Add to collection(s) Add to saved
  1. No category
Uploaded by seed

CIRIA C747 Engaging with risk (20140)

zz
zz
zz
It is a companion to CIRIA SP125 Control of risk: a guide to the
systematic management of risk from construction (Godfrey, 1996), which
provides advice and methods for identifying, assessing, monitoring and
managing risks in an informed and structured manner.
Engaging with risk
Engaging with risk
zz
emphasise the factors that have been shown to enable or constrain
effective risk management
provide direction on a range of techniques in risk management and
their general application
help readers relate these approaches to their particular project
circumstances
encourage appropriate approaches to risk, at all levels of the
organisation, which will help deliver a successful project outcome.
C747
The purpose of this guide is to:
Risk
governance
Risk
complexity
Risk
stakeholders
Risk
connectivity
Risk
culture
Risk
communication
and language
CIRIA
C747
Who we are
Established in 1960, CIRIA is a highly regarded, industry-responsive, not for profit research and information
association, which encompasses the construction and built environment industries.
CIRIA operates across a range of market sectors and disciplines, providing a platform for collaborative projects
and dissemination by enhancing industry performance, and sharing knowledge and innovation across the built
environment.
As an authoritative provider of good practice guidance, solutions and information, CIRIA operates as a knowledgebase for disseminating and delivering a comprehensive range of business improvement services and research
products for public and private sector organisations, as well as academia.
How to get involved
CIRIA manage or actively participate in several topic-specific learning and business networks and clubs:
zzCore
membership
zzCEEQUAL
Allows your employees to assist with the development of
and access to good practice guidance, formal networks,
facilitation, conferences, workshops and training.
zzAssociate
membership
zzLACL (Local
Allows your employees to access CIRIA’s services.
Members are able to access exclusive content via the
CIRIA website.
zzCIRIA
CIRIA Network
(European Marine Sand and Gravel Group)
CIRIA provides secretariat support to EMSAGG, including
management of the Group’s conferences, workshops and
website and producing its newsletter.
zzLANDFoRM
A member-based community where clients and professionals
meet, develop and share knowledge about specific topics
relevant to construction and the built environment.
zzProject
Authority Contaminated Land Network)
LACL helps local authorities address responsibilities
under Part IIA of the Environmental Protection Act 1990.
zzEMSAGG
Books Club
Members can buy most CIRIA publications at half price and
can attend a range of CIRIA conferences at reduced rates.
zzThe
CIRIA co-manages this environmental award scheme,
which promotes environmental quality in civil engineering
and infrastructure projects.
funding
(Local Authority Network on Drainage
and Flood Risk Management)
A platform for sharing knowledge and expertise in flood
risk management and sustainable drainage.
zzBRMF
Project funders influence the direction of the research
and gain early access to the results.
(Brownfield Risk Management Forum)
Promoting sustainable and good practice in brownfield
projects in the UK.
Where we are
Discover how your organisation can benefit from CIRIA’s authoritative and practical guidance – contact us by:
Post
Griffin Court, 15 Long Lane, London, EC1A 9PN, UK
Telephone
+44 (0)20 7549 3300
Fax
+44 (0)20 7549 3349
Email
enquiries@ciria.org
Websitewww.ciria.org
(for details of membership, networks, events, collaborative projects and to access CIRIA publications through
the bookshop)
CIRIA C747
London, 2014
Engaging with risk
Hilary Lewis, Neil Allan, Christos Ellinas Systemic Consult Ltd
Patrick Godfrey University of Bristol
Griffin Court, 15 Long Lane, London, EC1A 9PN
Tel: 020 7549 3300
Fax: 020 7549 3349
Email: enquiries@ciria.org
Website: www.ciria.org
Summary
The purpose of this guide is to:
zz
emphasise the factors that have been shown to enable or constrain effective risk management
zz
provide direction on a range of techniques in risk management and their general application
zz
help readers relate these approaches to their particular project circumstances
zz
encourage appropriate approaches to risk, at all levels of the organisation, which will help
deliver a successful project outcome.
It is a companion to CIRIA SP125 Control of risk: a guide to the systematic management of risk from
construction (Godfrey, 1996), which provides advice and methods for identifying, assessing,
monitoring and managing risks in an informed and structured manner.
Engaging with risk
Lewis, H, Allan, N, Ellinas, C, Godfrey, P
CIRIA
C747
© CIRIA 2014
RP995
ISBN: 978-0-86017-752-4
British Library Cataloguing in Publication Data
A catalogue record is available for this book from the British Library
Keywords
Risk and value management, uncertainty, governance, stakeholders, culture, communication,
connectivity, complexity
Reader interest
Classification
Identifying, assessing, monitoring
and management of risk and
uncertainty
Availability
Unrestricted
Content
Advice/guidance
Status
Committee-guided
UserRisk professionals, construction clients, designers,
constructors, education and researchers
Published by CIRIA, Griffin Court, 15 Long Lane, EC1A 9PN, UK
This publication is designed to provide accurate and authoritative information on the subject matter covered. It is sold and/
or distributed with the understanding that neither the authors nor the publisher is thereby engaged in rendering a specific
legal or any other professional service. While every effort has been made to ensure the accuracy and completeness of the
publication, no warranty or fitness is provided or implied, and the authors and publisher shall have neither liability nor
responsibility to any person or entity with respect to any loss or damage arising from its use.
All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including
photocopying and recording, without the written permission of the copyright holder, application for which should be
addressed to the publisher. Such written permission must also be obtained before any part of this publication is stored in a
retrieval system of any nature.
If you would like to reproduce any of the figures, text or technical information from this or any other CIRIA publication for
use in other documents or publications, please contact the Publishing Department for more details on copyright terms and
charges at: publishing@ciria.org or tel: 020 7549 3300.
ii
C747 Engaging with risk
Acknowledgements
This publication is the result of work carried out for CIRIA Research Project 995. It has been
written by Hilary Lewis, Neil Allan, Christos Ellinas Systemic Consult Ltd and Patrick Godfrey
University of Bristol, under contract to CIRIA.
Authors
Hilary Lewis BSc MA PhD
Hilary Lewis is a Visiting Fellow at the University of Bristol Systems Centre in the Faculty
of Engineering and business director of Systemic Consult Ltd. She runs both Masters and
Undergraduate courses in systems of risk and innovation and the cultures that support them.
Her consulting work involves mapping risk and innovation cultures in engineering and financial
corporations both in the UK and Australasia.
Neil Allan BSc MBA CEng MICE SIRM
Neil spent 20 years working as an international civil engineering manager before spending the
last 10 years on ground-breaking research into strategic and systemic risk. In 1998 he set up
Systemic Consult Ltd, a research and training consultancy with clients such as Rio Tinto, British
Gas and Babcock International. Their current work involves developing enterprise mapping,
emerging risk and risk culture tools. Neil is a member of the ICE/Actuary committee responsible
for the RAMP series of guide publications including STRATrisk and ERM.
