the controlling influences on e•ective risk identification ......the controlling influences on...

The controlling in¯uences on e�ective risk identi®cation andassessment for construction design management

Robert J. Chapman

Capro Consulting Limited, Sea Containers House, 20 Upper Ground, SE1 9LZ, London, UK

Received 11 May 1999; received in revised form 28 September 1999; accepted 7 October 1999

Abstract

Project risk management (PRM) can provide a decisive competitive advantage to building sponsors. For those sponsors who takerisks consciously, anticipate adverse changes, protect themselves from unexpected events and gain expertise to price risk, gain a

leading edge. However, the realisation of this commercial advantage on design-intensive multi-disciplinary capital projects hinges toa large extent on the approach to the initial identi®cation of risk. The very way the identi®cation process is conducted will have adirect in¯uence on the contribution that risk analysis and management makes to the overall project management of constructionprojects. This paper examines the steps involved in conducting the identi®cation and assessment process and how they may in¯u-

ence the e�ectiveness of risk analysis. A series of issues are examined in turn, which are considered to have a direct bearing on thequality of the identi®cation and assessment process. By focusing on these issues, our understanding of the contribution that riskmanagement makes to improving project performance may be enhanced. # 2001 Elsevier Science Ltd and IPMA. All rights

reserved.

Keywords: Risk identi®cation; Risk assessment; Risk analysis; Design process

1. Introduction

The literature, in the main, implies that there has beena tendency for the approach to Project risk management(PRM), to be overly prescriptive and mechanistic. Inaddition that there has been undue emphasis on thetechniques of the process rather than focusing on themost crucial areas of the overall process, identi®cationand assessment [1]. While it may be obvious that thequality of the outputs from a quantitative analysis arelargely dependent on the identi®cation and assessmentprocess, prescriptive methods underplay the importanceof this initial sub-stage. Unidenti®ed and thereforeunmanaged risks are clearly unchecked threats to aproject's objectives, which may lead to signi®cant over-runs. Should the circumstances be so extreme, then thefailure of a single project may be seriously damaging tothe ®nancial status of a company. The degree to whichthe identi®cation process will in¯uence the e�ectivenessof risk management and its contribution to the overallproject management of any particular project, is dependenton the way the steps of the process are implemented.The purpose of this paper is to review the steps of

identi®cation and assessment in turn, so that their con-tribution may be better understood.

2. Setting risk identi®cation and assessment in context

The overall process of project risk analysis and man-agement may be described in simple terms as beingcomposed of two stages, risk analysis and risk manage-ment, as illustrated in the risk breakdown structure(RBS) included in Fig. 1. The ®gure provides a readilyassimilated subdivision of the tasks to be undertaken.Thompson and Perry [2] adopted this two-stage sub-division in their model of the stages of risk analysis andmanagement, which they advise has proved acceptableto a wide range of experienced practitioners. It was alsoincorporated in the series of publications produced by theCCTA which includes Introduction to the Management ofRisk [3] and within an article entitled Specialising in risks[4]. The risk analysis stage of the PRM process may beconsidered to be divided into two sub-stages: a qualitativeanalysis sub-stage that focuses on identi®cation togetherwith the assessment of risk, and a quantitative analysis

0263-7863/01/$20.00 # 2001 Elsevier Science Ltd and IPMA. All rights reserved.

PI I : S0263-7863(99 )00070-8

International Journal of Project Management 19 (2001) 147±160

www.elsevier.com/locate/ijproman

TPI5

Highlight

TPI5

Highlight

TPI5

Highlight

TPI5

Highlight

Fig. 1. Risk breakdown structure.

148 R.J. Chapman / International Journal of Project Management 19 (2001) 147±160

sub-stage that focuses on the evaluation of risk. The riskmanagement phase is concerned with the monitoring ofthe actual progress of the project and the associated riskmanagement plans. It speci®cally involves identifying,implementing and tracking the e�ectiveness of theplanned responses, reviewing any changes in priority ofresponse management and monitoring the status of therisks. While the activities are the same, more recentlythe process is described as being composed of a series ofphases which commence in a staggered pattern subse-quently running in parallel and conducted in an iterativecycle, as described in the PRAMGuide [5] and Chapmanand Ward [6].

3. Scope and plan

Prior to embarking on any PRM study, it is necessary tode®ne the PRM scope and to plan its implementation inoperational terms as if it were a project in its own right.The aim is to provide a clear unambiguous shared under-standing of the process that will be implemented. Thetasks required to accomplish this aim are the productionof a scope document and a plan document. The scopedocument identi®es information such as who is under-taking the analysis for whom, the reason for the formalproject risk analysis and management process, thedesired bene®ts and the overall project objectives. Thisis a critical document as it will be a benchmark againstwhich the deliverables will be judged. The plan docu-ment addresses the resources to be used, the time frame,the models and techniques to be employed, the softwareto be used, the way in which the results will be recordedand the con®dence levels that will be shown. Once thesedocuments are prepared, signed-o� by the client anddisseminated, the PRM process can be commenced.

