The controlling influences on eective risk identification andassessment for construction design management

Robert J. Chapman

Capro Consulting Limited, Sea Containers House, 20 Upper Ground, SE1 9LZ, London, UK

Received 11 May 1999; received in revised form 28 September 1999; accepted 7 October 1999

Abstract

Project risk management (PRM) can provide a decisive competitive advantage to building sponsors. For those sponsors who takerisks consciously, anticipate adverse changes, protect themselves from unexpected events and gain expertise to price risk, gain a

leading edge. However, the realisation of this commercial advantage on design-intensive multi-disciplinary capital projects hinges toa large extent on the approach to the initial identification of risk. The very way the identification process is conducted will have adirect influence on the contribution that risk analysis and management makes to the overall project management of constructionprojects. This paper examines the steps involved in conducting the identification and assessment process and how they may influ-

ence the eectiveness of risk analysis. A series of issues are examined in turn, which are considered to have a direct bearing on thequality of the identification and assessment process. By focusing on these issues, our understanding of the contribution that riskmanagement makes to improving project performance may be enhanced. # 2001 Elsevier Science Ltd and IPMA. All rightsreserved.

Keywords: Risk identification; Risk assessment; Risk analysis; Design process

1. Introduction

The literature, in the main, implies that there has beena tendency for the approach to Project risk management(PRM), to be overly prescriptive and mechanistic. Inaddition that there has been undue emphasis on thetechniques of the process rather than focusing on themost crucial areas of the overall process, identificationand assessment [1]. While it may be obvious that thequality of the outputs from a quantitative analysis arelargely dependent on the identification and assessmentprocess, prescriptive methods underplay the importanceof this initial sub-stage. Unidentified and thereforeunmanaged risks are clearly unchecked threats to aprojects objectives, which may lead to significant over-runs. Should the circumstances be so extreme, then thefailure of a single project may be seriously damaging tothe financial status of a company. The degree to whichthe identification process will influence the eectivenessof risk management and its contribution to the overallproject management of any particular project, is dependenton the way the steps of the process are implemented.The purpose of this paper is to review the steps of

identification and assessment in turn, so that their con-tribution may be better understood.

2. Setting risk identification and assessment in context

The overall process of project risk analysis and man-agement may be described in simple terms as beingcomposed of two stages, risk analysis and risk manage-ment, as illustrated in the risk breakdown structure(RBS) included in Fig. 1. The figure provides a readilyassimilated subdivision of the tasks to be undertaken.Thompson and Perry [2] adopted this two-stage sub-division in their model of the stages of risk analysis andmanagement, which they advise has proved acceptableto a wide range of experienced practitioners. It was alsoincorporated in the series of publications produced by theCCTA which includes Introduction to the Management ofRisk [3] and within an article entitled Specialising in risks[4]. The risk analysis stage of the PRM process may beconsidered to be divided into two sub-stages: a qualitativeanalysis sub-stage that focuses on identification togetherwith the assessment of risk, and a quantitative analysis

0263-7863/01/$20.00 # 2001 Elsevier Science Ltd and IPMA. All rights reserved.PI I : S0263-7863(99 )00070-8

International Journal of Project Management 19 (2001) 147160

www.elsevier.com/locate/ijproman

Fig. 1. Risk breakdown structure.

148 R.J. Chapman / International Journal of Project Management 19 (2001) 147160

sub-stage that focuses on the evaluation of risk. The riskmanagement phase is concerned with the monitoring ofthe actual progress of the project and the associated riskmanagement plans. It specifically involves identifying,implementing and tracking the eectiveness of theplanned responses, reviewing any changes in priority ofresponse management and monitoring the status of therisks. While the activities are the same, more recentlythe process is described as being composed of a series ofphases which commence in a staggered pattern subse-quently running in parallel and conducted in an iterativecycle, as described in the PRAMGuide [5] and Chapmanand Ward [6].

3. Scope and plan

Prior to embarking on any PRM study, it is necessary todefine the PRM scope and to plan its implementation inoperational terms as if it were a project in its own right.The aim is to provide a clear unambiguous shared under-standing of the process that will be implemented. Thetasks required to accomplish this aim are the productionof a scope document and a plan document. The scopedocument identifies information such as who is under-taking the analysis for whom, the reason for the formalproject risk analysis and management process, thedesired benefits and the overall project objectives. Thisis a critical document as it will be a benchmark againstwhich the deliverables will be judged. The plan docu-ment addresses the resources to be used, the time frame,the models and techniques to be employed, the softwareto be used, the way in which the results will be recordedand the confidence levels that will be shown. Once thesedocuments are prepared, signed-o by the client anddisseminated, the PRM process can be commenced.

4. The process of risk identification and assessment fordesign projects

The two principle approaches to risk identificationand assessment, are semi-structured interviews con-ducted with individual design team members in turn andthe risk analyst leading a working group. Whicheverapproach is adopted, it will be necessary to put into eecta series of incremental steps including, knowledge acquisi-tion, selection of the representatives of the core design team,presentation of the process to the core design team, identifi-cation, encoding and verification. While these steps arenumbered below for ease of reference, the approachadopted will vary for each project to suit its particularcircumstances and it may be appropriate to omit a step,combine steps or introduce additional ones. In addition,like design itself, risk analysis can be a highly iterativeprocess; whereas more information becomes available, it

is necessary to revisit earlier steps, test decisions andassumptions and make revisions as appropriate.

