“Every human endeavor involves risk; the success or failure of any venture depends crucially on how we deal with it” . That means there is no perfect project in the construction industry in which all the risks can be identified and solved. Risk can neither be avoided nor be solved. It can only be mitigated and then either transfers or share to any other body which is a part of the project or just retain it. The success of a project depends on how well the project team analyse the risk. All the three parameters which determine the success of a construction project which are time, cost and quality are subjected to risk or uncertainty. It is the ability of the project team; right from the concept stage through out the implementation stage that how properly they are estimating the project by providing appropriate allowances for all those anticipated risks or uncertainties.
This report includes a detailed analysis of various risks that can occur in a construction project. It also includes how to identify, analyse and mitigate those risks by highlighting the value of different risk management techniques that are used now-a-days for major projects with the help of a case study of 2012 London Olympic and Paralympic games. This report also explains about the systematic approach (project management techniques developed by the experts who are in the field of risk management for many years) of handling the risks. Neglecting the risk without taking that into in its context can turn a potentially profitable project to a loss making venture.
1. Risk in projects- a theoretical approach
After a brief introduction, the author feels that’s its time to explain risk in a broader frame and the management techniques to mitigate it. For that, all those management procedures need to be explained more along with the techniques used and substantiate that by using more examples. Before going into details of management aspects of the risk, the author needs to give a general idea about the difference between risk and uncertainty, and the risk classification in detail.
1.1. Risk and uncertainty
According to Smith NJ, “the terms risk and uncertainty, if used rigorously, have different meaning but in terms of construction projects the distinction drawn between uncertainty and risk is of little significance”. He defined risk and uncertainty as risk exists when a decision is expressed in terms of a range of possible outcomes and when known probabilities can be attached to the outcomes while uncertainty exists where there is more than one possible outcome of a course of action but the probability of each outcome is not known. Uncertainty in other words can be defined as a situation in which there is no historic data or previous history relating to the situation.
. “Perminova defines uncertainty, as a context for risks as events having a negative impact on the project’s outcomes, or opportunities, as events that have beneficial impact on project performance. This definition stresses dual nature of uncertainty in potentially having both positive and negative influence on the project’s outcomes”. Risk involves both a threat and a challenge where an opportunity is a threat for those expects failures and a challenge to those predicts victory. It can be taken purely on the basis of probabilities or chances and at the same time, risk can be a well calculated one.
1.2. Risk classification
According to Robert Flanagan and George Norman, risks are generally of different types that can be classified based on these criteria which are by identifying the type of risks, the consequences, and the impact of risk. Smith N J and Merna T suggested an alternate method of classification of risk which is Global classification and Elemental classification. The method, they suggested is to separate the more general risks which might influence a project but may be outside the control of the project parties from the risks associated with key project elements; these are referred to as global and elemental risks.
The classification based on type of risks is usually done by assuming that the total risk is made up of market risks (Speculative risk) and specific risks (Pure risk). The specific risk, sometimes called as static risk, which is having no potential gain typically arises from the possibility of accident or technical failure, while for speculative risk, there is a possibility of loss or gain which might be financial, technical, or physical. “Moreover, a company’s systematic risk can be spit into two components: business and financial risk”. Business risk is the result of a company trading with its assets, which is borne by the equity and debt holders and the financial risk arises directly out of the gearing process brings risk only to the equity holders.
The risk classification based on the impact of it can be subdivided into the environment risk, market or industry risk, company risk and the project or individual risk. This classification has done by considering the area with which the impact of the risk is affecting. The general environmental can again be divided into two parts: the physical and then the social, political and economical risks. The physical environment includes the weather and the natural phenomena like earthquake, landslips etc. Normally the risks involved in this environment cannot be controlled. By using the modern technologies, these phenomena can be identified well in advance and can take the measures to mitigate the effects of these phenomena. While in the other hand, the social, political and the economical environment risks are to some extent can be controlled. The government can control social, political and environment of a project to an extent Market risk depends on a lot of factors and it is very difficult to control it. Recession is a risk that almost all the companies are facing throughout the world also comes under market risk. These types of risks are very difficult to predict too, so the better method to tackle is to try to mitigate the consequence. Any company operates within an open market and the risk attached with the market can influence the company as well. So in a company itself, for different major projects, different management groups are assigned and thereby it can act as a separate group or consortium (joint venture with another company). By doing the there are chances for the risks with which the parent company is facing may not reach this group. But the company risks and project risks are intrinsically linked because the company must ultimately bear the consequence of the risky project.