4. The process of risk identi®cation and assessment fordesign projects

The two principle approaches to risk identi®cationand assessment, are semi-structured interviews con-ducted with individual design team members in turn andthe risk analyst leading a working group. Whicheverapproach is adopted, it will be necessary to put into e�ecta series of incremental steps including, knowledge acquisi-tion, selection of the representatives of the core design team,presentation of the process to the core design team, identi®-cation, encoding and veri®cation. While these steps arenumbered below for ease of reference, the approachadopted will vary for each project to suit its particularcircumstances and it may be appropriate to omit a step,combine steps or introduce additional ones. In addition,like design itself, risk analysis can be a highly iterativeprocess; whereas more information becomes available, it

is necessary to revisit earlier steps, test decisions andassumptions and make revisions as appropriate.

4.1. Step 1: knowledge-acquisition

The ®rst step involves knowledge-acquisition. That is,®rst and foremost, understanding what the projectobjectives are, which are commonly time, cost andquality. To understand the threats to these objectives(or project parameters), it is fundamental to examinethe brief, programme, cost plan and quality statement.Where it is identi®ed that there are inconsistenciesbetween the activities recorded in the programme andthe cost plan, then these must be remedied. To under-stand the information supplied, it may be necessary todecompose the project into a set of component activities(or sub-system tasks) and to document what is involvedin each. If a work breakdown structure (WBS) has notbeen compiled, then at this juncture the activities shouldbe coded. Every time an activity is referred to in a projectdocument, it is accompanied by its identifying code. Therationale for implementing this coding system is toensure clear communication. This breakdown should bebased, when appropriate, on the Common Arrangementof work sections published by the Co-ordinating Com-mittee for Project Information [7], the bene®ts of whichare clearly set out in the CCPI guide. In addition, whereit is transparent that any of these key documents areincomplete, project management activities must beundertaken to ®ll the gaps. This can be particularlytime-consuming. Moreover, it is necessary to review: theproject execution plan (if one exists), the sequence ofdesign activities (compare with the RIBA Plan of Work[8]) and the procurement route to be followed. Thethoroughness with which this task is undertaken willdirectly in¯uence the risk analyst's ability to assesswhether all of the principle project areas have beencovered during the Identi®cation step.

4.2. Step 2: selection of the representatives of the coredesign team

The second step is the selection of the ``core designteam'' or principal designers from the project team whoare to participate in the identi®cation and assessment ofthe risks facing the project. These are the essential per-sonnel upon whom the progress of the design wouldultimately depend and who have a full-time committedrole throughout the project life cycle. These personnelwould include the senior representative of each designdiscipline such as the architect, landscape architect,structural engineer, mechanical and electrical engineers,together with the project manager and quantity surveyor.It is essential that all the design disciplines are repre-sented otherwise there is potential for critical risk areasto be overlooked. Hence, on large complex projects it is

R.J. Chapman / International Journal of Project Management 19 (2001) 147±160 149

common to include the ``second tier design team'' orspecialist designers, such as the geotechnical engineer,arboralist, acoustician, ®re engineer, environmentalistand interior designer.

4.3. Step 3: presentation of the process to the coredesign team

The analyst describes the thinking behind theapproach and encourages the airing of any doubts orscepticism among the core team that can be laid to restand encourage participation in and adoption of theprocess [9]. E�cient management of building projectsdemands clear e�ective communication and if risk ana-lysis and management is to be used as a tool to assist themanagement of projects, then it must itself be clearlycommunicated and understood.The aim of this third step is for the risk analyst to

clearly communicate the:

. objectives of the risk management process;

. the question the risk assessment is required toanswer (de®nition of scope);

. potential bene®ts;

. timeframe;

. steps involved;

. participation required of the core design team/sec-ond tier design team;

. deliverables (such as, risk register and cumulativefrequency curve);

. de®nition of the measures of impact and prob-ability;

. construction of the PI ``scoring'' grid;

. allocation of risk owners;

. how the responses are to be de®ned and managedand

. conditioning.

The active participation and commitment of the pro-ject team to the overall risk management process has asigni®cant in¯uence on its success and hence the bene®tsmust be emphasised and repeated as appropriate.

4.3.1. Step 3 process: constructing measurement criteriaA key component of the Presentation Step is to elicit

from the core team or obtain con®rmation of acceptanceof proposed measures of the likelihood of occurrenceand impact, to ensure consistency of assessment. Withoutthese measures, any assessment would be seriouslyimpaired. By the application of these measures togetherwith a probability/impact (PI) matrix, risks can bescored so that attention can be focused on those risksthat have the greatest potential to jeopardise a project.When dealing with subjective assessments in the con-struction industry, team members appear to be morecomfortable with ®ve classes of risk, i.e. very high, high,

medium, low and very low. Against these ®ve classesmust be allocated a likelihood of occurrence and animpact, as shown in Table 1. The time and cost incrementsselected to match the scales of severity must be tailoredspeci®cally to the project priorities. An assessment mustbe made of the criticality of late completion (e.g. theproject completion date linked to the expiry of a lease)and project overspend (e.g. a speci®c limit set on the sizeof the development loan).

4.3.2. Step 3 process: comprehension of probabilitydistributionsWhere the intention is to follow the qualitative sub-

stage with quantitative analysis, the assessment of theimpact of any risk must re¯ect how the risk would occurin reality. This in turn will have a direct bearing on thecost and time information that will need to be collectedto feed into representative probability distributions. Asa consequence, the Presentation Step should include adescription of what probability distributions are, thecircumstances under which particular distributionswould be used and the data required to construct them.Seven of the most commonly used distributions are tri-angle, trigen (available in @ Risk) uniform (also knownas rectangular), general, normal (also known as Gaus-sian) discrete and pert. All the distributions permitmodelling using limited parameters, when historicaldata is not available.