4.1. Step 1: knowledge-acquisition

The first step involves knowledge-acquisition. That is,first and foremost, understanding what the projectobjectives are, which are commonly time, cost andquality. To understand the threats to these objectives(or project parameters), it is fundamental to examinethe brief, programme, cost plan and quality statement.Where it is identified that there are inconsistenciesbetween the activities recorded in the programme andthe cost plan, then these must be remedied. To under-stand the information supplied, it may be necessary todecompose the project into a set of component activities(or sub-system tasks) and to document what is involvedin each. If a work breakdown structure (WBS) has notbeen compiled, then at this juncture the activities shouldbe coded. Every time an activity is referred to in a projectdocument, it is accompanied by its identifying code. Therationale for implementing this coding system is toensure clear communication. This breakdown should bebased, when appropriate, on the Common Arrangementof work sections published by the Co-ordinating Com-mittee for Project Information [7], the benefits of whichare clearly set out in the CCPI guide. In addition, whereit is transparent that any of these key documents areincomplete, project management activities must beundertaken to fill the gaps. This can be particularlytime-consuming. Moreover, it is necessary to review: theproject execution plan (if one exists), the sequence ofdesign activities (compare with the RIBA Plan of Work[8]) and the procurement route to be followed. Thethoroughness with which this task is undertaken willdirectly influence the risk analysts ability to assesswhether all of the principle project areas have beencovered during the Identification step.

4.2. Step 2: selection of the representatives of the coredesign team

The second step is the selection of the core designteam or principal designers from the project team whoare to participate in the identification and assessment ofthe risks facing the project. These are the essential per-sonnel upon whom the progress of the design wouldultimately depend and who have a full-time committedrole throughout the project life cycle. These personnelwould include the senior representative of each designdiscipline such as the architect, landscape architect,structural engineer, mechanical and electrical engineers,together with the project manager and quantity surveyor.It is essential that all the design disciplines are repre-sented otherwise there is potential for critical risk areasto be overlooked. Hence, on large complex projects it is

R.J. Chapman / International Journal of Project Management 19 (2001) 147160 149

common to include the second tier design team orspecialist designers, such as the geotechnical engineer,arboralist, acoustician, fire engineer, environmentalistand interior designer.

4.3. Step 3: presentation of the process to the coredesign team

The analyst describes the thinking behind theapproach and encourages the airing of any doubts orscepticism among the core team that can be laid to restand encourage participation in and adoption of theprocess [9]. Ecient management of building projectsdemands clear eective communication and if risk ana-lysis and management is to be used as a tool to assist themanagement of projects, then it must itself be clearlycommunicated and understood.The aim of this third step is for the risk analyst to

clearly communicate the:

. objectives of the risk management process;

. the question the risk assessment is required toanswer (definition of scope);

. potential benefits;

. timeframe;

. steps involved;

. participation required of the core design team/sec-ond tier design team;

. deliverables (such as, risk register and cumulativefrequency curve);

. definition of the measures of impact and prob-ability;

. construction of the PI scoring grid;

. allocation of risk owners;

. how the responses are to be defined and managedand

. conditioning.

The active participation and commitment of the pro-ject team to the overall risk management process has asignificant influence on its success and hence the benefitsmust be emphasised and repeated as appropriate.

4.3.1. Step 3 process: constructing measurement criteriaA key component of the Presentation Step is to elicit

from the core team or obtain confirmation of acceptanceof proposed measures of the likelihood of occurrenceand impact, to ensure consistency of assessment. Withoutthese measures, any assessment would be seriouslyimpaired. By the application of these measures togetherwith a probability/impact (PI) matrix, risks can bescored so that attention can be focused on those risksthat have the greatest potential to jeopardise a project.When dealing with subjective assessments in the con-struction industry, team members appear to be morecomfortable with five classes of risk, i.e. very high, high,

medium, low and very low. Against these five classesmust be allocated a likelihood of occurrence and animpact, as shown in Table 1. The time and cost incrementsselected to match the scales of severity must be tailoredspecifically to the project priorities. An assessment mustbe made of the criticality of late completion (e.g. theproject completion date linked to the expiry of a lease)and project overspend (e.g. a specific limit set on the sizeof the development loan).

4.3.2. Step 3 process: comprehension of probabilitydistributionsWhere the intention is to follow the qualitative sub-

stage with quantitative analysis, the assessment of theimpact of any risk must reflect how the risk would occurin reality. This in turn will have a direct bearing on thecost and time information that will need to be collectedto feed into representative probability distributions. Asa consequence, the Presentation Step should include adescription of what probability distributions are, thecircumstances under which particular distributionswould be used and the data required to construct them.Seven of the most commonly used distributions are tri-angle, trigen (available in @ Risk) uniform (also knownas rectangular), general, normal (also known as Gaus-sian) discrete and pert. All the distributions permitmodelling using limited parameters, when historicaldata is not available.