2. Project risk management – critical analysis
“Project risk management includes the processes concerned about conducting risk management planning, identification, analysis (both qualitative and quantitative), responses, and monitoring and control on a project; most of these processes are updated throughout the project”.
2.1. Risk management planning:
plans how to approach the risk bound activities in the project and to execute the risk management practices into those activities. Before going into the planning for risk management, it is always better to study the project as much as possible. According to PMBOK (3rd edition), while planning an approach for managing risk, it is advisable to consider these factors as well such as, environmental factors, organisational process assets and project scope statement (objective of the project). Risk management plan or method is the outcome or result of this planning, which is used for the identification of risk in the project .
2.2. Risk Identification:
The best way to identify risk is a group session or a brainstorming session with all the management experts who are the part of the project. This is the best method of gaining team input and bringing expertise to the project . The risk management plan which is obtained as a result of the first step (Risk management planning) can be used here to identify risk. After identifying all the risk, a risk breakdown structure (RBS) can be made, which shows the risk groups, risk categories and risk events at the lowest level. Then all these identified risks can be converged under two main categories, Internal and external risks. Internal risks, which consists of risks from the side of owners, consultants, contractors, subcontractors and suppliers while external risks are political, economical, social, cultural, natural and other risks such as delays in claiming insurance etc . “Identification of the risk is considered as the first and the most significant phase of the risk management process. It brings considerable benefits in terms of project understanding and provides an early indication of the need for risk management strategies”. It is impossible to know how far the risks are identified but it is likely that there will be some risks which are unknown. The purpose of identification itself is to use the combinations of different methods to try to ensure that the amount of the unknown unknowns is as small as possible . The right time of doing this identification of risk process is in the appraisal phase, because then there are a large number of risks in the project, and the options for avoiding or mitigating risks are very high and at that time, the project is highly flexible.
Different methods of identification process are used by different organisations. Examining previous project’s data with similar characteristics which has got similar type of risks can be used to ensure that corporate knowledge is utilized. This option of identification is having only limited scope, but this can at least used to make a checklist of risks which has got more probability to occur .
“Interviewing the project personnel from each discipline and the staff from within the organisation who have experience of similar projects, ensures the corporate knowledge and personnel experience are utilized in the process of identifying risks” . The benefit of doing this technique is that, the organisation can utilize the experience that these experts got from the similar previous projects.
Once these risks are identified, detailed analysis can be done, either by qualitative analysis or by quantitative analysis or by both.
2.3. Risk analysis:
“The purpose of the risk identification is to quantify the effects on the project of the risks identified” . The first and most important step in this phase is to decide which analytical technique to use. There are methods, at the simplest level in which each risk can be treated individually with no attempts made to quantify the risks or the probability of occurrence of this is not calculated. Much more detailed results can be achieved by adding various computation methodologies and by establishing the inter dependency of the risks and then the calculation system will be more complex. The choice of technique will usually be based on the experience and expertise.
2.3.1. Qualitative analysis:
Prioritizing risk by analyzing the probability of occurrence and impact in the project. For each risk that is identified, the team needs to assess its severity in order to decide what course of action to take. Expertise is required in this step, because all those analysis is done based on the knowledge from previous experiences. According to Smith N J, a typical qualitative risk assessment usually includes these issues: a brief description of the risk, the stages of the project when it may occur, the elements of the projects that could be affected, the factors that influence it to occur, the relationship with other risks, the likelihood of it occurring, how it could affect the project .
According to PRAM, various techniques used for doing qualitative analysis are assumption analysis, by making a check lists and prompt lists, brainstorming, Delphi technique, use of probability- impact (P-I) table, interviews ands risk register . This method is basically experience based and the usage of any of the above mentioned techniques is compulsory, otherwise, the experience of the senior staffs cannot be utilised and thereby the project will be more vulnerable to risk.