4.3.3. Step 3 process: comprehension of conditioningA further component of the Presentation Step is to

minimise cultural di�erences between the team membersand to increase their awareness of the in¯uence ofpotential biases on their judgement of the magnitude ofrisks facing the project. Historical records are com-monly limited and in consequence data collected fromthe core team will, mainly be composed of subjectivejudgements. Tversky and Kahneman [10] have demon-strated that these judgements are arrived at by relianceon a limited number of inference rules known as heur-istics, which are employed to reduce di�cult mentaltasks such as assessing probabilities and likely impacts,to simpler ones. They go onto to say that these heur-istics sometimes lead to severe and systematic errorswith serious implications for decision makers. Thisunreliability is the result of the heuristics generatingbiases in the minds of the individual core team members;however, for risk analysis and management to aide�ective decision making the data collected must be asreliable as possible. The core team must be helped toconfront their biases.

4.4. Step 4: identi®cation

The third step in assessing risk involves identifying asexhaustively as practicable, the risks associated with


each activity and documenting what is involved. Mostauthors claim it is important to understand exactly whatis meant by risk before it can be managed. There arenumerous de®nitions of risk which attempt to drawtogether into one de®nition the likelihood of occurrenceand the degree of impact of a negative event adverselya�ecting an activity. These de®nitions appear to havechanged little over the last twenty years. The de®nitionby Wideman [11] which follows is appealing, for heplaces risk in the context of project management. Hede®nes project risk ``as the chance of certain occurrencesadversely a�ecting project objectives''. However, thisde®nition ignores positive outcomes. The de®nition ofrisk adopted here is ``an event, which should it occur,would have a positive or negative e�ect on the achieve-ment of a project's objectives''. This de®nition deliberatelyexcludes any reference to the term uncertainty which isconsidered here to be distinct from risk. The terms arenot considered to be synonymous as some authors state,and hence are not used interchangeably. The termuncertainty is adopted here to describe the lack of cer-tainty over the quantum of an activity which is con-sidered certain to take place. An example would be thelength of time required to obtain a planning decision Ðthe activity is certain but the duration is uncertain.The literature states that all risks should be con-

sidered at the outset. Identi®cation is considered bymany to be the most important element of the completeprocess, as once a risk has been identi®ed it is possibleto take action to address it. This issue is acknowledgedor stressed by, Cooper and Chapman [12], CCTA [13],CCTA [14], Perry et al. [15] and Hertz and Thomas [16].The success of the identi®cation process, , to a largedegree, will be dependent on the design team's in depthknowledge of the design process and the sources of risk.Their understanding will be in¯uenced by their profes-sional training together with their length of exposure tothe construction industry, the role occupied, the level ofresponsibility held, the number of designs seen throughfrom start to ®nish, the materials deployed, the archi-tectural ``styles'' adopted and the building typesinvolved in. Direct experience of projects will in¯uencethe team's knowledge of the characteristics of the process.Hence, Step 2 ``selection of the representatives of the

core design team'' is critical to ensuring identi®cation isas penetrating and complete as possible.

4.4.1. Step 4 process: comprehension of thecharacteristics of the design processThe characteristics of the design process include its

highly iterative nature, the use of primary generators (arelatively simple idea to test solutions), the sequence andcontent of the common design stages, the sequencing ofthe exchange of information, the impact of externalagencies and the management of client changes to thebrief. The team's understanding of these issues willdetermine their comprehension of the risks which mayerode their ability to keep the four main components(see Fig. 2) of the design process Ð ``the four Ts''(Team, Targets [or objectives], Tactics [or controls] andTasks) in balance for the achievement of a project'sobjectives. (The RIBA Plan of Work can be re-de®nedusing those component descriptions as illustrated inTable 2). Accomplishing this balance has been histori-cally proved di�cult to accomplish, as reported in theliterature, for design management is highly exposed torisk and uncertainty, regardless of the size of the project,building type or construction value.

4.4.2. Step 4 process: comprehension of the sources ofdesign riskPast performance of construction projects demonstrates

that risks have proved di�cult to manage with the resultthat projects have not met their stated objectives. Thisdi�culty emanates from the exposure of design todiverse sources of risk and uncertainty similar to theInformation Systems/Technology industry. For instance,the risks described within the CCTA publication``Management of Project Risk'' [14] can be directlytranslated into design risks, as follows:

. di�culty in capturing and specifying the userrequirements;

. volatile and innovative nature of the environment;

. di�culty of estimating the time and resourcesrequired to complete the design;

. di�culty of sequencing the exchange of informa-tion required to match the iterative design process;

Table 1

Measures of probability and impact

Scale Probability Mid-value Impact

Time Cost Performance

Very high >70% 85% >15 weeks > £20m Project does not satisfy business objectives

High 51±70% 60% 10±15 weeks £5m±£20m Major shortfall in satisfaction of the brief

Medium 31±50% 40% 5±10 weeks £0.5m±£5m Minor shortfall in brief

Low 10±30% 20% 1±5 weeks £0.1m±£0.5m Failure to meet speci®cation clauses

Very low <10% 5% <1 weeks < £0.1m Failure to meet speci®cation clause


. frequent reliance on the specialist skills of sub-contractors;

. di�culty of measuring progress during the devel-opment of the design;

. enormous choice of materials of varying cost, col-our, durability, maintainability, and aestheticappeal;

. variety of working practices between disciplinesand design practices;

. fragmentation of the industry;

. number of external agencies that have to be con-sulted or complied with;

. volume of standards and codes of practice to beconsulted or complied with.