Christos Ellinas MEng (Hons)
Christos Ellinas is a graduate of Civil Engineering from University of Bath. After completing his
master’s thesis in the area of contractual risk, he joined the EngD programme at the Systems IDC,
University of Bristol. In collaboration with Systemic Consult Ltd, he is currently undertaking
doctoral-level research in the field of complex networks and risk. His work has been featured in a
number of leading conferences.
Patrick Godfrey FREng FICE FINCOSE FCGI FEI FIA (Hon) DEng (Hon)
Patrick Godfrey is Professor of Systems Engineering at the University of Bristol, and Director of
the Systems Centre and the Industrial Doctorate Centre in Systems at University of Bristol and
University of Bath. He is the lead author of CIRIA SP125 Control of risk from construction and coauthored Doing it differently – systems for rethinking construction, awarded a Chartered Institute of
Building (CIOB) Gold Medal and Author of the Year in 2001.
Project steering group
Tim Wells (chairman)
CH2M HILL
David Hancock
London Underground
Owen Jenkins (project manager)
CIRIA
Das Mootanah
Monitor
Gary Thomas
Highways Agency
Paul Trewavas
Sir Robert McAlpine
Veronica Flint Williams
Environment Agency
Funders
The project was funded by London Underground, the Environment Agency and CIRIA Core
Members.
iii
iv
C747 Engaging with risk
Contents
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Abbreviations and acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
1
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2
A companion guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3
Readership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4
Purpose and scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.5
How to navigate this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2
Developments in risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2
The changing environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
A maturing risk management profession . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3
2.4
An increased focus on improved risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.5
Developments in the risk management field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.5.1 Understanding the relationship between risk and uncertainty . . . . . . . . . . . . . . . . 8
2.5.2 The enhanced role of management oversight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.5.3 New types of organisations and new ways of working . . . . . . . . . . . . . . . . . . . . . . . 8
2.5.4 A focus on culture and behaviours as well as processes . . . . . . . . . . . . . . . . . . . . . 8
2.5.5 Greater significance placed on the critical role of language and
communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.5.6 The importance of connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.5.7 Understanding the challenges of increased complexity . . . . . . . . . . . . . . . . . . . . . . 9
2.6
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
References and further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.7
3
Risk and uncertainty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2
Broad categories of uncertainty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.3
Sources of uncertainty and risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.4
The nature of uncertainty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.5
Reliability of risk information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Visualising uncertainty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.6
3.6.1 The Italian flag method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.6.2 Modelling uncertainty using Bayesian networks . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.7
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
References and further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.8
12
12
12
14
15
18
18
18
19
20
20
4
Risk governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2
Project governance and risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.3
Risk governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.4
Risk policy, risk appetite and risk tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.5
Risk allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.6
Risk governance through contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Risk governance and the risk management process . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.7
Clarifying risk roles and responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.8
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.9
4.10
References and further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
22
23
23
23
25
26
27
28
29
29
5
Stakeholders in risk management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
v
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
vi
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Stakeholder identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Stakeholder type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Stakeholder analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Stakeholder management strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
References and further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
31
32
33
34
36
36
37
38
6
Risk culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.2
Different levels of cultural influence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.3
Organisational culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.4
Building risk management values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.5
How a risk management culture emerges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.6
The key role of leadership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Balancing risk culture with opportunity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.7
6.8
Different pockets of cultural influence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.9
Sustaining an appropriate culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.10
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.11
References and further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
39
39
40
42
43
43
44
44
45
45
45
7
Risk language and communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.2
The fundamental role of language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.3
Sharing a common risk language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.4
Communicating risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
7.5
Risk communication systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
7.6
Risk communication cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
7.7
Risk communication skills and tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
7.7.1 Assertive communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
7.7.2 Stakeholder risk communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
7.7.3 Visual tools and symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
The communication gap – why ‘saying’ and ‘doing’ are often different . . . . . . . . . . . . . . 52
7.8
7.9
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
7.10
References and further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
8
Risk connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.2
How risks are connected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.3
Eliciting, mapping and modelling connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.3.1 Concept mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.3.2 Bow tie approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.4
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
References and further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.5
53
53
53
55
55
56
58
58
9
Risk complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.2
Determining project complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Matching project complexity to project capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.3
9.4
Key complexity issues for risk managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.4.1 Difficult to determine boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.4.2 Complex projects evolve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.4.3 Complex projects exhibit emergent phenomena . . . . . . . . . . . . . . . . . . . . . . . . . .
9.4.4 Relationships in complex projects are non-linear . . . . . . . . . . . . . . . . . . . . . . . . . .
9.4.5 Feedback loops in complex projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.5
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.6
References and further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
59
59
59
60
61
62
62
62
62
62
63
63
10
Implementing the guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
C747 Engaging with risk
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Statutes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Websites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Figures
Figure 1.1
The connections between SP125 and this new companion . . . . . . . . . . . . . . . . . . . . . . . 1
Figure 1.2
A generic risk management process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Figure 1.3
The topics presented in each chapter of this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 1.4
The outline structure of each chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 2.1
The six key chapters of this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Figure 3.1A framework through which to acknowledge the extent of what is known and
what is unknown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Figure 3.2
The PESTEL framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Figure 3.3
Types of uncertainty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Figure 3.4
Types of uncertainty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Figure 3.5
An approach to uncertainty management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 3.6
The Italian flag method of articulating/visualising incomplete knowledge . . . . . . . . . . 19
Figure 3.7
Selecting preferred options based on their Italian flag depiction . . . . . . . . . . . . . . . . . . 19
Risk appetite, tolerance and universe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 4.1
Figure 4.2ISO 31000 model of the relationships between risk management principles, a
governance framework and process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Types of stakeholder groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Figure 5.1
Identifying potential stakeholder sub-groups in a school build project . . . . . . . . . . . . . 33
Figure 5.2
Figure 5.3Identifying potential stakeholder impact on decisions and their interconnectedness
in a school build project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Figure 6.1
Influencing levels of culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
The 7S’s model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Figure 6.2
Figure 7.1
A generic model of a risk communication system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Figure 7.2
A continuous communication cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Figure 7.3
Typical display board of risk information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 8.1
Six dominos representing six separate risks A to F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Figure 8.2
Risk when considering the interconnected approach . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Figure 8.3
A network representation of the dominos in Figure 8.2 . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Figure 8.4
An example of a simplified concept map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Figure 8.5
A simple chain of events model of risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Figure 8.6
Example of a bow tie diagram indicating multiple causes and consequences . . . . . . . 57
Figure 8.7
A comparison of risk events to highlight connections . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Figure 8.8
The interconnections between the six key chapters of this guide . . . . . . . . . . . . . . . . . . 58
Distinct aspects contributing to project complexity aspect . . . . . . . . . . . . . . . . . . . . . . . 60
Figure 9.1
Figure 9.2Helmsman Complexity Cliff showing the drop in performance as project complexity
increases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Tables
Table 2.1
Table 3.1
Table 3.2
Table 4.1
Table 4.2
Table 4.3
Table 5.1
Table 6.1
Table 9.1
The six principles and related chapters in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Approaches to managing different uncertainty types . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Approaches to managing different types of behavioural uncertainty . . . . . . . . . . . . . . . 17
Examples of varying risk appetites and specified risk tolerances . . . . . . . . . . . . . . . . . . 24
Examples of risk allocation in PPP projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
RACI chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Stakeholder profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Contributing components to a risk culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Helmsman complexity scale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
vii
Abbreviations and acronyms
viii
CLC
Construction Leadership Council
CRM
Crew resource management
EC
European Commission
GHG
Greenhouse gas
ICE
Institution of Civil Engineers
IRGC
International Risk Governance Council
IRM
Institute of Risk Management
ISO
International Organization for Standardisation
MPA
Major Projects Authority
NAO
National Audit Office
NEC
New engineering contracts
ODA
Olympic Delivery Authority
OGC
Office of Government Commerce
C747 Engaging with risk
1
About this guide
1.1
INTRODUCTION
This guide is a companion to CIRIA SP125 Control of risk: a guide to the systematic management of
risk from construction (Godfrey, 1996).
