Risk Analysis Introduction

Construction industry is highly risk prone, with complex and dynamic project environments creating an atmosphere of high uncertainty and risk. The industry is vulnerable to various technical, sociopolitical and business risks. Risk and uncertainty are inherent in all construction works, no matter what is the size of the project. Although size of project is one of the major causes of risk, other factors that carry risk within them include speed of construction, location of project, technology being used and familiarity with the work. A construction project is also vulnerable to Political, Economic, Social and Environmental conditions. Project objectives tend to change, as well as there are changes in design, work methods, responsibilities of parties etc. which result in an increased vagueness of conditions. The participants in the industry have been agonizing outcomes of failure in the form of unusual delays in the project completion with cost overruns and many times, something failing to meet quality standards and operational requirements. Risk analysis is needed to determine the potential impact of the risk. Risk analysis techniques are grouped into two main categories namely quantitative and qualitative. They both benefit from the data produced by risk identification but the qualitative approach consumes the gathered information through direct judgment, comparing options, and descriptive analysis. In contrast, some of the quantitative risk analysis techniques incorporate uncertainty in a quantitative manner to evaluate the potential impact of risk. In this process, an analyst integrates information from numerous sources through quantitative and/or qualitative modeling, while preserving the uncertainty and the complex relationships between the elements of information.

Risk Management The risk management process involves the systematic application of management policies, processes and procedures to the tasks of establishing the context, identifying, analyzing, assessing, treating, monitoring and communicating risks. An effective risk management method can help to understand not only what kinds of risks are faced, but also how to manage these risks in different phases of a project. Owing to its increasing importance, risk management has been recognized as a necessity in construction industry today, and a set of techniques have been developed to control the influences brought by potential risks. Compared with many other industries, the construction industry is subject to more risks due to the unique features of construction activities, such as long period, complicated processes, abominable environment, financial intensity and dynamic organization structures. Hence, taking effective risk management techniques to manage risks associated with variable construction activities has never been more important for the successful delivery of a project.

Risk management process (RMP) is the basic principle of understanding and managing risks in a project. It consists of the main phases namely identification, assessment and analysis, and response.

Risk Identification Risk Control

Risk Analysis

Risk Review

Risk Response

The Process of managing risks (Smith et al. 2006)

Benefits with risk management To maximize the efficiency of risk management, the risk management process should be continuously developed during the entire project. In this way, risks will be discovered and managed throughout all the phases. The benefits from risk management are not only reserved for the project itself, but also for the actors involved. The main incentives are clear understanding and awareness of potential risks in the project. In other words, risk management contributes to a better view of possible consequences resulting from unmanaged risks and how to avoid them. Another benefit of working with risk management is increased level of control over the whole project and more efficient problem solving processes which can be supported on a more genuine basis. It results from an analysis of project conditions already in the beginning of the project. The risk management also provides a procedure which can reduce possible and sudden surprises. Different attitudes towards risk can be explained as cultural differences between organizations, where the approach depends on the company's policy and their internal procedures

Limits of risk management The level of risk is always related to the project complexity. The fact that there are so many risks which can be identified in the construction industry can be explained by the projects size and their complexity. The bigger the project is, the larger the number of potential risks that may be faced. Several factors can stimulate risk occurrence. Those most often mentioned in the literature are financial, environmental (the projects surrounding, location and overall regulations), time, design and quality. Other influences on the occurrence of risk are the level of technology used and the organizations risks. Claims that complexity is a factor that can limit a project; the bigger and more complex a project is, the more resources are required to complete it. Moreover, when all potential risks have been identified, the project team must remember that there might be more threats. Therefore, the project team should not solely focus on management of those identified risks but also be alert for any new potential risks which might arise. Risk management should be used as a tool to discover the majority of risks and a project manager should be also prepared for managing uncertainties not included in a risk management plan.

