Sei sulla pagina 1di 29


Submitted By: PGPM 31 M 57 NICMAR-SODE


I. II. III. IV. V. VI.

Introduction to Risk management Principles of Risk management Methods and Process of Risk management Risk assessment and Risk Response strategy Risk communication and Monitoring / control Risk management in construction projects

VII. Risk mitigation by Partnering and Joint approach


Cognizant Siruseri SEZ is a notified SEZ and the first project of its kind in Chennai, providing a totally integrated township for discerning IT professionals to work and live, away from the congestion and pollution of the city. Located on the OMR (NH 54) Road in Siruseri, just a 30-minute drive from the airport, it is spread over an area of 45 acres. Surrounded by lakes and hills it already has a resort like environment. Adding to the natural beauty will be the landscaped campus of Eden Park, serene and environmental friendly, to accommodate around 40,000 people. RISK INVOLVED IN THE PROJECT: Risks in construction projects may be classified in a number of ways. One form of risks classification is as follows: Socioeconomic factors Environmental protection Public safety regulation Economic instability Exchange rate fluctuation Organizational relationships Contractual relations Attitudes of participants Communication Technological problems Design assumptions Site conditions Construction procedures Construction occupational safety We shall see, how such projectss risks are handled and what would be the measures to contain or transfer or absorb risk with a detailed study on RISK right from Introduction to Risk in projects.

Introduction : Risk management

The vocabulary of risk management is defined in ISO Guide 73.

Risk is defined in ISO 31000 as the effect of uncertainty on objectives (whether positive or negative). Risk management can therefore be considered the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. Several risk management standards have been developed including the Project Management Institute, the National Institute of Science and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety. The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk even though the confidence in estimates and decisions increase.

Principles of Risk Management:

The International Organization for Standardization identifies the following principles of risk management: Risk management should: a) Create value. b) Be an integral part of organizational processes. c) Be part of decision making. d) Explicitly address uncertainty. e) Be systematic and structured. f) Be based on the best available information. g) Be tailored. h) Take into account human factors. i) Be transparent and inclusive. j) Be dynamic, iterative and responsive to change. k) Be capable of continual improvement and enhancement. In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. For example, when deficient knowledge is applied to a situation, a knowledge risk materializes. Relationship risk appears when ineffective collaboration occurs. Processengagement risk may be an issue when ineffective operational procedures are applied. These risks directly reduce the productivity of knowledge workers, decrease cost effectiveness, profitability, service, quality, reputation, brand value, & earnings quality. Intangible risk management allows risk management to create quick value from the identification & reduction of risks that reduce productivity. Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management minimizes spending and minimizes the negative effects of risks.

Method of Risk Management:

For the most part, these methods consist of the following elements, performed, more or less, in the following order. a) Identify, characterize, and assess threats b) Assess the vulnerability of critical assets to specific threats c) Determine the risk (i.e. the expected consequences of specific types of attacks on specific assets) d) Identify ways to reduce those risks e) Prioritize risk reduction measures based on a strategy

Process of Risk Management:

According to the standard ISO 31000 "Risk management -- Principles and guidelines on implementation, the process of risk management consists of several steps as follows: a) Establishing the context b) Establishing the context involves: c) Identification of risk in a selected domain of interest d) Planning the remainder of the process. Mapping out the following: a) The social scope of risk management b) The identity and objectives of stakeholders c) The basis upon which risks will be evaluated, constraints. Defining a framework for the activity and an agenda for identification and developing an analysis of risks involved in the process and mitigation or solution of risks using available technological, human and organizational resources. Identification: After establishing the context, the next step in the process of

managing risk is to identify potential risks. Risks are about events that, when triggered, cause problems. Hence, risk identification can start with source of the problems, or with the problem itself. Source analysis: Risk sources may be internal or external to the system that is the target of risk management. Examples of risk sources are : Stakeholders of a project, Employees of a company or the Weather over an airport. Problem analysis: Risks are related to identified threats. For example: the threat of losing money, the threat of abuse of privacy information or the threat of accidents and casualties. The threats may exist with various entities, most important with shareholders, customers and legislative bodies such as the government. When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: Stakeholders withdrawing during a project may endanger funding of the project; privacy information may be stolen by employees even within a closed network; lightning striking a Boeing 747 during takeoff may make all people onboard immediate casualties. The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are: Objectives-based risk identification Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk.

Scenario-based risk identification: In scenario analysis, different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk - see - Futures Studies for methodology used by Futurists. Taxonomy-based risk identification: The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks. Common-risk checking: In several industries lists with known risks are available. Each risk in the list can be checked for application to a particular situation. Risk charting : This method combines the above approaches by listing resources at risk, Threats to those resources Modifying Factors which may increase or decrease the risk and Consequences it is wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can begin with resources and consider the threats they are exposed to and the consequences of each. Alternatively one can start with the threats & examine which resources they would affect, or one can begin with the consequences and determine which combination of threats & resources would be involved to bring them about. Assessment of Risks: Once risks have been identified, they must then be assessed as to their potential severity of loss and to the probability of occurrence. These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring. Therefore, in the assessment process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan. The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. Furthermore, evaluating the severity of the consequences (impact) is often quite difficult for immaterial assets. Asset valuation is another question that needs to be addressed. Thus, best educated opinions and available statistics are the primary sources of information. Nevertheless, risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized. Thus, there have been several theories & attempts to quantify risks. Numerous different risk formulae exist, but perhaps the most widely accepted formula for risk quantification is: Rate of occurrence multiplied by the impact of the event equals risk. Composite Risk Index: The above formula can also be re-written in terms of a Composite Risk Index, as follows: Composite Risk Index = Impact of Risk event x Probability of Occurrence The impact of the risk event is assessed on a scale of 0 to 5, where 0 and 5 represent the minimum and maximum possible impact of an occurrence of a risk (usually in terms of financial losses). The probability of occurrence is likewise assessed on a scale from 0 to 5, where 0 represents a zero probability of the risk event actually occurring while 5 represents a 100% probability of occurrence. The Composite Index thus can take values ranging from 0 through 25, and this range is usually arbitrarily divided into three sub-ranges. The overall risk assessment is then Low, Medium or High, depending on the sub-range containing the calculated value of the Composite Index. For instance, the three sub-ranges could be defined as 0 to 8, 9 to 16 and 17 to 25. Note that the probability of risk occurrence is difficult to estimate since the past data on frequencies are not readily available, as mentioned above.

Likewise, the impact of the risk is not easy to estimate since it is often difficult to estimate the potential financial loss in the event of risk occurrence. Further, both the above factors can change in magnitude depending on the adequacy of risk avoidance and prevention measures taken and due to changes in the external business environment. Hence it is absolutely necessary to periodically re-assess risks and intensify/relax mitigation measures as necessary. Risk Options: Risk mitigation measures are usually formulated according to one or more of the following major risk options, which are: 1. Design a new business process with adequate built-in risk control and containment measures from the start. 2. Periodically re-assess risks that are accepted in ongoing processes as a normal feature of business operations and modify mitigation measures. 3. Transfer risks to an external agency (e.g. an insurance company) 4. Avoid risks altogether (e.g. by closing down a particular high-risk business area) Later research has shown that the financial benefits of risk management are less dependent on the formula used but are more dependent on the frequency and how risk assessment is performed. In business it is imperative to be able to present the findings of risk assessments in financial terms. Robert Courtney Jr. (IBM, 1970) proposed a formula for presenting risks in financial terms. The Courtney formula was accepted as the official risk analysis method for the US governmental agencies. The formula proposes calculation of ALE (annualised loss expectancy) and compares the expected loss value to the security control implementation costs (cost-benefit analysis). Potential risk treatments: Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories: Avoidance (eliminate, withdraw from or not become involved) Reduction (optimise - mitigate) Sharing (transfer - outsource or insure) Retention (accept and budget) Ideal use of these strategies may not be possible. Some of them may involve tradeoffs that are not acceptable to the organization or person making the risk management decisions. Another source, from the US Department of Defense, Defense Acquisition University, calls these categories ACAT, for Avoid, Control, Accept, or Transfer. This use of the ACAT acronym is reminiscent of another ACAT (for Acquisition Category) used in US Defense industry procurements, in which Risk Management figures prominently in decision making and planning. Risk avoidance: This includes not performing an activity that could carry risk. An example would be not buying a property or business in order to not take on the Legal liability that comes with it. Another would be not be flying in order to not take the risk that the airplane were to be hijacked. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning profits. Hazard Prevention: Hazard prevention refers to the prevention of risks in an emergency. The first and most effective stage of hazard prevention is the elimination of hazards. If this takes too long, is too costly, or is otherwise impractical, the second stage is mitigation.

