-
The controlling influences on eective risk identification
andassessment for construction design management
Robert J. Chapman
Capro Consulting Limited, Sea Containers House, 20 Upper Ground,
SE1 9LZ, London, UK
Received 11 May 1999; received in revised form 28 September
1999; accepted 7 October 1999
Abstract
Project risk management (PRM) can provide a decisive competitive
advantage to building sponsors. For those sponsors who takerisks
consciously, anticipate adverse changes, protect themselves from
unexpected events and gain expertise to price risk, gain a
leading edge. However, the realisation of this commercial
advantage on design-intensive multi-disciplinary capital projects
hinges toa large extent on the approach to the initial
identification of risk. The very way the identification process is
conducted will have adirect influence on the contribution that risk
analysis and management makes to the overall project management of
constructionprojects. This paper examines the steps involved in
conducting the identification and assessment process and how they
may influ-
ence the eectiveness of risk analysis. A series of issues are
examined in turn, which are considered to have a direct bearing on
thequality of the identification and assessment process. By
focusing on these issues, our understanding of the contribution
that riskmanagement makes to improving project performance may be
enhanced. # 2001 Elsevier Science Ltd and IPMA. All
rightsreserved.
Keywords: Risk identification; Risk assessment; Risk analysis;
Design process
1. Introduction
The literature, in the main, implies that there has beena
tendency for the approach to Project risk management(PRM), to be
overly prescriptive and mechanistic. Inaddition that there has been
undue emphasis on thetechniques of the process rather than focusing
on themost crucial areas of the overall process, identificationand
assessment [1]. While it may be obvious that thequality of the
outputs from a quantitative analysis arelargely dependent on the
identification and assessmentprocess, prescriptive methods
underplay the importanceof this initial sub-stage. Unidentified and
thereforeunmanaged risks are clearly unchecked threats to aprojects
objectives, which may lead to significant over-runs. Should the
circumstances be so extreme, then thefailure of a single project
may be seriously damaging tothe financial status of a company. The
degree to whichthe identification process will influence the
eectivenessof risk management and its contribution to the
overallproject management of any particular project, is dependenton
the way the steps of the process are implemented.The purpose of
this paper is to review the steps of
identification and assessment in turn, so that their
con-tribution may be better understood.
2. Setting risk identification and assessment in context
The overall process of project risk analysis and man-agement may
be described in simple terms as beingcomposed of two stages, risk
analysis and risk manage-ment, as illustrated in the risk breakdown
structure(RBS) included in Fig. 1. The figure provides a
readilyassimilated subdivision of the tasks to be
undertaken.Thompson and Perry [2] adopted this two-stage
sub-division in their model of the stages of risk analysis
andmanagement, which they advise has proved acceptableto a wide
range of experienced practitioners. It was alsoincorporated in the
series of publications produced by theCCTA which includes
Introduction to the Management ofRisk [3] and within an article
entitled Specialising in risks[4]. The risk analysis stage of the
PRM process may beconsidered to be divided into two sub-stages: a
qualitativeanalysis sub-stage that focuses on identification
togetherwith the assessment of risk, and a quantitative
analysis
0263-7863/01/$20.00 # 2001 Elsevier Science Ltd and IPMA. All
rights reserved.PI I : S0263-7863(99 )00070-8
International Journal of Project Management 19 (2001) 147160
www.elsevier.com/locate/ijproman
-
Fig. 1. Risk breakdown structure.
148 R.J. Chapman / International Journal of Project Management
19 (2001) 147160
-
sub-stage that focuses on the evaluation of risk. The
riskmanagement phase is concerned with the monitoring ofthe actual
progress of the project and the associated riskmanagement plans. It
specifically involves identifying,implementing and tracking the
eectiveness of theplanned responses, reviewing any changes in
priority ofresponse management and monitoring the status of
therisks. While the activities are the same, more recentlythe
process is described as being composed of a series ofphases which
commence in a staggered pattern subse-quently running in parallel
and conducted in an iterativecycle, as described in the PRAMGuide
[5] and Chapmanand Ward [6].
3. Scope and plan
Prior to embarking on any PRM study, it is necessary todefine
the PRM scope and to plan its implementation inoperational terms as
if it were a project in its own right.The aim is to provide a clear
unambiguous shared under-standing of the process that will be
implemented. Thetasks required to accomplish this aim are the
productionof a scope document and a plan document. The
scopedocument identifies information such as who is under-taking
the analysis for whom, the reason for the formalproject risk
analysis and management process, thedesired benefits and the
overall project objectives. Thisis a critical document as it will
be a benchmark againstwhich the deliverables will be judged. The
plan docu-ment addresses the resources to be used, the time
frame,the models and techniques to be employed, the softwareto be
used, the way in which the results will be recordedand the
confidence levels that will be shown. Once thesedocuments are
prepared, signed-o by the client anddisseminated, the PRM process
can be commenced.
4. The process of risk identification and assessment fordesign
projects
The two principle approaches to risk identificationand
assessment, are semi-structured interviews con-ducted with
individual design team members in turn andthe risk analyst leading
a working group. Whicheverapproach is adopted, it will be necessary
to put into eecta series of incremental steps including, knowledge
acquisi-tion, selection of the representatives of the core design
team,presentation of the process to the core design team,
identifi-cation, encoding and verification. While these steps
arenumbered below for ease of reference, the approachadopted will
vary for each project to suit its particularcircumstances and it
may be appropriate to omit a step,combine steps or introduce
additional ones. In addition,like design itself, risk analysis can
be a highly iterativeprocess; whereas more information becomes
available, it
is necessary to revisit earlier steps, test decisions
andassumptions and make revisions as appropriate.
