Professional Documents
Culture Documents
7.3management of Risk
7.3management of Risk
7.3management of Risk
Management
of Risk
♦
An Information Paper
The Management of Risk
2
The Management of Risk
CONTENTS
Page
Information Papers 4
Introduction 5
Definitions 5
Summary 15
Further Reading 16
3
The Management of Risk
INFORMATION PAPERS
4
The Management of Risk
INTRODUCTION
Risk is present in all projects and surveyors are routinely involved in making
decisions which have a major impact on risk. Risk management is concerned with
establishing a set of procedures by which risk is managed, rather than being dealt
with by default. Major clients, such as Railtrack and BAA, already have formal
procedures in place for managing risk. Other clients are likely to seek guidance from
their professional advisers, which includes surveyors, on how best to deal with risk.
The effective management of risk can only be achieved by the actions of the whole
project team, including the client. The role of a risk manager is to facilitate input into
the project management process such that risk is effectively dealt with. With further
training surveyors are well placed to undertake the role of risk manager. The role can
be either full- or part-time, combined with other responsibilities on the project.
The risk management process outlined in this information paper can be applied to
any procurement route and to new build or refurbishment-based projects, regardless
of cost or technical complexity.
Risk management formalises the intuitive approach to risk which project teams often
undertake. By utilising a formal approach, risk may be managed in a more proactive
manner. Essentially, there are three steps to perform:
• identification – collect the information available which might affect the
achievement of an objective;
• analysis – assess to what extent these aspects might affect the objective; and
• response – review what can be done to limit this effect.
In addition, there needs to be an overall management strategy such that this three-
step process is implemented in a co-ordinated fashion. This information paper
provides an overview of the principals of risk management. The procedures outlined
should produce a framework that can be utilised on the majority of construction
projects. Surveyors who want to specialise in the application of risk management are
advised to undertake further training in this area with a recognised training provider.
DEFINITIONS
Risk: An uncertain event which, should it occur, will have an effect on the
achievement of the project’s objectives. A risk can be measured in terms of likelihood
(probability) and consequence (impact).
Risk management: A structured and auditable process for the benefit of all
members of the project team which is dedicated to the sole purpose of controlling
and mitigating uncertainty in a project.
5
The Management of Risk
Risk response: An action to reduce either the probability of risk arising or the
significance of its detrimental impact if it should arise.
Risk register: A document listing all the risks identified for the project, explaining the
nature of each risk and recording information relevant to its assessment and
management.
Surveyors will invariably be called upon to advise clients as to whether they should
undertake risk management on their project. While the benefits of risk management
may not be immediately apparent to clients, the direct costs of undertaking the
process will be.
The demands of delivering a construction project are extremely onerous. The desire
to deliver projects cheaper and faster, while moving closer to the boundaries of
innovative design, all increase the risk profile of a project. In this respect risk is good,
without it there would be no opportunity. It is the very presence of risk that represents
the opportunity for a building project to go ahead in the first place.
6
The Management of Risk
Team Development
Risk management is not a panacea and there are likely to be times when it may not
be effective to practice all its facets. However, the delivery of any objective can be
made more effective if the risks are fully appreciated. There is a need for
appreciation of risk not just its analysis. The extent of analysis necessary is related to
the extent to which the cumulative effects of risks can be appreciated.
Risk management, together with other services provided, should be flexible, adapting
to the circumstances of the client’s needs and the project. Some clients require a
7
The Management of Risk
snapshot of the risks at the outset of the project, with an initial risk assessment, the
provision of a one-off risk register and a quick estimate of the combined effect. Other
projects may require a full risk management service with risk being continually
addressed throughout the project.
A concern often voiced by clients is how to quantify the benefits of risk management.
Since risk management has a major emphasis on reducing potentially detrimental
effects, it is not usually politic to demonstrate its effective application as having
minimised the impact of cost overrun to, say, 15 per cent.