SP125 provides advice and methods for identifying, assessing, monitoring and managing risks in
an informed and structured manner. It also provides advice on how to implement effective risk
management and control on construction projects and where to seek specialist advice.
SP125 was one of the first publications to give specific industry guidance to risk management.
As risk management has become an expanded part of a project manager’s role many have found
SP125 a valuable source of direction.
1.2
A COMPANION GUIDE
The guidance contained within SP125 still remains valid and useful to those in many different
roles from construction clients, contracting organisations as well as those involved in teaching.
However, since its publication, understanding of risk and the management of risk has evolved.
Through a growing understanding and experience of the risks associated with construction
projects and the way projects are changing, new perspectives and tools have become necessary
to assist project teams in the successful management of risk throughout the life of a project. The
aim of this guide is to set out the developments in the risk management field as a supplementary
guide to SP125. Similar to SP125 there are tools to assist with risk management and examples to
illustrate particular elements.
The key lesson learnt by project
teams implementing the tools
from SP125 is the fundamental
Results of which shape
P1
25
Risk
management
elements such
as cost, time,
quality
C
S
This companion guide
provides details on those new
understandings and tools and is
seen as an augmentation to SP125
and not as a replacement. The two
work together, as shown in Figure
1.1, expanding the systematic
approach of SP125 to provide
holistic guidance, which gives both
practical direction as well as new
insights into risk management. It is
through a deeper understanding
that the tools in both SP125 and in
this guide can be more effectively
applied.
7
74 Broader
set of risk
management
elements that
include ‘softer’
aspects
Affects the people who do
Figure 1.1
The connections between SP125 and this new companion
1
need to engage with the wider, ‘softer’ issues of risk management. Great risk management
systems are worthless if there is no risk management leadership building an appropriate risk
management culture.
Alongside this fundamental shift in perspective (from specific tools and techniques to a system wide
view) is the development of more sophisticated approaches to the harder side of risk management.
Each stage of the risk management process has seen more ‘technical’ practices develop.
However, it is important to note that it is not possible to eliminate all uncertainty and risk from a
construction project, and to think that this is possible is a risk itself.
1.3
READERSHIP
This guide is aimed at clients and practitioners throughout the construction supply chain who
are responsible for the development, procurement and management of projects and services in
the built environment. It is acknowledged that there will be a broad readership to this guide and
that readers will be approaching the topic from different perspectives in terms of project and/or
organisational size and complexity.
1.4
PURPOSE AND SCOPE
The development of this guide is very much influenced by a systems view of managing risk, as
explained in Section 1.2. Therefore understanding the context of the individual components
of risk management, how they interact and how they relate to the wider context of an entire
construction project is needed.
This companion to SP125 will:
zz
emphasise the factors that have been shown to enable or constrain effective risk management
zz
provide direction on a range of techniques in risk management and their general application
zz
help readers relate these approaches to their particular project circumstances
zz
encourage appropriate approaches to risk, at all levels of the organisation, which will help
deliver a successful project outcome.
The guide is not meant to provide detailed direction on specific risks such as health and safety
or environment. These form part of the overall set of risks related to a construction project. This
guide deals with the
overarching processes
that help to uncover,
capture, analyse, treat
and monitor relevant
risks, as illustrated in
Figure 1.2.
Figure 1.2
2
A generic risk management process
C747 Engaging with risk
and language
Figure 1.3
1.5
The topics presented in each chapter of this guide
HOW TO NAVIGATE THIS GUIDE
The guide is set out in 10 chapters (see Figure 1.3) with each topic arising from discussions with
an expert panel representing risk management in the UK construction industry.
The chapters have been placed in order so as to provide a logical progression of topics. However,
it is not the intention of this ordering to suggest a particular process or model. It is recognised
that many organisations may have their own depictions or approaches for dealing with risk, but
the contents should be recognisable to most organisations.
Chapter 1 provides an overview of the guide while Chapter 2 outlines the reasons why a companion
guide to SP125 was felt necessary. Chapter 3 aims to contextualise current thinking on risk and its
underlying component of uncertainty. Chapters 4 to 9 are the six key chapter of the guide, shown in blue
in Figure 1.3. Each one responds to the acknowledged developments in the field of risk management
and the changes in the construction industry as outlined in Chapter 2. Each of these chapters can be
read individually, so the reader can further develop their understanding of a specific topic.
The typical composition of a chapter is
shown in Figure 1.4. Each chapter opens
with an introduction to its aims and
underlying concepts. The main body
will further elaborate on such concepts,
and in places provide relevant tools and
techniques. The aim of this guide is not to
provide comprehensive direction on the
implementation of such tools, but to highlight
the concept. The summary section of each
chapter will present the reader with an
overview of the chapter. A references and
further reading section is given at the end of
each chapter, which a practitioner may find
useful. Throughout the guide links are made
to other chapters and Chapter 10 provides the
reader with the next steps in how to develop
organisational capacity in each area.
Figure 1.4
The outline structure of each chapter
3
2
Developments in risk
management
Aims of this chapter:
zz Outline developments in the construction industry over the last two decades that have affected risk
management.
zz Highlight how the changing wider environment affects construction projects resulting in the need for new
approaches to risk management.
zz Relate the benefits for a more holistic approach to risk management.
zz Communicate the importance of the contextual ‘soft’ concepts in project risk management such as culture,
communication, language and collaboration.
2.1
INTRODUCTION
Since the publication of CIRIA SP125 risk management has risen up the agenda for the majority
of organisations of all sizes and across all industries, including the construction sector.
This chapter explores some of the key influences in the construction industry, changes in the
wider environment within which projects are developed and delivered as well as how the field
of risk management has matured. These changes have informed the content of this guide and
the rationale for each chapter is explained allowing the reader to decide the most appropriate
starting point in relation to their specific project environment.
