PRESENTED BY

ZULKEPLI BIN HJ IBRAHIM

What is Risk?

Risk and uncertainty

are equivalent
Construction Risk Management

“No construction project is

risk free. Risk can be
managed, minimised, shared,
transferred, or accepted It
cannot be ignored."
DEFINITION
CONSTRUCTION RISK MANAGEMENT IS THE
ART AND SCIENCE OF IDENTIFYING,
ASSESSING, AND RESPONDING TO
PROJECT RISK THROUGHOUT THE LIFE OF
A PROJECT AND IN THE BEST INTERESTS OF
ITS OBJECTIVES.

CONSTRUCTION RISK IS THE CUMULATIVE

EFFECT OF THE CHANCES OF UNCERTAIN
OCCURRENCES ADVERSELY AFFECTING
PROJECT OBJECTIVES
 Risk Management Objectives
• Reduce the number of
surprise events
• Minimize consequences of
adverse events
• Maximize the results of
positive events
Three Definitions
• Risk
– A possible future event which if it occurs will
lead to an undesirable outcome.
• Construction Risk
– The cumulative effect of the chances of an
uncertain occurrence that will adversely affect
construction objectives.
• Risk Management
– A systematic and explicit approach for
identifying, quantifying, and controlling project
risk.
RISK MANAGEMENT PURPOSE
 TO IDENTIFY FACTORS THAT ARE LIKELY
TO IMPACT THE PROJECT OBJECTIVES OF
SCOPE, QUALITY, COST AND TIME

 TO QUANTIFY THE LIKELY IMPACT OF

EACH FACTOR

 TO GIVE A BASELINE FOR PROJECT NON-

CONTROLLABLES

 TO MITIGATE IMPACTS BY EXERCISING

INFLUENCE OVER PROJECT
CONTROLLABLES
NATURE OF RISK MANAGEMENT
WHEN SPEAKING OF RISK, THINK OF ONLY
HAZARDOUS ONES

EVERYDAY COMMON DAY ONES ARE IGNORED

RARELY DO WE SYSTEMATICALLY IDENTIFY ALL

RISKS INVOLVED

HOWEVER, INCLINED TO CONSIDER RISK

DIFFERENTLY RELATIVE TO FAMILY - VERY
PRECIOUS AND LOTS OF POTENTIAL

EXAMPLES:
SMALL CHILDREN - STAY AWAY FROM ROAD
- RISK ID & AVOIDANCE
HOW DID DAY GO? - DO MORE TO HELP THEM
- INFO FEEDBACK

THESE ACTIONS ARE ESTABLISHING THE BASIC

ELEMENTS OF MANAGING PROJECT RISK INTO
OUR CHILDREN
Benefits of Risk Management
• More and better information is
available during planning and decision
making
• Project objectives are verified
• Improved communications
• Higher probability of project success
• Proactive approach
• Project might be canceled
Why Organizations don’t do
Risk Management
• Unwillingness to admit risks exist
• Postpone the hard parts of the project
until later
• Risk management costs money
– Up front investment of time
– Can’t prove it’s necessary
• Think health insurance
Why Organizations don’t do
Risk Management
• “Can Do” management style
severely inhibits risk
management
• Risk identification can make
you look like a whiner
Ways to Avoid Risk Management
• “Managing risk is everybody’s
business”
• “There is only one risk:
The project might fail. And
we’re managing that by working
real hard to assure that doesn’t
happen.”
Risk Management STEP 1
Process
 Identify Hazards.
Identify hazards to
the force.
Consider all
Develop controls
Assess
hazards & make risk aspects of current
decision and future
situations,
IDENTIFY
HAZARDS
Implement environment, and
controls known historical
Supervise problem areas.
& evaluate

TSP-10
Risk Management STEP 2
Process.  Assess
Hazards.
Assess hazards
Develop to determine
ASSESS
HAZARDS
controls & risks. Assess
make risk
decisions the impact of
each hazard in
Identify Implement
terms of
hazards controls potential loss and
Supervise
cost, based on
& evaluate probability and
severity.
TSP-16
Risk Management STEP 3
Process.  Develop Controls
and Make Risk
Decisions.
Develop control
Assess DEVELOP measures that
CONTROLS & MAKE
hazards RISK DECISION eliminate the hazard
or reduce its risk. As
control measures are
Identify Implement developed, risks are
hazards controls reevaluated until all
Supervise
risks are reduced to a
& evaluate level where benefits
outweigh potential
cost.
TSP--21
Risk Management STEP 4
Process  Implement
Controls.
Put controls in
Develop controls
Assess
hazards & make risk place that
decisions
eliminate the
hazards or
Identify IMPLEMENT
CONTROLS
reduce their
hazards
risks.
Supervise
& evaluate