4.1. Step 1: knowledge-acquisition
The first step involves knowledge-acquisition. That is,first and
foremost, understanding what the projectobjectives are, which are
commonly time, cost andquality. To understand the threats to these
objectives(or project parameters), it is fundamental to examinethe
brief, programme, cost plan and quality statement.Where it is
identified that there are inconsistenciesbetween the activities
recorded in the programme andthe cost plan, then these must be
remedied. To under-stand the information supplied, it may be
necessary todecompose the project into a set of component
activities(or sub-system tasks) and to document what is involvedin
each. If a work breakdown structure (WBS) has notbeen compiled,
then at this juncture the activities shouldbe coded. Every time an
activity is referred to in a projectdocument, it is accompanied by
its identifying code. Therationale for implementing this coding
system is toensure clear communication. This breakdown should
bebased, when appropriate, on the Common Arrangementof work
sections published by the Co-ordinating Com-mittee for Project
Information [7], the benefits of whichare clearly set out in the
CCPI guide. In addition, whereit is transparent that any of these
key documents areincomplete, project management activities must
beundertaken to fill the gaps. This can be
particularlytime-consuming. Moreover, it is necessary to review:
theproject execution plan (if one exists), the sequence ofdesign
activities (compare with the RIBA Plan of Work[8]) and the
procurement route to be followed. Thethoroughness with which this
task is undertaken willdirectly influence the risk analysts ability
to assesswhether all of the principle project areas have
beencovered during the Identification step.
4.2. Step 2: selection of the representatives of the coredesign
team
The second step is the selection of the core designteam or
principal designers from the project team whoare to participate in
the identification and assessment ofthe risks facing the project.
These are the essential per-sonnel upon whom the progress of the
design wouldultimately depend and who have a full-time
committedrole throughout the project life cycle. These
personnelwould include the senior representative of each
designdiscipline such as the architect, landscape
architect,structural engineer, mechanical and electrical
engineers,together with the project manager and quantity
surveyor.It is essential that all the design disciplines are
repre-sented otherwise there is potential for critical risk areasto
be overlooked. Hence, on large complex projects it is
R.J. Chapman / International Journal of Project Management 19
(2001) 147160 149
-
common to include the second tier design team orspecialist
designers, such as the geotechnical engineer,arboralist,
acoustician, fire engineer, environmentalistand interior
designer.
4.3. Step 3: presentation of the process to the coredesign
team
The analyst describes the thinking behind theapproach and
encourages the airing of any doubts orscepticism among the core
team that can be laid to restand encourage participation in and
adoption of theprocess [9]. Ecient management of building
projectsdemands clear eective communication and if risk ana-lysis
and management is to be used as a tool to assist themanagement of
projects, then it must itself be clearlycommunicated and
understood.The aim of this third step is for the risk analyst
to
clearly communicate the:
. objectives of the risk management process;
. the question the risk assessment is required toanswer
(definition of scope);
. potential benefits;
. timeframe;
. steps involved;
. participation required of the core design team/sec-ond tier
design team;
. deliverables (such as, risk register and cumulativefrequency
curve);
. definition of the measures of impact and prob-ability;
. construction of the PI scoring grid;
. allocation of risk owners;
. how the responses are to be defined and managedand
. conditioning.
The active participation and commitment of the pro-ject team to
the overall risk management process has asignificant influence on
its success and hence the benefitsmust be emphasised and repeated
as appropriate.
4.3.1. Step 3 process: constructing measurement criteriaA key
component of the Presentation Step is to elicit
from the core team or obtain confirmation of acceptanceof
proposed measures of the likelihood of occurrenceand impact, to
ensure consistency of assessment. Withoutthese measures, any
assessment would be seriouslyimpaired. By the application of these
measures togetherwith a probability/impact (PI) matrix, risks can
bescored so that attention can be focused on those risksthat have
the greatest potential to jeopardise a project.When dealing with
subjective assessments in the con-struction industry, team members
appear to be morecomfortable with five classes of risk, i.e. very
high, high,
medium, low and very low. Against these five classesmust be
allocated a likelihood of occurrence and animpact, as shown in
Table 1. The time and cost incrementsselected to match the scales
of severity must be tailoredspecifically to the project priorities.
An assessment mustbe made of the criticality of late completion
(e.g. theproject completion date linked to the expiry of a
lease)and project overspend (e.g. a specific limit set on the
sizeof the development loan).
4.3.2. Step 3 process: comprehension of
probabilitydistributionsWhere the intention is to follow the
qualitative sub-
stage with quantitative analysis, the assessment of theimpact of
any risk must reflect how the risk would occurin reality. This in
turn will have a direct bearing on thecost and time information
that will need to be collectedto feed into representative
probability distributions. Asa consequence, the Presentation Step
should include adescription of what probability distributions are,
thecircumstances under which particular distributionswould be used
and the data required to construct them.Seven of the most commonly
used distributions are tri-angle, trigen (available in @ Risk)
uniform (also knownas rectangular), general, normal (also known as
Gaus-sian) discrete and pert. All the distributions permitmodelling
using limited parameters, when historicaldata is not available.