Risk identification The first step in the risk management process is usually informal and can be performed in various ways, depending on the organization and the project team. It means that the identification of risks relies mostly on past experience that should be used in upcoming projects. If the causes of the risks have been identified and allocated before any problems occur, the risk management will be more effective. The purpose of identifying risks is to obtain a list with potential risks to be managed in a project. In order to find all potential risks which might impact a specific project, different techniques can be applied. It is important to use a method that the project team is most familiar with and the project will benefit from.
Risk identification techniques

documentation review questionnaire surveys influence diagram case studies SWOT analysis check list failure mode and effect

brain storming, interviews delphi technique cause and effect diagrams expert judgment PEST analysis Assumption analysis hazard and operability study (HAZOP)

analysis (FEMA)

Risk category Political Instability of national politics during operation phase National political conflict during feasibility phase Instability of macro politics during operation phase

Economic Unpredicted increase of needed material price in implementation phase Changes in exchange rates, convertibility during implementation phase

Economic slowdown, economic crisis during implementation phase Low competition in internal market during feasibility phase Difficulty to find suitable plant, because of high prices Unpredicted increase of power price during implementation phase

Design change Change of design because of poor understanding of customer needs

Financial (Internal and external resources) Restriction of public funding, budgetary cuts, delay, during implementation phase Delay of bank in project fund allocation during feasibility phase Contractual failure (bankruptcy) Financial difficulties of owner of the project during implementation phase Poor quality of operation process due to financial problems of financier Poor project maintenance due to financial problems of owner

Natural Constraints of site Difficulties of access and work on site due to specific geographical constraint of region

Time management Imposed unrealistic time planning for project due to insufficient or incorrect information Poor time management due to change of manager or management strategies of the project Inconsistency in time schedule of different stakeholders due to poor communication management Natural hazards Earthquake, flood, landslide, fire or wind damage during implementation phase

Defective design Project design does not comply with building regulations

Mistake in design

Quality management Poor quality management of the project due to frequent change of management strategies

Poor Communication (Project or stakeholder view) Public concerns related to health and safety of the project due to poor communication Poor exchange of information between designers Poor exchange of information between contractors/ subcontractors

Risk analysis Risk analysis process is the vital link between systematic identification of risks and rational management of the significant risks. The risk analysis process aims to evaluate the consequences associated with risks and to assess the impact of risk by using risk analysis and measurement techniques. This process leads to prioritize the identified risks for further actions. The main input to risk analysis process is the identified risks from risk identification process. The probability and impact of identified risks are two key variables in assessing the risk. This process can range from very simple qualitative analysis to quantitative analysis which is more sophisticated.

The first step of risk analysis process is to determine in which progress level of project the evaluation has to be conducted. In this case, Work Breakdown Structures diagrams are very useful. Work Breakdown Structures is the hierarchical decomposition structure of a project tasks and can be set at different level of detail (project/ phases/ tasks/ subtasks), each one attached to corresponding actors and resources that interconnection between WBS of a project and its Risk Breakdown Structure (RBS) is a useful technique to associate risks. WBS constitutes the basic framework for the management of a project; likewise, RBS can be used as a tool to structure the risk management process. WBS can be further decomposed to see more details of each task. RBS does the same for risk identification, creating an organized list of risks that helps to better understand and interpret risks. When the level of available information, progress of project and desired level of accuracy of analysis are defined, the convenient type of analysis can be selected easily.

Qualitative analysis Qualitative analysis is based on a descriptive or nominal scale to describe risk events and their consequences. This analysis is mainly used in an initial evaluation of risks or for a rapid assessment. It can also be used when there is little knowledge about probability and impact. This method allows identifying the individual risks events with the most significant influence on project objectives. The risk events which are assessed as high priority may be further analyzed using quantitative risk analysis methods.

A typical qualitative risk assessment usually includes the following issues a brief description of the risk the stages of the project when risk may occur the elements of the project that could be affected the factors that influence risk to occur the relationship with other risks the likelihood of risk occurring how risk could affect the project

The qualitative analysis can be based on a probability-impact matrix where the probability and impacts of each risk are assessed using defined scales plotted on a two-dimensional grid. The consequences are evaluated in terms of potential impact on project success criteria. The scales depend of project size, strategies, the level of available information and desired accuracy. This matrix can be used for assessing threats and opportunities using two grids of negative impacts and positive impacts .In both cases, high-probability/ high-impact risks are prioritized.

