© The College of Estate Management 2003

Paper 0356V1-0

Introduction to risk management

Contents

Aims

Learning outcomes

1. What is risk management?

1.1 The need for risk management
1.2 Factors influencing success
1.3 Exposure to risk

2. Risk management strategies

3. Risk analysis
3.1 Qualitative assessment
3.2 Quantitative assessment

4. Risk management

5. Types of risk

6. Risk assessment and the CDM regulations

6.1 Designer’s responsibilities regarding the CDM Regulations

Summary

Self-assessment questions
 Introduction to risk management Paper 0356 Page 2

Aims
 To describe the fundamentals and principles of risk identification, analysis and
management.

Learning outcomes
After studying this paper you should be able to:

 Discuss the principles of risk management and know when and how to apply
them to the construction development process.
 Introduction to risk management Paper 0356 Page 3

1 What is risk management?

Risk management requires:

 identification of risks;
 consideration of when and how they might occur;
 action to minimise their effect and maximise value for money.

1.1 The need for risk management

Construction projects are complex projects. They have time, cost and quality targets
that the client requires to be met. Often a compromise is needed: quality is sacrificed
to achieve a time target or fall within a cost limit. In order to ensure success in all
aspects, the factors that could influence failure must be assessed and managed. As
financial implications of failure become more serious, the need to manage the risks
becomes greater.

As with any additional service offered, the extra expense needs to be justified. This
means establishing both the level of success aimed for, and the level of success
achieved. Risk management cannot eliminate risk, but risk management techniques
can be used to reduce the impact or minimise the failure to reach targets.

1.2 Factors influencing success

Risk management may be undertaken by the project manager or by an independent
risk manager, depending on the structure and organisation of the project team.

The success of risk management depends on the stage of the project at which it is
introduced and how far risks are identified before they occur. It is widely recognised
that deficiencies in the project brief lead to uncertainty and greater risk during the
contract. An early consideration of the potential risks is therefore essential.

Note that in order to meet time, cost and quality targets it is not appropriate simply to
increase contingencies. Such a strategy could result in the project not starting at all.
Contingency plans must be in place to minimise the impact should any of the risks
identified actually occur.

For many projects, risk management has been a subconscious process. It should be
made a formal and inherent part of the procurement process. This is particularly
essential if private finance is being considered for the procurement of a project in line
with the Private Finance Initiative. A key feature of PFI projects is the identification
and genuine transfer of risks from the public sector to the private sector.

1.3 Exposure to risk

Hazards and areas of uncertainty are considered to be the main sources of risk. If
these can be identified within a project, the level of risk can then be assessed. Once
we understand this, we can then start to plan to reduce our exposure to risk and decide
if the project can go ahead.
 Introduction to risk management Paper 0356 Page 4

2 Risk management strategies

A number of alternative strategies have been put forward by various organisations to
provide risk management. Procurement Guidance No 2, ‘Value for Money in
Construction Procurement’, published by HM Treasury, has three main stages in its
risk management model:

 Identification
 Assessment
 Monitoring and control.

This, however, is a rather simplistic model, and others have broken it down further. In
Laxton’s Guide to Risk Analysis and Management, a model with four key stages has
been used:

} Risk analysis
 Identification
 Assessment

Initial response and mitigation

} Risk management


 Action

The Association of Project Management has produced a guide called ‘Project Risk
Analysis and Management’ (PRAM). The Institution of Civil Engineers has produced
a similar guide, called ‘Risk Analysis and Management for Projects’ (RAMP). All of
these work through procedures for identification, assessment, response and action.

3 Risk analysis
Risk analysis comprises two main exercises:

 Formal identification of risks and initial qualitative assessment of their

likelihood and potential impact.
 Detailed quantitative assessment, which tries to accurately predict the potential
impact should the risk occur.

A balance needs to be struck between identifying all of the known risks and assessing
their impact, and what is reasonable to foresee and plan for.