2.2
THE CHANGING ENVIRONMENT
Has your
perception of risk
management in
the construction
industry changed
in recent years?
SP125 was published at a time of renewed national focus on the UK
construction industry, the result of the findings and recommendations of
the government commissioned Latham Report (Latham, 1994). At the time
the industry was perceived as having a number of shortcomings such as an
adversarial culture and not delivering value for money. Latham’s report
set out several recommendations and industry targets aimed at improving
project performance and client satisfaction.
Since then, subsequent initiatives, led by both the UK government and
industry bodies, have sought to maintain the momentum of improvement
and focus on delivering value in the UK construction industry including:
zz
the Egan Report Rethinking construction (DTI, 1998) recommends five key factors aimed at
driving efficiency improvements across the industry
zz
the UK Government’s Achieving excellence in construction (OGC, 1999) providing a strategy
(which included risk management) to improve procurement performance and the value for
money achieved by government departments and public bodies
zz
the establishment of the Strategic Forum for Construction (2001) and its subsequent
publication Accelerating change (2002), which outlined the progress made on the principles of
the Egan Report and the need to remain focused on industry targets
zz
the uniting in 2003 of several industry bodies to form Constructing Excellence, a single
larger and more streamlined influential body with the task of driving the change agenda in
UK construction.
However, while the changes recommended in these initiatives were widely supported by industry
stakeholder groups, achieving them was slower than desired. Finding effective and practical ways
to implement new approaches, while achieved by some to a certain extent, did not fully deliver
the industry changes needed (Hughes and Maeda, 2002). The healthy economy at the time was
4
C747 Engaging with risk
stemming the motivation to make further improvements (Wolstenholme, 2009) resulting in the
persisting sense that more could be done.
In 2011 the government published its construction strategy based on further departmental and
industry analysis indicating the continued need for improvements (Cabinet Office, 2011). The
strategy intended to improve cost efficiency of public sector construction and stimulate growth in
construction. It also contained specific objectives to improve areas of risk management including
contingency allowances, risk incentivisation, risk apportionment and options for risk transfer.
A key guidance document on managing cost risk and uncertainty was developed by the
Infrastructure Risk Group, an industry working group, to help share and lead practice within the
industry (Ashely et al, 2013).
Risk management for construction projects has been influenced not only by the industry and
economic developments, but by a wider set of technological and social changes including:
zz
An increasingly divergent range of stakeholders. The number of stakeholders required to
fund, design, construct, manage and operate modern construction projects is increasing
with the growing need to deliver improved functionality within tighter constraints. This
leads to complex projects where individual stakeholders cannot hold a complete set of
information, ie they are aware of only specific parts of the processes taking place, have
different goals, incentives, risk appetites, cultures and norms. These information ‘black
holes’, differences in storing and accessing information, as well as different risk vocabularies
are often cited as explanations for poorly managed risks.
zz
A 24-hour news society, along with the rise of social media. The pace and breadth of
information dissipation has increased. Information transfer is rapid with greater potential
for faster decision making but less potential for control of information ownership. Most
organisations now recognise that the risks from negative reputational impacts have the
potential to be catastrophic. While they should be constantly managed, well-constructed
responses can provide positive opportunities.
zz
A globalised society and economy. The increased level of globalisation has led to more
complex supply chains. Project resources are more likely to be provided from a range
of global suppliers, increasing the number of interfaces that need to be managed. This
shift from a local to a global supply chain inevitably increases the risk-exposure profile
of a project (eg critical materials are delayed in an overseas port due to unexpected local
political or economic shifts or cultural differences in business practice across suppliers).
zz
The rise of the learning culture. As learning has taken a greater central role in society.
There is a general expectation of continual improvement with lessons learnt from previous
errors so that mistakes, which are repeated, are not well tolerated by the public.
zz
Technological innovations of the last two decades. Any innovation, such as the Internet,
WiFi, developments in understanding and use of materials, and new construction
techniques, brings new sets of risks as well as opportunities that need to be understood.
Combine this factor with the expectation on continual improvement and it is easy to see that
technology can be driven further. However, managing any associated risks may not always
be taken into account.
All of these factors have contributed to a significant change in the risk management environment
since SP125 was published not least is the increased professionalisation of the risk function.
2.3
A MATURING RISK MANAGEMENT PROFESSION
As the environment has changed (Section 2.2), so the risk management discipline has developed
and matured in parallel. Project managers can now draw upon a wealth of risk management
support to help them deliver projects successfully:
zz
Professional bodies and associations. There are a range of professional bodies that support
5
the implementation and development of risk management across
various industry sectors.
How relevant is
the function of
risk management
to your daily
job? Have you
had greater
responsibility for
risk added to your
role compared to
previous years?
zz
Risk management frameworks. Several frameworks and more
formal standards for risk management are now in existence, eg the
International Organization for Standardisation (ISO) developed ISO
31000:2009 and the Office of Government Commerce (OGC) have
produced guidance on the management of risk (OCG, 2010).
zz
Government guidance and organisational risk process. It is rare
for government agencies, public sector bodies and commercial
organisations to not have a risk management process to support
delivery of their specific strategies and objectives.
zz
Training and certification. A wide spectrum of training courses
and certifications can be accessed that are specifically tailored to an
individual’s needs within different industry sectors.
zz
Software solutions and providers. Making decisions based on good
data is central to risk management. The use of quantitative risk
analysis has become widespread in projects for analysing project costs and schedules, and
there has been a proliferation of software providers and solutions aimed at databasing and
analysing risk related information.
zz
The professional risk manager. Alongside the ever increasing application of risk
management has been the rise of the professional risk manager. Organisational risk
management has moved from the domain of the finance or insurance department to be a
unique position occupied by the professional risk manager with specialist skills to support
the businesses that they are operating in.
zz
Integrating risk management into job functions. The project manager is at the forefront of
managing project risks on a daily basis and project management professional bodies embed
risk management into their methodologies.
The Engineering Council, a UK regulatory body for the engineering profession, recognises that
“risk is inherent in the activities undertaken by engineering professionals, and members of the
profession have a significant role to play in managing risk”. The Council has provided guidance
on six principles (Engineering Council, 2011), which are now incorporated in the UK-SPEC (UK
Standard for Professional Engineering Competence) for the training of all registered technicians
and engineers. The principles are summarised in Table 2.1, with links to the relevant chapter in
this guide that can support their development.
6
C747 Engaging with risk
Table 2.1
The six principles and related chapters in this guide
Principal
Detail (summarised)
Chapter
ref
1
Apply professional and
responsible judgement and
take a leadership role
Engineers should demonstrate by example a commitment to
safety, reliability and ethical conduct through the professional
management of risk, from the inception of any project.
6
2
Adopt a systematic and
holistic approach to risk
identification, assessment
and management
The factors that give rise to risk are interdependent and cannot be
examined in isolation. It is vital in managing risk to be aware of this
interdependency, and rather than dealing with risks individually as
they arise, use approaches that deal with whole systems.