Risk reduction: Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire. This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy. Acknowledging that risks can be positive or negative, optimizing risks means finding a balance between negative risk and the benefit of the operation or activity; and between risk reduction and effort applied. By an offshore drilling contractor effectively applying HSE Management in its organization, it can optimize risk to achieve levels of residual risk that are tolerable. Modern software development methodologies reduce risk by developing and delivering software incrementally. Early methodologies suffered from the fact that they only delivered software in the final phase of development; any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in iterations, software projects can limit effort wasted to a single iteration. Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability at managing or reducing risks. For example, a company may outsource only its software development, the manufacturing of hard goods, or customer support needs to another company, while handling the business management itself. This way, the company can concentrate more on business development without having to worry as much about the manufacturing process, managing the development team, or finding a physical location for a call center. Risk sharing: Defined as "sharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce a risk." The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer a risk to a third party through insurance or outsourcing. In practice if the insurance company or contractor go bankrupt or end up in court, the original risk is likely to still revert to the first party. As such in the terminology of practitioners and scholars alike, the purchase of an insurance contract is often described as a "transfer of risk." However, technically speaking, the buyer of the contract generally retains legal responsibility for the losses "transferred", meaning that insurance may be described more accurately as a post-event compensatory mechanism. For example, a personal injuries insurance policy does not transfer the risk of a car accident to the insurance company. The risk still lies with the policy holder namely the person who has been in the accident. The insurance policy simply provides that if an accident (the event) occurs involving the policy holder then some compensation may be payable to the policy holder that is commensurate to the suffering/damage. Some ways of managing risk fall into multiple categories. Risk retention pools are technically retaining the risk for the group, but spreading it over the whole group involves transfer among individual members of the group. This is different from traditional insurance, in that no premium is exchanged between members of the group up front, but instead losses are assessed to all members of the group. Risk retention: Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self insurance falls in this category. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured

against or the premiums would be infeasible. War is an example since most property and risks are not insured against war, so the loss attributed by war is retained by the insured. Also any amount of potential loss (risk) over the amount insured is retained risk. This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much.

Create a risk management plan: Select appropriate controls or countermeasures to measure each risk. Risk mitigation needs to be approved by the appropriate level of management. For instance, a risk concerning the image of the organization should have top management decision behind it whereas IT management would have the authority to decide on computer virus risks. The risk management plan should propose applicable and effective security controls for managing the risks. For example, an observed high risk of computer viruses could be mitigated by acquiring and implementing antivirus software. A good risk management plan should contain a schedule for control implementation and responsible persons for those actions. According to ISO/IEC 27001, the stage immediately after completion of the risk assessment phase consists of preparing a Risk Treatment Plan, which should document the decisions about how each of the identified risks should be handled. Mitigation of risks often means selection of security controls, which should be documented in a Statement of Applicability, which identifies which particular control objectives and controls from the standard have been selected, and why. Implementation: Implementation follows all of the planned methods for mitigating the effect of the risks. Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that can be avoided without sacrificing the entity's goals, reduce others, and retain the rest. Review and evaluation of the plan: Initial risk management plans will never be perfect. Practice, experience, and actual loss results will necessitate changes in the plan and contribute information to allow possible different decisions to be made in dealing with the risks being faced. Risk analysis results and management plans should be updated periodically. There are two primary reasons for this: to evaluate whether the previously selected security controls are still applicable and effective, and to evaluate the possible risk level changes in the business environment. For example, information risks are a good example of rapidly changing business environment. Limitations: If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. Unlikely events do occur but if the risk is unlikely enough to occur it may be better to simply retain the risk and deal with the result if the loss does in fact occur. Qualitative risk assessment is subjective and lacks consistency. The primary justification for a formal risk assessment process is legal and bureaucratic.

Prioritizing the risk management processes too highly could keep an organization from ever completing a project or even getting started. This is especially true if other work is suspended until the risk management process is considered complete. It is also important to keep in mind the distinction between risk and uncertainty. Risk can be measured by impacts x probability. Areas of risk management: As applied to corporate finance, risk management is the technique for measuring, monitoring and controlling the financial or operational risk on a firm's balance sheet or See value at risk. The Basel II framework breaks risks into market risk (price risk), credit risk and operational risk and also specifies methods for calculating capital requirements for each of these components. Enterprise risk management: In enterprise risk management, a risk is defined as a possible event or circumstance that can have negative influences on the enterprise in question. Its impact can be on the very existence, the resources (human and capital), the products and services, or the customers of the enterprise, as well as external impacts on society, markets, or the environment. In a financial institution, enterprise risk management is normally thought of as the combination of credit risk, interest rate risk or asset liability management, market risk, and operational risk. In the more general case, every probable risk can have a pre-formulated plan to deal with its possible consequences (to ensure contingency if the risk becomes a liability). From the information above and the average cost per employee over time, or cost accrual ratio, a project manager can estimate: The cost associated with the risk if it arises, estimated by multiplying employee costs per unit time by the estimated time lost (cost impact, C where C = cost accrual ratio * S). The probable increase in time associated with a risk (schedule variance due to risk, Rs where Rs = P * S): Sorting on this value puts the highest risks to the schedule first. This is intended to cause the greatest risks to the project to be attempted first so that risk is minimized as quickly as possible. This is slightly misleading, as Schedule variances with a large P and small S and vice versa are not equivalent. (The risk of the RMS Titanic sinking vs. the passengers' meals being served at slightly the wrong time). the probable increase in cost associated with a risk (cost variance due to risk, Rc where Rc = P*C = P*CAR*S = P*S*CAR) sorting on this value puts the highest risks to the budget first. see concerns about schedule variance as this is a function of it, as illustrated in the equation above. Risk in a project or process can be due either to Special Cause Variation or Common Cause Variation and requires appropriate treatment. That is to re-iterate the concern about extremal cases not being equivalent in the list immediately above.

Risk management activities as applied to project management: In project management, risk management includes the following activities: Planning how risk will be managed in the particular project. Plan should include risk management tasks, responsibilities, activities and budget. Assigning a risk officer - a team member other than a project manager who is responsible for foreseeing potential project problems. Typical characteristic of risk officer is a healthy skepticism. Maintaining live project risk database. Each risk should have the following attributes: opening date, title, short description, probability and importance. Optionally a risk may have an assigned person responsible for its resolution and a date by which the risk must be resolved.