4.3.3. Step 3 process: comprehension of conditioningA further component of the Presentation Step is to

minimise cultural dierences between the team membersand to increase their awareness of the influence ofpotential biases on their judgement of the magnitude ofrisks facing the project. Historical records are com-monly limited and in consequence data collected fromthe core team will, mainly be composed of subjectivejudgements. Tversky and Kahneman [10] have demon-strated that these judgements are arrived at by relianceon a limited number of inference rules known as heur-istics, which are employed to reduce dicult mentaltasks such as assessing probabilities and likely impacts,to simpler ones. They go onto to say that these heur-istics sometimes lead to severe and systematic errorswith serious implications for decision makers. Thisunreliability is the result of the heuristics generatingbiases in the minds of the individual core team members;however, for risk analysis and management to aideective decision making the data collected must be asreliable as possible. The core team must be helped toconfront their biases.

4.4. Step 4: identification

The third step in assessing risk involves identifying asexhaustively as practicable, the risks associated with

150 R.J. Chapman / International Journal of Project Management 19 (2001) 147160

each activity and documenting what is involved. Mostauthors claim it is important to understand exactly whatis meant by risk before it can be managed. There arenumerous definitions of risk which attempt to drawtogether into one definition the likelihood of occurrenceand the degree of impact of a negative event adverselyaecting an activity. These definitions appear to havechanged little over the last twenty years. The definitionby Wideman [11] which follows is appealing, for heplaces risk in the context of project management. Hedefines project risk as the chance of certain occurrencesadversely aecting project objectives. However, thisdefinition ignores positive outcomes. The definition ofrisk adopted here is an event, which should it occur,would have a positive or negative eect on the achieve-ment of a projects objectives. This definition deliberatelyexcludes any reference to the term uncertainty which isconsidered here to be distinct from risk. The terms arenot considered to be synonymous as some authors state,and hence are not used interchangeably. The termuncertainty is adopted here to describe the lack of cer-tainty over the quantum of an activity which is con-sidered certain to take place. An example would be thelength of time required to obtain a planning decision the activity is certain but the duration is uncertain.The literature states that all risks should be con-

sidered at the outset. Identification is considered bymany to be the most important element of the completeprocess, as once a risk has been identified it is possibleto take action to address it. This issue is acknowledgedor stressed by, Cooper and Chapman [12], CCTA [13],CCTA [14], Perry et al. [15] and Hertz and Thomas [16].The success of the identification process, , to a largedegree, will be dependent on the design teams in depthknowledge of the design process and the sources of risk.Their understanding will be influenced by their profes-sional training together with their length of exposure tothe construction industry, the role occupied, the level ofresponsibility held, the number of designs seen throughfrom start to finish, the materials deployed, the archi-tectural styles adopted and the building typesinvolved in. Direct experience of projects will influencethe teams knowledge of the characteristics of the process.Hence, Step 2 selection of the representatives of the

core design team is critical to ensuring identification isas penetrating and complete as possible.

4.4.1. Step 4 process: comprehension of thecharacteristics of the design processThe characteristics of the design process include its

highly iterative nature, the use of primary generators (arelatively simple idea to test solutions), the sequence andcontent of the common design stages, the sequencing ofthe exchange of information, the impact of externalagencies and the management of client changes to thebrief. The teams understanding of these issues willdetermine their comprehension of the risks which mayerode their ability to keep the four main components(see Fig. 2) of the design process the four Ts(Team, Targets [or objectives], Tactics [or controls] andTasks) in balance for the achievement of a projectsobjectives. (The RIBA Plan of Work can be re-definedusing those component descriptions as illustrated inTable 2). Accomplishing this balance has been histori-cally proved dicult to accomplish, as reported in theliterature, for design management is highly exposed torisk and uncertainty, regardless of the size of the project,building type or construction value.

4.4.2. Step 4 process: comprehension of the sources ofdesign riskPast performance of construction projects demonstrates

that risks have proved dicult to manage with the resultthat projects have not met their stated objectives. Thisdiculty emanates from the exposure of design todiverse sources of risk and uncertainty similar to theInformation Systems/Technology industry. For instance,the risks described within the CCTA publicationManagement of Project Risk [14] can be directlytranslated into design risks, as follows:

. diculty in capturing and specifying the userrequirements;

. volatile and innovative nature of the environment;

. diculty of estimating the time and resourcesrequired to complete the design;

. diculty of sequencing the exchange of informa-tion required to match the iterative design process;

Table 1

Measures of probability and impact

Scale Probability Mid-value Impact

Time Cost Performance

Very high >70% 85% >15 weeks > 20m Project does not satisfy business objectives

High 5170% 60% 1015 weeks 5m20m Major shortfall in satisfaction of the brief

Medium 3150% 40% 510 weeks 0.5m5m Minor shortfall in brief

Low 1030% 20% 15 weeks 0.1m0.5m Failure to meet specification clauses

Very low

. frequent reliance on the specialist skills of sub-contractors;

. diculty of measuring progress during the devel-opment of the design;

. enormous choice of materials of varying cost, col-our, durability, maintainability, and aestheticappeal;

. variety of working practices between disciplinesand design practices;

. fragmentation of the industry;

. number of external agencies that have to be con-sulted or complied with;

. volume of standards and codes of practice to beconsulted or complied with.