4.3.3. Step 3 process: comprehension of conditioningA further
component of the Presentation Step is to
minimise cultural dierences between the team membersand to
increase their awareness of the influence ofpotential biases on
their judgement of the magnitude ofrisks facing the project.
Historical records are com-monly limited and in consequence data
collected fromthe core team will, mainly be composed of
subjectivejudgements. Tversky and Kahneman [10] have demon-strated
that these judgements are arrived at by relianceon a limited number
of inference rules known as heur-istics, which are employed to
reduce dicult mentaltasks such as assessing probabilities and
likely impacts,to simpler ones. They go onto to say that these
heur-istics sometimes lead to severe and systematic errorswith
serious implications for decision makers. Thisunreliability is the
result of the heuristics generatingbiases in the minds of the
individual core team members;however, for risk analysis and
management to aideective decision making the data collected must be
asreliable as possible. The core team must be helped toconfront
their biases.
4.4. Step 4: identification
The third step in assessing risk involves identifying
asexhaustively as practicable, the risks associated with
150 R.J. Chapman / International Journal of Project Management
19 (2001) 147160
-
each activity and documenting what is involved. Mostauthors
claim it is important to understand exactly whatis meant by risk
before it can be managed. There arenumerous definitions of risk
which attempt to drawtogether into one definition the likelihood of
occurrenceand the degree of impact of a negative event
adverselyaecting an activity. These definitions appear to
havechanged little over the last twenty years. The definitionby
Wideman [11] which follows is appealing, for heplaces risk in the
context of project management. Hedefines project risk as the chance
of certain occurrencesadversely aecting project objectives.
However, thisdefinition ignores positive outcomes. The definition
ofrisk adopted here is an event, which should it occur,would have a
positive or negative eect on the achieve-ment of a projects
objectives. This definition deliberatelyexcludes any reference to
the term uncertainty which isconsidered here to be distinct from
risk. The terms arenot considered to be synonymous as some authors
state,and hence are not used interchangeably. The termuncertainty
is adopted here to describe the lack of cer-tainty over the quantum
of an activity which is con-sidered certain to take place. An
example would be thelength of time required to obtain a planning
decision the activity is certain but the duration is uncertain.The
literature states that all risks should be con-
sidered at the outset. Identification is considered bymany to be
the most important element of the completeprocess, as once a risk
has been identified it is possibleto take action to address it.
This issue is acknowledgedor stressed by, Cooper and Chapman [12],
CCTA [13],CCTA [14], Perry et al. [15] and Hertz and Thomas
[16].The success of the identification process, , to a largedegree,
will be dependent on the design teams in depthknowledge of the
design process and the sources of risk.Their understanding will be
influenced by their profes-sional training together with their
length of exposure tothe construction industry, the role occupied,
the level ofresponsibility held, the number of designs seen
throughfrom start to finish, the materials deployed, the
archi-tectural styles adopted and the building typesinvolved in.
Direct experience of projects will influencethe teams knowledge of
the characteristics of the process.Hence, Step 2 selection of the
representatives of the
core design team is critical to ensuring identification isas
penetrating and complete as possible.
4.4.1. Step 4 process: comprehension of thecharacteristics of
the design processThe characteristics of the design process include
its
highly iterative nature, the use of primary generators
(arelatively simple idea to test solutions), the sequence
andcontent of the common design stages, the sequencing ofthe
exchange of information, the impact of externalagencies and the
management of client changes to thebrief. The teams understanding
of these issues willdetermine their comprehension of the risks
which mayerode their ability to keep the four main components(see
Fig. 2) of the design process the four Ts(Team, Targets [or
objectives], Tactics [or controls] andTasks) in balance for the
achievement of a projectsobjectives. (The RIBA Plan of Work can be
re-definedusing those component descriptions as illustrated inTable
2). Accomplishing this balance has been histori-cally proved dicult
to accomplish, as reported in theliterature, for design management
is highly exposed torisk and uncertainty, regardless of the size of
the project,building type or construction value.
4.4.2. Step 4 process: comprehension of the sources ofdesign
riskPast performance of construction projects demonstrates
that risks have proved dicult to manage with the resultthat
projects have not met their stated objectives. Thisdiculty emanates
from the exposure of design todiverse sources of risk and
uncertainty similar to theInformation Systems/Technology industry.
For instance,the risks described within the CCTA
publicationManagement of Project Risk [14] can be
directlytranslated into design risks, as follows:
. diculty in capturing and specifying the userrequirements;
. volatile and innovative nature of the environment;
. diculty of estimating the time and resourcesrequired to
complete the design;
. diculty of sequencing the exchange of informa-tion required to
match the iterative design process;
Table 1
Measures of probability and impact
Scale Probability Mid-value Impact
Time Cost Performance
Very high >70% 85% >15 weeks > 20m Project does not
satisfy business objectives
High 5170% 60% 1015 weeks 5m20m Major shortfall in satisfaction
of the brief
Medium 3150% 40% 510 weeks 0.5m5m Minor shortfall in brief
Low 1030% 20% 15 weeks 0.1m0.5m Failure to meet specification
clauses
Very low
-
. frequent reliance on the specialist skills of
sub-contractors;
. diculty of measuring progress during the devel-opment of the
design;
. enormous choice of materials of varying cost, col-our,
durability, maintainability, and aestheticappeal;
. variety of working practices between disciplinesand design
practices;
. fragmentation of the industry;
. number of external agencies that have to be con-sulted or
complied with;
. volume of standards and codes of practice to beconsulted or
complied with.