From this list it would appear that design is bom-barded by risk from all directions making it di�cult tograsp the primary sources of risk. Authors are clearlyundecided on how to categorise the source of risk.While there might be similarities between the categoriesproposed, there is no common consensus. Flanagan andNorman [17] de®ne the sources of risk as a risk hierarchycomposed of four ``layers'': the environment, the marketor industry, the company and the project/individual.Wideman [11] has compiled a risk identi®cation break-down structure as a framework of the major sources ofrisk which is subdivided into ®ve classi®cations of risk:external unpredictable, external predictable but uncertain,

internal (non-technical), technical and legal. BritishStandard 6079 [18] considers that risks or adverse eventsgenerally fall into one of the following ®ve categories:technological, political, managerial, sociological and®nancial. Raftery [19] considers that there are three sepa-rate areas of risk: risks internal to the project, risks externalto the project, and the client/the project/project team andproject documentation. Conroy and Soltan [20] refer tofour categories of risk, namely human failings, organisa-tional failings, design group failings and design processfailings. Perry [21] describes sixteen sources of risk, ®ve ofwhich relate to construction and three to ®nance issues.One possible way of understanding and structuring

the risks facing a project is to combine the holisticapproach of general systems theory with the disciplineof a work breakdown structure as a framework [22].General systems theory is a useful vehicle for the exam-ination of the management of projects as its approachto the examination of complex processes enables theinterrelationships of the parts and their in¯uence on thetotal process to be better understood and improved. Aproject can be viewed as a ``sub-system'' of a client's``system'', which in turn is a ``sub-system'' of the industrywithin which the client operates all enveloped in anenvironment known as the ``external system''. Thesefour elements can be adopted as the major componentsof a risk identi®cation breakdown structure. Such abreakdown structure is included in Fig. 3.

Fig. 2. Four main components of the design process.


tpi5

Highlight

tpi5

Highlight

tpi5

Highlight

Table

2

Modi®ed

RIB

Aplanofwork

Inception

Feasibility

Sketch

Plan

Schem

eDesign

ProductionInform

ation

Team

Agreeconsultant'sform

ofappointm

ent.Agree

team

composition

Assem

ble

nucleusteam.

Establish

rolesand

responsibilitiesforthis

stage

Assem

ble

designteam.Establish

rolesandresponsibilitiesforthis

stage

Establish

rolesandresponsibilities

forthisstage.Agreeprogramme

Identify

needforanyspecialist

designsupport

Targets

Establish

project

objectives.

Clarify

initialstatementof

requirem

ents.Discuss

quality

parameters

Restate

project

objects

andreview

attainability.

Commence

developmentof

thebrief

andconduct

studies

Establish

userexpectations.Develop

brief

andconduct

studies

Completeanyoutstandinguser

studies

Agreequality

standards

Tactics(controls)

Establish

®nanciallimit.

Examinetimeparameters

Prepare

programmeState

cost

range

Prepare

outlinecost

plan.Update

programme

Prepare

®nalcost

plan

Consider

insurance.Agreecontract

particulars

Tasks

Makeinitialsite

visit.

Obtain

OSmap

Siteinspection.Examine

accommodationrequirem

ents

against

site

Produce

diagram

maticanalysis

andtryoutsolutions

Prepare

fullschem

edesign

Prepare

productioninform

ation

Assem

ble

detailsofthose

tobeconsulted

todevelop

thebrief

insubsequent

phases

Assem

ble

data

forfeasibility

report

Prepare

outlineschem

eindicating

main

spacesanduses

Prepare

presentationdrawings

Prepare

documentationin

aform

at

tosuitselected

procurementprocess

Review

planningstatus.

MakeenquirieswithLA

Makeoutlineplanning

applicationasappropriate

Discuss

schem

ewithLocalAuthority

Makeplanningapplication

Ensure

designre¯ects

planning

conditions

Prepare

report,presentand

discuss

Prepare

report

including

outcomeofapplication,

presentanddiscuss

Prepare

report,presentanddiscuss

Prepare

report

includingoutcome

ofapplication,presentanddiscuss.

Freezedesign

Complete

BuildingRegulation

application.Obtain

necessary

approvals


Fig. 3. Risk identi®cation breakdown structure.


4.4.3. Step 4 process: comprehension of controllable anduncontrollable risksControllable (endogenous) risks are those risks over

which, in part, a project manager has direct control,whereas uncontrollable (exogenous) risks (predominatelyemanating from the environment) are those which hecannot in¯uence. However, it is normally possible toreduce the degree of exposure to such risks. A limitednumber of examples of these types of risks are includedin Table 3.