Furthermore, the actual impact of risk is unique to a project even though its presence
may be commonplace. The risk management process may not be at fault just
because risks were realised. Indeed, if no risks were realised, the effectiveness of
risk assessment would be questioned because without risk there would be no
opportunity.
There are three basic steps to the risk management process; identification, analysis
and response.
The risk management process also needs to be integrated into the project
management process. Since any risk management workshop or assessment is a
snapshot in time, the process has to be undertaken on a repetitive basis. Essentially,
the risk management process should be commenced as early as possible in a project
life cycle and each of the three stages repeated as necessary to effectively manage
the risks associated with that project. At the commencement of the process a risk
management plan should be developed. The risk management plan is similar in
nature to the project execution plan and may form part of that document.
Risk Identification
8
The Management of Risk
team is expanded by new members in the form of trade contractors who can bring
additional information to the risk identification process.
(a) Methodology
(ii) Preliminary analysis to establish probable major risks for further investigation
The identification stage is designed to prompt team thinking and to bring out all
possible risks that might impact on the project. Several hundred risks could be
identified and the team may not have time to analyse and develop responses to them
all. It is normal during the identification stage to begin by sifting and removing those
risks which the team feel are not worth investigating further.
(b) Techniques
(i) Research
While exactly the same project will not have been executed before, something similar
will have been. Investigation into projects on neighbouring sites or projects previously
undertaken by the client should be instigated.
9
The Management of Risk
Once a risk is identified it is placed into a suitable category, for example, ‘client
control’. In figure 1 six categories are shown, but these can be altered to suit the
circumstances of each project. The risk register allows risks to be logged but can
also display additional information.
The probability and impact of the risk can also be shown; the importance of these
factors is discussed below. Finally the response to the risk can be shown.
The risk register is a very useful format for showing a wide range of information in the
risk management process. If the register is placed on a computer spreadsheet it is
easy to sort the risks in a variety of ways, for instance by category magnitude of
probability.
Risk Analysis
The analysis stage is concerned with trying to achieve a better understanding of the
nature of the risks identified during the previous stage.
(a) Methodology
(i) Analysis of risks to assess the severity of impact and the probability of occurrence
Risks have two dimensions:
• probability – this is the likelihood of the risk occurring and is generally expressed
as a percentage; and
• impact – if the risk did occur what impact would it have on meeting the project’s
objectives.
For each of the risks identified, its probability and impact need to be assessed,
normally in a workshop environment with key stakeholders present. Once assessed,
plotting risks on to a matrix, as shown in figure 2, indicates very quickly those risks
which require detailed consideration and those which only need a cursory glance. So,
a risk with a high probability of occurring, which does occur, would have a very high
impact on the project and would require detailed consideration. This allows the right
amount of resource to be used in managing risk.
10
The Management of Risk
11
The Management of Risk
IMPACT
Very high High Medium Low Very low
P Very high
R
O High
B
A Medium
B
Low
I
T
Very low
Y
The Probability/Impact matrix (in figure 2) allows a risk profile for a project to be
developed. For instance, if most of the risks are plotted in the top left section of the
matrix it indicates a high-risk project. The risk management strategy is to manage
these risks proactively through the project life cycle. During later risk assessment
exercises, the profile should show risks plotted more in the bottom right section of the
matrix.
Before the risks can be plotted on to the matrix, a scale has to be set for the
probability and impact dimensions. Setting a common scale will ensure a consistent
approach to placing newly-identified risks on the matrix at a later stage in the project
life cycle. An indicative layout for defining scales is shown in figure 3.
PROBABILITY IMPACT
Time Cost
Very high 70% – 95% > 4 months > 150k
High 50% – 70% 3 – 4 months 100 – 150k
Medium 30% – 50% 2 – 3 months 50 – 100k
Low 10% – 30% 1 – 2 months 10 – 50k
Very low 5% – 10% < 1 months < 10k
While the probability scale shown in figure 3 may be utilised for any project, the
impact scale needs to be set for each project. Although time and cost impacts have
been shown separately it is possible to combine them, or to use other criteria such as
performance. Again, the scale has to be set according to the needs to a project.