From this list it would appear that design is bom-barded by risk
from all directions making it dicult tograsp the primary sources of
risk. Authors are clearlyundecided on how to categorise the source
of risk.While there might be similarities between the
categoriesproposed, there is no common consensus. Flanagan
andNorman [17] define the sources of risk as a risk
hierarchycomposed of four layers: the environment, the marketor
industry, the company and the project/individual.Wideman [11] has
compiled a risk identification break-down structure as a framework
of the major sources ofrisk which is subdivided into five
classifications of risk:external unpredictable, external
predictable but uncertain,
internal (non-technical), technical and legal. BritishStandard
6079 [18] considers that risks or adverse eventsgenerally fall into
one of the following five categories:technological, political,
managerial, sociological andfinancial. Raftery [19] considers that
there are three sepa-rate areas of risk: risks internal to the
project, risks externalto the project, and the client/the
project/project team andproject documentation. Conroy and Soltan
[20] refer tofour categories of risk, namely human failings,
organisa-tional failings, design group failings and design
processfailings. Perry [21] describes sixteen sources of risk, five
ofwhich relate to construction and three to finance issues.One
possible way of understanding and structuring
the risks facing a project is to combine the holisticapproach of
general systems theory with the disciplineof a work breakdown
structure as a framework [22].General systems theory is a useful
vehicle for the exam-ination of the management of projects as its
approachto the examination of complex processes enables
theinterrelationships of the parts and their influence on thetotal
process to be better understood and improved. Aproject can be
viewed as a sub-system of a clientssystem, which in turn is a
sub-system of the industrywithin which the client operates all
enveloped in anenvironment known as the external system. Thesefour
elements can be adopted as the major componentsof a risk
identification breakdown structure. Such abreakdown structure is
included in Fig. 3.
Fig. 2. Four main components of the design process.
152 R.J. Chapman / International Journal of Project Management
19 (2001) 147160
-
Table2
Modified
RIBAplanofwork
Inception
Feasibility
Sketch
Plan
Schem
eDesign
ProductionInform
ation
Team
Agreeconsultantsform
ofappointm
ent.Agree
teamcomposition
Assem
blenucleusteam.
Establish
rolesand
responsibilitiesforthis
stage
Assem
bledesignteam.Establish
rolesandresponsibilitiesforthis
stage
Establish
rolesandresponsibilities
forthisstage.Agreeprogramme
Identifyneedforanyspecialist
designsupport
Targets
Establish
projectobjectives.
Clarifyinitialstatementof
requirem
ents.Discuss
qualityparameters
Restateprojectobjects
andreviewattainability.
Commence
developmentof
thebriefandconductstudies
Establish
userexpectations.Develop
briefandconductstudies
Completeanyoutstandinguser
studies
Agreequalitystandards
Tactics(controls)
Establish
financiallimit.
Examinetimeparameters
PrepareprogrammeState
costrange
Prepareoutlinecostplan.Update
programme
Preparefinalcostplan
Considerinsurance.Agreecontract
particulars
Tasks
Makeinitialsitevisit.
ObtainOSmap
Siteinspection.Examine
accommodationrequirem
ents
againstsite
Produce
diagrammaticanalysis
andtryoutsolutions
Preparefullschem
edesign
Prepareproductioninform
ation
Assem
bledetailsofthose
tobeconsulted
todevelop
thebriefinsubsequent
phases
Assem
bledataforfeasibility
report
Prepareoutlineschem
eindicating
mainspacesanduses
Preparepresentationdrawings
Preparedocumentationinaform
at
tosuitselected
procurementprocess
Reviewplanningstatus.
MakeenquirieswithLA
Makeoutlineplanning
applicationasappropriate
Discussschem
ewithLocalAuthority
Makeplanningapplication
Ensuredesignreflectsplanning
conditions
Preparereport,presentand
discuss
Preparereportincluding
outcomeofapplication,
presentanddiscuss
Preparereport,presentanddiscuss
Preparereportincludingoutcome
ofapplication,presentanddiscuss.
Freezedesign
CompleteBuildingRegulation
application.Obtainnecessary
approvals
R.J. Chapman / International Journal of Project Management 19
(2001) 147160 153
-
Fig. 3. Risk identification breakdown structure.
154 R.J. Chapman / International Journal of Project Management
19 (2001) 147160
-
4.4.3. Step 4 process: comprehension of controllable
anduncontrollable risksControllable (endogenous) risks are those
risks over
which, in part, a project manager has direct control,whereas
uncontrollable (exogenous) risks (predominatelyemanating from the
environment) are those which hecannot influence. However, it is
normally possible toreduce the degree of exposure to such risks. A
limitednumber of examples of these types of risks are includedin
Table 3.