From this list it would appear that design is bom-barded by risk from all directions making it dicult tograsp the primary sources of risk. Authors are clearlyundecided on how to categorise the source of risk.While there might be similarities between the categoriesproposed, there is no common consensus. Flanagan andNorman [17] define the sources of risk as a risk hierarchycomposed of four layers: the environment, the marketor industry, the company and the project/individual.Wideman [11] has compiled a risk identification break-down structure as a framework of the major sources ofrisk which is subdivided into five classifications of risk:external unpredictable, external predictable but uncertain,

internal (non-technical), technical and legal. BritishStandard 6079 [18] considers that risks or adverse eventsgenerally fall into one of the following five categories:technological, political, managerial, sociological andfinancial. Raftery [19] considers that there are three sepa-rate areas of risk: risks internal to the project, risks externalto the project, and the client/the project/project team andproject documentation. Conroy and Soltan [20] refer tofour categories of risk, namely human failings, organisa-tional failings, design group failings and design processfailings. Perry [21] describes sixteen sources of risk, five ofwhich relate to construction and three to finance issues.One possible way of understanding and structuring

the risks facing a project is to combine the holisticapproach of general systems theory with the disciplineof a work breakdown structure as a framework [22].General systems theory is a useful vehicle for the exam-ination of the management of projects as its approachto the examination of complex processes enables theinterrelationships of the parts and their influence on thetotal process to be better understood and improved. Aproject can be viewed as a sub-system of a clientssystem, which in turn is a sub-system of the industrywithin which the client operates all enveloped in anenvironment known as the external system. Thesefour elements can be adopted as the major componentsof a risk identification breakdown structure. Such abreakdown structure is included in Fig. 3.

Fig. 2. Four main components of the design process.

152 R.J. Chapman / International Journal of Project Management 19 (2001) 147160

Table2

Modified

RIBAplanofwork

Inception

Feasibility

Sketch

Plan

Schem

eDesign

ProductionInform

ation

Team

Agreeconsultantsform

ofappointm

ent.Agree

teamcomposition

Assem

blenucleusteam.

Establish

rolesand

responsibilitiesforthis

stage

Assem

bledesignteam.Establish

rolesandresponsibilitiesforthis

stage

Establish

rolesandresponsibilities

forthisstage.Agreeprogramme

Identifyneedforanyspecialist

designsupport

Targets

Establish

projectobjectives.

Clarifyinitialstatementof

requirem

ents.Discuss

qualityparameters

Restateprojectobjects

andreviewattainability.

Commence

developmentof

thebriefandconductstudies

Establish

userexpectations.Develop

briefandconductstudies

Completeanyoutstandinguser

studies

Agreequalitystandards

Tactics(controls)

Establish

financiallimit.

Examinetimeparameters

PrepareprogrammeState

costrange

Prepareoutlinecostplan.Update

programme

Preparefinalcostplan

Considerinsurance.Agreecontract

particulars

Tasks

Makeinitialsitevisit.

ObtainOSmap

Siteinspection.Examine

accommodationrequirem

ents

againstsite

Produce

diagrammaticanalysis

andtryoutsolutions

Preparefullschem

edesign

Prepareproductioninform

ation

Assem

bledetailsofthose

tobeconsulted

todevelop

thebriefinsubsequent

phases

Assem

bledataforfeasibility

report

Prepareoutlineschem

eindicating

mainspacesanduses

Preparepresentationdrawings

Preparedocumentationinaform

at

tosuitselected

procurementprocess

Reviewplanningstatus.

MakeenquirieswithLA

Makeoutlineplanning

applicationasappropriate

Discussschem

ewithLocalAuthority

Makeplanningapplication

Ensuredesignreflectsplanning

conditions

Preparereport,presentand

discuss

Preparereportincluding

outcomeofapplication,

presentanddiscuss

Preparereport,presentanddiscuss

Preparereportincludingoutcome

ofapplication,presentanddiscuss.

Freezedesign

CompleteBuildingRegulation

application.Obtainnecessary

approvals

R.J. Chapman / International Journal of Project Management 19 (2001) 147160 153

Fig. 3. Risk identification breakdown structure.

154 R.J. Chapman / International Journal of Project Management 19 (2001) 147160

4.4.3. Step 4 process: comprehension of controllable anduncontrollable risksControllable (endogenous) risks are those risks over

which, in part, a project manager has direct control,whereas uncontrollable (exogenous) risks (predominatelyemanating from the environment) are those which hecannot influence. However, it is normally possible toreduce the degree of exposure to such risks. A limitednumber of examples of these types of risks are includedin Table 3.

