A redefinition of the project risk process: Using vulnerability to open up the event-consequence link

A tendency in project risk analysis is to represent the relationship between risk event and risk consequence as statistical risk event-consequence link. This thinking tends to neglect the influence of project system in mediating the link. This study describes an attempt to apply the notion of system vulnerability to open up the link between risk event and risk consequence. A system’s vulnerability represents the extent or the capacity of this system to respond to or cope with a risk event. It is based on two sets of data: four Private Finance Initiative project reports and a case study on four related Chinese State-Owned Enterprises. It categorises the different types of vulnerability that a project system can exhibit. Generally, a project’s vulnerability can show in two dimensions: exposure and capacity. This paper also shows that the project vulnerability could have good and favourable quality as well as negative and unfavourable one. Through incorporating vulnerability analysis into project risk analysis, project risk process can be extended to involve more factors different from risk event. A practical implication is that project managers ought to identify and assess project vulnerabilities and their organizational sources along with the identification and management of risk events.