4.4.4. Step 4 process: comprehension of cause, risk
andoutcomeWhen identifying risks it is important to ensure that
the participants in the risk identification process
remainfocused on the distinction between risks and theirpotential
eect or outcome. Perry [21] and the HMTreasury Procurement Guidance
note No. 2 [23] refer tothe importance of the distinction between
risks and theireects without stating why it is important. In
simpleterms the distinction is important as it prevents the risklog
becoming a confused mixture of risks and eects,making the response
process particularly dicult, if notimpossible. For instance, where
a risk has been recordedas programme overrun it is dicult to think
througha response without knowing what the risk nomineethought
would trigger the delay. Programme overrunis the eect or outcome,
not the risk itself. Each risk willhave one or more causes and it
is important that theseare recorded alongside the risks within the
risk register,as intimated in the RAMP approach [24], to
facilitatethe identification of responses. Included above
areexamples of causes, risks and their eects relating tocost,
programme and business case. Each risk is given aunique
identification number and each cause is given areference which
combines its own unique number togetherwith the risk to which it is
attached. Hence, C1/R1represents Cause 1 pertaining to Risk 1 (see
Table 4).
4.4.5. Step 4 process: comprehension of correlationCorrelation
is a quantitativemeasurement of the strength
of a relationship between two variables. Correlation may
be negative or positive. Coecients are used to
describecorrelation and range from 1 to +1. A value of 1indicates a
complete positive correlation between thetwo variables, a value of
1 indicates a negative corre-lation. A value of 0 indicates that
there is no correlationbetween the variables, they are independent.
Theunderstanding of risk relationships and groupings isoften aided
by representing them in the form of pre-cedence, influence diagrams
or flow charts which can beappended to the risk log. With the aid
of the allocationof unique numbers to causes and resultant risks,
the logand illustration of the relationships, can be readily
readtogether. Included in Fig. 4 is a graphical representationof
the basic relationship pattern of five risks drawn froma
hypothetical rail infrastructure project, together withtheir
respective causes. The figure shows that a risk mayhave multiple
causes and be correlated to other risks.
4.4.6. Step 4 process: comprehension of risks in seriesand
parallelThe terminology of series and parallel is borrowed
from the description of the dierent ways of arrangingelectrical
circuits described within the science of physics.The term series
refers to say bulbs connected in a row,one after another. Should
one bulb fail, it will break thecircuit. The term parallel refers
to the parallel lines of acircuit. A parallel circuit allows
separate lights to beswitched on and o without aecting the others.
Thisterminology is used to define the characteristics of riskswhich
are decided not only by their own features, butalso by other risks
occurring on the same project.Commonly risks mutually aect, magnify
or diminisheach other. This kind of mutual influence among riskson
a project is defined as the risk relationship [25].Comprehension of
and a study of the relationshipbetween the risks on a project are
fundamental toimplementing PRM. The two main classifications of
riskrelationships are dependent risks in series and indepen-dent
risks in parallel. Risks occurring in series, describesthe
situation where one risk event generates another riskevent in a
continuous sequential action. In other words,risk event B is
dependent on the occurrence of risk A. Ifrisk A occurs, then risk B
occurs directly as a result ofA. If risk A does not occur, then
risk B definitely doesnot occur (see Table 5). Risks occurring in
parallel,describes the situation where several risk events occur
atthe same time. Where three risk events have been iden-tified,
which will occur at the same time and have animpact on the same
programme activity; then it is therisk which will have the largest
negative eect, that isconsidered in any probabilistic analysis (see
Fig. 5). Forexample, where the risks of changes in legislation,
lateClient changes to brief and design rework to realigndesign to
cost plan have been identified against a pro-gramme activity called
production information andthe risk of design rework to realign
design to cost plan is
Table 3
Controllable and uncontrollable risks
Controllable Uncontrollable
Late planning submission Planning conditions imposed on
the design
Lack of change control
procedure
Designer going into receivership
Lack of design co-ordination Inflation
Late commissioning of
sub-contractors drawings
Taxation
Late completion of design
drawings
Late completion of infrastructure
by others
Production information errors Changes in legislation
R.J. Chapman / International Journal of Project Management 19
(2001) 147160 155
-
assessed as having the highest probability and impact,then it is
this dominant risk which is incorporated intoany assessment of the
risks in combination. If one orboth of the other risks materialised
at the same time,their impact would be absorbed within the
programmeprolongation caused by the risk design rework torealign
design to cost plan. If one of the other risksmaterialised on its
own, from the assessment, its impact
on the programme would not be greater than the impactidentified
for design rework to realign design to cost plan.In this example
the dominant risk is represented by atriangular distribution.
4.4.7. Step 4 process: modelling risks in seriesWhen collecting
data during the identification and
assessment stages, it is important to uncover and record
Table 5
Representing risks in series, in a model
A B C D E F G H
Risk ID Risk occurs Time (weeks) Distribution Calculation
Outcome
Min Most likely Max
1 Risk A = RiskDiscrete ({0, 1},{50, 50}) 10 11 12 = RiskTriang
(10, 11, 12) = RiskTriang (10, 11, 12)B1 = G1+G22 Risk B Depends on
risk A 3 4 5 = RiskTriang (3, 4, 5) = IF(G1 = 0, 0, F2)a
a IF equations are constructed from three components-some
logical test, a value for the test if true and a value for the test
if false. In this
instance the logical test is if risk A equals zero (i.e. risk A
does not occur), then the value for the test is 0; however, if risk
A materials, the value for
the test when false is Risk Triang for risk B.