4.4.4. Step 4 process: comprehension of cause, risk andoutcomeWhen identifying risks it is important to ensure that

the participants in the risk identification process remainfocused on the distinction between risks and theirpotential eect or outcome. Perry [21] and the HMTreasury Procurement Guidance note No. 2 [23] refer tothe importance of the distinction between risks and theireects without stating why it is important. In simpleterms the distinction is important as it prevents the risklog becoming a confused mixture of risks and eects,making the response process particularly dicult, if notimpossible. For instance, where a risk has been recordedas programme overrun it is dicult to think througha response without knowing what the risk nomineethought would trigger the delay. Programme overrunis the eect or outcome, not the risk itself. Each risk willhave one or more causes and it is important that theseare recorded alongside the risks within the risk register,as intimated in the RAMP approach [24], to facilitatethe identification of responses. Included above areexamples of causes, risks and their eects relating tocost, programme and business case. Each risk is given aunique identification number and each cause is given areference which combines its own unique number togetherwith the risk to which it is attached. Hence, C1/R1represents Cause 1 pertaining to Risk 1 (see Table 4).

4.4.5. Step 4 process: comprehension of correlationCorrelation is a quantitativemeasurement of the strength

of a relationship between two variables. Correlation may

be negative or positive. Coecients are used to describecorrelation and range from 1 to +1. A value of 1indicates a complete positive correlation between thetwo variables, a value of 1 indicates a negative corre-lation. A value of 0 indicates that there is no correlationbetween the variables, they are independent. Theunderstanding of risk relationships and groupings isoften aided by representing them in the form of pre-cedence, influence diagrams or flow charts which can beappended to the risk log. With the aid of the allocationof unique numbers to causes and resultant risks, the logand illustration of the relationships, can be readily readtogether. Included in Fig. 4 is a graphical representationof the basic relationship pattern of five risks drawn froma hypothetical rail infrastructure project, together withtheir respective causes. The figure shows that a risk mayhave multiple causes and be correlated to other risks.

4.4.6. Step 4 process: comprehension of risks in seriesand parallelThe terminology of series and parallel is borrowed

from the description of the dierent ways of arrangingelectrical circuits described within the science of physics.The term series refers to say bulbs connected in a row,one after another. Should one bulb fail, it will break thecircuit. The term parallel refers to the parallel lines of acircuit. A parallel circuit allows separate lights to beswitched on and o without aecting the others. Thisterminology is used to define the characteristics of riskswhich are decided not only by their own features, butalso by other risks occurring on the same project.Commonly risks mutually aect, magnify or diminisheach other. This kind of mutual influence among riskson a project is defined as the risk relationship [25].Comprehension of and a study of the relationshipbetween the risks on a project are fundamental toimplementing PRM. The two main classifications of riskrelationships are dependent risks in series and indepen-dent risks in parallel. Risks occurring in series, describesthe situation where one risk event generates another riskevent in a continuous sequential action. In other words,risk event B is dependent on the occurrence of risk A. Ifrisk A occurs, then risk B occurs directly as a result ofA. If risk A does not occur, then risk B definitely doesnot occur (see Table 5). Risks occurring in parallel,describes the situation where several risk events occur atthe same time. Where three risk events have been iden-tified, which will occur at the same time and have animpact on the same programme activity; then it is therisk which will have the largest negative eect, that isconsidered in any probabilistic analysis (see Fig. 5). Forexample, where the risks of changes in legislation, lateClient changes to brief and design rework to realigndesign to cost plan have been identified against a pro-gramme activity called production information andthe risk of design rework to realign design to cost plan is

Table 3

Controllable and uncontrollable risks

Controllable Uncontrollable

Late planning submission Planning conditions imposed on

the design

Lack of change control

procedure

Designer going into receivership

Lack of design co-ordination Inflation

Late commissioning of

sub-contractors drawings

Taxation

Late completion of design

drawings

Late completion of infrastructure

by others

Production information errors Changes in legislation

R.J. Chapman / International Journal of Project Management 19 (2001) 147160 155

assessed as having the highest probability and impact,then it is this dominant risk which is incorporated intoany assessment of the risks in combination. If one orboth of the other risks materialised at the same time,their impact would be absorbed within the programmeprolongation caused by the risk design rework torealign design to cost plan. If one of the other risksmaterialised on its own, from the assessment, its impact

on the programme would not be greater than the impactidentified for design rework to realign design to cost plan.In this example the dominant risk is represented by atriangular distribution.

4.4.7. Step 4 process: modelling risks in seriesWhen collecting data during the identification and

assessment stages, it is important to uncover and record

Table 5

Representing risks in series, in a model

A B C D E F G H

Risk ID Risk occurs Time (weeks) Distribution Calculation Outcome

Min Most likely Max

1 Risk A = RiskDiscrete ({0, 1},{50, 50}) 10 11 12 = RiskTriang (10, 11, 12) = RiskTriang (10, 11, 12)B1 = G1+G22 Risk B Depends on risk A 3 4 5 = RiskTriang (3, 4, 5) = IF(G1 = 0, 0, F2)a

a IF equations are constructed from three components-some logical test, a value for the test if true and a value for the test if false. In this

instance the logical test is if risk A equals zero (i.e. risk A does not occur), then the value for the test is 0; however, if risk A materials, the value for

the test when false is Risk Triang for risk B.