For most business decisions there are four main categories into which risks can be
placed:

 High probability – high impact

 Low probability – low impact
 High probability – low impact
 Low probability – high impact

The impact could, of course, be positive or negative, beneficial or not. With regard to
construction projects, we might assess whether a risk has the potential to push a non-
critical event into the critical path.
 Introduction to risk management Paper 0356 Page 5

After an initial risk analysis it might be decided to ignore both the high and low
probability risks that have a low impact, and to concentrate on the high impact risks.

3.1 Qualitative assessment

Here we need to describe and understand each risk in order to collect relevant
information about that risk. Issues which should be considered are:

 simple description of risk

 identification of the stage/s of the project at which it might occur
 any relationship or dependency on other events
 factors that could cause it to occur
 likelihood of the event occurring in descriptive terms
 likely effect or impact on the project.

3.2 Quantitative assessment

Here the likelihood of an event occurring is given a numerical probability. Probability
is measured on a scale of 0 to 1. An event with a probability of 0 will not occur, and
an event with a probability of 1 will definitely occur. An event with a probability of
0.5 has an even chance of occurring or not.

The possible consequences of a risk could be quantified in terms of:

 Performance. The extent to which the project would fail to meet the user
requirements for standards and performance. Benchmarks and Key
Performance Indicators (KPIs) need to be included here.
 Time. The additional time required beyond the original completion date
anticipated for the project.
 Cost. The additional cost over and above the original estimate for the project
out-turn. This includes not only the contract sum but all associated fees.
 Introduction to risk management Paper 0356 Page 6

4 Risk management
This again comprises two main activities:

 An initial response once a risk is known, and a strategy devised to mitigate the
risk.
 A course of action that is the result of the strategy devised above.

The initial response to or mitigation of a particular risk may lead to identification of

further risks. These in turn should be assessed and included in the risk management.
The response to a risk may include:

 risk avoidance
 risk reduction
 risk transfer
 risk sharing
 risk retention.

Risk avoidance requires some action to be taken to ensure that the event giving rise
to the risk does not occur. Here we would remove the cause, consider an alternative
solution or abort the project.

Risk reduction requires some action to ensure that, if the event occurs, the impact
will be reduced as much as possible. Again, we would consider alternative solutions,
examine the risks in more detail and obtain more information, and then take
management or design action.

Risk transfer requires someone else to take the risk – ie insure against the event
occurring and transfer the risk to an insurance company.

A typical example of the transfer of risk is in the selection of procurement route. A

design and build route represents a greater financial risk to the contractor, as he is
responsible for the design, quality, time and cost targets being met. In the other
extreme, for a construction management route the client would take the bulk of the
risk.

For risk sharing, a strategy to share risk needs to be assumed. This is achieved by
clauses in the construction contract. For example, in the case of adverse weather the
risk is shared, as the contractor would be given an extension of time but no additional
monies. The client would not be able to deduct liquidated and ascertained damages,
but nor would he have to pay any additional preliminary costs.

Risk retention means that the risk is noted and remains, and a course of action would
be decided should the event occur. It is these risks that are monitored and controlled
throughout a project life cycle, and form contingency management.

Care should be taken when considering the management actions available, to ensure
that the potential impact of each risk is not outweighed by the direct costs of
managing the risk. A risk management plan will help to keep a check on the overall
strategy chosen.
 Introduction to risk management Paper 0356 Page 7

5 Types of risk
A wide range of risks may be encountered:

 External risks such as those that arise from economic, legal or political
environments
 Design risks
 Construction risks
 Operational risks.

The following are the principal causes of contractual prolongations, overspend, and
disputes in respect of construction projects:

Pre-contract (before the start of the work)

 Incomplete pre-contract design

 Poor tender documentation
 Complex building works/novel design/lack of buildability
 Inadequate pre-qualification process – inexperienced/unsuitable consultants
and contractors
 Lay clients
 Opting for the ‘cheap’ alternative
 Restricted/occupied site
 Too many parties – designers/project managers
 Inadequate co-ordination of design/production information/tender
documentation
 Inadequate programme assessment
 Non-standard contracts
 Legal/contractual inconsistencies generally.