TSP--24
 Risk STEP 5
Management Supervise & Evaluate.
Process Perform to, and
Develop
enforce standards
Assess controls &
make risk
and controls.
hazards decision Evaluate the
effectiveness of
Identify Implement
controls and
hazards controls adjust/ update as
SUPERVISE necessary.
& EVALUATE

TSP-27
 The Uncertainty Spectrum

NO Partial Complete
Information Information Information

(Unknown (Known
unknowns) unknowns) (Knowns)

TOTAL GENERAL SPECIFIC TOTAL

UNCERTAINTY UNCERTAINTY UNCERTAINTY CERTAINTY

SCOPE OF PROJECT RISK MANAGEMENT*

*Note: in this range the information to be sought is known

Construction Risk

Integration
Communication
Scope

Project Risk Cost

Time

Quality
Procurement
Human Resources
INTEGRATING RISK
PROJECT
MANAGEMENT
INTEGRATION

Life Cycle and INFORMATION /

SCOPE Environment Variables COMMUNICATIONS

Expectations Ideas, Directives,

Feasibility Data Exchange Accuracy

Requirements PROJECT Availability HUMAN

QUALITY Productivity
Standards RISK RESOURCES

Time Objectives, Services, Plant, Materials:

Restraints Performance

Cost Objectives, CONTRACT /

TIME Restraints
PROCUREMENT

COST
Risk in Construction
• Lack of knowledge of project tracking
• Failure to recognise and develop responses to risk
and opportunity
• Lack of timely resolution of issues as raised by
various
• stakeholders
• Claims
• Contract administration
• Lack of compliance with project requirements
• Unnecessary legal liabilities or loss of entitlement
Consequences of Risk
POSITIVE :
• greater information is made available
during the course of planning and
decision making
• project objectives are verified
• better communications
• better probability that project
realization will be optimal
• increased chance of project success
Consequences of Risk
Negatives
•belief that all risks have
been accounted for
•project could be shut
down
 Some Considerations
• Real information is the key.
• The relationship between uncertainty and
information is inverse.
• For the project manager, conditions of
relative uncertainty (partial information)
are the rule.
• There is a natural resistance to formal risk
analysis.
• Risks should only be taken to achieve a
project objective.
 Type Of Risk (1)

Risk can be of different types. They may be

• Physical - Causing direct harm or damage,
• Psychological - Causing damage to self-
esteem
• Social - Causing loss of reputation
• Contagious - Causing infectious,
communicable, transmittable losses
TYPES OF RISK (2)
• Knowns
– An item or situation containing no uncertainty
• Known Unknowns
– Things which we know exist but do not know
how they will affect us. These can be identified
and evaluated.
• Unknown Unknowns
– Those risks that cannot be identified and
evaluated (unexpected needs). These can be
handled via contingency allowances.
TYPES OF RISK (3)
• Risks can also be classified as:
–External Unpredictable
–External Predictable
–Internal Non-Technical
–Technical
–Legal
 CONSTRUCTION RISK MANAGEMENT OVERVIEW
Risk Identification Risk Analysis Risk Planning Risk Monitoring
Inputs Inputs Inputs Inputs
Stakeholder risk Opportunities to Risk Management Plan
Product tolerances pursue, threats to
Description respond to Actual Risk Events
Sources of Risk
Other Planning Opportunities to Additional Risk
Potential Risk Events Identification
Outputs ignore, threats to
Cost Estimates accept Tools & Techniques
Historical
Activity Duration Tools & Techniques Workarounds
Information Estimates
Procurement Additional Risk
Tools & Techniques Tools & Techniques Response Development
Contingency
Checklists Expected Monetary Planning Outputs
Value
Flowcharting Alternative Strategies Corrective Action
Statistical Sums
Insurance Updates to Risk
Interviewing Simulation
Outputs Management Plan
Outputs Decision Trees
Risk Management
Sources of Risk Expert Judgment Plan
Potential Risk Outputs Inputs to other
Events Processes
Opportunities to
pursue, threats to Contingency Plans
Risk Symptoms respond to
Reserves
Inputs to other Opportunities to
ignore, threats to Contractual
Processes Agreements
accept
Inputs to Risk Identification
• Product description
– Specification
– SOW
– Contract
• Assumptions
–Explicit
–Implicit
• Critical success factors
 Inputs to Risk Identification
• Historical information
–Commercial databases
–Corporate memory
–Corporate database (lessons
learned)
–Websites
EXTERNAL UNPREDICTABLE
• Regulatory
• Natural Hazards
• Postulated Events
• Unexpected Side Effects of the
Project
• Failure to Complete Project Due to
Uncontrollable External Events
EXTERNAL PREDICTABLE
• Market Risks
• Operational
• Environmental Impacts
• Social Impacts
• Currency Risk
• Inflation
• Taxes
INTERNAL, NON-TECHNICAL
• Management
• Schedule
• Cost
• Cash Flow
• Loss of Potential Benefit or
Profit
TECHNICAL
• Changes in Technology
• Performance Uncertainty
• Risks Associated with Project’s
Technology
• Design
• Sheer Size or Complexity
LEGAL
• Licensing
• Patent Rights
• Contractual Difficulties
• Outsider Suits
• Insider Suits
• Gov. Authority
OTHER RISK ID SOURCES
• Overly Aggressive Cost Estimates
• Overly Aggressive Duration Estimates
• Staffing Plan - Personnel With Special
Skills
• Procurement Management Plan
• Historical Project Files & Project Team
Knowledge
• Commercial Databases
 KEEP IN MIND
• How can you assess risks?
– Break things down into individual
elements and determine their
relationships
• What risks should you assess?
– All of them
– Concentrate occurrenceon those with
greatest impact and most likely
probability of
RISK FACTORS
ALL PROJECT RISKS ARE CHARACTERIZED BY THE
FOLLOWING THREE RISK FACTORS