Table 4

Distinction between cause, risk and eect

Cause Risk (direct impact on cost,

programme or business case)

Eect

C1/R1 LA Planning Gain requirements exceed

expectations

R1 Increase in project scope Increase in project costs (design and

construction)

C1/R2 Proposed design not kept within cost plan R2 Extensive design rework Failure to meet design programme

C1/R3 Signalling incompatibility R3 Desired train frequency not

achievable

Failure to meet business case

Fig. 4. Risk relationships.

156 R.J. Chapman / International Journal of Project Management 19 (2001) 147160

the relationships between the risks for evaluation of therisks in combination at some later date. Risk dependency,where the occurrence of risk B is entirely dependent onthe occurrence of risk A (as discussed above), can berepresented by IF equations within risk models whichare Microsoft Excel based, as illustrated in Table 5.

4.4.8. Step 4 process: modelling risks where they occurin series and parallel togetherIn the section above, the occurrence of risks in series

and parallel were described (i.e. risks occurring in series,describes the situation where one risk event generatesanother risk event in a continuous sequential action andrisks occurring in parallel, describes the situation whereseveral risk events occur at the same time). On live pro-jects it is common for risks to be identified as potentiallyarising in a combination of these patterns. In the exampleincluded in Fig. 6, one risk may be followed by one ofthree risks. This situation can be represented in riskmodels that are Microsoft Excel based, by a combina-tion of IF functions and MAX functions illustratedin Table 6. The MAX function selects the largest valuefrom the list of cell references it is instructed to examine.

4.4.9. Step 4 process: determining multiple permutationsusing probability theoryProbability theory can be applied to determining the

likelihood of dierent combinations of events (in series)using tree diagrams also known as decision trees. Inthe example included in Fig. 7, dependent risks areexamined arising from the risk of changes in legislation.As you progressively move through the tree (workingfrom left to right) the risks become less likely and hencethe probabilities are multiplied together. It can be seen,for instance, that the likelihood of having to makealterations to the structural engineering is only 3.6%arising from a 20% chance of having to make fabricalterations and a 90% chance of having to makechanges to the juxtaposition of spaces.

4.4.10. Step 4 process: comprehension of identificationtechniquesThere are several techniques available for risk identi-

fication. (These techniques may also be described asmethods or procedures.) The two techniques mostcommonly used are structured one-to-one interviewsand brainstorming. The Nominal Group and Delphitechniques are less frequently employed. All of thesetechniques may be implemented with the aid of supporttools. These may include check/prompt lists, influ-ence diagrams, system dynamic models (see Chapman[26]), repertory grids and activity schedules. Each ofthese techniques and support tools is described in out-line below. A fuller appraisal of the dierent techniquesis provided in Chapman [27].

. Semi-structured one-to-one interview technique:This technique is an interactive dialogue aid foreliciting risks directly from the interviewee. Expertknowledge, however, is not easily captured andrequires an eective method for drawing it out.The process is time-consuming and due to com-mercial pressures normally present during riskanalysis assignments, the risk study must be care-fully managed to optimise the time invested ineach stage. There are a series of problems that arecommonly encountered which must be addressed ifthe interview process is to be productive. Similarproblems have been described by those constructingexpert systems and refer to the specialist beingmisunderstood, the specialists explanations wan-dering, interruptions, false information beinggiven, biased questions asked by the interviewerand inaccurate representation of the informationgained. These issues must be addressed during therisk analysis and management process.

. Brainstorming technique: The brainstorming process,borrowed from business management and notspecifically created for risk management, involvesredefining the problem, generating ideas, finding

Fig. 5. Risks in parallel.

Fig. 6. Risks in series and parallel.

R.J. Chapman / International Journal of Project Management 19 (2001) 147160 157

possible solutions, developing selected feasiblesolutions and conducting evaluation. Originatedby Osborn [28] in the early 1950s, brainstormingwas proposed as a problem solving method whichwould produce a much larger quantity of ideas inless time than existing group problem solvingtechniques. In the third revised edition of his textentitled Applied Imagination, originally issuedin 1953, Osborn argues the eectiveness of brain-storming is derived from two essential compo-nents. These are succinctly described by Johnson[23] as (1) group thinking is more productive thanindividual thinking and (2) the avoidance of criti-cism improves the production of ideas. Osbornstates that based on experience the optimum sizeof a brainstorming group is twelve and that theideal panel should consist of a leader, an associateleader, about five regular or core members andabout five guests. It has been found that a panelshould be composed of people of the same rank or

standing as the more senior panel members tend toindirectly discourage free-wheeling.