3, 8, 9
3
Comply with legislation and
codes, but be prepared to
seek further improvements
Regulations and codes are generic. They can only deal with
anticipated events, and cannot predict every possible situation.
Engineers should take a measured, yet challenging approach to
potential risks, whether or not regulations apply.
4
4
Ensure good
communication with the
others involved
Shortcomings in communication are present in nearly all failures
in the management of risk. Communicating effectively with
customers, clients, suppliers, subcontractors and colleagues
is important to ensure that risks and their implications are
understood properly.
7
5
Effective oversight and scrutiny processes are important
Ensure that lasting systems
safeguards in controlling risks. They should be challenging, and
for oversight and scrutiny
carried out with independence from those creating the risk or
are in place
attempting to control it.
6
Contribute to public
awareness of risk
2.4
4
The perception of risk among the public is influenced by a range of
factors, including emotional ones. Engineers have an important role
5
in raising awareness and understanding about the real levels of risk
and benefit, and helping to prevent misconceptions.
AN INCREASED FOCUS ON IMPROVED RISK
MANAGEMENT
There are a number of widely reported incidents that have brought a high level of attention to
the role of risk management and the expectations societies have of it. The humanitarian and
financial impact of Hurricane Katrina in 2005, the major economic recession created by the
global financial crisis that began in 2007, the long lasting environmental impact of the Deepwater
Horizon oil spill in 2010 and the impact on the nuclear energy industry following the Fukishima
nuclear power plant explosion in 2011 are examples of globally significant events that receive
heightened focus both in their reporting and subsequent risk analysis.
Consistently, this analysis has identified human factors such as culture, conflicting priorities and a
lack of management oversight as root causes. There is a developing belief that enhanced corporate
risk management could help prevent such incidents.
These incidents, and many others, have led to questions about the assumptions on which
traditional risk management is based such as:
Which of
these issues
is presenting
the greatest
challenge
to your risk
management?
1
What fundamental understanding do private and public organisations
need of the uncertainties that generate the risks they face?
2
What levels of oversight would prevent such events occurring?
3
How can the identification of risks include a wider set of stakeholders
and consider risks over the long-term?
4
How can culture enable better practice to help prevent such events?
5
What is required to overcome barriers in communication that prevents
vital information from being transmitted or from being overlooked?
6
What is the implication of interrelated risks and how can they be
managed?
7
How does the complexity of modern society and the economy influence the way that risk is
understood and managed?
7
Each of these questions are explored respectively in Chapters 3 to 9 of this guide. Section 2.5
outlines these seven chapters, allowing the reader to select the most appropriate chapter from
which to begin ‘engaging with risk management’.
2.5
DEVELOPMENTS IN THE RISK MANAGEMENT FIELD
2.5.1 Understanding the relationship between risk and
uncertainty
The increasing demands made on contractors to work with new technologies, in new
environments and in new ways have led to greater levels of uncertainties in projects. While the
UK construction industry has made progress by evolving in certain areas (such as new forms of
contracts and greater accessibility to training) there is still not widespread understanding of the
relationship between uncertainty and risk.
Chapter 3 establishes the difference between these separate but related concepts and offers
approaches to enable a more proficient understanding and management of project uncertainties.
2.5.2 The enhanced role of management oversight
Every established industry has a regulatory body overseeing performance and often more than
one. The UK construction industry is no different with the Government Construction Board
overseeing a reduction in the cost of public sector construction, the Major
Projects Authority (MPA) overseeing the fitness and quality of HM Treasury
approved projects, and the Construction Leadership Council (CLC) tasked
with reducing costs, time to completion, and greenhouse gas emissions (GHG)
across the industry as well as increasing the industry’s ability to compete
internationally.
What is the level
of oversight that
you experience
in your role?
However, all of these bodies operate at the industrial level and organisations need effective
oversight structures to appropriately deliver these outcomes in their own right. Chapter 4
establishes the meaning of good governance and the mechanisms for achieving it.
2.5.3 New types of organisations and new ways of working
A greater need for collaboration is becoming characteristic of the industry. The consortia that
collaborated to deliver the London 2012 Olympics consisted of many separate organisations with
the number of supplying contractors in the hundreds and a supply chain that was multinational.
As the requirement for networked organisations and more flexible responses to construction
problems has grown, so has the number of industry groups, calling for a more holistic perspective
to be adopted by those working on a construction project including in the management of risk.
Chapter 5 discusses the increased significance of understanding the role of stakeholders in the
risk management process.
2.5.4 A focus on culture and behaviours as well as processes
Culture is an intangible and emergent property of human organisations, including projects, and a
unique project culture can emerge, which is separate to an organisational culture.
Effective behaviours within construction teams that lead to the timely identification of risks and
their appropriate management is a central goal for most organisations in the design of their risk
management approaches. If the real purpose and benefits of effective risk management are not
fully understood in construction then many of the activities organisations have spent time and
money developing, become mere tick box exercises. So, culture has been identified as the singular
area that can determine whether a sound set of risk processes are practiced properly or poorly.
8
C747 Engaging with risk
The subject of culture and behaviour is one of the least understood areas of risk management.
Chapter 6 provides an understanding in this area of people and organisational behaviour,
offering risk managers insights to the dynamics of risk culture and guidance on the changes that
can develop an appropriate risk culture.
2.5.5 Greater significance placed on the critical role of
language and communication
Much of the research conducted into effective risk management highlights that inconsistent
language in risk reporting can become a risk in itself. A key aim of ISO 31000 was to overcome
the variety of conflicting vocabulary that exists across industries and even with different
departments of the same organisation. ISO 73:2009, a supplement to ISO 3100, provides a
list of risk terminology and definitions. The bold ambition of ISO 31000 is that over time a
common language will emerge. Communicating project risks between project stakeholders is
fundamental in improving the process of appropriately managing risks. This issue is discussed
in Chapter 7.
2.5.6 The importance of connectivity
Post analysis of major disasters including those discussed in Section 2.3 highlighted that no
single input or cause happens in isolation. For example, in the Japanese earthquake that led
to the Fukishima Nuclear disaster, a drop in ground level reduced the height of the sea wall
protection around the cooling water pumps. The design of the sea wall did not anticipate this
drop occurring in association with a large tsunami. These combining factors led to the failure of
the cooling water pumps, which then combined with other plant failures caused by power outages,
leading to the release of nuclear material. While the reactors withstood the seismic damage risk
it was the series of interconnected risks that led to flooding followed by power outages despite
there being 13 standby generators. At all levels these events linked and interconnected with
unanticipated consequences. This example highlights the need to better understand the nature of
the connections between risks.
Chapter 8 discusses the importance of risk connectivity and looks at techniques to help capture
connections.
2.5.7
Understanding the challenges of increased complexity
A construction project can be considered as a complex system, composed of many parts that
interact with and adapt to each other over time. By definition, when observing or analysing a
complex system, it is not possible to understand the behaviours of the whole system by simply
analysing its component parts.