4.4.4. Step 4 process: comprehension of cause, risk andoutcomeWhen identifying risks it is important to ensure that

the participants in the risk identi®cation process remainfocused on the distinction between risks and theirpotential e�ect or outcome. Perry [21] and the HMTreasury Procurement Guidance note No. 2 [23] refer tothe importance of the distinction between risks and theire�ects without stating why it is important. In simpleterms the distinction is important as it prevents the risklog becoming a confused mixture of risks and e�ects,making the response process particularly di�cult, if notimpossible. For instance, where a risk has been recordedas ``programme overrun'' it is di�cult to think througha response without knowing what the risk nomineethought would trigger the delay. ``Programme overrun''is the e�ect or outcome, not the risk itself. Each risk willhave one or more causes and it is important that theseare recorded alongside the risks within the risk register,as intimated in the RAMP approach [24], to facilitatethe identi®cation of responses. Included above areexamples of causes, risks and their e�ects relating tocost, programme and business case. Each risk is given aunique identi®cation number and each cause is given areference which combines its own unique number togetherwith the risk to which it is attached. Hence, C1/R1represents Cause 1 pertaining to Risk 1 (see Table 4).

4.4.5. Step 4 process: comprehension of correlationCorrelation is a quantitativemeasurement of the strength

of a relationship between two variables. Correlation may

be negative or positive. Coe�cients are used to describecorrelation and range from ÿ1 to +1. A value of 1indicates a complete positive correlation between thetwo variables, a value of ÿ1 indicates a negative corre-lation. A value of 0 indicates that there is no correlationbetween the variables, they are independent. Theunderstanding of risk relationships and groupings isoften aided by representing them in the form of pre-cedence, in¯uence diagrams or ¯ow charts which can beappended to the risk log. With the aid of the allocationof unique numbers to causes and resultant risks, the logand illustration of the relationships, can be readily readtogether. Included in Fig. 4 is a graphical representationof the basic relationship pattern of ®ve risks drawn froma hypothetical rail infrastructure project, together withtheir respective causes. The ®gure shows that a risk mayhave multiple causes and be correlated to other risks.

4.4.6. Step 4 process: comprehension of risks in seriesand parallelThe terminology of series and parallel is borrowed

from the description of the di�erent ways of arrangingelectrical circuits described within the science of physics.The term series refers to say bulbs connected in a row,one after another. Should one bulb fail, it will break thecircuit. The term parallel refers to the parallel lines of acircuit. A parallel circuit allows separate lights to beswitched on and o� without a�ecting the others. Thisterminology is used to de®ne the characteristics of riskswhich are decided not only by their own features, butalso by other risks occurring on the same project.Commonly risks mutually a�ect, magnify or diminisheach other. This kind of mutual in¯uence among riskson a project is de®ned as the risk relationship [25].Comprehension of and a study of the relationshipbetween the risks on a project are fundamental toimplementing PRM. The two main classi®cations of riskrelationships are dependent risks in series and indepen-dent risks in parallel. Risks occurring in series, describesthe situation where one risk event generates another riskevent in a continuous sequential action. In other words,risk event B is dependent on the occurrence of risk A. Ifrisk A occurs, then risk B occurs directly as a result ofA. If risk A does not occur, then risk B de®nitely doesnot occur (see Table 5). Risks occurring in parallel,describes the situation where several risk events occur atthe same time. Where three risk events have been iden-ti®ed, which will occur at the same time and have animpact on the same programme activity; then it is therisk which will have the largest negative e�ect, that isconsidered in any probabilistic analysis (see Fig. 5). Forexample, where the risks of changes in legislation, lateClient changes to brief and design rework to realigndesign to cost plan have been identi®ed against a pro-gramme activity called ``production information'' andthe risk of design rework to realign design to cost plan is

Table 3

Controllable and uncontrollable risks

Controllable Uncontrollable

Late planning submission Planning conditions imposed on

the design

Lack of change control

procedure

Designer going into receivership

Lack of design co-ordination In¯ation

Late commissioning of

sub-contractors drawings

Taxation

Late completion of design

drawings

Late completion of infrastructure

by others

Production information errors Changes in legislation


assessed as having the highest probability and impact,then it is this dominant risk which is incorporated intoany assessment of the risks in combination. If one orboth of the other risks materialised at the same time,their impact would be absorbed within the programmeprolongation caused by the risk Ð design rework torealign design to cost plan. If one of the other risksmaterialised on its own, from the assessment, its impact

on the programme would not be greater than the impactidenti®ed for design rework to realign design to cost plan.In this example the dominant risk is represented by atriangular distribution.

4.4.7. Step 4 process: modelling risks in seriesWhen collecting data during the identi®cation and

assessment stages, it is important to uncover and record

Table 5

Representing risks in series, in a model

A B C D E F G H

Risk ID Risk occurs Time (weeks) Distribution Calculation Outcome

Min Most likely Max

1 Risk A = RiskDiscrete ({0, 1},{50, 50}) 10 11 12 = RiskTriang (10, 11, 12) = RiskTriang (10, 11, 12)�B1 = G1+G2

2 Risk B Depends on risk A 3 4 5 = RiskTriang (3, 4, 5) = IF(G1 = 0, 0, F2)a

a ``IF'' equations are constructed from three components-some logical test, a value for the test if true and a value for the test if false. In this

instance the logical test is if risk A equals zero (i.e. risk A does not occur), then the value for the test is 0; however, if risk A materials, the value for

the test when false is Risk Triang for risk B.