2.3.2 Quantitative analysis:
analyse numerically the effect of these risks in the overall project. This is the step in which the chances for error is maximum because in this step only, the calculations of the identified risks are done. So this step requires higher attention.
The probability of a risk arising is a key factor in decisions on risk. Possible consequences of risk occurring are defined and quantified in terms of increased cost, increased time and reduced quality and performance, which can be analysed by using any of the quantitative analysis techniques, says Smith N J
Various techniques used are Decision trees, influence diagrams, Probability analysis (Monte- Carlo simulation), Sensitivity analysis, Project evaluation and review techniques (PERT) and Control Interval and Memory (CIM) approach in which sensitivity analysis and probability analysis are the widely used techniques to do the quantitative analysis of risk in a project.
Sensitivity Analysis: This technique determines the risks which have the most potential impact on the project. “It examines the extent to which the uncertainty of each project element affects the objective, when all other uncertain elements are held at their baseline values” . The aim of doing sensitivity analysis is to identify those components of the projects whose uncertainty most influences the uncertainty of the project’s outcome. Sensitivity analysis can be expressed by using different plotting methods like Tornado charts (a histogram method, which is useful for comparing relative importance of variables that have a high degree of uncertainty to those that are more stable.), Spider plots, and Risk-return graphs. This technique should performed on all the risks and uncertainties which may affect project in order to identify those which have a large impact on the economic return, cost, time and whatever are the objectives.
Probability Analysis (Monte-Carlo simulation): Probability analysis overcomes many limitations of sensitivity analysis by specifying a probability distribution for each risk, and then considering the effects on the risks in combination. Random sampling is used where calculation of data inserted in an equation would be difficult or impossible. Monte-Carlo simulation by means of random numbers provides and extremely powerful yet conceptually straight forward method of incorporating probabilistic data. The basic steps are.
* assess the range for the variables being considered, and determine the probability distribution most suited to that variable
* select a value for each variable within is specified range; this value should be randomly chosen and must take account of the probability distribution for the occurrence of the variable. This is usually achieved by generating the cumulative frequency curve for the variable and choosing a value from a random number
* run a deterministic analysis using the combination of values selected for each one of the variables
* repeat a number of times to obtain the probability distribution of the result. The number of iterations required depends on the number of variables and the degree of confidence required, but typically lies between 100 and 1000.
In normal risk management processes (RMP), one of the above mentioned analyses only is used. “The effectiveness and efficiency of quantitative analysis is driven to an important extent by the quality of the qualitative analysis and the joint interpretation of both”.
2.4. Risk response:
brings out the maximum possible outcomes from these risks bound activities to enhance opportunities and to reduce threats to the desired objective. With these outcomes, risks can be prioritized as high, medium and low risk according to the probability of occurrence and impact. Risk allocation strategies should be determined at the initial stages of the project by the client. The main characteristics of the available choices of risk allocation strategy can be grouped according to organisational structure or payment mechanism. The payment mechanism employed, price or cost- based, will determine the location of these contingencies. The allocation of risk between parties to a contract should be identified prior to tender. The rise response, or its allocation, can take any of these four forms: Risk retention, Risk transfer, Risk reduction and Risk avoidance.
2.4.1 Risk retention:
According to Flanagan. R and Norman G, risks that produce individually small, repetitive losses are those most suited for retention. Not all risks can be transferred, but even if they are capable of being transferred it may not prove to be economical to do so. The risk will then have to be retained. Besides, it is preferred to retain a portion of risk in certain circumstances. Applying the probabilistic approach to cost estimates gives a range of estimates rather than a single value. Thus a series of contingency sums can be given which provide for different probabilities of protection against risk and uncertainty.
2.4.2 Risk transfer:
Transferring the risk does not reduce the criticality of the source of risk, but it removes it to another party. In some cases, transfer can significantly increase risk because the party, whom it is being transferred, may not be aware of the risk they are being asked to absorb. The essential characteristic of the risk transfer is that the consequences of the risks, if they occur, are shared with or totally carried by a party other than the client. The client should expect to pay a premium for this privilege. The responsibility for initiating this form of risk response therefore lies with the client, and he should ensure that it is in his own best interests to transfer the risk. As per PMBOK, contracts can be used to transfer liability for specified risks to another party.
