The process of risk management (Chapter 2)
All business activities involve risk. Depending on the particular business there are different stages in its operations where it could be more prone to risk. This chapter considers the theoretical process of managing risk in comparison with the way risk is managed in the construction industry. It is essential to have a baseline from which to measure the way risk is managed for the process of risk management is only as good as the weakest link. If the weak or missing link can be identified the actions can be taken to strengthen them or bridge the gaps where possible and feasible. The purpose of considering this is to identify the weak links in the construction process. In developing this theoretical model of the process of risk management various sources were used and construction professionals were interviewed.
The process of risk management
Risk management involves a deliberate set of actions designed to identify, quantify, respond/allocate and monitor/manage those things, events or actions that could lead to financial loss. In theory for risk to be managed adequately it is identified as a potential risk and quantified based on the probability of occurrence and / or the maximum impact. This provides an initial indication on the scale and importance of the risk. The business will then be able to respond to the risk by deploying a strategy which could be avoidance, transference, insurance, hedging and diversification etc, depending on the circumstances. The next stage is monitoring and managing the risks that have been defined as well as identifying new arising risks and then following the same process.
A more detailed analysis of these four steps is as follows:
Risk Identification
The identification stage of the risk management process involves capturing those risks that might impact the enterprise and its principal activities. Identification will depend on what is being dealt with, as the nature of the risk could vary, for example project risk would be different in nature, impact and timing to strategic risks. The process by which they might be identified might also differ. For example project risks may be able to be identified from a number of sources, including the plan, the product breakdown structure, experience and stakeholder analysis. Strategic risks can be identified through scenario analysis, market analysis and an assessment of the organizations primary business drivers. Although the context may differ, there are a number of common techniques that can be used to identify risk, including structured thinking, involvement of experts, historical analysis of failures, historical analysis of successes, critical success factors analysis and testing and analyzing assumptions.
Risk Quantification
Risks are typically quantified along two dimensions, impact and probability. Impact is usually measured in terms of the financial consequences which could be expressed for example as cost, time, market share, loss of sales and impact of share value. Whatever measure is adopted it should indicate the type of loss expected if the risk matures. When it comes to projects, the impact could be measured in terms of the cost for completion, which could involve time. The loss in this case would be wasted capital as well as the lost availability of the final product.
Probability is normally measured in terms of the likelihood of the risk occurring. In most instances a scale that is non-metric is chosen, for example high, medium and low. The purpose of the scoring mechanism is to make informed judgment, not to give an absolute indication of the probability or the financial impact. Once the impact and probability ratings have been agreed for a particular risk the two are multiplied together to give an indication of how critical the risk might be and hence whether it ought to be managed more actively.
Risk response and allocation
Response will be contingent upon the specific nature of the risk. However there are a number of basic strategies that can be adopted when developing the response, especially if the risk is considered too great. A party can avoid the risk by choosing to take an alternative course of action; a party can negotiate a transfer of the risk to a party more suited to manage the risk; a party can ensure against the risk maturing; a party can hedge by offsetting a risk; a party can diversify effectively spreading the risk or the party can choose to monitor and manage the risk.
Risk monitoring and management
This requires the organization and infrastructure to manage those risks that matter by following through on the agreed actions associated with the chosen response and monitoring the risks in relation to the wider organization and external environments. An aspect of the management stage is the recognition that failure does occur and therefore to have contingency plans. Such contingency plans lie at the heart of business continuity planning and crises management.
Risk management in construction
Normally on construction projects identification, quantification and response take place to varying degrees at the pre-contract stage. It is important at this stage to consider the dynamics between the parties created from the competitive tender process that is widely adopted in the construction industry. There is potential for a power struggle between the parties with each party aiming to bear as little risk as possible and achieve the most favorable risk profile which in turn has the potential for risk sharing to be unbalanced and unworkable. This issue was acknowledged in the Latham Report where the concept of partnering was promoted, whereby parties work together to achieve common objectives. It was also said that parties should establish long term relationships, which would effectively reduce the effects of competitive tendering.
It is difficult if not impossible to predict the vagaries that arise in the construction process as well as the new risks that may arise from time to time. During the post-contract stage the parties will monitor and manage risk, however there are difficulties with the construction process not being standard or repetitive and therefore the processes will change from project to project, thus making information management a complicated task. For risk to be managed adequately managers need adequate information.
Pre-Contract Stage
Post–Contract Stage
Figure 2.1 – Risk management processes in the pre-contract and post-contract stage in construction.