Creating anonymous risk reporting channel. each team member should have possibility to report risk that he/she foresees in the project. Preparing mitigation plans for risks that are chosen to be mitigated. The purpose of the mitigation plan is to describe how this particular risk will be handled what, when, by who and how will it be done to avoid it or minimize consequences if it becomes a liability. Summarizing planned and faced risks, effectiveness of mitigation activities, and effort spent for the risk management. Risk management techniques in petroleum and natural gas: For the offshore oil and gas industry, operational risk management is regulated by the safety case regime in many countries. Hazard identification and risk assessment tools and techniques are described in the international standard ISO 17776:2000, and organizations such as the IADC (International Association of Drilling Contractors) publish guidelines for HSE Case development which are based on the ISO standard. Further, diagrammatic representations of hazardous events are often expected by governmental regulators as part of risk management in safety case submissions; these are known as bow-tie diagrams. The technique is also used by organizations and regulators in mining, aviation, health, defence, industrial and finance. Risk management and business continuity Risk management is simply a practice of systematically selecting cost effective approaches for minimizing the effect of threat realization to the organization. All risks can never be fully avoided or mitigated simply because of financial and practical limitations. Therefore all organizations have to accept some level of residual risks. Whereas risk management tends to be preemptive, business continuity planning (BCP) was invented to deal with the consequences of realized residual risks. The necessity to have BCP in place arises because even very unlikely events will occur if given enough time. Risk management and BCP are often mistakenly seen as rivals or overlapping practices. In fact these processes are so tightly tied together that such separation seems artificial. For example, the risk management process creates important inputs for the BCP (assets, impact assessments, cost estimates etc.). Risk management also proposes applicable controls for the observed risks. Therefore, risk management covers several areas that are vital for the BCP process. However, the BCP process goes beyond risk management's preemptive approach and assumes that the disaster will happen at some point. Risk communication: Risk communication is a complex cross-disciplinary academic field. Problems for risk communicators involve how to reach the intended audience, to make the risk comprehensible and relatable to other risks, how to pay appropriate respect to the audience's values related to the risk, how to predict the audience's response to the communication, etc. A main goal of risk communication is to improve collective and individual decision making. Risk communication is related to crisis communication. Bow tie diagrams: A popular solution to the quest to communicate risks and their treatments effectively is to use bow tie diagrams. These have been effective, for example, in a public forum to model perceived risks and communicate precautions, during the planning stage of offshore oil and gas facilities in Scotland. Equally, the technique is used for HAZID (Hazard Identification) workshops of all types, and results in a high level of engagement. For this reason (amongst others) an increasing number of government regulators for major hazard facilities (MHFs), offshore oil & gas, aviation, etc. welcome safety case submissions which use diagrammatic representation of risks at their core. Communication advantages of bow tie diagrams:


Visual illustration of the hazard, its causes, consequences, controls, and how controls fail. The bow tie diagram can be readily understood at all personnel levels. "A picture paints a thousand words." Seven cardinal rules for the practice of risk communication: (as first expressed by the U.S. Environmental Protection Agency and several of the field's founders) 1) Accept and involve the public/other consumers as legitimate partners. 2) Plan carefully and evaluate your efforts with a focus on your strengths, weaknesses, opprtunities, and threats. 3) Listen to the public's specific concerns. 4) Be honest, frank, and open. 5) Coordinate and collaborate with other credible sources. 6) Meet the needs of the media. 7) Speak clearly and with compassion. RISK IN CONSTRUCTION PROJECTS : A project is an endeavor in which human, material and financial resources are organized in a novel way; to undertake a unique scope of work of given specification, within constraints of cost and time, so as to achieve unitary, beneficial change, through the delivery of quantified and qualitative objectives. The definition suggests three key targets of the project, i.e. time, cost and quality, which are to be in focus when undertaking the project. It also highlights the importance of efficient organization of available resources in order to achieve a good final result. Flanagan and Norman (1993) emphasize two aspects of any construction project: the process, i.e. project phases, and the organization, i.e. project actors. From the process perspective, any construction project comprises a number of sequential phases. Different authors suggest a different number of project phases. The simplest approach identifies two main phases project development and project implementation. These two can be further detailed and developed into a larger number of phases, e.g. feasibility, design, procurement, construction, commissioning, and operation. Risk management process takes place in program, design, procurement and production. The maintenance phase was excluded because no risk management activities are to be found in this phase. Programme phase: In the programme phase the client has an idea about the project and analyses conditions for its execution. Design phase During the design phase the architects and engineers produce construction drawings according to the clients requirements. Procurement phase In the procurement phase the client appoints the contractor to carry out the project. Depending on the form of contract, the procurement phase follows either the programme phase (DB contracts) or the design phase (DBB contracts). Production phase Finally, the contractor executes the job in the production phase. Figure overviews the different models presented in the literature and the model used in the thesis.


Another important aspect of the construction process is project organization. Different participants are usually involved in a construction project. These are clients or owners, contractors, sub-contractors, manufacturers and suppliers, architects, engineers, consultants, local authorities, funding organizations etc. The more participants that are involved, the more Complex the task of project management becomes. In risk management three main groups of construction industry actors are in focus: clients, contractors and consultants. Client A client is a party that carries out or assigns others to carry out construction, demolition or land work. There are two main groups of construction clients: public and private. Privately owned companies undertake the projects to make a profit. The public sector includes the central government and local authorities and undertakes the projects to provide a public service and/or benefit to the citizens. Contractor A contractor is an organization that provides a service for the client, i.e. executes the construction works. The contractor organizations have different complexities and provide different ranges of services from ground works to electrical installations and telecommunications. Consultants The role of consultants is to assist clients and contractors and provide architectural and engineering services. Due to their dynamic nature, projects change continuously. Thus a great amount of risk and uncertainty is involved in construction activities. This uncertainty may have a significant impact on the project objectives and, therefore, has to be properly managed by the project actors during the whole project life cycle. Risk management process Risk management is a systematic process of identifying, assessing and responding to project risk. The overall goal of the risk management process is to maximize the opportunities and minimize the consequences of a risk event. A variety of risk management models with different numbers of stages can be found in the literature. The international standard Project risk management Application guidelines (IEC 2001) offers a model with four steps: risk identification, risk assessment, risk treatment, and risk review and monitoring. PMBOKs model (PMI 2000) is similar but divides risk assessment into two processes of qualitative risk analysis and quantitative risk analysis. Baloi and Price (2003) include an additional step of risk communication. Chapman and Ward (2003) present the SHAMPU (Shape, Harness, and Manage Project Uncertainty) framework which involves nine stages: define the project, focus the project, identify the issues, structure the issues, clarify ownership, estimate variability, evaluate implication, harness the plans, and manage implementation. Del Cano and de la Cruz (2002) propose an integrated methodology for project risk management in large and complex construction projects. The model is divided into four process phases: initiation, balancing, maintenance and learning. Each phase


consists of several stages, which, in turn, are divided into different activities. Despite the variety of models, risk identification, assessment and response form the core of project risk management. Therefore, a model consisting of these three stages is mostly used in construction projects.