2.4.3 Risk reduction:
The most common and efficient way of reducing risk exposure is to share risks with other parties. Risk reduction fills in three categories: Firstly, education and training to alert the staff to potential risks. Secondly, physical protection to reduce the likelihood of loss and finally systems are needed to ensure consistency. In contractual agreement, the use of management fee types of contract will remove the adverse attitude of contractors and should reduce the likelihood of claims from the contractor for direct loss and expense.
2.4.4 Risk avoidance:
“Risk avoidance involves changing the project management plan to eliminate the threat posed by an adverse risk, to isolate the project objectives from the risk’s impact, or to relax the objective that is in jeopardy, such as extending the schedule or reducing scope. Some risks that arise early in the project can be avoided by clarifying requirements, obtaining information, improving communication, or acquiring expertise.”
2.5. Risk monitoring and control:
tracking and monitoring the identified risks, identifying new risks, executing risk response plans, and evaluating their effectiveness throughout the project life cycle. The process of risk management can be grounded on a clear understanding about the nature and scope of decision making involvement in project management and a natural framework for examining these decisions is the project life cycle. For successful implementation of the project, a regular monitoring procedure of risk is essentially required in all the segments of this framework like conceptualization, planning, design, construction, termination and disposal of a project. Risk Monitoring and Control is the process of identifying, analyzing, and planning for newly arising risks, keeping track of the identified risks and those on the watch list, reanalyzing existing risks, monitoring trigger conditions for contingency plans, monitoring residual risks, and reviewing the execution of risk responses while evaluating their effectiveness. The Risk Monitoring and Control process applies techniques, such as variance and trend analysis, which require the use of performance data generated during project execution. Risk Monitoring and Control, as well as the other risk management processes, is an ongoing process for the life of the project.
These above mentioned processes can be effectively explained by using a case study. The case study explains the typical risks that a major construction project is always exposed to and through this case study the author wants to prove that even if the management team has done a detailed analysis of risks, they can never say that they have identified all the risks because still there are chances for some risks being left out as unidentified.
3. Benefits of Project Risk Analysis and Management
As per PRAM, benefits of using risk management can be classified into two: Hard Benefits and Soft benefits. Hard benefits are relatively easy to express and with enough effort it would be possible to measure the amount of benefit. But soft benefits are much less easy to quantify but, can give rise to dramatic performance improvement. These two can be explained in detail as
– Enables better informed and more believable plans, schedules and budgets.
– Increases the likelihood of a project adhering to its plans.
– Leads to the use of the most suitable type of contract.
– Allows a more meaningful assessment and justification of contingencies.
– Discourages the acceptance of financially unsound projects.
– Contributes to the build-up of statistical information to assist in better management of future projects.
– Risk analysis enables objective comparison of alternatives.
– Identifies and allocates responsibility to the best risk owner and soft benefits
– Improves corporate experience and general communication
– Leads to a common understanding and improved team spirit
– Assists in the distinction between good luck/good management and bad luck/bad management
– Helps develop the ability of staff to assess risks.
– Focuses attention on the real and most important issues.
– Facilitates greater risk taking, thus increasing the benefits gained.
– Demonstrates a responsible approach to clients.
– Provides a fresh view of the personnel issues in a project.”
These benefits can be summarized as the risk management provides data to support the planning and decision making processes and it helps the way the project management team think, behave and work together.
In this report the author clearly defines the difference between risk and uncertainty, and the how the risk can get affected to a project and the methods to reduce the impact of the risk. He explained the value of using risk management techniques for a major project with the help of a case study. The analysis of the case study has done in such a way that each risk in that case study has been explained very precisely so that the member of the board of the Directors can get a clear view about the type of risk a major project is exposed to and the methods/ techniques to handle those risks. Finally the author summarises the report by explaining the benefits of the Project risk analysis and management.