. The NGT technique: The Nominal Group Technique(NGT) was developed by Delbecq et al. [29] in1968. It was derived from social-psychologicalstudies of decision conferences, management-science studies of aggregating group judgementsand social work studies. Delbecq et al. [30]describe the operation of the NGT method ascommencing with the group members (betweenseven and ten) without discussion, writing ideasrelated to the problem down on a pad of paper.After five to ten minutes each individual in turnbriefly presents one of the ideas. These are recordedon a flip chart in full view of the group members.Round-robin listing continues until all membersindicate that they have no more ideas. Discussiondoes not take place until all the ideas are recorded.Then each one is discussed. Finally each individualwrites down their evaluation of the most serious

Table 6

Representing risks in series in a modela

A B C D E F G H

Risk ID Risk occurs Time (weeks) Distribution Calculation Outcome

Min Most likely Max

1 RiskA = RiskDiscrete ({0, 1}, {80, 20}) 10 11 12 = RiskTriang (10, 11, 12) = RiskTriang (10, 11, 12)B1 = G1 + IF(G1 = 0, 0, G5)

2 RiskB = RiskDiscrete ({0, 1}, {95, 5}) 12 20 = RiskUniform (12, 20) = RiskUniform (12, 20)B23 RiskC = RiskDiscrete ({0, 1}, {80, 20}) 12 14 = RiskUniform (12,14) = RiskUniform (12, 14)B34 RiskD = RiskDiscrete ({0, 1}, {50, 50}) 2 4 = RiskUniform (2,4) = RiskUniform (2, 4)B45 = MAX(G2, G3, G4)

a RA: Unexpected significant change in user requirements/brief; RB: Comprehensive redesign and new planning application required; RC: Major

redesign and new planning application required; RD: Minor redesign and revision to planning proposal through delegated powers.

Fig. 7. Tree diagram for risk changes in legislation..

158 R.J. Chapman / International Journal of Project Management 19 (2001) 147160

risks, by rank ordering or rating. Then these aremathematically aggregated to yield a group decision.

. The Delphi technique: Delphi is perhaps the best-known method of using group judgements inforecasting. It was developed at the RAND Cor-poration by Dalkey, Helmer and others primarilyfor technological forecasting, but has seen a widevariety of applications. The Delphi Technique is amethod for the systematic collection and collationof judgements from isolated anonymous respon-dents on a particular topic, through a set of carefullydesigned sequential questionnaires interspersed withsummarised information and feedback of opinions,derived from earlier responses. The basic principlesof the multistage method are the elimination ofdirect social contact providing unattributed con-tributions, the provision of feedback and theopportunity for the revision of opinions. The par-ticipants are asked individually, usually by mailedquestionnaires but more recently by interactivecomputer contact, for their estimates of the vari-ables in question. These are then collated andsummarised in such a way as to conceal the originof individual estimates. The results are then circu-lated and the participants are asked if they wish torevise their earlier forecasts. These rounds cancontinue until the estimates stabilise, though inpractice the procedure rarely goes beyond a secondround.

4.5. Step 5: encoding

The aim of this step is to draw from the intervieweesor workshop attendees the assessment of the impact andprobability for each of the risks identified, using themeasures agreed during the Presentation Step. Thisinformation is captured in a risk register or risk log.Depending on the stage of the project, dierent assess-ment criteria may be appropriate. At the commencementof a project the focus will be on identifying any show-stoppers. Later in the development the assessment maycentre around evaluating feasibility options.

4.6. Step 6: verification

The aim is to gain a consensus among the design teammembers/interviewees to establish if there is generalagreement as to the risks identified and the measuresassigned to them. In addition, it is aimed at crosschecking for consistency between measures assigned torisks by individuals. Verification can be conducted usingthree dierent techniques identified by Spetzler andStael von Holstein [31], cross checking for consistencybetween values, verification using dierent elicitationtechniques and verification by using the final result.Cross checking for consistency is a simple method for

verification where the analyst asks the core team memberif he feels that the results are consistent across one stageof the elicitation process; for instance if two dierentrisks have approximately the same probabilities ofoccurrence, the analyst will ask the expert if he feels thisreflects his view of the risks. Having obtained the resultsthe analyst asks the design team members whether theygive a fair view of the consequences that is, do theycompare with their own ideas about consequences. Thisis quite easily done and if discrepancies do occur thenthey can be traced back to the base data. Verificationusing the final results can be conducted by providingrisk maps for each design stage which have been com-pleted to show the top ten risks identified for each stage.Each map will illustrate the assessment made for eachrisk in terms of likelihood of occurrence and impact.The design team members are requested to compare themaps to see if the degree of exposure described actuallyreflects their thinking. The least and most exposedstages are examined to see if there is common accep-tance of the assessment.

5. Summary

The steps of the overall process were described as:knowledge acquisition, selection of the core design team,presentation of the process, identification, encoding andverification. From the examination of how these stepsare implemented, it can be seen how the eectiveness ofthe overall process may be influenced and better under-stood. The observations are a reflection of the rudimentsof the process and might be described as obvious to theseasoned practitioner, however they are fundamental ifbenefits are to be drawn from the process. From theknowledge acquisition step it may be concluded that thecontribution of the facilitator is enhanced if he/she has adetailed understanding of the project prior to the com-mencement of the identification process. The eectivenessof the identification process will be directly correlated tohow broad and comprehensive the examination of thethreats to a project are. The breadth of examination willbe dependant on whether all of the core design teammembers (and where appropriate the second tier designteam members) were present during brainstorming. Theparticipants must be properly briefed during the pre-sentation step. For the measures of impact to be mean-ingful they must spring from the project objectives, thesignificance of accomplishing them (or not) and howthey have been prioritised. Identification of design man-agement risks requires an understanding of the char-acteristics of the process and how its main componentsmust be maintained in balance. All design processes,whether they be within the IT or construction indus-tries, have common problems that must be understoodand addressed. Identification requires an understanding

R.J. Chapman / International Journal of Project Management 19 (2001) 147160 159

of the sources of risk and General Systems Theory is putforward as a way of structuring those sources. In addition,it is proposed that risks have distinctive characteristicsand that their interrelationship can be described interms of whether they are in series or parallel. To conductthe assessment process, encoding is implementedwhereby the impact and probability measures are usedto size the risks to describe their potential influenceon the project should they materialise. Finally, verifica-tion is used to obtain consensus across the process par-ticipants as to the risks, their likelihood of occurrenceand impact should they arise.