Risk identification Risk identification is the first step of the risk management process. It is aimed at determining potential risks, i.e. those that may affect the project. PMBOK (PMI 2000) suggests that as many project stakeholders as possible should participate in the risk identification process. There are a number of tools and techniques for identifying the project risks These are brainstorming, expert opinion, structured interviews, questionnaires, checklists, historical data, previous experience, testing and modeling, evaluation of other projects. Empirical studies of risk management practice show that checklists and brainstorming are the most usable techniques in risk identification. They also highlight that risk identification often relies on individual judgments of the project participants. In this context, it is interesting to mention a recent study by Maytorena et al. (2007) that suggests that the role of experience in risk identification is less significant than is commonly assumed. During the risk identification process the potential risks fall in the different groups. There are several approaches to classifying project risks and risk sources. In general, the sources of risk in construction projects may be divided into three Groups: Internal or controllable risks design, construction, management and relationships. External or uncontrollable risks financial, economic, political, legal and environmental. Force majeure risks Several studies contributed to knowledge by identifying unique, specific and country-related risks. Risk assessment During risk assessment, identified risks are evaluated and ranked. The goal is to priorities risks for management. The research literature offers a large number of models that use both qualitative and quantitative methods for assessment of project risks. Tah and Carr (2000) develop a formal model for qualitative risk assessment based on fuzzy estimates of risk components. Baccarini and Archer (2001) describe a methodology for risk ranking of projects, which allows an effective and efficient allocation of the resources for the management of project risks. The JRAP (Judgemental risk analysis process) model proposed by ztas and kmen (2005) is a pessimistic risk analysis methodology, which is effective in uncertain conditions within construction projects. Zeng et al. (2007) propose a risk assessment methodology based on fuzzy reasoning techniques and aimed at dealing with risks in complex projects. A fuzzy system is also used by Motawa et al. (2006) to evaluate the risk of change in construction projects. Poh and Tah (2006) have developed an integrated model that takes into account both duration and cost risks and can be used for modeling risk impacts that affect the project. Dikmen and Birgonul (2006) propose a methodology for both risk and opportunity assessment of international projects. Empirical research on risk assessment practice investigates the use of the different risk assessment techniques in construction projects. A study by Baker et al. (1998)


shows that the construction companies in UK use both qualitative and quantitative techniques for assessing the project risks. Personal and corporate experience and engineering judgment are the most successful qualitative techniques, while quantitative techniques include break-even analysis, expected monetary value and scenario analysis. Several authors report rather opposite results on the usage of quantitative techniques. The studies of risk management practice in the UK construction industry show that the practitioners rely mostly on professional judgment, intuition and experience (Akintoye and MacLeod 1997, Wood and Ellis 2003). A questionnaire survey conducted by Tang et al. (2003) shows that qualitative analysis is the most commonly used technique in the Chinese construction industry, while the use of quantitative methods is very low. The results of the study conducted by Simu (2006) show that the contractors mostly use professional experience and gut-feeling in risk assessment. Khknen (2007) argues that the quantitative methods used in risk management have advantages in comparison with the qualitative methods but their use is limited due to difficulties that practitioners face. He also discusses the elements that contribute to development of a workable solution for quantitative risk assessment. Risk response process The risk response process is directed at identifying a way of dealing with the identified and assessed project risks. There are four main risk response strategies: risk avoidance, risk reduction, risk transfer and risk retention (IEC 2001, PMI 2000, Smith et al. 2006). Risk avoidance deals with the risks by changing the project plan or finding methods to eliminate the risks. Risk reduction aims at reducing the probability and/or consequences of a risk event. Those risks that remain in the project after risk avoidance and reduction may be transferred to another party either inside or outside the project. Risk retention or acceptance indicates that the risk remains present in the project. Two options are available when retaining the risk: either to develop a contingency plan in case a risk occurs, or to make no actions until the risk is triggered. Several studies (Baker et al. 1999, Lyons and Skitmore 2004, Tang et al. 2007) have identified risk reduction as the most frequently used technique within the construction industry. The results of a questionnaire survey (Akintoye and MacLeod 1997) report that risk transfer is the most preferable strategy among the UK practitioners. RISK INVOLVED IN THE PROJECT: Risks in construction projects may be classified in a number of ways. One form of risks classification is as follows: Socioeconomic factors Environmental protection Public safety regulation Economic instability Exchange rate fluctuation Organizational relationships Contractual relations Attitudes of participants Communication Technological problems Design assumptions Site conditions Construction procedures Construction occupational safety The environmental protection movement has contributed to the uncertainty for construction because of the inability to know what will be required and how long it will take to obtain approval from the regulatory agencies. The requirements of continued re-evaluation of problems and the lack of definitive criteria which are practical have


also resulted in added costs. Public safety regulations have similar effects, which have been most noticeable in the energy field involving nuclear power plants and coal mining. The situation has created constantly shifting guidelines for engineers, constructors and owners as projects move through the stages of planning to construction. These moving targets add a significant new dimension of uncertainty which can make it virtually impossible to schedule and complete work at budgeted cost. Economic conditions of the past decade have further reinforced the climate of uncertainty with high inflation and interest rates. The deregulation of financial institutions has also generated unanticipated problems related to the financing of construction. Uncertainty stemming from regulatory agencies, environmental issues and financial aspects of construction should be at least mitigated or ideally eliminated. Owners are keenly interested in achieving some form of breakthrough that will lower the costs of projects and mitigate or eliminate lengthy delays. Such breakthroughs are seldom planned. Generally, they happen when the right conditions exist, such as when innovation is permitted or when a basis for incentive or reward exists. However, there is a long way to go before a true partnership of all parties involved can be forged. During periods of economic expansion, major capital expenditures are made by industries and bid up the cost of construction. In order to control costs, some owners attempt to use fixed price contracts so that the risks of unforeseen contingencies related to an overheated economy are passed on to contractors. However, contractors will raise their prices to compensate for the additional risks. The risks related to organizational relationships may appear to be unnecessary but are quite real. Strained relationships may develop between various organizations involved in the design/construct process. When problems occur, discussions often center on responsibilities rather than project needs at a time when the focus should be on solving the problems. Cooperation and communication between the parties are discouraged for fear of the effects of impending litigation. This barrier to communication results from the ill-conceived notion that uncertainties resulting from technological problems can be eliminated by appropriate contract terms. The net result has been an increase in the costs of constructed facilities. The risks related to technological problems are familiar to the design/construct professions which have some degree of control over this category. However, because of rapid advances in new technologies which present new problems to designers and constructors, technological risk has become greater in many instances. Certain design assumptions which have served the professions well in the past may become obsolete in dealing with new types of facilities which may have greater complexity or scale or both. Site conditions, particularly subsurface conditions which always present some degree of uncertainty, can create an even greater degree of uncertainty for facilities with heretofore unknown characteristics during operation. Because construction procedures may not have been fully anticipated, the design may have to be modified after construction has begun. An example of facilities which have encountered such uncertainty is the nuclear power plant, and many owners, designers and contractors have suffered for undertaking such projects. If each of the problems cited above can cause uncertainty, the combination of such problems is often regarded by all parties as being out of control and inherently risky. Thus, the issue of liability has taken on major proportions and has influenced the practices of engineers and constructors, who in turn have influenced the actions of the owners. Many owners have begun to understand the problems of risks and are seeking to address some of these problems. For example, some owners are turning to those organizations that offer complete capabilities in planning, design, and construction, and tend to avoid breaking the project into major components to be undertaken individually by specialty participants. Proper coordination throughout the project duration and good organizational communication can avoid delays and costs resulting from fragmentation of services, even though the components from various services are eventually integrated.