So, why is there no focus on reducing the complexity of a project? The answer lies in the
increasing contextual restrictions that bind modern construction projects together (tighter
budgets, precise delivery times, specialist elements etc), and also because
increased functionality by coupling various systems is often sought after. For
example, a number of construction projects would not be feasible if extended
and elaborate supply chains and financing bodies were not in place in order
to support them. So it needs to be appreciated that while complexity cannot
be eliminated, tools and techniques can be provided to understand where
complexity exists, and introduce clarity to manage complexity and reduce
embedded risks.
How would
you assess the
complexity of
your project?
This poses a challenge for risk approaches that try to assess each separate element of the project
without a clear picture of what the project objectives are or how each element interrelates. Chapter 9
discusses complexity in greater detail and look at techniques to help identify key sources.
9
Figure 2.1 illustrates the six key chapters of this guide (see Section 1.4) with the corresponding
developments in the field that have contributed to the need for improved approaches in each area.
Figure 2.1
2.6
The six key chapters of this guide
SUMMARY
This chapter has outlined the developments in the construction industry, the changes in the wider
environment in which construction projects take place and how the risk management field is
responding to these changes.
The field of risk management has grown rapidly as organisations recognise the impact poorly
managed risk has on their long-term performance and survival. The regularity of large-scale
catastrophic events provides an ever-increasing catalogue of evidence for the importance of this
critical business activity. This guide seeks to provide direction to risk leaders and managers with
chapters giving insights, tools or techniques to support management of project risks. While they
will each expand on elements of SP125 or offer new perspectives not all chapters may be relevant
to current project circumstances. Chapter 3 will explore the relationship between risk and
uncertainty and how to build a sound approach to understanding both. From this an appropriate
and effective risk management system can be developed.
2.7
REFERENCES AND FURTHER READING
COSO (2014) Guidance on enterprise risk management, Committee of Sponsoring Organisations of
the Threadway Commission. Go to: www.coso.org/-erm.htm
HM TREASURY (2004) The Orange Book. Management of risk – principles and concepts, HM
Treasury, London. Go to: http://tinyurl.com/p4sbdqv
10
C747 Engaging with risk
HUGHES, W and MAEDA, Y (2002) “Construction contract policy: do we mean what we say?”
RICS Research Papers, vol 4, 12, RICS, UK, pp 1–25
ICE (2005) Risk and Management of Projects (RAMP), second edition, Faculty of Actuaries and
Institution of Civil Engineers, UK (ISBN: 978-0-72773-390-0).
Go to: www.icevirtuallibrary.com/content/book/100868
ICE (2014b) Risk management: Institution of Civil Engineers, London.
Go to: www.ice.org.uk/topics/management/ICE-ICES-Management-Panel/Risk-Management
OCG (2010) Management of risk, Office of Government Commerce, London.
Go to: www.mor-officialsite.com
WOLSTENHOLME, A (2009) Never waste a good crisis: a review of progress since Rethinking
Construction and thoughts for our future, Constructing Excellence, London.
Go to: www.constructingexcellence.org.uk
Standards
ISO 3100:2009 Risk management
Websites
Institute of Risk Management (IRM): www.theirm.org
STRATrisk (a site dedicated to understanding and managing strategic risks and associated
opportunities): www.stratrisk.co.uk
11
3
Risk and uncertainty
Aims of this chapter:
zz Distinguish between the separate concepts of uncertainty and risk, and explore how they are linked.
zz Outline sources of uncertainty.
zz Highlight the different types of uncertainty a project manager might face.
zz Provide methods for communicating a common understanding of the uncertainties associated with a project.
3.1
INTRODUCTION
Every project or programme contains uncertainties, but despite these uncertainties, decisions
need to be made so that project objectives can be successfully delivered. Making decisions in the
face of uncertainty means determining what the associated risks are and how they are managed.
This requires successful identification and proper analysis of the risks before taking appropriate
action to manage them. Also, successes and failures need to be carefully monitored in this process
in order to evolve better practice, as well as monitor changes in the context of the project to
ensure that any new sources of uncertainty are captured.
Understanding the distinction between uncertainty and risk is important in developing a
comprehensive approach to risk management.
Definitions
Risk
The effect of uncertainty on
[project] objectives.
Uncertainty
Not having certainty, having doubt
about something (eg a technical or
behavioural element of a project).
The definition of risk given in ISO 3100 (see Definitions) recognises the fact
that uncertainty can produce both positive (opportunities or up-side risk)
and negative effects (threats or down-side risks) on objectives. This has led to
some issues with consistency in the use of risk terminology and in response
the term ‘uncertainty management’ is now also used within some fields
(Ward and Chapman, 2003). The aim of this shift in terminology is to widen
the perspective of risk management and to maximise the project benefits by
considering the opportunities that uncertainty presents. However, it is broadly
accepted that the main focus of most risk management activities is still on the
negative effects of uncertainty (Johansen et al, 2014).
This guide has also chosen to use a broader definition of uncertainty than is defined in ISO 31000.
This is because what has been learnt over the last few decades (as outlined in Chapter 2) is that as
broad a view as possible needs to be taken of what uncertainties may affect certain undertakings.
However, recognising that there is a state of uncertainty requires a sense or acknowledgement
that there is a doubt about something. A condition that many are encouraged, throughout
their education to avoid/ignore – and indeed not admit to. The fear of being seen to not know
something is one of the inherent issues facing effective risk management. This will be more fully
addressed in Chapter 6.
While SP125 briefly describes uncertainty, this chapter starts by discussing how it can be helpful
to consider four broad categories of uncertainty. The chapter then goes on to explore how specific
sources of uncertainty can be determined and how understanding the type of uncertainty faced
can help decide the most appropriate approach to dealing with it.
3.2
BROAD CATEGORIES OF UNCERTAINTY
An initial conceptual framework through which to begin the process of mapping uncertainty
relating to project objectives comes from asking the following questions:
12
1
What are the certainties of this project?
2
What areas of uncertainty are known within this project?
C747 Engaging with risk
However, what is more difficult to try and ascertain answers to are the questions:
1
What uncertainties have been overlooked?
2
What about uncertainties that are simply beyond current human knowledge?
Unknown
Known
Each of these questions will uncover the extent of uncertainty connected to the project and are
illustrated in Figure 3.1.
Known
Unknown
1Certainties
(project aspects known for certain, ie there is
no doubt about them)
3Uncertainties the project team know about
(project aspects that are unclear, ie there is
awareness of doubt about it)
Examples
Examples
zz Location and boundary of the site.
zz The ground conditions where boreholes have not
zz Liaison with the local community will be
essential.
been made.
zz Availability of skilled labour at the time of
construction.
2Uncertainties that others are aware of but the
project team are unaware of
(the things known by others but the project
team currently have no knowledge of)
4Uncertainties beyond current human knowledge
(the things that nobody is aware of, that no-one
has ever thought of and cannot possibly know
about)
Examples
Examples
zz Propensity of the site to flood during extreme
zz A previously unknown species or historical
weather events (not formally recorded, but
known to local community).
zz Upcoming environmental legislation.
