that top-management support and its openness to ideas are one of the most important circumstantial factors for the employees’ inclination to provide input on potential threats and opportunities. Furthermore, a participative leadership style significantly enhances the risk management process and introduce a positive interaction and advantageous atmosphere in the workplace [73, 77, 80].
Moreover, developing a positive relationship with the project stakeholders is fundamental in the risk management process . This relationship may not always protect the organization from every risk, but it can be seen as a “reservoir of goodwill” as the stakeholders place their confidence in the management team, which would help to deal with risks more effectively and ultimately contribute to the achievement of organizational goals [80, 81]. For the most part, project management literature suggests that various stakeholders, which may include individuals and organizations, may be directly or indirectly involved in the process of managing risk .
Kutsch and Hall  offer an overview of management team behaviors that tended to prevent required actions or pause any changes on the original plan, extracted from the project uncertainty management and expected utility theory (EUT), regarding the relationship with stakeholder and the leadership style of top management. These behaviors were called intervening conditions that driven from a lack of knowledge, distrust, or discomfort . In addition, they can be categorized in the context of uncertainty into denial, avoidance, delay, and ignorance of uncertainty [81, 82]. Hence, these behaviors are unconscious behaviors rooted in approaches driven by the management due to fear of revealing bad news or the tendency to obey the original plan and follow procedures .
The causes of these actions can be traced to the perception of management on the stakeholder reaction to the information. For instance, denial of uncertainty refers to the management refusal to reveal risk-related information (that may hold negative or discomforting connotations) to other stakeholders [81, 82, 83]. Denial of uncertainty can be adopted to not expose the stakeholders to something perceived as negative which might endanger the long-term relationships with them.
Avoidance of uncertainty refers to the lack of attention to risk-related information due to insufficient trust or belief in the efficacy of that information [81, 82]. Therefore, management tends to avoid uncertainty out of fears of conflicting confidence levels about risk estimates between stakeholders. On the other hand, delay of uncertainty refers to the failure to consider or resolve risk due to lack of interest or poor general approach to project management [81, 82]. In this case, management tends to delay dealing with uncertainty to accommodate the different expectations of stakeholders about how to manage risk. Finally, ignorance of uncertainty refers to the complete lack of awareness of risk-related information by the majority of stakeholders [81, 82, 83]. This behavior can be traced back to the unwillingness to spend more resources on the scanning of the environment or the inability to scan and interpret the environment because of certain factors such as complexity and dynamics of a project [34, 81].
Ignorance and denial of uncertainty could be forestalled by increasing the tolerance of ambiguity, the experience of the management team, and the amount of control that a project manager has over internal and external factors . Tolerance of ambiguity was defined in , p. 2, as “the tendency to perceive ambiguous situations as desirable” which refers to the extent to which an individual seeks clarity and specifies vague and unclear information to use it to improve their risk management proficiencies . Several studies suggested that spending more time during the environmental analysis process for the purpose of uncertainty reduction could lead to a higher degree of tolerance toward ambiguity [34, 81, 82, 83]. Furthermore, top management with greater experience (greater accumulation of relevant historic data) may help to avoid the problem of complete unawareness of threats .
In addition, delay, avoidance, and denial of uncertainty may be decreased with increased project manager control over internal and external factors that affect the project . Hence, if managers perceive their environment as more controllable they tend to be more proactive . On the other hand, only focusing on the statistical probability of threats and their impact while ignoring any other information can be considered irrational. Therefore, top management should be prepared and willing to react to any unpredicted disruptions in the project while keeping transparency with the relevant stakeholders .
The impact of the intervening conditions can be beyond the control of the top management or might be initiated by a supplier or a customer or even as a result of the managers’ behavior [81, 82, 83]. The top management should recognize that a rational decision-making process is required, and concealing information or ignoring uncomfortable risks is not rational and might jeopardize the long-term relationship with stakeholders .
This section identified several soft skills approaches and highlighted the scholars’ perception of the soft side of risk management. The next section would propose and suggest practices, tools, and techniques related to the soft side to help to generate a framework that assesses the risk management process and provide a guideline to ensure an effective risk management process.
In the 2000s, the literature extensively studied the hard side approaches of risk management as the main approach to managing risk, while each element of the soft side approaches was studied separately [10, 24]. This study investigates these approaches to propose a conceptual framework in order to assess the risk management process implementation and provide a guideline to improve the process by integrating practices and processes from both sides of management.
A major focus of this review is to unpack the current understanding of the soft side of risk management. Also, to investigate the benefits of adopting soft approaches in parallel with the hard ones. However, this can be problematic, given a limited study of the integration concept and its ambiguity in existing literature .
Few studies were to be found investigating the influence of both approaches of risk management together (soft and hard) . It is true that without a proper theoretical understanding of the concept of project management soft skills, the practicality would be underdeveloped and might result in improper resource distribution. In addition, risk perceptions manly steer decisions about the acceptability of risks and the core influence on behaviors . However, neither perceptions of nor attitudes toward risk could be taken as equivalents of actual behavior. Consequently, the need to integrate the soft and hard skills was recognized.