Once set the scales should not be changed during the life of a project. This allows
risks to be compared on a common scale throughout a project and for the risk profile
of a project to be accurately monitored.
A higher level of sophistication can be applied to the ranking of the risks on the
Probability/Impact matrix. By assigning generic units to a matrix, the relative
importance of each cell can be seen, as shown in figure 4.
12
The Management of Risk
IMPACT
Very high High Medium Low Very low
P 0.8 0.4 0.2 0.1 0.05
R Very high 0.72 0.36 0.18 0.09 0.045
O 0.9
High 0.56 0.28 0.14 0.07 0.035
B
0.7
A
Medium 0.40 0.20 0.10 0.05 0.025
B 0.5
I Low 0.24 0.12 0.06 0.03 0.015
T 0.3
Y Very low 0.08 0.04 0.02 0.01 0.005
0.1
High Risk > 0.20 Review risk in great detail. Amend project strategy to reduce
Medium Risk 0.08 – 0.20 Develop contingency plans. Monitor risk development
Low Risk < 0.08 Maintain record of risk. Consider contingency measures in outline
The method of having the probability scale linear and the impact scale non-linear
emphasises the significance of low probability/high impact risks. The matrix allows
each risk to be ranked and compared on an even basis. Where resources are scarce
it also allows attention to be focused on those risks which sit in the high-risk category
of the matrix.
(ii) Synthesis of all risks to predict the most likely project outcome
Risk tends to have a ‘knock-on’ effect and so it is important to consider not only the
effect of individual risks but their cumulative effect as well.
The Probability/Impact matrix is the easiest technique to use and allows all project
team members to participate in the process via a risk workshop. More sophisticated
tools and techniques may be applied to provide a better understanding of the
identified risks. There are a wide range of such tools and techniques available, many
of which are supported by computer software packages:
• Monte Carlo simulation modelling of cost and time risks;
• cost movement forecast;
• decision trees;
• sensitivity analysis;
• hard/soft money analysis;
• ‘what if?’ analysis;
• influence diagrams;
• simulation packages;
• multiple estimate risk analysis (MERA);
• spider diagrams;
• multi decision criteria analysis;
13
The Management of Risk
• linear regression;
• spreadsheets; and
• flowcharts.
It is not possible to provide an explanation here of all the tools and techniques
available. However, further information can be obtained from one of the texts in the
further reading section (Appendix A).
Risk Response
The analysis stage provides the team with a better understanding of the risks. The
next stage is to develop a response to those risks.
(a) Methodology
The techniques available are primarily integrated with the project management
process, for example:
• contract acquisition plan;
• contingency management; and
• project controls.
The tools available are not usually related purely to risk management. For instance,
most surveyors would recommend to their clients that the contractor has third party
insurance for the project. This is a risk management response designed to reduce
clients’ exposure to claims for damages if a particular incident were to occur. This is
a risk management tool, although most surveyors would consider it to be common
project procedure. Typical tools available are:
• insurances/bonds/warranties;
• contingency plans;
• forms of contracts;
• contingency drawdown models;
• special cost schedule allowance;
• earned value analysis;
• resource levelling; and
• training.
14
The Management of Risk
SUMMARY
15
The Management of Risk
FURTHER READING
Boothroyd, C., and Emmet, J. Risk Management: A Practical Guide for Construction
Professionals, Witherby & Co Ltd, London, 1996
Chapman, C., and Ward, S. Project Risk Management: Processes, Techniques and
Insights, John Wiley and Sons, Chichester, 1997
The Institution of Civil Engineers, Faculty of Acturies and The Institute of Acturies.
Risk Analysis and Management for Projects, Thomas Telford, London, 1998
16