- Project plans
- Project activities
- Legislation and standards
- Industry context
Last edited 17 Apr 2019
Risk register for building design and construction
A risk is an uncertain event that, if it occurs, has a positive or negative effect on a project’s objectives or outcome. A risk is defined by having both an impact and a probability, and should not be confused with uncertainty.
Risk management is the process by which project managers address risk by, at its most simple level, considering an events probability and impact, and by combining these two considerations, gain an appreciation of its importance. Then, by understanding the importance of a risk, a project manager is able to prioritise time and resources to addressing those risks with the greatest potential for loss.
There are a range of risk management tools that allow project managers to explicitly undertake this process, with the risk register (also often called the risk log) being one of the more common tools adopted on construction projects.
There are a number of tasks to be followed in order to develop a risk register.
The first step in developing a risk register is to identify all possible project risks. This can be done from reports and project documents, but bringing all the project team together at a risk workshop is usually considered to be the best approach. Risk workshops are held to identify all the risks associated with a project that could have an impact on cost, time or performance of the project. In addition, where possible, information from the team should be obtained on the impact of the risk and the probability of its occurrence as this will be required later.
It is also worth remembering that risks, both in terms of impact and probability can change over the life of the project. Finally, it is worth considering whether there is any correlation between risks. This allows the first element in the risk register, a description of the risk, to be prepared.
There are two basic approaches, 'qualitative' and 'quantitative' risk analysis:
- In a qualitative analysis, descriptive terms are used such as 'low Impact' and 'high probability'.
- In a quantitative analysis, risks will have values attributed to them, such as 'an impact of £10m' or 'a probability of 65%'.
The approach adopted will be influenced by the information available. It is possible to mix qualitative and quantitative analysis, although care must be taken if doing this to ensure there is not an unintentional over focus on the quantitatively defined risks.
Finally, the analysis of probability and impact are combined into a single risk score. Again, this risk score can be presented quantitatively or qualitatively, with quantitative methods often using colours (green, amber and red) as well as words. Once again, this analysis is then entered into the risk register. Risks are often listed from highest to lowest score so as to more clearly highlight the priority risks.
Highlight warnings and identify risk resolutions
The next task initially requires the highlighting of warning signs for each risk. Often this focuses on the priority risks. It is then necessary to identify a plan of action to bring about risk resolution. While there is an inevitable tendency to focus on negative threats, thought should also be given to more positive opportunities.
Risk resolution can be achieved in a number of ways:
- Risk mitigation seeks to reduce the probability of occurrence or impact of a risk to below an acceptable threshold through a proactive parallel management action taken in advance of a negative impact arising.
- Risk transfer seeks to shift the impact of a threat to a third party, together with ownership of the response. However, care must be taken with this approach to ensure that there are no residual unaddressed risks left within the project from a retained correlated risk.
- Risk avoidance is achieved by making changes to the actual project, to either eliminate the risk or to protect the project objectives from its impact. Generally, risk avoidance involves relaxing the time, cost, scope, or quality objectives.
- Risk acceptance means there is no change to the project to deal with a risk, and is often a reflection that it has not been possible to identify an appropriate risk resolution strategy.
As before, all the above information needs to be recorded within the risk register.
While it is essential that all the above information is recorded in the risk register at the start of the project, it is equally important that the risk register is treated as a living document, being reviewed and updated on a regular basis.
Ensuring your risk register is of genuine value
- Encourage openness and avoid blame to ensure all involved are open and honest about identifying and quantifying risks.
- If risks are incorrectly assessed and therefore prioritised, they can divert resources away from more profitably activities.
- If information is not presented logically and in an unbiased form it can unintentionally mislead.
- Unless it is regularly updated the risk register might create a false sense of security with important risks going unrecognised.
Related articles on Designing Buildings Wiki
Featured articles and news
1 minute read.
An alternative to secondary ventilation stacks in tall buildings.
How to deliver the infrastructure the country needs.
Protecting employees from hearing damage.
One of the largest office buildings in the world.
Who holds the risk for COVID-19?
Insights from New York.
A quick introduction to a very complicated subject.
CIOB suggests the economic reach of construction is double the official figures.
The first US building to achieve BREEAM Outstanding In-Use.
70 buildings from 70 years of Concrete Quarterly. Book review.