On-site (after contract has been awarded)

 Excessive changes, lots of variations

 Poor documentation – inconsistencies and errors
 Evolving design, late information
 Inadequate design, supervision and co-ordination of construction and services
 Insufficient attention to health and safety requirements
 Poor management by professional team
 Tender price too low
 Claims-conscious contractor
 Weak contract administrator/Project Manager
 Junior quantity surveying staff
 Force majeure/adverse weather conditions
 Fire/other insured risks
 Bad workmanship
 Late delivery of materials
 Introduction to risk management Paper 0356 Page 8

 Contractor’s failure to manage/supervise subcontractors

 Payment disputes
 Inadequate resources on site
 Untidy site/disorganisation.

An awareness of these problems or sources of risk is essential in order to give focus

to specific aspects of the procurement process. How these factors are to be dealt with
will heavily influence the choice of contract strategy.

6 Risk assessment and the CDM Regulations

The Management of Health and Safety at Work Regulations 1992, Regulation 3,
‘Risk Assessment’, places a statutory requirement on clients and contractors to
consider the exposure of all personnel on a construction site to health and safety risks.
Every employer and self-employed person is responsible for assessing the risks
arising from their working activities and the effects of their actions on others. The
purpose of the assessment is to identify any actions that may be required to protect
them. Where the employer employs more than five people, this must be in writing.

In making a risk assessment, the risk should reflect the likelihood of harm occurring
and the degree of its severity. A typical standard adopted is:

 High risk = an event causing death or major injury

 Medium risk = an event causing injury from which the person would be absent from
work for a period of time

 Low risk = an event causing injury which would allow the person to return to
work after it was treated.
 Introduction to risk management Paper 0356 Page 9

A typical risk assessment of erecting a steel frame is shown in Table 1.

TABLE 1 Typical risk assessment for erecting a steel frame

Operations covered by this assessment:

Erection of steel frame.

Hazards:
Erection of steel frame.
Inadequately trained operatives
Inadequate or no method statement
Inadequate lifting plant and equipment
Inadequate PPE (personal protection equipment – hard hat etc)
Not using PPE
Equipment in poor condition
Unsafe access and egress
Inadequate working platforms/areas
Weather conditions

Actions already taken to reduce the risks:

Competent specialist contractor appointed
Method statement provided and approved
All plant and equipment adequate
All inspection and test certificates provided
All necessary PPE provided and worn
Safe access and egress provided
Adequate working areas provided
Adequate protection for third parties
System agreed for work stoppages due to weather conditions

Assessment of residual risk:

Low/medium/high

Further action required:

Agree modifications to method statement

Signed:

Position:

Date:

(This form has been taken from Laxton’s Guide to Risk Analysis and Management)
 Introduction to risk management Paper 0356 Page 10

6.1 Designer’s responsibilities regarding the CDM regulations

The Construction (Design and Management) Regulations 1994 impose a clear duty on
a designer to undertake a risk assessment of his design. The designer is not merely the
person who creates the design. The Regulations define the designer as someone who:

 prepares a design, or
 arranges for any person under his control (including an employee) to prepare a
design.

At the start of the design process the designer should try to:

 identify any significant health and safety hazards likely to be associated with
the design, and its construction, maintenance and dismantling;
 consider the risks from those hazards that arise when the design is incorporated
into the project;
 if possible, alter the design to avoid the risk or, where this is not reasonably
practical, follow the rest of the risk control procedure.

The aim should be to select a design that entails fewer foreseeable risks, within the
limits of what is reasonable and practicable. The risk to health and safety needs to be
balanced with the cost, not just in financial terms but also fitness for purpose,
aesthetics, and environmental impact. What is important is that the design process
involves a proper exercise of judgement which takes health and safety issues into
account.

Summary
This paper has given an overview of the risk management process in relation to
construction projects.

By undertaking a risk identification, assessment and management exercise, the

success of the project should be more certain than if decisions are made each time a
problem occurs on site.

Anticipation, and being prepared with alternatives and solutions debated early on,
gives a greater feeling of control over the project.

SELF-ASSESSMENT QUESTIONS
With regard to a project you are working on:

1. Has a risk assessment exercise been carried out, and are you aware of any actions
taken to mitigate the risks?

2. Have problems arisen that you think could have been avoided if a risk assessment
had been used, or had been more thorough?