Table 4

Distinction between cause, risk and e�ect

Cause Risk (direct impact on cost,

programme or business case)

E�ect

C1/R1 LA Planning Gain requirements exceed

expectations

R1 Increase in project scope Increase in project costs (design and

construction)

C1/R2 Proposed design not kept within cost plan R2 Extensive design rework Failure to meet design programme

C1/R3 Signalling incompatibility R3 Desired train frequency not

achievable

Failure to meet business case

Fig. 4. Risk relationships.


the relationships between the risks for evaluation of therisks in combination at some later date. Risk dependency,where the occurrence of risk B is entirely dependent onthe occurrence of risk A (as discussed above), can berepresented by ``IF'' equations within risk models whichare Microsoft Excel based, as illustrated in Table 5.

4.4.8. Step 4 process: modelling risks where they occurin series and parallel togetherIn the section above, the occurrence of risks in series

and parallel were described (i.e. risks occurring in series,describes the situation where one risk event generatesanother risk event in a continuous sequential action andrisks occurring in parallel, describes the situation whereseveral risk events occur at the same time). On live pro-jects it is common for risks to be identi®ed as potentiallyarising in a combination of these patterns. In the exampleincluded in Fig. 6, one risk may be followed by one ofthree risks. This situation can be represented in riskmodels that are Microsoft Excel based, by a combina-tion of ``IF'' functions and ``MAX'' functions illustratedin Table 6. The MAX function selects the largest valuefrom the list of cell references it is instructed to examine.

4.4.9. Step 4 process: determining multiple permutationsusing probability theoryProbability theory can be applied to determining the

likelihood of di�erent combinations of events (in series)using ``tree diagrams'' also known as decision trees. Inthe example included in Fig. 7, dependent risks areexamined arising from the risk of changes in legislation.As you progressively move through the tree (workingfrom left to right) the risks become less likely and hencethe probabilities are multiplied together. It can be seen,for instance, that the likelihood of having to makealterations to the ``structural engineering'' is only 3.6%arising from a 20% chance of having to make ``fabricalterations'' and a 90% chance of having to make``changes to the juxtaposition of spaces''.

4.4.10. Step 4 process: comprehension of identi®cationtechniquesThere are several techniques available for risk identi-

®cation. (These techniques may also be described asmethods or procedures.) The two techniques mostcommonly used are structured one-to-one interviewsand brainstorming. The Nominal Group and Delphitechniques are less frequently employed. All of thesetechniques may be implemented with the aid of support``tools''. These may include check/prompt lists, in¯u-ence diagrams, system dynamic models (see Chapman[26]), repertory grids and activity schedules. Each ofthese techniques and support tools is described in out-line below. A fuller appraisal of the di�erent techniquesis provided in Chapman [27].

. Semi-structured one-to-one interview technique:This technique is an interactive dialogue aid foreliciting risks directly from the interviewee. Expertknowledge, however, is not easily captured andrequires an e�ective method for drawing it out.The process is time-consuming and due to com-mercial pressures normally present during riskanalysis assignments, the risk study must be care-fully managed to optimise the time invested ineach stage. There are a series of problems that arecommonly encountered which must be addressed ifthe interview process is to be productive. Similarproblems have been described by those constructingexpert systems and refer to the specialist beingmisunderstood, the specialist's explanations wan-dering, interruptions, false information beinggiven, biased questions asked by the interviewerand inaccurate representation of the informationgained. These issues must be addressed during therisk analysis and management process.

. Brainstorming technique: The brainstorming process,borrowed from business management and notspeci®cally created for risk management, involvesrede®ning the problem, generating ideas, ®nding

Fig. 5. Risks in parallel.

Fig. 6. Risks in series and parallel.


possible solutions, developing selected feasiblesolutions and conducting evaluation. Originatedby Osborn [28] in the early 1950s, brainstormingwas proposed as a problem solving method whichwould produce a much larger quantity of ideas inless time than existing group problem solvingtechniques. In the third revised edition of his textentitled ``Applied Imagination'', originally issuedin 1953, Osborn argues the e�ectiveness of brain-storming is derived from two essential compo-nents. These are succinctly described by Johnson[23] as (1) group thinking is more productive thanindividual thinking and (2) the avoidance of criti-cism improves the production of ideas. Osbornstates that based on experience the optimum sizeof a brainstorming group is twelve and that theideal panel should consist of a leader, an associateleader, about ®ve regular or ``core'' members andabout ®ve guests. It has been found that a panelshould be composed of people of the same rank or

standing as the more senior panel members tend toindirectly discourage ``free-wheeling''.