Risk probability and impact Assessment Risk probability and risk impact may be described in qualitative terms such as very high, high, moderate, low and very low. Risk probability is the likelihood that a risk will occur. Risk impact is the effect on project objectives if the risk occurs, which may be a negative effect (threat) or a positive effect (opportunity)

The levels of probability and impact are assessed in meetings or by interviews. Participants include subject matter (area of risk) experts and project team members. Details justifying the assessment should be documented. Risks are rated according to the definitions given in the risk management plan.

Risk Consequences very high

Description If the event occurs, it is effect more than 20% of the project objective (Time,Cost,Quality,Scope)

high Moderate low very low

If the event occurs, it is effect 10%-20% of the project objective If the event occurs, it is effect 5%-10% of the project objective If the event occurs, it is effect 5% of the project objective. If the risk event occurs, it is no effect for the project objective. Rating impact of risk

Probability / impact risk rating matrix A matrix may be constructed that assigns risk ratings (low, moderate or high) to risks based on combining probability and impact scales of a risk on a project objective. The organization must determine which combinations of probability and impact result in a risks being classified as high risk (red condition), moderate risk (yellow condition), and low risk (green condition). The risk score helps put the risk into a category that will guide risk response actions.

Risk Urgency Assessment. Urgent risks require urgent responses. Urgency can be addressed by including time of response as an indicator of priority. Other indicators may include symptoms and warning signs, as well as the risk rating.

Risk response planning

The next step after identification and analysis of project risk is to develop options, and determine convenient actions, focusing on most significant risks, in order to shift odds in favor of project success and to minimize the negative impacts of threats on project objectives. This process aims to determine effective response actions that are appropriate to the priority of individual risks and to the overall project risk. It takes into account the stakeholders risk attitudes and the conventions specified in the Risk Management Plan, in addition to any constraints and assumptions that were determined when the risks were identified and analyzed. When the response actions are applied, they affect the project objectives and can generate additional risks. These are known as secondary risks and have to be analyzed and planned for in the same way as those risks which were initially identified below mentioned graphs provides the key success factors of risk response planning.

Responses to risks can be combination of the following options

Mitigate: consists in reducing the probability and/or the impact of a threat to an acceptable threshold. It may take resources or time and hence may represent a tradeoff of one objective for another. This method is the most widely used and applicable strategy.

Avoid: Risk avoidance involves changing the project plan to eliminate the risk or to protect the project objectives (time, cost, scope, quality) from its impact. When an organization or parties or individual refuse to accept risk, then risk is avoided. This means the exposure of risk is not allowed to exist. There are a number of ways through which risks can be avoided, for examples, tendering a very high bid, placing conditions on the bid, pre-contract negotiations as to which party takes certain risks, and not bidding on the high-risk portion of the contract.

Transfer: is a strategy to transfer the risk to another partner or third party that is better positioned to address a particular threat. This method does not normally eliminate the risk but just makes someone else worry about it. An example would be transferring the financial impact of risk to an insurance company. Transference tools can be quite diverse and include, but are not limited to the use of: insurance, performance bonds, warranties, guarantees,

incentive/disincentive clauses, etc. Acceptance: this strategy applies when the other strategies are not considered applicable or feasible. In this method, the benefits that can be gained from taking the risk should be balanced against the penalties. Acceptance entails taking no action unless the risk actually occurs. In this case, contingency or fallback plans may be developed ahead of time, to be implemented if the risk presents itself.

Risk response planning should combine responses that address the threats as well as those that provide for opportunities. Response to opportunities could be one/combination of: exploit share, enhance and acceptance.

Monitoring
This final step of risk management plan is vital since all information about the identified risks is collected and monitored.The continuous supervision over the RMP helps to discover new risks, keep track of identified risks and eliminate past risks from the risk assessment and project also states that the assumptions for monitoring and controlling are to supervise the status of the risks and take corrective actions if needed.

Tools and techniques used to risk monitor and control may be Risk reassessment identification of new potential risks. This is a constantly repeated process throughout the whole project. Monitoring of the overall project status are there any changes in the project that can effect and cause new possible risks? Status meetings discussions with risks owner, share experience and helping managing the risks. Risk register updates

By managing the whole RMP, the process can be evaluated. This is a method of creating a risk register where all risks and their management can be allocated in order to facilitate future projects this is also a way to improve the project work, since the advantages and disadvantages will be brought up.