Risk register for building design and construction
A risk is an uncertain event that, if it occurs, has a positive or negative effect on a project’s objectives or outcome. A risk is defined by having both an impact and a probability, and should not be confused with uncertainty.
Risk management is the process by which project managers address risk by, at its most simple level, considering an events probability and impact, and by combining these two considerations, gain an appreciation of its importance. Then, by understanding the importance of a risk, a project manager is able to prioritise time and resources to addressing those risks with the greatest potential for loss.
There are a range of risk management tools that allow project managers to explicitly undertake this process, with the risk register (also often called the risk log) being one of the more common tools adopted on construction projects.
There are a number of tasks to be followed in order to develop a risk register.
The first step in developing a risk register is to identify all possible project risks. This can be done from reports and project documents, but bringing all the project team together at a risk workshop is usually considered to be the best approach. Risk workshops are held to identify all the risks associated with a project that could have an impact on cost, time or performance of the project. In addition, where possible, information from the team should be obtained on the impact of the risk and the probability of its occurrence as this will be required later.
It is also worth remembering that risks, both in terms of impact and probability can change over the life of the project. Finally, it is worth considering whether there is any correlation between risks. This allows the first element in the risk register, a description of the risk, to be prepared.
There are two basic approaches, 'qualitative' and 'quantitative' risk analysis:
- In a qualitative analysis, descriptive terms are used such as 'low Impact' and 'high probability'.
- In a quantitative analysis, risks will have values attributed to them, such as 'an impact of £10m' or 'a probability of 65%'.
The approach adopted will be influenced by the information available. It is possible to mix qualitative and quantitative analysis, although care must be taken if doing this to ensure there is not an unintentional over focus on the quantitatively defined risks.
Finally, the analysis of probability and impact are combined into a single risk score. Again, this risk score can be presented quantitatively or qualitatively, with quantitative methods often using colours (green, amber and red) as well as words. Once again, this analysis is then entered into the risk register. Risks are often listed from highest to lowest score so as to more clearly highlight the priority risks.
Highlight warnings and identify risk resolutions
The next task initially requires the highlighting of warning signs for each risk. Often this focuses on the priority risks. It is then necessary to identify a plan of action to bring about risk resolution. While there is an inevitable tendency to focus on negative threats, thought should also be given to more positive opportunities.
Risk resolution can be achieved in a number of ways:
- Risk mitigation seeks to reduce the probability of occurrence or impact of a risk to below an acceptable threshold through a proactive parallel management action taken in advance of a negative impact arising.
- Risk transfer seeks to shift the impact of a threat to a third party, together with ownership of the response. However, care must be taken with this approach to ensure that there are no residual unaddressed risks left within the project from a retained correlated risk.
- Risk avoidance is achieved by making changes to the actual project, to either eliminate the risk or to protect the project objectives from its impact. Generally, risk avoidance involves relaxing the time, cost, scope, or quality objectives.
- Risk acceptance means there is no change to the project to deal with a risk, and is often a reflection that it has not been possible to identify an appropriate risk resolution strategy.
As before, all the above information needs to be recorded within the risk register.
While it is essential that all the above information is recorded in the risk register at the start of the project, it is equally important that the risk register is treated as a living document, being reviewed and updated on a regular basis.
Ensuring your risk register is of genuine value
- Encourage openness and avoid blame to ensure all involved are open and honest about identifying and quantifying risks.
- If risks are incorrectly assessed and therefore prioritised, they can divert resources away from more profitably activities.
- If information is not presented logically and in an unbiased form it can unintentionally mislead.
- Unless it is regularly updated the risk register might create a false sense of security with important risks going unrecognised.
Related articles on Designing Buildings Wiki
Featured articles and news
What will the General Data Protection Regulations (GDPR) mean for you when they come into force in May?
Business Secretary chairs a new taskforce to monitor and advise on mitigating the impacts of Carillion’s liquidation.
Sir John Armitt is appointed the new chair of the National Infrastructure Commission.
High quality and high density homes - is it what we need or is it storing up trouble?
Government announces its intention to strengthen planning rules to protect music venues and neighbours.
National Audit Office reports that there is little evidence that PFI offers better value than other forms of contracting.
What is liquidation and how does it apply to contractors in the construction industry?
Scrutiny is placed on Carillion's controversial 2013 decision to extend subcontractor payment terms to 120 days.
RSHP unveil their involvement in a boundary crossing which will provide a new entry point into Hong Kong.
With PFI currently under the spotlight due to Carillion, this introductory article explains what they are.
Estimates suggest that up to 30,000 small firms could be at risk of non-payment as a result of Carillion's collapse.