. The NGT technique: The Nominal Group Technique(NGT) was developed by Delbecq et al. [29] in1968. It was derived from social-psychologicalstudies of decision conferences, management-science studies of aggregating group judgementsand social work studies. Delbecq et al. [30]describe the operation of the NGT method ascommencing with the group members (betweenseven and ten) without discussion, writing ideasrelated to the problem down on a pad of paper.After ®ve to ten minutes each individual in turnbrie¯y presents one of the ideas. These are recordedon a ¯ip chart in full view of the group members.Round-robin listing continues until all membersindicate that they have no more ideas. Discussiondoes not take place until all the ideas are recorded.Then each one is discussed. Finally each individualwrites down their evaluation of the most serious

Table 6

Representing risks in series in a modela

A B C D E F G H

Risk ID Risk occurs Time (weeks) Distribution Calculation Outcome

Min Most likely Max

1 RiskA = RiskDiscrete ({0, 1}, {80, 20}) 10 11 12 = RiskTriang (10, 11, 12) = RiskTriang (10, 11, 12)�B1 = G1 + IF

(G1 = 0, 0, G5)

2 RiskB = RiskDiscrete ({0, 1}, {95, 5}) 12 20 = RiskUniform (12, 20) = RiskUniform (12, 20)�B23 RiskC = RiskDiscrete ({0, 1}, {80, 20}) 12 14 = RiskUniform (12,14) = RiskUniform (12, 14)�B34 RiskD = RiskDiscrete ({0, 1}, {50, 50}) 2 4 = RiskUniform (2,4) = RiskUniform (2, 4)�B45 = MAX(G2, G3, G4)

a RA: Unexpected signi®cant change in user requirements/brief; RB: Comprehensive redesign and new planning application required; RC: Major

redesign and new planning application required; RD: Minor redesign and revision to planning proposal through delegated powers.

Fig. 7. Tree diagram for risk ``changes in legislation.''.


risks, by rank ordering or rating. Then these aremathematically aggregated to yield a group decision.

. The Delphi technique: Delphi is perhaps the best-known method of using group judgements inforecasting. It was developed at the RAND Cor-poration by Dalkey, Helmer and others primarilyfor technological forecasting, but has seen a widevariety of applications. The Delphi Technique is amethod for the systematic collection and collationof judgements from isolated anonymous respon-dents on a particular topic, through a set of carefullydesigned sequential questionnaires interspersed withsummarised information and feedback of opinions,derived from earlier responses. The basic principlesof the multistage method are the elimination ofdirect social contact providing unattributed con-tributions, the provision of feedback and theopportunity for the revision of opinions. The par-ticipants are asked individually, usually by mailedquestionnaires but more recently by interactivecomputer contact, for their estimates of the vari-ables in question. These are then collated andsummarised in such a way as to conceal the originof individual estimates. The results are then circu-lated and the participants are asked if they wish torevise their earlier forecasts. These rounds cancontinue until the estimates stabilise, though inpractice the procedure rarely goes beyond a secondround.

4.5. Step 5: encoding

The aim of this step is to draw from the intervieweesor workshop attendees the assessment of the impact andprobability for each of the risks identi®ed, using themeasures agreed during the Presentation Step. Thisinformation is captured in a risk register or risk log.Depending on the stage of the project, di�erent assess-ment criteria may be appropriate. At the commencementof a project the focus will be on identifying any ``show-stoppers''. Later in the development the assessment maycentre around evaluating feasibility options.

4.6. Step 6: veri®cation

The aim is to gain a consensus among the design teammembers/interviewees to establish if there is generalagreement as to the risks identi®ed and the measuresassigned to them. In addition, it is aimed at crosschecking for consistency between measures assigned torisks by individuals. Veri®cation can be conducted usingthree di�erent techniques identi®ed by Spetzler andStael von Holstein [31], cross checking for consistencybetween values, veri®cation using di�erent elicitationtechniques and veri®cation by using the ®nal result.Cross checking for consistency is a simple method for

veri®cation where the analyst asks the core team memberif he feels that the results are consistent across one stageof the elicitation process; for instance if two di�erentrisks have approximately the same probabilities ofoccurrence, the analyst will ask the expert if he feels thisre¯ects his view of the risks. Having obtained the resultsthe analyst asks the design team members whether theygive a fair view of the consequences Ð that is, do theycompare with their own ideas about consequences. Thisis quite easily done and if discrepancies do occur thenthey can be traced back to the base data. Veri®cationusing the ®nal results can be conducted by providingrisk maps for each design stage which have been com-pleted to show the top ten risks identi®ed for each stage.Each map will illustrate the assessment made for eachrisk in terms of likelihood of occurrence and impact.The design team members are requested to compare themaps to see if the degree of exposure described actuallyre¯ects their thinking. The least and most exposedstages are examined to see if there is common accep-tance of the assessment.

5. Summary

The steps of the overall process were described as:knowledge acquisition, selection of the core design team,presentation of the process, identi®cation, encoding andveri®cation. From the examination of how these stepsare implemented, it can be seen how the e�ectiveness ofthe overall process may be in¯uenced and better under-stood. The observations are a re¯ection of the rudimentsof the process and might be described as obvious to theseasoned practitioner, however they are fundamental ifbene®ts are to be drawn from the process. From theknowledge acquisition step it may be concluded that thecontribution of the facilitator is enhanced if he/she has adetailed understanding of the project prior to the com-mencement of the identi®cation process. The e�ectivenessof the identi®cation process will be directly correlated tohow broad and comprehensive the examination of thethreats to a project are. The breadth of examination willbe dependant on whether all of the core design teammembers (and where appropriate the second tier designteam members) were present during brainstorming. Theparticipants must be properly briefed during the pre-sentation step. For the measures of impact to be mean-ingful they must spring from the project objectives, thesigni®cance of accomplishing them (or not) and howthey have been prioritised. Identi®cation of design man-agement risks requires an understanding of the char-acteristics of the process and how its main componentsmust be maintained in balance. All design processes,whether they be within the IT or construction indus-tries, have common problems that must be understoodand addressed. Identi®cation requires an understanding


of the sources of risk and General Systems Theory is putforward as a way of structuring those sources. In addition,it is proposed that risks have distinctive characteristicsand that their interrelationship can be described interms of whether they are in series or parallel. To conductthe assessment process, encoding is implementedwhereby the impact and probability measures are usedto ``size'' the risks to describe their potential in¯uenceon the project should they materialise. Finally, veri®ca-tion is used to obtain consensus across the process par-ticipants as to the risks, their likelihood of occurrenceand impact should they arise.