Table 4
Distinction between cause, risk and eect
Cause Risk (direct impact on cost,
programme or business case)
Eect
C1/R1 LA Planning Gain requirements exceed
expectations
R1 Increase in project scope Increase in project costs (design
and
construction)
C1/R2 Proposed design not kept within cost plan R2 Extensive
design rework Failure to meet design programme
C1/R3 Signalling incompatibility R3 Desired train frequency
not
achievable
Failure to meet business case
Fig. 4. Risk relationships.
156 R.J. Chapman / International Journal of Project Management
19 (2001) 147160
-
the relationships between the risks for evaluation of therisks
in combination at some later date. Risk dependency,where the
occurrence of risk B is entirely dependent onthe occurrence of risk
A (as discussed above), can berepresented by IF equations within
risk models whichare Microsoft Excel based, as illustrated in Table
5.
4.4.8. Step 4 process: modelling risks where they occurin series
and parallel togetherIn the section above, the occurrence of risks
in series
and parallel were described (i.e. risks occurring in
series,describes the situation where one risk event
generatesanother risk event in a continuous sequential action
andrisks occurring in parallel, describes the situation
whereseveral risk events occur at the same time). On live pro-jects
it is common for risks to be identified as potentiallyarising in a
combination of these patterns. In the exampleincluded in Fig. 6,
one risk may be followed by one ofthree risks. This situation can
be represented in riskmodels that are Microsoft Excel based, by a
combina-tion of IF functions and MAX functions illustratedin Table
6. The MAX function selects the largest valuefrom the list of cell
references it is instructed to examine.
4.4.9. Step 4 process: determining multiple permutationsusing
probability theoryProbability theory can be applied to determining
the
likelihood of dierent combinations of events (in series)using
tree diagrams also known as decision trees. Inthe example included
in Fig. 7, dependent risks areexamined arising from the risk of
changes in legislation.As you progressively move through the tree
(workingfrom left to right) the risks become less likely and
hencethe probabilities are multiplied together. It can be seen,for
instance, that the likelihood of having to makealterations to the
structural engineering is only 3.6%arising from a 20% chance of
having to make fabricalterations and a 90% chance of having to
makechanges to the juxtaposition of spaces.
4.4.10. Step 4 process: comprehension of
identificationtechniquesThere are several techniques available for
risk identi-
fication. (These techniques may also be described asmethods or
procedures.) The two techniques mostcommonly used are structured
one-to-one interviewsand brainstorming. The Nominal Group and
Delphitechniques are less frequently employed. All of
thesetechniques may be implemented with the aid of supporttools.
These may include check/prompt lists, influ-ence diagrams, system
dynamic models (see Chapman[26]), repertory grids and activity
schedules. Each ofthese techniques and support tools is described
in out-line below. A fuller appraisal of the dierent techniquesis
provided in Chapman [27].
. Semi-structured one-to-one interview technique:This technique
is an interactive dialogue aid foreliciting risks directly from the
interviewee. Expertknowledge, however, is not easily captured
andrequires an eective method for drawing it out.The process is
time-consuming and due to com-mercial pressures normally present
during riskanalysis assignments, the risk study must be care-fully
managed to optimise the time invested ineach stage. There are a
series of problems that arecommonly encountered which must be
addressed ifthe interview process is to be productive.
Similarproblems have been described by those constructingexpert
systems and refer to the specialist beingmisunderstood, the
specialists explanations wan-dering, interruptions, false
information beinggiven, biased questions asked by the
interviewerand inaccurate representation of the informationgained.
These issues must be addressed during therisk analysis and
management process.
. Brainstorming technique: The brainstorming process,borrowed
from business management and notspecifically created for risk
management, involvesredefining the problem, generating ideas,
finding
Fig. 5. Risks in parallel.
Fig. 6. Risks in series and parallel.
R.J. Chapman / International Journal of Project Management 19
(2001) 147160 157
-
possible solutions, developing selected feasiblesolutions and
conducting evaluation. Originatedby Osborn [28] in the early 1950s,
brainstormingwas proposed as a problem solving method whichwould
produce a much larger quantity of ideas inless time than existing
group problem solvingtechniques. In the third revised edition of
his textentitled Applied Imagination, originally issuedin 1953,
Osborn argues the eectiveness of brain-storming is derived from two
essential compo-nents. These are succinctly described by
Johnson[23] as (1) group thinking is more productive thanindividual
thinking and (2) the avoidance of criti-cism improves the
production of ideas. Osbornstates that based on experience the
optimum sizeof a brainstorming group is twelve and that theideal
panel should consist of a leader, an associateleader, about five
regular or core members andabout five guests. It has been found
that a panelshould be composed of people of the same rank or
standing as the more senior panel members tend toindirectly
discourage free-wheeling.
. The NGT technique: The Nominal Group Technique(NGT) was
developed by Delbecq et al. [29] in1968. It was derived from
social-psychologicalstudies of decision conferences,
management-science studies of aggregating group judgementsand
social work studies. Delbecq et al. [30]describe the operation of
the NGT method ascommencing with the group members (betweenseven
and ten) without discussion, writing ideasrelated to the problem
down on a pad of paper.After five to ten minutes each individual in
turnbriefly presents one of the ideas. These are recordedon a flip
chart in full view of the group members.Round-robin listing
continues until all membersindicate that they have no more ideas.