RISK EVENT: PRECISELY WHAT MIGHT HAPPEN TO

THE DETRIMENT OF THE PROJECT
Write it as an “If - Then” Statement

RISK PROBABILITY: HOW LIKELY THE EVENT IS TO

OCCUR

AMOUNT AT STAKE: THE SEVERITY OF THE

CONSEQUENCES

WITH THIS DATA, THE RISK EVENT STATUS "CRITERION

VALUE" OR RANKING) OF A GIVEN RISK EVENT CAN BE
DETERMINED BY:

RISK EVENT STATUS = RISK PROBABILITY X AMOUNT AT

STAKE
RISK EVENT vs. RISK SYMPTOM
RISK EVENT ARE DISCRETE OCCURRENCES

RISK SYMPTOM  TRIGGERS

THESE ARE INDIRECT MANIFESTATIONS OF ACTUAL

RISK EVENTS

EXAMPLES OF RISK SYMPTOMS:

POOR MORALE = EARLY WARNING SIGN OF

SCHEDULE DELAY

EARLY PROJECT COST OVERRUN = POTENTIAL POOR

PROJECT

OVERALL ESTIMATING
Risk Identification Tools and Techniques
• Checklists
– Project Healthcheck
• Flowcharting
– Cause & Effect (fishbone or Ishikawa charts
• What could happen What ensues
– Effect & Cause
• Outcomes to avoid How they occur
– System or Process flowcharts
Risk Identification Tools and Techniques

• Interviewing
• Brainstorming
 Outputs
• Sources of risk (i.e., categories)
– Stakeholder actions
– Estimates
– Staffing plans
– Common sources of risk:
• Changes in requirements
• Design errors, omissions, and
misunderstandings
• Poorly defined R & R
• Insufficiently skilled staff
Outputs
• Potential Risk events
– Specific discrete events that might
effect the project
– Generally include:
• Probability
• Alternative outcomes
• Timing
• Frequency (more than once?)
Outputs
• Risk Symptoms
– Triggers, or trip wires, or indicators
– Indirect manifestations of risk events
• Poor morale
• Lack of reported progress
• Inputs to other processes
– Improved estimating
– More training
Inputs to Risk Identification
• Product description
– Specification
– SOW
– Contract
• Other planning outputs
– WBS
– OBS
– Cost and Schedule estimates
RISK QUANTIFICATION
 INCREASE THE UNDERSTANDING OF THE
PROJECT

 IDENTIFY THE ALTERNATIVES AVAILABLE

 ENSURE THAT UNCERTAINTIES AND RISKS
ARE ADEQUATELY CONSIDERED IN A
STRUCTURED AND SYSTEMATIC WAY.