Attitudes of cooperation can be readily applied to the private sector, but only in special circumstances can they be applied to the public sector. The ability to deal with complex issues is often precluded in the competitive bidding which is usually required in the public sector. The situation becomes more difficult with the proliferation of regulatory requirements and resulting delays in design and construction while awaiting approvals from government officials who do not participate in the risks of the project. RISK INVOLVED IN THE CONSTRUCTION: The construction risks can be broadly grouped under the following categories: . Technical Risks * Incomplete design. * Inadequate site investigation. * Uncertainty over the source and availability of materials. * Appropriateness of specifications. . Logistical Risks * Availability of resources - particularly construction equipments, spare parts, fuel and labor. * Availability of sufficient transportation facilities. . Construction Risks * Uncertain productivity of resources. * Weather and seasonal implications. * Industrial relations problems. . Financial Risks * Inflation. * Availability and fluctuation in foreign exchange. * Delay in Payment. * Repatriation of funds. * Local taxes. . Political Risks * Constraints on the availability and employment of expatriate staff. * Customs and import restrictions and procedures. * Difficulties in disposing of plant and equipment. * Insistence on use of local firms and agents. FOUNDATION OF RISK MANAGEMENT: The Foundations for Risk Management presented herein will be the basis for the tools and other content that the Risk Management Program committee will deliver at the upcoming convocation. These Foundations were developed by engineers in private practice to help engineering firms focus their practice on avoiding and minimizing risk. The first five Foundations deal with the process of the engineering business and the last five deal with project management. 1. Culture Creating a culture of risk management and claims prevention entails instilling in your company an overriding vision that stresses quality control and managing risk as a vital part of your business practice. This vision must become a core value of the firm and come from the top down. Stress the importance of risk management as often as possible among the staff, as well as the consequences of ignoring it. Creating this culture requires both strategic and operational planning. It should involve all levels of the staff and even involve clients. Quality must take precedence over profits. When quality is established, profits tend to follow. 2. Prevention and Proactively Act with preventive techniques, not just react Develop processes and systems within the firm with risk prevention in mind. Often, early planning can identify potential sources of risk, and early intervention can mitigate the severity of claims. When risk is identified, a proactive plan can be developed to change the conditions that lead to that risk or avoid the risk altogether. Clearly, some events happen without warning and we must react. Although we cannot plan for the specifics of each case, identifying


where risks may arise and establishing priorities before hand provide the proper framework with which to deal with unforeseen events. Having a plan allows quick action to minimize the damage these events may cause. An example of this would be having a plan in place to deal with an owner who wants to drive down your fee by asking to eliminate construction phase services. Do you have a plan that will allow you to promptly respond to such a request in a way that minimizes your risk? 3. Planning Plan to be claims free Closely related to the Foundation of Prevention and Proactively is the attribute of planning. Claims-free results do not happen by chance; they require proper planning. Strategic planning means taking into consideration how items such as staff hiring and retention, client selection, project type selection, training programs and quality assurance programs can all contribute to reducing claims. Project planning is also an important aspect of risk management. A project work plan can help focus on areas that reduce risk such as information flow, communication pathways, contract negotiations, and scope definition. For a plan to be effective, it should be simple, workable, and readily communicable. Communicating the plan to all involved parties, reinforcing the need to adhere to it, and monitoring activities to see if it is being followed are all important steps to having an effective, claims-free practice. 4. Communication Communicate to match expectations with perceptions It is well documented that communication issues represent a large percentage of the basis for claims against engineers. When all parties in a project communicate their expectations and perceptions early and often, the disconnects between opposing parties can be readily established. Steps can then be taken to resolve those differences and align everyones expectations and perceptions. To be effective, communication must flow both up and down the chain of command so that all parties are informed. Good planning will lead to good communication. All parties should agree on acceptable means and lines of communication early in the process. Develop tools to aid the communication process such as correspondence logs, telephone conversation logs, and e-mail protocol. Communication must be handled in a professional and courteous manner. When dealing with a contentious issue, it is not a good practice to send a letter or e-mail immediately after composing it. Take time and then re-read the communication before sending it. Communicating only the facts of the case and avoiding emotional outbursts or statements of opinion can help to avoid problems or making problems worse. 5.Education Educate all of the players Proper training is the basis for expecting proper results in any field. Engineers that have a greater amount of experience have a duty to pass their wisdom on to both staff and clients. As professionals, engineers possess a unique body of knowledge that our clients rely on to accomplish their goals. Creating a formal mentoring process helps less-experienced staff members become more effective in their careers. The skills that experienced engineering professionals gain during their careers relating to business practices such as negotiating, communicating, and planning are all factors that can aid in managing risk. Those skills must be passed down to less-experienced employees so that everyone can effectively participate in risk management. Owners who are unfamiliar with the design and construction process also need to be educated so that expectations about the nature of professional services and the proper allocation of risk can be cast. 6.Scope Develop and manage a clearly defined scope of services A well-defined and written scope of work serves several purposes. First, it helps avoid misunderstandings by clearly defining which parties will be responsible for completing which task and when those tasks will be completed. Second, it establishes the basis for negotiations regarding compensation. Third, it draws the line that forms the basis for additional


services. Last, it serves as a starting point for preparing a work plan. Communicate the agreed-upon services to the entire staff so that they can recognize when a request for services goes beyond the contracted scope. Obligations can be extended simply by the actions of employees. If they begin to perform services that are not within the original scope without first receiving an agreement for extra compensation it will be very difficult, after the fact, to explain that those services were not in the original scope. Be especially careful while making site visits that the engineers actions do not extend the firms obligations to include responsibility for job-site safety or directing the work of the contractor. Extending the scope simply increases the amount of risk one is taking without appropriate compensation. 7.Compensation Prepare and negotiate fees that allow for quality and profit Whether effort-based or value-based criteria are used for establishing fees, always keep in mind that sufficient fees will allow for sufficient time to prepare quality work. Always negotiate the compensation along with a scope of services so that the owner knows exactly what is included in the paid fee. By being transparent with the client regarding the basis of the fee proposal, a basis for the amount of contingency can be established. This will help avoid arguments over extra service requests later. When negotiating fees, have in mind a number below which the firm will not take the project. Be ready to walk away from a client with whom you have historically lost money, or from a project type that poses too much risk compared to the reward being offered. 8.Contracts Negotiate clear and fair agreements a good contract that is fair to all parties can minimize the risk that an engineer faces during the course of a project. On the other hand, a poorly worded contract can greatly increase that risk. Review each contract or obtain legal aid to detect and delete or modify risk-enhancing language. A good approach is to use contracts that have been prepared by organizations representing designers, such as the CASE contracts, as a starting point for negotiations. Always be sure that the terms of the contract are insurable under the firms professional liability insurance. For example, most insurance policies do not provide for the defense of indemnities, even though that term is often found in indemnity agreements. A good contract will recognize that professional services are being provided not a product and therefore perfection cannot be warranted by the service provider. The principle that risk should be fairly proportioned to the parties based on the benefit that each party is receiving is what forms the basis for a good contract. On that basis, the engineer should be held responsible for his own negligent errors or omissions, but not for the errors of other parties. 9.Contract documents Produce quality contract documents for most engineering work, the final deliverable is the document that will direct the construction of the project. The first step to produce quality documents is to have a plan to do so. Plan the work effort required in conjunction with the engineering and CAD technician staff. Have the client approve the written design criteria and then widely distributed it to everyone involved in the documents production. The more complex the design, the higher the risk involved in design and documentation. Make the client aware of this and engage the client in a discussion about simplifying the design or providing the engineer with a higher compensation to account for such complexity. There are several suggestions to help improve the documentation quality. One of the best tools to help produce quality documents in a shorter time frame is the computeraided design and drafting software that has become available in the past few years. It has greatly increased productivity and quality. Take advantage of it. Prepare job specifications during the design development phase in order to ensure the specifications and drawings are coordinated. Take advantage of repetition in design elements and use the knowledge of more experienced staff members to avoid spending wasted time re-inventing the wheel.