References

[1] Chapman RJ. The role of system dynamics in understanding the

impact of changes to key project personnel on design production

within construction projects. International Journal of Project

Management 1998;16(4):235±47.

[2] Thompson PA, Perry JG. In: Engineering construction risks, a

guide to project risk analysis and risk management. Dordrecht:

Kluwer Academic Publishers, 1992. p. 7.

[3] CCTA Ð The Government Centre for Information Systems.

Introduction to the management of risk. London: HMSO, 1993,

p. 23.

[4] Chapman RJ. Specialising in risks. The Architects Journal, 23

November 1995; 56±58.

[5] PRAM Ð Project risk analysis and management guide, The

APM Group. In: Simon Peter, Hillson David, Newland Ken,

editors, 1997, p. 23.

[6] Chapman C, Ward S. In: Project risk management, processes,

techniques and insights. New York: Wiley, 1997. p. 49.

[7] CPI Ð Co-ordinated project information, published by the Co-

ordinating Committee for Project Information, 1987.

[8] RIBA Ð RIBA Plan of Work, RIBA Publications, 1973.

[9] Clark RC, Pledger M, Needler HMJ. Risk analysis in the eva-

luation of non-aerospace projects. Project Management

1990;8(1).

[10] Tversky A, Kahneman D. Judgement under uncertainty: heur-

istics and biases. Science 1974;183:1124±31.

[11] Wideman RM. Risk management. Project Management Journal

1986;17(4):20±6.

[12] Cooper DF, Chapman CB. Risk analysis for large projects:

models, methods and cases. New York: Wiley, 1987.

[13] CCTA Ð The Government Centre for Information Systems. An

introduction to managing project risk. London: HMSO, 1993.

[14] CCTA Ð The Government Centre for Information Systems.

Management of project risk. London: HMSO, 1994.

[15] Perry JG, Hayes RW. Risk management for project managers.

Building Technology and Management 1986;Aug/Sept:8±11.

[16] Hertz DB, Thomas H. Risk analysis and its applications. New

York: Wiley, 1983.

[17] Flanagan R, Norman G. In: Risk management and construction.

Oxford: Blackwell, 1993. p. 54.

[18] British Standard 6079 HMSO, 1996, p. 29.

[19] Raftery J. In: Risk analysis in project management. London:

E&FN Spon (Chapman and Hall), 1994. p. 18.

[20] Conroy G, Soltan H. ConSERV: a project speci®c risk manage-

ment concept. International Journal of Project Management,

1998;16(6):353±66.

[21] Perry JG. Risk management: an approach for project managers.

Project Management, 1986;4(4):213.

[22] Chapman RJ. No need to gamble on risks. The Architects Jour-

nal 30 November 1995:49-51.

[23] HM Treasury Procurement Guidance No. 2: Value for money in

construction procurement, 1997, p. 16.

[24] RAMP Ð Risk analysis and management for projects, Institu-

tion of Civil Engineers and the Faculty and Institute of Actuaries,

1998.

[25] Ren H. Risk lifecycle and risk relationships on construction pro-

jects. International Journal of Project Management

1994;12(2):68±74.

[26] Chapman, R. J., Unpublished PhD thesis "An investigation of

the risk of changes to key project personnel during the design

stage", University of Reading, Department of Construction

Management and Engineering, April (1998).

[27] Chapman RJ. "The e�ectiveness of working group risk identi®-

cation and assessment techniques". International Journal of Pro-

ject Management 1998;16(6):333±43.

[28] Osborn AF. Applied imagination: principles and procedures of

creative problem solving. 3rd revised ed New York: Charles

Scribners, 1963.

[29] Delbecq AL. The World within the span of control: managerial

behaviour in groups of varied size. Business Horizons, 1968.

[30] Delbecq AL, Van de Ven AH. Gustafson DH, Group techniques

for programme planning. Scott and Foresman: Glenview, 1975.

[31] Spetzler CS, Stael von Holstein CA. Probability encoding in

decision analysis. Management Science 1975;22(3):340±58.

Robert J. Chapman is the Head of

Risk Management at Osprey Project

Management. He obtained a PhD in

Design/Risk Management and an MSc

in Construction Management from the

Faculty of Urban and Regional Stu-

dies at the University of Reading,

subsequent to becoming a chartered

architect. He has provided project

management and risk consultancy ser-

vices to several blue chip companies. He

has contributed to the development of

the level ®ve National and Scottish

Vocational Quali®cations (NVQ) in

Construction Project Management and conducted research into risk

management practices on behalf of the Architects Registration Board.


tpi5

Highlight

tpi5

Highlight

the controlling influences on e•ective risk identification ......the controlling influences on...

Documents