Discussiondoes not take place until all the ideas are recorded.Then
each one is discussed. Finally each individualwrites down their
evaluation of the most serious
Table 6
Representing risks in series in a modela
A B C D E F G H
Risk ID Risk occurs Time (weeks) Distribution Calculation
Outcome
Min Most likely Max
1 RiskA = RiskDiscrete ({0, 1}, {80, 20}) 10 11 12 = RiskTriang
(10, 11, 12) = RiskTriang (10, 11, 12)B1 = G1 + IF(G1 = 0, 0,
G5)
2 RiskB = RiskDiscrete ({0, 1}, {95, 5}) 12 20 = RiskUniform
(12, 20) = RiskUniform (12, 20)B23 RiskC = RiskDiscrete ({0, 1},
{80, 20}) 12 14 = RiskUniform (12,14) = RiskUniform (12, 14)B34
RiskD = RiskDiscrete ({0, 1}, {50, 50}) 2 4 = RiskUniform (2,4) =
RiskUniform (2, 4)B45 = MAX(G2, G3, G4)
a RA: Unexpected significant change in user requirements/brief;
RB: Comprehensive redesign and new planning application required;
RC: Major
redesign and new planning application required; RD: Minor
redesign and revision to planning proposal through delegated
powers.
Fig. 7. Tree diagram for risk changes in legislation..
158 R.J. Chapman / International Journal of Project Management
19 (2001) 147160
-
risks, by rank ordering or rating. Then these aremathematically
aggregated to yield a group decision.
. The Delphi technique: Delphi is perhaps the best-known method
of using group judgements inforecasting. It was developed at the
RAND Cor-poration by Dalkey, Helmer and others primarilyfor
technological forecasting, but has seen a widevariety of
applications. The Delphi Technique is amethod for the systematic
collection and collationof judgements from isolated anonymous
respon-dents on a particular topic, through a set of
carefullydesigned sequential questionnaires interspersed
withsummarised information and feedback of opinions,derived from
earlier responses. The basic principlesof the multistage method are
the elimination ofdirect social contact providing unattributed
con-tributions, the provision of feedback and theopportunity for
the revision of opinions. The par-ticipants are asked individually,
usually by mailedquestionnaires but more recently by
interactivecomputer contact, for their estimates of the vari-ables
in question. These are then collated andsummarised in such a way as
to conceal the originof individual estimates. The results are then
circu-lated and the participants are asked if they wish torevise
their earlier forecasts. These rounds cancontinue until the
estimates stabilise, though inpractice the procedure rarely goes
beyond a secondround.
4.5. Step 5: encoding
The aim of this step is to draw from the intervieweesor workshop
attendees the assessment of the impact andprobability for each of
the risks identified, using themeasures agreed during the
Presentation Step. Thisinformation is captured in a risk register
or risk log.Depending on the stage of the project, dierent
assess-ment criteria may be appropriate. At the commencementof a
project the focus will be on identifying any show-stoppers. Later
in the development the assessment maycentre around evaluating
feasibility options.
4.6. Step 6: verification
The aim is to gain a consensus among the design
teammembers/interviewees to establish if there is generalagreement
as to the risks identified and the measuresassigned to them. In
addition, it is aimed at crosschecking for consistency between
measures assigned torisks by individuals. Verification can be
conducted usingthree dierent techniques identified by Spetzler
andStael von Holstein [31], cross checking for consistencybetween
values, verification using dierent elicitationtechniques and
verification by using the final result.Cross checking for
consistency is a simple method for
verification where the analyst asks the core team memberif he
feels that the results are consistent across one stageof the
elicitation process; for instance if two dierentrisks have
approximately the same probabilities ofoccurrence, the analyst will
ask the expert if he feels thisreflects his view of the risks.
Having obtained the resultsthe analyst asks the design team members
whether theygive a fair view of the consequences that is, do
theycompare with their own ideas about consequences. Thisis quite
easily done and if discrepancies do occur thenthey can be traced
back to the base data. Verificationusing the final results can be
conducted by providingrisk maps for each design stage which have
been com-pleted to show the top ten risks identified for each
stage.Each map will illustrate the assessment made for eachrisk in
terms of likelihood of occurrence and impact.The design team
members are requested to compare themaps to see if the degree of
exposure described actuallyreflects their thinking. The least and
most exposedstages are examined to see if there is common
accep-tance of the assessment.
5. Summary
The steps of the overall process were described as:knowledge
acquisition, selection of the core design team,presentation of the
process, identification, encoding andverification. From the
examination of how these stepsare implemented, it can be seen how
the eectiveness ofthe overall process may be influenced and better
under-stood. The observations are a reflection of the rudimentsof
the process and might be described as obvious to theseasoned
practitioner, however they are fundamental ifbenefits are to be
drawn from the process. From theknowledge acquisition step it may
be concluded that thecontribution of the facilitator is enhanced if
he/she has adetailed understanding of the project prior to the
com-mencement of the identification process. The eectivenessof the
identification process will be directly correlated tohow broad and
comprehensive the examination of thethreats to a project are. The
breadth of examination willbe dependant on whether all of the core
design teammembers (and where appropriate the second tier
designteam members) were present during brainstorming.