 INCORPORATED INTO THE PLANNING AND

DEVELOPMENT PROCESS

 ESTABLISH THE IMPLICATIONS OF THESE

UNCERTAINTIES ON ALL OTHER ASPECTS
OF THE PROJECT
Risk Quantification - Inputs
• Stakeholder risk tolerances
• Sources of risk
• Potential risk events
• Cost estimates
• Activity duration estimates
Risk Quantification Tools and Techniques
• Expected monetary value
• Statistical sums
• Simulation
• Decision trees
• Expert judgment
Expected Monetary Value (EMV)
• Product of two values
– Risk event probability
– Risk event value
• Valuation of the risk event is key
– Must include tangible as well as
intangible value
– 1 week slippage with minor client impact
– 6 week slippage with major client impact
Expert Judgment
Expert judgment can often be applied in
lieu of or in addition to the mathematical
techniques described above.
Derived from:
• team members
• others in or outside of organization
• published findings
• industry averages / statistics
QUALITY RISK
GOALS OF RISK MANAGEMENT
- INCREASE UNDERSTANDING OF PROJECT
- IMPROVE PLANS, DELIVERY, AND ID GREATEST RISKS
- WHERE TO FOCUS ATTENTION
REMAINING MAJOR PROJECT RISK AREA
- WHAT IF PROJECT FAILS TO PERFORM AS EXPECTED DURING.
- OPERATIONAL LIFE / PRODUCT LIFE CYCLE?
- CONFORMANCE TO QUALITY REQUIREMENT REMEMBERED
LONG AFTER COST AND SCHEDULE PERFORMANCE.
- QUALITY MANAGEMENT HAS MOST IMPACT ON LONG-TERM
PERCEIVED & ACTUAL SUCCESS OF PROJECT
SCHEDULE RISK
CAN MANAGE “CRITICAL PATH” BUT NOT MANAGE
DURATION

REASON --> SCHEDULE RISK

HIGHEST RISK PATH = PATH WITH MOST PROJECT

COMPLETION RISK
RISK IN ALL ACTIVITY DURATION BECAUSE FUTURE IS
UNCERTAIN

LONGEST DURATION ACTIVITY ¹ RISKIEST

THEREFORE, NEED TO ID & MANAGE WHAT COULD
CONTRIBUTE TO PROJECT DELAY -- COULD OVERRIDE
MANAGEMENT OF CRITICAL PATH
Risk Response
Employed In
Construction
Risk Response Development

• Defines steps for

–enhancing opportunities
–responding to threats
 Types of Responses
• Avoidance - eliminate
• Mitigation
– Reduce EMV by reducing probability
– Reduce Impact - buy insurance
• Acceptance
– Active: develop plan to deal with risk if it
occurs
– Passive: Accept risk (e.g., lower profit)
 PLANNING ALTERNATIVES
• Project Managers have Several
Response Options
– Avoidance
– Absorption
– Adjustment
– Deflection
– Contingent Planning
– A Combination of the Above
AVOIDANCE
• Defined
–Characterized by project
manager statements such as:
“This alternative is totally
unacceptable to me
–You would take the
appropriate steps to avoid this
situation.
ABSORPTION
• Risk is Recognized-But Not Acted
Upon
• Accept the Risk AS IS
• It’s a Matter of Policy
• Retained & Absorbed (by prudential
allowances)
• Unrecognized, Unmanaged, or
Ignored (by default)
ADJUSTMENT
• Modification of the Project
–Scope
–Budget
–Schedule
–Quality Specification
–Combination of the Above
DEFLECTION
• Involves transfer of risk by
such means as:
–Contracting Out to Another
Party
–Insurance or Bonding
–By Recognizing it in the
Contract
CONTINGENT PLANNING
CONTINGENT PLANNING IS A MEANS TO ADDRESS RISKS TO THE
PROJECT THROUGH A FORMAL PROCESS AND PROVIDE
RESOURCES TO MEET THE RISK EVENTS.