Figure 3.1
settlement is found on site.
zz Future adverse changes to the financial stability of
a project supplier.
A framework through which to acknowledge the extent of what is known and what is unknown
These four different states of knowledge invite different types of response:
1
Certainties: are straightforward because this is the knowledge that enables the project team
to know what to do and how to do it. In Figure 3.1 this state of knowing is depicted as green
because of the ability to ‘move on’ when in this condition.
2
Uncertainties the project team know about: provide the option to find out or, if that is not
practical, adopt a strategy to minimise the potential impact of not knowing. This state of not
knowing is depicted as amber because it is unwise to move on until some form of decision and/
or action is taken.
3
Uncertainties that others are aware of but the project team are unaware of: are important
because they require vigilance. They are blind spots for the project team and if only
uncovered late in the delivery programme can have a significant impact on programme and
cost, with potential for claims and variations from client and supplier respectively. This implies
the need to thoroughly understand the state of knowledge relevant to what is going to be built.
This state of not knowing is depicted as amber because it is unwise to move on until some form
of decision and/or action is taken.
4
Uncertainties beyond current human knowledge: are inevitable in many complex projects.
It requires that an ongoing governance system be alert to their possibility and be capable of
understanding their cause and responding effectively to mitigate their consequences. This
state of not knowing is depicted as red because the extent of the potential risk exposure
from these types of uncertainties cannot be known. It is therefore best to remain alert to
their possibility and put in place devices to enable a swift response.
It will not be feasible to eliminate all uncertainty. The goal is to identify and manage risk through
an appropriate risk management approach. When making decisions on how particular project
uncertainties will be managed, the investment of resources required to contain it within what is
considered to be an acceptable level of impact, often leads to a trade-off between the perceived costs
of containing uncertainty in contrast to the perceived costs of the negative impact on the project.
13
What are the areas
of uncertainty in
your project that
clearly cannot be
made certain?
3.3
This framework helps to shape awareness that risk management requires
consistent monitoring for project changes and new knowledge that will either
eliminate or reduce an existing uncertainty or alert us to an emerging one.
Establishing the sources of project uncertainty, and therefore the sources of
project risk, is a key activity in risk management.
SOURCES OF UNCERTAINTY AND RISK
SP125 contained several approaches for exploring both internal and external sources of
uncertainty, which will not be repeated here. This section looks particularly at the external
environment, with examples of sources of uncertainty. Chapter 6 focuses on the particular
internal aspect of culture.
In any system, a shift in the external environment (eg operational, resources, regulatory) is likely
to create a responding shift in the system’s internal structures, relationships and processes. These
wider considerations, which shape the context of the project, can be divided into the political,
economic, social, technological, environmental, legal (PESTEL) framework as shown in Figure 3.2.
Figure 3.2
The PESTEL framework
This framework is a useful way to consider sources of uncertainty induced from a changing
environment. It can be used at any level, applied to any industry, every organisation and project.
The framework has been applied here to the construction industry in general and is only
illustrative, not exhaustive, of the changes in each area.
1
Political. Investments in infrastructure, eg road and rail projects, the development of nuclear
energy or expansion of air traffic capacity are subject to political debate and delay. This can
introduce considerable uncertainty particularly in terms of planning resources and skills.
2
Economic. The global recession, which started in 2007, affected the construction sector for
several years.
Another economic trend is for overseas sovereign funds rather than the UK government to
fund many infrastructure projects. Consideration needs to be given to the risk factors that
this might introduce.
3
14
Social. The ageing population means that experienced construction workers are retiring
from the industry. There are risks associated with the loss of knowledge and skills this
creates, so how might these be mitigated?
With opening accessibility to EU workers, the construction industry is multilingual and
communication related risks could be heightened by such a change.
C747 Engaging with risk
4
Technology. The introduction of new technology on a project also introduces new areas of
risk. The spread of access to and use of the internet through device innovation, expanding
capacity of broadband and the growth of social media has meant that practically everyone
can voice an opinion, at any time and choose who to share it with. This brings new risks
to the management of corporate communications. When popular opinion begins to take
hold it can be difficult to present a balanced case among several sources of contradictory
information. This has been illustrated in the case of the High Speed 2 (HS2) rail project,
with a number of business advisors, local interest groups and politicians posting opposing
arguments on popular websites as well as through more traditional media channels.
An increased dependence on mobile phones (a shift in the environment driven by both
social and technological change) has led some construction companies to develop policies
covering their use on site.
5
Environmental. Sustainable energy, climate and related weather changes, sustainable
materials for construction, wildlife protection and waste disposal are just a few of the issues
a project manager or construction organisation needs to consider and manage to avoid
reputational risk and regulatory breaches.
6
Legal. The Housing Grants, Construction and Regeneration Act 1996 and amendment in
2009 was passed to enable a speedier resolution to the growing number of construction
claims and disputes over unfair payment practices that characterised the industry at the
time. The Act was a form of risk management on a broad scale. The 2009 amendment was
passed to limit the exploitation of loopholes.
These examples usefully highlight the overlaps and connections between different environmental
factors. Social attitudes affect political strategies, which are communicated through
technologically developed media. This can have an impact on economic decisions that lead to the
development of one construction project at the expense of another.
This is reflected in Chapter 9 of this guide, which discusses connectivity – an area of risk
management receiving further attention as ways of more easily understanding these connections
are sought. Alongside these sources of uncertainty from the external environment are some
commonly understood sources of uncertainty from within the project. For example, variations
in the client requirements, unavailability of materials or equipment, or the inability to secure the
necessary skilled labour are all possible sources of uncertainty.
An additional mechanism through which to build a comprehensive consideration of the sources
of uncertainty is to examine the life cycle stages of a project (Cleden, 2009). This can highlight
sources that may be unique to particular phases but also to understand the consequence of risks
connected across phases. For example, a client is awaiting confirmation of approval for the use
of particular construction materials. The project manager has to decide whether to carry these
uncertainties forward into the next phase of the project or force them to be resolved by not
proceeding without a detailed specification.
Becoming competent at assessing the extent of project uncertainty is one skill to be developed for
effective risk management. However, it is useful to understand the nature of the uncertainty.
3.4
THE NATURE OF UNCERTAINTY
To move to a more secure position of managed project uncertainty it can be useful to consider
the different forms of uncertainty faced by a project team. From this understanding the team
can become more effective at designing risk systems that capture information in a format that
genuinely assists project managers in making more reliable decisions.
It is generally considered that uncertainty in a project situation can take one of three forms or a
combination of all three:
1
Gaps in what is known.
15
2
Poor definition of detail, eg when imprecise language is used.
3
Randomness that is traditionally expressed in terms of a range or probability distribution.
These are shown in Figure 3.3.