10.Construction phase Provide services to complete the risk management process The final phase of a project, the construction phase, is also the time when many claims against the engineer arise. This is certainly not the time to let down your guard in protecting against risk. There are various tasks associated with the construction phase wherein the contractor responsible for construction and the engineer interact. There are submittals to be checked, requests for information to be answered, change orders to be evaluated, and site visits to be made. Each of these tasks should be performed in a timely and efficient manner so as to eliminate the engineer as the reason for a delay. A good practice to diffuse a claim of delay is to keep good records of the information flow between the contractor and the design team. Establish a non-adversarial relationship with the project superintendent so that you can work together as partners to achieve a common goal. POINTS TO OVERCOME FROM CONTRACTORS SIDE: METHOD FOLLOWED TO ADMINISTER AND MONITOR RISKS: 1. General Approach The use of analytical techniques based on a statistical approach can be of enormous use in decision making. Many of these techniques are relevant to estimation of the consequences of risk events, and not to how allocation of risk is to be achieved. In addition, at the present stage of the development of Risk Management, it must be recognized that major decisions will be made that cannot be based solely on mathematical analysis. The complexity of construction projects means that the project definition in terms of both physical form and organizational structure will be based on consideration of only a relatively small number of risks. The practical approach is therefore to define the fundamental decisions to be made by each participant in the project and to model the project in terms of categories of sources of risk. This then allows a general structured approach that can be applied to any construction project. This increases the awareness of participants. 2. Experience and Expertise Experience suggests that participants in a project are well able to identify risks based on their own experience. The adoption of a risk management approach which is based solely in past experience and dependent on judgment may work reasonably well in a stable low risk environment. It is unlikely to be effective where there is change since this requires the extrapolation of past experience, which could be misleading. All construction projects are prototypes to some extent and imply change. The change in the construction industry itself suggests that past experience is unlikely to be sufficient on its own. A structured approach is required. Such a structure cannot and must not replace the experience and expertise of the participant; rather it brings additional benefits which assist to: Clarify objectives Identify the nature of the uncertainties Introduce effective communication systems Improve decision making Introduce only effective risk control measures Protect the project objectives Provide knowledge of risk history 3. Multi-Disciplinary Approach Heads of sources of risk are a convenient way of providing a structure for identifying risks to completion of a participants part of the project. Effective Risk Management however, requires a multi-disciplinary approach. It remains true that because of the interplay of different and often conflicting requirements and pressures, that there is never one simple solution to the management of a particular risk. Inevitably Risk Management requires examination of engineering, legal and insurance related solutions.


Whether Contractor, Consultant or Promoter, the right team needs to be assembled with the relevant multi-disciplinary experience of that particular type of project and its location. This is necessary not only to allow alternative responses to be explored, but also to ensure that the right questions are asked and the major risks identified. Experience shows that at the critical stages of the project a concentrated unstructured session, in some cases intermittently over a period of weeks, is necessary to enable the specialist information within the knowledge of each member of the team to be extracted. In many cases the implications of fact known by one member will only be appreciated by another member of the team. If the risks have been identified then they can be monitored during the project life cycle. In some cases the risk event may not materialize and estimates and contingencies may be revised. This then is the organizational aspect of Risk Management. A Promoter will need to assemble such a team in any event to complete the project. However, specially directed examination of risks at conception and then at preliminary design stage following any feasibility studies, in a structured approach, will allow the Promoter to check that major risks have been identified and allocated in a way he considers acceptable. Any Consultant involved should similarly examine the risks to his own practice, paying particular regard to his form of contract with the Promoter and the basis on which design assumptions have been assessed and the certainty and reliability of the information available. It is not uncommon in the euphoria of a new project for the Consultant to take decisions that introduce risks into the project that the Promoter may not wish to take. In some cases the Promoter may wish to keep short-term costs to a minimum and therefore force the Consultant to base his design on inadequate information. It is important for the Consultant to record and appraise the Promoter of the risks involved, not least because the financial consequences of incorrect assessment of the environment may force the Promoter to take legal action against the Consultant. The Consultant by adopting a Risk Management approach will be clear as to which risks are carried by the Promoter. A Contractor involved traditionally at the tendering stage will need to assess the risks identified and allocated to him in order that he may adopt the appropriate pricing strategy. In addition he will need to identify risks that have not been expressly identified in the contract documentation and judge whether he will be considered legally to carry the risks. Such an appreciation is vital since it will affect the pricing strategy necessary to win the bid against the competitors who may be oblivious to any such risk apportionment. The competitive bid/lowest price method of appointing Contractors inevitably rewards risk takers, but does not always lead to the lowest outturn costs. However, although Promoters are well advised when assessing bids to discount bids which clearly have not priced certain risks, the reality is that Promoter will not do so. The lowest bid will win simply because it is based on an over optimistic view of the project. Experience shows that this leads inevitably to costly disputes and can have a disastrous consequence on the completion of the project. The structured approach is to clearly identify the major risks and to ensure that tenders are based on a clear understanding of the risks being allocated to Contractors. Indeed in some projects there have been significant benefits to all parties in allowing alternative bids for different apportionment of risks, so that the Promoter may make an informed choice as to such apportionment. Risk Management is not restricted only to the Promoter but should be carried out by each project participant. Each should examine the risk apparently attributed to him, and decide how he should best prepare for the risk of event if it occurs. The general approach to an identified risk is to decide: whether to reduce the risk; or whether to transfer the risk to another participant; or Whether to accept the risk. Implementation of the decision to reduce or transfer the risk will inevitably involve a financial premium and may introduce different but acceptable risks. Thus in taking a decision consideration needs to be given to:


whether the risk can be effectively managed by the participant allocated the risk or whether the allocation causes a different, but more damaging risk; and whether the allocation of risk intended is effective and enforceable. The effectiveness of Risk Management requires experienced team members. Although a team member may be experienced in a particular discipline, a lack of familiarity with the structured approach to risk may reduce his effectiveness. This can be demonstrated in relation to the design and analysis element of projects. In developed countries, such as the UK, climatic loadings can be extracted from British Standards that are based on many years of surveys and measurement. Engineers and Contractors are accustomed to coarse modeling of the environment based on such information. This masks the true nature of the Designers role, which is the assessment of the risk of occurrence of particular events and analysis of the response of the structure. The predominant use of codes means that engineers are not in the main consciously attuned to recognizing, defining and dealing with risks. In many cases the assumptions underlying the recommendations and directives in the Standards are not wholly understood. When a project involves state-of-the-art or unusual structures or unusual locations in under-developed countries, then this lack of experience of risk management can itself create serious risks to the engineering of the project. This is accentuated by the increasing use of analytical and design software, which are based on such British Standards and the assumptions underlying them. A structured approach to the identification of risks is again appropriate. Engineers whether acting directly for Promoters or for Contractors should be encouraged to prepare the design methodology identifying the risks and uncertainties and the data on which the design criteria is based. This focuses attention on the extent of information available and if communicated in this way via project documentation prevents other participants either direct Contractors or Sub-Contractors being misled as to the reliability of the design criteria. Inevitably, the design criteria will be based in an experts subjective judgment of the risks involved. If communicated in this way in the traditional contracts system, the Promoter will be advised of the risk of his project objectives and can make informed decisions on whether to reduce the risk by further investigation or by modification of the design. Both will attract direct financial premiums. Inevitably the assessment of the physical environment will require experts in the particular fields if statistical data is not readily available. The extent of investigations required will also need to be directed by the expert, who will also need to translate the raw data into design criteria that can be adopted in the analysis of the structures. The reliance on such assessments in such situations cannot be overstated. From the Promoters or Contractors viewpoint he should consider institutions or Consultants with adequate professional indemnity insurance. It is true, however, that litigation never gives adequate compensations for a project that has been unsuccessful. It is always best to examine carefully the options for reducing the risk than rely on the doubtful compensation of litigation if the assessment proves inaccurate. Where the design criteria produced for the physical environment is based on original information, it may be worth carrying out a parametric study of the effect of such criteria on the project. This is a form of risk analysis applied to engineering design. In some situations the structure is not necessarily sensitive to large changes in the design criteria. It may be that the form of construction can be modified to reduce its sensitivity to particularly uncertain design criteria. In the case of detailing of reinforcements for earthquake for example, if the appropriate arrangements are adopted, a reasonable level of earthquake loading can be accommodated without any substantial increase in cost. In other words analysis of the effects on design of various environment scenarios, and of course of the consequent financial implications, will indicate where expenditure will be most effective. This planned and methodical approach to risk increases the accuracy of the projected costs and timescale.