Theparticipants must be properly briefed during the pre-sentation
step. For the measures of impact to be mean-ingful they must spring
from the project objectives, thesignificance of accomplishing them
(or not) and howthey have been prioritised. Identification of
design man-agement risks requires an understanding of the
char-acteristics of the process and how its main componentsmust be
maintained in balance. All design processes,whether they be within
the IT or construction indus-tries, have common problems that must
be understoodand addressed. Identification requires an
understanding
R.J. Chapman / International Journal of Project Management 19
(2001) 147160 159
-
of the sources of risk and General Systems Theory is putforward
as a way of structuring those sources. In addition,it is proposed
that risks have distinctive characteristicsand that their
interrelationship can be described interms of whether they are in
series or parallel. To conductthe assessment process, encoding is
implementedwhereby the impact and probability measures are usedto
size the risks to describe their potential influenceon the project
should they materialise. Finally, verifica-tion is used to obtain
consensus across the process par-ticipants as to the risks, their
likelihood of occurrenceand impact should they arise.
References
[1] Chapman RJ. The role of system dynamics in understanding
the
impact of changes to key project personnel on design
production
within construction projects. International Journal of
Project
Management 1998;16(4):23547.
[2] Thompson PA, Perry JG. In: Engineering construction risks,
a
guide to project risk analysis and risk management.
Dordrecht:
Kluwer Academic Publishers, 1992. p. 7.
[3] CCTA The Government Centre for Information Systems.
Introduction to the management of risk. London: HMSO, 1993,
p. 23.
[4] Chapman RJ. Specialising in risks. The Architects Journal,
23
November 1995; 5658.
[5] PRAM Project risk analysis and management guide, The
APM Group. In: Simon Peter, Hillson David, Newland Ken,
editors, 1997, p. 23.
[6] Chapman C, Ward S. In: Project risk management,
processes,
techniques and insights. New York: Wiley, 1997. p. 49.
[7] CPI Co-ordinated project information, published by the
Co-
ordinating Committee for Project Information, 1987.
[8] RIBA RIBA Plan of Work, RIBA Publications, 1973.
[9] Clark RC, Pledger M, Needler HMJ. Risk analysis in the
eva-
luation of non-aerospace projects. Project Management
1990;8(1).
[10] Tversky A, Kahneman D. Judgement under uncertainty:
heur-
istics and biases. Science 1974;183:112431.
[11] Wideman RM. Risk management. Project Management Journal
1986;17(4):206.
[12] Cooper DF, Chapman CB. Risk analysis for large
projects:
models, methods and cases. New York: Wiley, 1987.
[13] CCTA The Government Centre for Information Systems. An
introduction to managing project risk. London: HMSO, 1993.
[14] CCTA The Government Centre for Information Systems.
Management of project risk. London: HMSO, 1994.
[15] Perry JG, Hayes RW. Risk management for project
managers.
Building Technology and Management 1986;Aug/Sept:811.
[16] Hertz DB, Thomas H. Risk analysis and its applications.
New
York: Wiley, 1983.
[17] Flanagan R, Norman G. In: Risk management and
construction.
Oxford: Blackwell, 1993. p. 54.
[18] British Standard 6079 HMSO, 1996, p. 29.
[19] Raftery J. In: Risk analysis in project management.
London:
E&FN Spon (Chapman and Hall), 1994. p. 18.
[20] Conroy G, Soltan H. ConSERV: a project specific risk
manage-
ment concept. International Journal of Project Management,
1998;16(6):35366.
[21] Perry JG. Risk management: an approach for project
managers.
Project Management, 1986;4(4):213.
[22] Chapman RJ. No need to gamble on risks. The Architects
Jour-
nal 30 November 1995:49-51.
[23] HM Treasury Procurement Guidance No. 2: Value for money
in
construction procurement, 1997, p. 16.
[24] RAMP Risk analysis and management for projects,
Institu-
tion of Civil Engineers and the Faculty and Institute of
Actuaries,
1998.
[25] Ren H. Risk lifecycle and risk relationships on
construction pro-
jects. International Journal of Project Management
1994;12(2):6874.
[26] Chapman, R. J., Unpublished PhD thesis "An investigation
of
the risk of changes to key project personnel during the
design
stage", University of Reading, Department of Construction
Management and Engineering, April (1998).
[27] Chapman RJ. "The eectiveness of working group risk
identifi-
cation and assessment techniques". International Journal of
Pro-
ject Management 1998;16(6):33343.
[28] Osborn AF. Applied imagination: principles and procedures
of
creative problem solving. 3rd revised ed New York: Charles
Scribners, 1963.
[29] Delbecq AL. The World within the span of control:
managerial
behaviour in groups of varied size. Business Horizons, 1968.
[30] Delbecq AL, Van de Ven AH. Gustafson DH, Group
techniques
for programme planning. Scott and Foresman: Glenview, 1975.
[31] Spetzler CS, Stael von Holstein CA. Probability encoding
in
decision analysis. Management Science 1975;22(3):34058.
Robert J. Chapman is the Head of
Risk Management at Osprey Project
Management. He obtained a PhD in
Design/Risk Management and an MSc
in Construction Management from the
Faculty of Urban and Regional Stu-
dies at the University of Reading,
subsequent to becoming a chartered
architect. He has provided project
management and risk consultancy ser-
vices to several blue chip companies. He
has contributed to the development of
the level five National and Scottish
Vocational Qualifications (NVQ) in
Construction Project Management and conducted research into
risk
management practices on behalf of the Architects Registration
Board.
160 R.J. Chapman / International Journal of Project Management
19 (2001) 147160