Conclusion
For risk to be managed effectively all steps of the risk management process must receive adequate attention. The current risk management practice in the construction industry seems to be more focused on the first three stages of identification, quantification and allocation which generally occur at the pre-contract stage. There seems to be a weak link in the risk monitoring and management step. This could be because the there is insufficient risk data due to the haphazard manor the way information is managed in construction projects.
The process of risk management
Risk management involves a deliberate set of actions designed to identify, quantify, respond/allocate and monitor/manage those things, events or actions that could lead to financial loss. In theory for risk to be managed adequately it is identified as a potential risk and quantified based on the probability of occurrence and / or the maximum impact. This provides an initial indication on the scale and importance of the risk. The business will then be able to respond to the risk by deploying a strategy which could be avoidance, transference, insurance, hedging and diversification etc, depending on the circumstances. The next stage is monitoring and managing the risks that have been defined as well as identifying new arising risks and then following the same process.
A more detailed analysis of these four steps is as follows:
Risk Identification
The identification stage of the risk management process involves capturing those risks that might impact the enterprise and its principal activities. Identification will depend on what is being dealt with, as the nature of the risk could vary, for example project risk would be different in nature, impact and timing to strategic risks. The process by which they might be identified might also differ. For example project risks may be able to be identified from a number of sources, including the plan, the product breakdown structure, experience and stakeholder analysis. Strategic risks can be identified through scenario analysis, market analysis and an assessment of the organizations primary business drivers. Although the context may differ, there are a number of common techniques that can be used to identify risk, including structured thinking, involvement of experts, historical analysis of failures, historical analysis of successes, critical success factors analysis and testing and analyzing assumptions.
Risk Quantification
Risks are typically quantified along two dimensions, impact and probability. Impact is usually measured in terms of the financial consequences which could be expressed for example as cost, time, market share, loss of sales and impact of share value. Whatever measure is adopted it should indicate the type of loss expected if the risk matures. When it comes to projects, the impact could be measured in terms of the cost for completion, which could involve time. The loss in this case would be wasted capital as well as the lost availability of the final product.
Probability is normally measured in terms of the likelihood of the risk occurring. In most instances a scale that is non-metric is chosen, for example high, medium and low. The purpose of the scoring mechanism is to make informed judgment, not to give an absolute indication of the probability or the financial impact. Once the impact and probability ratings have been agreed for a particular risk the two are multiplied together to give an indication of how critical the risk might be and hence whether it ought to be managed more actively.
Risk response and allocation
Response will be contingent upon the specific nature of the risk. However there are a number of basic strategies that can be adopted when developing the response, especially if the risk is considered too great. A party can avoid the risk by choosing to take an alternative course of action; a party can negotiate a transfer of the risk to a party more suited to manage the risk; a party can ensure against the risk maturing; a party can hedge by offsetting a risk; a party can diversify effectively spreading the risk or the party can choose to monitor and manage the risk.
Risk monitoring and management
This requires the organization and infrastructure to manage those risks that matter by following through on the agreed actions associated with the chosen response and monitoring the risks in relation to the wider organization and external environments. An aspect of the management stage is the recognition that failure does occur and therefore to have contingency plans. Such contingency plans lie at the heart of business continuity planning and crises management.
Risk management in construction
Normally on construction projects identification, quantification and response take place to varying degrees at the pre-contract stage. It is important at this stage to consider the dynamics between the parties created from the competitive tender process that is widely adopted in the construction industry. There is potential for a power struggle between the parties with each party aiming to bear as little risk as possible and achieve the most favorable risk profile which in turn has the potential for risk sharing to be unbalanced and unworkable. This issue was acknowledged in the Latham Report where the concept of partnering was promoted, whereby parties work together to achieve common objectives. It was also said that parties should establish long term relationships, which would effectively reduce the effects of competitive tendering.
It is difficult if not impossible to predict the vagaries that arise in the construction process as well as the new risks that may arise from time to time. During the post-contract stage the parties will monitor and manage risk, however there are difficulties with the construction process not being standard or repetitive and therefore the processes will change from project to project, thus making information management a complicated task. For risk to be managed adequately managers need adequate information.
Pre-Contract Stage
Post–Contract Stage
Figure 2.1 – Risk management processes in the pre-contract and post-contract stage in construction.
Conclusion
For risk to be managed effectively all steps of the risk management process must receive adequate attention. The current risk management practice in the construction industry seems to be more focused on the first three stages of identification, quantification and allocation which generally occur at the pre-contract stage. There seems to be a weak link in the risk monitoring and management step. This could be because the there is insufficient risk data due to the haphazard manor the way information is managed in construction projects.
posted by Will at 19.10.06
Links to this post:
Create a Link
<< Home