This method approach to risk, presupposes that the allocation of risk to another participant can be legally enforced, and highlights the importance of the legal system in Risk Management in commercial projects. It is this legal aspect of Risk Management that requires special attention when considering the heads of environment risks. The effective apportionment of risk between participants requires an understanding of the legal system in which the construction project operates. This however, is not susceptible to mathematical modeling. The effectiveness of any arrangement will depend upon whether it is enforceable in the courts and whether the decisions of the courts (at least the superior courts) are based on policy considerations and prevailing judicial attitudes. Whether a particular risk is legally carried by a party therefore depends upon current developments in law in decided cases (in common law systems) as well as statutory legislation. Such legislation will act to prevent the transfer of certain risks, particularly in the fields of consumer protection. This is not to under-estimate the importance of engineering, but to emphasize the inter-relationship of engineering and legal solutions. The essence of any construction project is the engineering whether it be a structure required by the community, such as a dam or a river barrage in which engineering drives the project, or a commercial development in which return on investment is the driving force. This must, therefore, be the starting point of Risk Management. However, the translation of engineering of any significance into reality requires the assistance of specialist organizations, funders, Consultants and Contractors, and effective understanding by each participant of their role in the project. However exact the engineering, if this is not complemented by clear project documentation, then the success of the project in terms of time and cost may be jeopardized, and in some cases the construction may itself be inadequate with equally disastrous results. Risk Management, therefore, requires first an identification of the particular risks and secondly an examination of the engineering and legal responses to allow the risk to be redirected or avoided or transferred to a particular project participant. The risks to clients are wider than simply construction risks. Risk Management for a client must therefore concentrate on controlling the risk to the clients business, of which only part will be controlling the risks to the construction project. A client who transfers a construction risk will not be able to control the risk, and the project in this regard will be managed without regard to the clients business. 4. Risk, Control & Cost Risk and responsibility are usually interrelated although not necessarily so. The transfer of the cost of risk without control however, is not necessarily cost effective. The cost of risk is saleable. The insurance industry is based on this principle. The sale of risk normally increases costs. If the transfer of risk results in less effective management then all the participants are likely to incur increased costs if the event occurs. 5. Risk Management Tools It is not possible to prepare a complete set of tools which are appropriate for all projects. Risk Management deals with change, so that any tools can only be a guide or checklist or prompt list which must continuously be re-examined and refined. It is important that risk management is adopted throughout the project life cycle to allow review of the procedures in the light of experience. Contractors frequently are required to price risk in competitive tender. Procedures can be implemented for identifying and pricing risk in all aspects of design and construction as well as installation and commissioning. 6. The Risk Management Team The Client objectives must be clearly defined. The Risk Management Team must function as a team in which there is trust and respect. Each member should have the ability to carry out the project or a significant


part of it. Nonetheless there needs to be a Risk Manager who has the confidence of the team and the client with the necessary skills. These require an understanding and appreciation of: technical issues on the project; commercial issues on the project; risk management techniques. The Risk Manager will necessarily need good management and communication skills, and a degree of objectivity. A blame-free environment needs to be created to foster the innovation necessary from lateral thinking. The Team members must have the ability to carry out logical analysis and to identify initially those events that may occur to threaten the client objectives. This is normally carried out in an unstructured session in which possible events are simply recorded, based on prompt lists or activity lists or bar chart programmes. This process will inevitably be followed by interview of experts or those with specialist knowledge. This itself requires special skills to ensure the correct atmosphere and approach for a reasoned response. It is essential for the future business of the Client that a review is carried out at the end of each phase of work or project, which identifies those risk events which have occurred. This will allow prompt lists and risk registers to be updated and fine tune the companys risk management procedures. 7. Contract Documents In general construction contracts do not directly apportion risk, but deal with risk by defining contractual obligations subject to exceptions. The exceptions are based on the specific risk. Thus by way of example, a contractor will normally be liable for failure to complete by the specified date, unless an event occurs which entitles him to an extension of time. Typical Construction Project Risks and Uncertainties Construction projects are characterized as very complex, always unique projects, where risks raise from a number of different sources. These projects are characterized by a continuous decision making due to numerous sources of risk and uncertainty, many of which are not under the direct control of project participants. Construction projects have a bad reputation of failing to meet the deadlines and cost targets. Thats why identifying risk sources is extremely important, since it is not necessarily possible to identify single risks. Odeh and Battaineh studied the most typical reasons for construction delays in Far-East construction projects. They found seven significant causes of delays: owner interference, inadequate contractor experience, financing and payments, labor productivity, slow decision making, improper planning and subcontractors. Authors emphasize the meaning of experience and capability of project participants to have the most effect on these causes of delays. These kinds of risks can be seen as network-related. Thus in order to have a successful project, it should be guaranteed by some means that all participants are experienced and trained to do the project: it matters what kind of network is conducting the work. To improve the present situation, authors suggest different kinds of improvements to the contracts, incentives for good quality and awarding capabilities more than just the price. Construction project risks are categorization in two different perspectives; a broad risk list and an impact type list. Broad Risk List:

Impact Risk List:


Three of the most important risks in construction projects include weather, productivity of labor and plant and quality of material. For example these areas are not easily controllable by a contractor before the project execution. Cohen and Palmer identified risk trends in construction projects. They found that typically, risks are determined at the very early phases of the project (feasibility and planning) while the impacts are not experienced until the construction and production start-up phases. Their list of typical sources for risks in construction projects is presented in table

Dubois and Gadded found that complexity in construction projects comes from two basic sources; interdependence of tasks and uncertainty. Uncertainty has four sources: management is unfamiliar with local resources and local environment, lack of complete specifications for activities at the construction site, lack of uniformity of materials, work, and teams with regard to time and place and unpredictability of environment. Again, the bolded phrases indicate the sources with the highest relevance to this study. Dubois and Gaddes studys main conclusion was that the unstable and changing network is a major cause of the short-term sub optimization hampering a longer-term productivity, innovation and learning. To reduce this uncertainty, a firm should consider at least four different types of coordination inside the network and think relationships longer than just one projects perspective. As can be seen from the risk lists and categorizations presented here, networks are the cause of risks to projects, both directly and indirectly. Indirect means that networks cause significant uncertainties that pose risks to projects. All the bolded items in the section above relate to networks as sources of risk. Risks that are caused by people in networks are social risks, they might also relate to personal chemistry. Other network actors are not totally in one actors control: their behavior is uncertain, local conditions and politics slowed decision making and uncertainty about other actors capabilities cause risks to projects. It is also very clear that these lists or categorizations are based on the assumption that risk is something negative and threatens the project. This sense is more prevalent in construction risk categorizations than in general project risk categorizations in the frequent use of terms such as lack of ,inefficiency, and errors, among others. Opportunities in their part are rarely mentioned, thought it is obvious that without, for example business opportunities, business risks would not be worthwhile. Risk allocation through construction contracts It is impossible to eliminate all potential risks in a construction project. Therefore, an appropriate allocation of risks among project actors is very important. Risk allocation influences the behavior of project actors and, therefore, has a significant impact on the project performance in terms of the total cost. Unclear allocation of the project risks leads to disputes between the client and the contractor. One of the problems identified in the literature is the actors different perceptions of to whom a specific risk or group of risks should be allocated. Usually, contractors indicate that they have to bear the majority of project risks and price these risks through adding a contingency