References

[1] Chapman RJ. The role of system dynamics in understanding the

impact of changes to key project personnel on design production

within construction projects. International Journal of Project

Management 1998;16(4):23547.

[2] Thompson PA, Perry JG. In: Engineering construction risks, a

guide to project risk analysis and risk management. Dordrecht:

Kluwer Academic Publishers, 1992. p. 7.

[3] CCTA The Government Centre for Information Systems.

Introduction to the management of risk. London: HMSO, 1993,

p. 23.

[4] Chapman RJ. Specialising in risks. The Architects Journal, 23

November 1995; 5658.

[5] PRAM Project risk analysis and management guide, The

APM Group. In: Simon Peter, Hillson David, Newland Ken,

editors, 1997, p. 23.

[6] Chapman C, Ward S. In: Project risk management, processes,

techniques and insights. New York: Wiley, 1997. p. 49.

[7] CPI Co-ordinated project information, published by the Co-

ordinating Committee for Project Information, 1987.

[8] RIBA RIBA Plan of Work, RIBA Publications, 1973.

[9] Clark RC, Pledger M, Needler HMJ. Risk analysis in the eva-

luation of non-aerospace projects. Project Management

1990;8(1).

[10] Tversky A, Kahneman D. Judgement under uncertainty: heur-

istics and biases. Science 1974;183:112431.

[11] Wideman RM. Risk management. Project Management Journal

1986;17(4):206.

[12] Cooper DF, Chapman CB. Risk analysis for large projects:

models, methods and cases. New York: Wiley, 1987.

[13] CCTA The Government Centre for Information Systems. An

introduction to managing project risk. London: HMSO, 1993.

[14] CCTA The Government Centre for Information Systems.

Management of project risk. London: HMSO, 1994.

[15] Perry JG, Hayes RW. Risk management for project managers.

Building Technology and Management 1986;Aug/Sept:811.

[16] Hertz DB, Thomas H. Risk analysis and its applications. New

York: Wiley, 1983.

[17] Flanagan R, Norman G. In: Risk management and construction.

Oxford: Blackwell, 1993. p. 54.

[18] British Standard 6079 HMSO, 1996, p. 29.

[19] Raftery J. In: Risk analysis in project management. London:

E&FN Spon (Chapman and Hall), 1994. p. 18.

[20] Conroy G, Soltan H. ConSERV: a project specific risk manage-

ment concept. International Journal of Project Management,

1998;16(6):35366.

[21] Perry JG. Risk management: an approach for project managers.

Project Management, 1986;4(4):213.

[22] Chapman RJ. No need to gamble on risks. The Architects Jour-

nal 30 November 1995:49-51.

[23] HM Treasury Procurement Guidance No. 2: Value for money in

construction procurement, 1997, p. 16.

[24] RAMP Risk analysis and management for projects, Institu-

tion of Civil Engineers and the Faculty and Institute of Actuaries,

1998.

[25] Ren H. Risk lifecycle and risk relationships on construction pro-

jects. International Journal of Project Management

1994;12(2):6874.

[26] Chapman, R. J., Unpublished PhD thesis "An investigation of

the risk of changes to key project personnel during the design

stage", University of Reading, Department of Construction

Management and Engineering, April (1998).

[27] Chapman RJ. "The eectiveness of working group risk identifi-

cation and assessment techniques". International Journal of Pro-

ject Management 1998;16(6):33343.

[28] Osborn AF. Applied imagination: principles and procedures of

creative problem solving. 3rd revised ed New York: Charles

Scribners, 1963.

[29] Delbecq AL. The World within the span of control: managerial

behaviour in groups of varied size. Business Horizons, 1968.

[30] Delbecq AL, Van de Ven AH. Gustafson DH, Group techniques

for programme planning. Scott and Foresman: Glenview, 1975.

[31] Spetzler CS, Stael von Holstein CA. Probability encoding in

decision analysis. Management Science 1975;22(3):34058.

Robert J. Chapman is the Head of

Risk Management at Osprey Project

Management. He obtained a PhD in

Design/Risk Management and an MSc

in Construction Management from the

Faculty of Urban and Regional Stu-

dies at the University of Reading,

subsequent to becoming a chartered

architect. He has provided project

management and risk consultancy ser-

vices to several blue chip companies. He

has contributed to the development of

the level five National and Scottish

Vocational Qualifications (NVQ) in

Construction Project Management and conducted research into risk

management practices on behalf of the Architects Registration Board.

160 R.J. Chapman / International Journal of Project Management 19 (2001) 147160