IT IS THE ESTABLISHMENT OF MANAGEMENT PLANS TO BE

INVOKED IN THE EVENT OF SPECIFIED RISK EVENTS

EXAMPLES:

THE PROVISION AND PRUDENT MANAGEMENT OF A

CONTINGENCY ALLOWANCE IN THE BUDGET

THE PREPARATION OF SCHEDULE ALTERNATIVES AND

WORK-AROUNDS

EMERGENCY RESPONSES TO DEAL WITH MAJOR SPECIFIC

AREAS OF RISK

AN ASSESSMENT OF LIABILITIES IN THE EVENT OF A

COMPLETE PROJECT SHUT-DOWN
Types of Responses
• Prevent risk from occurring
– Reduce the probability that the event
will occur
– Eliminate means P=0
• Reduce the impact (think “containment”)
– Buy insurance (monetary)
– Alternative strategies (additional
supplier to PDQ)
CONTRACT STRATEGY
• To Select the Right Form of
Contract Requires:
– Identification of Specific Risks
– Determination of how they should
be shared between the parties, and
– The insertion of clear, legal language
in the contract documents to put it
into effect.
 FAST-TRACKING
• Awarding contracts before all
the information is complete to
reduce the overall time for the
project
• Much higher risk category!!
• Appropriate contingency
allowances must be increased
accordingly.
Risk Response Development - Inputs

Opportunities to pursue,
threats to respond to
 Opportunities to ignore,
threats to accept
Risk Response Development
Tools and Techniques
• Procurement
– Buy outside skills
• Contingency planning
– what to do if the event occurs
– containment
• Alternative strategies
– Prevention
• Insurance
Risk Response Development -
Outputs
• Risk management plan
• Inputs to other processes
• Contingency plans
• Reserves
• Contractual agreements
RISK RESPONSE CONTROL
EXECUTE THE RISK MANAGEMENT PLAN

 ID, QUANTIFY AND RESPOND TO ANY CHANGES EXECUTE

WORKAROUNDS -- UNPLANNED RESPONSES

 TO NEGATIVE EVENTS - ADDITIONAL RISK RESPONSE

DEVELOPMENT

 CURRENT PROJECT DATABASE

 DOCUMENTING ON-GOING RISKS

 BUILD HISTORICAL DATABASES

RELIABLE DATA IS HARD TO FIND! SHOULD CONSIST OF:

 RECORDED RISK EVENTS

 EXPERIENCE ON PAST PROJECTS (SIMILAR IS PREFERRED)

 POST-PROJECT ASSESSMENT AND ARCHIVE UPDATE

Risk Response Control
• Respond to the changes in project
risk over the life of the project
• Risk management plan
• Actual risk events
• Additional risk identification
Risk Response Control Tools and
Techniques
• Workarounds
–Unplanned responses to unforeseen
risks that actually occur
• Additional risk response development
–Revisions to the response, if it
proves inadequate
Risk Response Control - Outputs
• Corrective action
– Implementing the risk management
plan when the risk occurs
• Updates to risk management plan
– Revisions to the risk management plan
as circumstances require
• Risk never materializes
• Probability of occurrence is reduced
 Risk Documentation
Historical database
Current project database
Post project assessment and archive update
• Lessons learned
• Plan variances
• Actuals
• Methods, tools and techniques
• Case studies
SUMMARY
 PROJECTS ARE LAUNCHED TO TAKE ADVANTAGE OF
OPPORTUNITIES, BUT OPPORTUNITIES ARE ASSOCIATED WITH
UNCERTAINTIES WHICH HAVE RISKS ATTACHED

 RISK CAN NEVER BE 100% ELIMINATED

 FOR THE PROJECT TO BE VIABLE, THE EXPECTED VALUE

RESULTING FROM A FAVORABLE PROBABILITY OF GAIN MUST
BE HIGHER THAN THE CONSEQUENCES AND PROBABILITY OF
LOSS

 THEREFORE, THE RISKS ASSOCIATED WITH A PROJECT MUST

RECEIVE CAREFUL EXAMINATION IN THE CONTEXT OF THE
ORGANIZATION'S WILLINGNESS OR AVERSION TO TAKING
RISKS

 THIS IS THE DOMAIN OF PROJECT RISK MANAGEMENT, WHICH

FORMS A VITAL AND INTEGRAL PART OF PROJECT
MANAGEMENT
When Should Risk Assessments be
Carried Out?

 Risk assessments should

be carried out
 as early as possible and
then continuously.
 Don’t take the risk if...
• the organization cannot afford to lose.
• the exposure to the outcome is too great.
• the situation (or project) is not worth it.
• the odds are not in the project’s favor.
• the benefits are not clearly identified.
• there appear to be a large number of
acceptable alternatives.
Don’t take the risk if...
• the risk does not achieve the project objective.
• the expected value from baseline assumptions is
negative.
• the data is unorganized, without structure or
pattern.
• there is not enough data to understand the results.
• a contingency plan for recovery is not in place
should the results prove unsatisfactory.