to the bid price (Andi 2006). Using contingency funds has been identified by the researchers and practitioners as a significant source of the projects cost increase (Zaghloul and Hartman 2003). Evaluation and conscious allocation of risks to the appropriate actor under the contract allows reducing the bid price by decreasing contingency funds and, therefore, leads to lower total cost (Zack 1996). A number of models providing a framework for risk allocation decisions can be found in the literature (Lam et al. 2007, Li et al. 2005, Olsen and Osmundsen 2005). Smith et al. (2006) highlight the importance of considering the following issues when making risk allocation decision: who has the best ability to control risk events; who has the best conditions to manage risks; who should carry the risks that cannot be controlled; How much does it cost to transfer the risks? Risk allocation strategy in construction projects is defined through the contractual arrangements. The contract is a written agreement between a client and a contractor where the liabilities and responsibilities of each party are assigned. The contract can also be defined as a trade-off between the contractors price for executing the project and his willingness to take the risks (Flanagan and Norman 1993). There are different contract strategies available. The objective of clients is to choose the strategy that ensures achievement of the project objectives in the most efficient way. Two contract strategies that are mostly used in Sweden are separated (design-bid-build) contracts and integrated design-build contracts. The collaborative form of partnering has become popular in Construction industry during the last decade. In contrast with the UK, partnering does not have the status of a contractual form in Sweden. As a form of project implementation, partnering is intended to create effective collaboration between the projects actors.

Many countries have developed standardized conditions of contract that are intended to be used in construction projects. In weden, the majority of contracts are based on the general conditions of contract. These documents are developed and issued by the Building Contracts Committee (BKK), a non-profit association consisting of authorities and organizations in the sector. General Conditions of Contract for Building, Civil Engineering and Installation Work (AB) are used in design-bid-build projects. The design-build projects are regulated by General Conditions of Contract for Building, Civil Engineering and Installation Work performed on a package deal basis (ABT). AB and ABT assign responsibilities and liabilities of each contracting party regarding job performance, organization, timeframes, guarantees, insurances, errors and payment Design-bid-build Separated contracts are characterized by a traditional separate appointment of a design team and a construction firm. First, the client appoints an architect or engineer to produce design documents (Design) and then procures (Bid) the contractor to execute (Build) the project. Thus the client is responsible for the planning, design and


function of a construction and the contractor is responsible for the job execution. The DBB procurement is the most widely used strategy in many countries, e.g. the UK, USA and Singapore (Ling et al. 2004). Within this contract strategy, two main organization alternatives are possible: divided contracts and general contracts. Schematically their organization structures are shown in Figure

A divided contract implies that the client appoints several contractors and signs a separate contract with each contractor. It allows the client to choose the best possible tender for every part of the work. On the other hand, the coordination costs are very high and it might be difficult to identify exactly which contractor is responsible for a particular error. A general contract implies that a client signs only one contract with a general contractor, who in turn appoints subcontractors to carry out the work. The general contractor is solely responsible for the coordination of subcontractors. Design-build In design-build contracts the contractor is responsible for both design and construction. The client signs only one contract, thus this form is the most straightforward from the perspective of responsibility. In the procurement documentation, the clients set their demands in terms of functionality. The popularity of DB contracts has increased in recent years, because a single point of responsibility is attractive to clients. A study by Ernzen and Schexnayder (2000) shows that the average profit margin for a DB project was higher than that for DBB. Konchar and Sanvido (1998) confirm that DB projects on average show a better performance than DBB in terms of unit cost, construction speed, delivery speed, cost growth and schedule growth. From the risk allocation perspective, DB contracts are more attractive for the client as the responsibility for design implies that more risk is allocated to the contractor. On the other hand, the DB alternative may be more expensive compared with DBB contracts. Furthermore, the quality of the final product may be lower if the contractor uses cheaper solutions, trying to decrease his own costs (Gransberg and Molenaar 2004). This problem is especially relevant in contracts with a lump sum payment mechanism. In terms of time, the DB system arguably provides an earlier start for project execution than is the case for other forms. Toolanen (2004) found that clients choose DB contracts more often when the projects timeframe and availability of resources are critical factors. From the contractors point of view, DB construction projects can be very risky when the contractor lacks knowledge and experience of the design-build system. Hkansson et al. (2007) highlight that the competence requirements are higher in DB contracts, and hence structured risk analysis should be made very early in the project. Simu (2006) shows that smaller contractors in Sweden prefer DBB to DB contracts. In the case where a DB contract is used, contractors increase their price by including insurance for the extra risks involved. Collaborative relationships in construction projects Adversarial and opportunistic behavior is common in the construction industry (Cox and Thompson 1997, Zaghloul and Hartman 2003). It means that the actors are focused on the short-term relationship and economic results rather than on long-term cooperation. In response to this behavior, many researchers try to find the concepts for more collaborative relationship between the project actors. Two concepts are of


special interest in this research: relational contracting and joint risk management. Both focus on improvement of contractual relationships, better risk allocation, and, therefore, on more effective risk management. Relational contracting and partnering Over the last decade, the researchers and practitioners have recognized that the relationships between the client and the contractor play a significant role for successful project implementation. Relational contracting (RC) is a concept that concentrates on the relationship between the contract parties. RC recognizes mutual benefits and win-win scenarios through cooperative= relationship (Rahman and Kumaraswamy 2002). A study by Akintoye and Main (2007) shows that UK contractors are positive about collaborative relationships and believe they lead to cost and risk reduction. The results of the other study (Drexler and Larson 2000) show that relationships in partnership projects are much more stable than in other types of projects. The collaborative form of partnering is based on the RC principles. The concept of partnering is variously defined in the research literature (Drexler and Larson 2000, Kadefors 2002, Rahman and Kumaraswamy 2004a, Rhodin 2002). To summarize, partnering is a way to create effective collaboration between the projects actors. Components such as common goals, continuous improvement and structures for problem solving form the concept of partnering. Effective collaboration is claimed to lead to fewer disputes, lower construction costs and a better quality product. Positive experiences of partnering in the USA, UK, Norway and Denmark have led to the partnering concept being adopted in Sweden. Examples of partnering projects are presented in Rhodin (2002) and Kadefors (2002). The three largest construction companies in Sweden, Skanska, NCC and Peab, actively work with partnering projects and report positive results. One of the goals of partnering is better utilization of the overall qualifications of the project actors. The concept of trust is tightly connected to partnering. Trustful relationships between project actors result in a more effective risk allocation process, decrease of contingency funds and, finally, to project cost reduction (Zaghloul and Hartman 2003). Furthermore, partnering helps in transfer knowledge and experience between the project actors. It is important to note that the partnering concept demands high professionalism and very good knowledge of the project on the part of the client and the contractor Joint risk management Even efficient allocation of the identified risks through the contract in the procurement phase does not guarantee that no conflicts occur in the project. During the project life cycle the nature and extent of identified risks may change and new risks may appear. Sometimes new risks may require joint efforts to manage them effectively. Joint risk management (JRM) is about working together at mitigating unforeseen project risks at the post contract stage (Rahman and Kumaraswamy 2004b). Participants in a questionnaire survey of the Hong Kong construction industry (Rahman and Kumaraswamy 2004a) recommend JRM as the best option for managing unforeseen risks and indicate a high motivation towards the JRM approach. CONCLUSION: Three main problems relate to the extreme price competition, lack of know-how and personality in relationships. Because of these, motivation to improve risk management practices into more proactive and co-operative, especially from subcontractors side, is poor. References The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. (2009). Risk management Vocabulary. International Organization for StandardizationISO/IEC Guide 73:2009 (2009). Risk management-Principles and guidelines - ISO/DIS 31000 (2009).


An Introduction to Risk Management (2nd ed) Cambridge, UK:Woodhead-Faulkner