The literature provides well-proven models and frameworks to describe and assess the various dimensions of the soft side of risk (e.g. risk attitude, human factors, and emotion) separately . However, these dimensions interact in powerful ways and these interactions can have a significant influence in determining the effectiveness of each separate dimension . On the other hand, the hard skills considered by scholars as baseline competencies that cover only part of the managerial aspects of project uncertainties. . Hence, the hard side is considered essential for the day to day operation, rather than a sufficient tool by itself for managing risks, especially, if the organization commence the risk management process through its people, acting individually and in various groups. In addition, since most projects can present unforeseeable uncertainty, this study suggests the need to integrate the hard and soft sides during the risk management process. Figure 1 shows a conceptual framework that integrates practices and tools from both sides of risk management to ensure a more efficient risk management process.
At the same time, researchers found that there is a strong relationship between the amount of risk management implemented in a project and the level of project success . The earlier risk management was undertaken in a project, the higher is the level of success . Consequently, organizations are giving more attention and value to risk management for improving project efficiency and effectiveness .
In , the impact of the soft approach was investigated with the relationship to project success, and they found that the soft side of risk management appears most prominently and explains 10.7% of the effect on project success. In addition, they investigate the relation to the hard side, and they found a significant correlation between the two sides. Further, they found that the soft side supports the hard side with a correlation explains 25.3% of the effect on the hard side.
The hard side has been consolidated over time with the effort of professional associations, companies, and scholars through toolsets, standards, and BoKs [10, 16, 39]. This study combined tools and practices from the literature in order to gather 14 practices and tools that best explains and covers the hard side of risk management, and it was driven from the main 4 process groups of risk management. However, scholars suggest that the impact of this effort on the project success is still weak and can be improved by integrating the soft side of management within the risk management process . Consequently, as illustrated in Figure 1, this study focused on three aspects of the soft side to enhance the risk management proficiencies and resulted in three process groups driven from the following literature [10, 22, 24, 26, 27, 28, 29, 30, 31, 71, 73, 74, 76, 77, 78, 79, 80, 81, 82, 83]. These groups include:
The organization risk attitude, and have four tools and practices: perform individuals mapping to assess their proximity to risk; perform individuals mapping to assess their influence in the organization (level of power); investigate and understand the organizational culture along with the group dynamics and its influence on the organization risk attitude; identify the organization risk attitude with its relevance to the individuals’ attitude (risky shift or cautious shift).
Participative leadership style, and have two tools and practices: create internal communication channels to communicate risk-related issues; show interest and willingness to act on all provided information.
The relationship with stakeholders within uncertainty condition, and have four tools and practices: perform concentrated environmental analysis for the purpose of uncertainty; increase the tolerance of ambiguity by ensure clarity and specifies vague and unclear information; keep accumulation records of relevant historic data along with hiring more experienced managers to deal with uncertainty; assure to the stakeholders that top management are prepared and willing to react to any unpredicted disruptions in the project.
This integrated framework provides base guidelines to enhance overall risk management efficiency. For instance, using the practices from the organization risk attitude process group can help to assess, describe, and understand the organization’s risk attitudes. Consequently, the action is required to modify attitude, especially, when identified risk attitude is not beneficial to achieve effective risk management [24, 71]. Further, recent studies in the field of emotional intelligence provide means that can promote and manage attitudinal change for both individuals and organizations .
In the last decades, scholars argued for the need of combining the hard and soft skills of management . Consequently, tools and practices that encourage the hard side of management are necessary, but they need to be supplemented with leadership and soft skills. Since effective project risk management requires broad involvement and collaboration across all segments of the project team and its environment . A deeper understanding of the soft side of risk management can open up a wide range of opportunities for scholars and practitioners interested in improving the risk process around the world. Therefore, the conceptual framework presented in this study provides a guide to facilitate integrating the hard and soft sides of risk management.
The majority of the literature support that the soft side has an impact on project success. Further, a significant relationship between the hard and soft sides is recognized in several fields. This relation influences the implementation of the risk management process throughout the project life-cycle. However, even that several studies consider the soft skills as requisites for success, some still disagree with the fact that these skills can be taught, learned, or managed and advocate that these skills are innate or genetic . This study provides a way to assess and describe some of these skills and provides tools and techniques to influence and manage them.
Finally, focusing on the suggested three process groups helps scholars and practitioners to better understand the soft side concept of risk management and pave the way for improving the risk management process itself. In conclusion, the soft side of risk management is a viable concept within risk and uncertainty management studies, which is yet to be fully explored. In addition, integrating the soft and hard skills offer a broader risk management process that ensures more efficient results. Consequently, there is a need for more in-depth research that goes beyond documentation of meanings and activities regarding the soft side of risk management to the documentation of the process that integrates the hard and soft sides and monitors the progress resulted in implementing the integration.