Project uncertainty
Types of uncertainty
Randomness
and variability
Figure 3.3
Knowledge
gaps
Lack of detail
Types of uncertainty (adapted from Blockley and Godfrey, 2013)
Each type of uncertainty will require a different mitigation approach, for example as shown in Table 3.1.
Table 3.1
Approaches to managing different uncertainty types
Uncertainty type
Randomness and variability
Lack of detail
Knowledge gaps
Example of uncertainty
The likelihood of intense
rainfall
Vague project priorities
Actual geotechnical hazards
during tunnelling
Potential risk
Flash floods causing damage
to site and equipment
Costly changes in project
schedule
Sudden collapses
Develop more detailed
understanding of factors
affecting project priorities
Use an observational risk
management approach.
Collect improved ground data
through site investigation
Example of a
Provide flood warning and
management approach evacuation system
However, as highlighted in Chapter 2, understanding of risk has evolved to appreciate that
personal biases (or ‘worldviews’) also introduce uncertainty (for example one project team
member may make different assumptions to another), as does the variation in conduct when
dealing with risk (for example the variation in decision making styles between one group and
another). These are discussed further in Chapter 6.
As such there is an additional layer of uncertainty types, over and above the situational
uncertainty previously outlined, which should be explored, namely behavioural uncertainties. As
a result, the model in Figure 3.4 becomes expanded as illustrated in Figure 3.4.
Project uncertainty
Behavioural uncertainty
Conduct
variance
Worldview
variance
Figure 3.4
16
Technical uncertainty
Randomness
and variability
Lack of detail
Knowledge
gaps
Types of uncertainty (after Blockley and Godfrey, 2013, and Tannert et al, 2007)
C747 Engaging with risk
Behavioural uncertainty can stem from not having sufficient knowledge about
what rules should govern a decision. What cultural (eg ethical values) and
experiential (eg ‘this is how it was done last time’) factors should come into play?
Such unresolved uncertainties lead to assumptions based on what managers
are culturally led to value as significant and important, as well as how their
experience shapes the intuitive ‘guess-timates’ they feel they can legitimately
make. Figure 3.2 provides some illustrative examples of behaviour uncertainties
and how they might be contained/mitigated.
Table 3.2
Can you
identify areas
of behavioural
uncertainty in
your project?
Approaches to managing different types of behavioural uncertainty
Uncertainty type
Worldview variance
Conduct variance
Example of
uncertainty
The operator’s view of the design is not known
Some team members may be reluctant
to report problems
Potential risks
The level of functional practicality attainable is
reduced affecting the deliverable value of the
project
Early indications of a major issue go
unreported leaving the project in a less
prepared state to respond effectively
Example of a
mitigation approach
Train the team to recognise that risks can be
Develop mutual trustworthy relationships
turned into opportunities in this instance by the that welcome low level concerns and
timely engagement of operators
issues being raised
Some of the uncertainties can be eliminated through acquiring further information (eg technical
specifications, quotes and supplier visits). However, other uncertainties are less obviously or
easily dealt with. It is these uncertainties that are frequently overlooked, judged to be too
difficult to navigate or considered to be the remit of others. It is at this point that the culture
of an organisation and the breadth of world views held by the project team become central to
how these more challenging uncertainties are dealt with. Chapters 5 and 6 look further at these
uncertainties to help assess whether the risk management processes are as inclusive and robust as
they need to be.
It can be helpful to apply an iterative process like that shown in Figure 3.5.
Assess what we think we know already (Step 1)
Assess what we know we don’t know and fill the gaps at least partly (Step 2)
(Step 5)
Assess fuzziness and father further data to reduce it (Step 3)
Identify additional areas of knowledge that may be relevant, analyse them and
gather further information in those areas that are relevant (Step 4)
(once our search for knowledge is compete for now)
Assess the residual uncertainty, design risk-efficient responses to it,
and make the business more robust and flexible (Step 6)
Keep uncertainty under review and continually seek new knowledge (Step 7)
Figure 3.5
An approach to uncertainty management (adapted from the ICE ERM guide, 2012)
17
3.5
RELIABILITY OF RISK INFORMATION
However, not all information that can be obtained may be complete or
definitive, and some may be derived from supposition, insights, tendencies
or inferences – all potentially useful but also subject to bias. There are
occasions where someone has been absolutely certain about something (ie
assuming complete information upon which risk management decisions
have been made) only to discover that this certainty came from a lack of
experience, clouded judgment, inappropriate assumptions or even false
information supplied by others.
It can be useful to ask the following questions:
1
How often are the predictions correct compared to how often they are
wrong?
2
Are all the manageable threats to the project captured?
3
How confident is the project team in the risk reports that they
provide to the senior management?
When was the
most recent
occasion that a
project certainty
turned out to
be based on
insufficient or
poor quality
information?
Consequently, it is important to acknowledge that there are limits to what risk management can
actually achieve.
A useful way to further understand the extent of uncertainty is to use devices to help visualise
project uncertainty.
3.6
VISUALISING UNCERTAINTY
Interestingly, the principles espoused in ISO 31000 require organisations and risk managers to
explicitly address uncertainty. So how uncertainty is visualised, quantified and communicated
to a wide range of stakeholders is an important aspect of risk management. Developing effective
ways to communicate uncertainty can further enhance clarity and provide the means of
constructing a shared understanding of the issues.
An established practice for project control teams on major protects is to undertake probabilistic
analysis of the programme schedule (including time and cost uncertainty and project risks)
to provide confident levels of project completion (typically referred to as a Monte Carlo-type
analysis). The probability distribution is then graphically represented and used to make decisions
on project options. These are often called p50 or p95 values. For example a p90 cost estimate
represents a 90 per cent probability that the project will be delivered within that amount. Or
conversely, there is 10 per cent chance that it will not.
3.6.1 The Italian flag method
An evidence-based process to elicit what is not known can be very helpful. The ‘Italian flag’
method is a simple tool for that purpose (Hall et al, 1998). The method invites consideration of the
balance of evidence as shown in Figure 3.6:
1
To what extent is there evidence that failure will occur (red block)?
2
To what extent is there evidence that success will occur (green block)?
3
To what extent do ‘unknowns’ exist (white block)?
The intention of the approach is to elicit a broader understanding of the uncertainty and
by making it explicit invite strategic approaches to mitigation. It is a means of encouraging
transparency, focusing on evidence rather than the fear of being wrong.
18
C747 Engaging with risk
Incompleteness
of knowledge
Evidence that A
is not successful
{
{
{
Evidence that A
is successful
For example, consider a coin toss:
Classically:
0
1
0
1
‘Open world’, eg includes
loosing the coin:
Figure 3.6
The Italian flag method of articulating/visualising incomplete knowledge
Once articulated in this way, other scenarios can be uncovered (ie broadening out a simple coin
toss to include coin loss as in Figure 3.8). Rather than focusing resources on extending what can
be known the key areas of uncertainty can be identified and improved upon.
This method can also be used to choose between options based on the articulated ‘Italian flag’
representing the uncertainties of each option. The three examples in Figure 3.7 illustrate that in
cases (i) and (ii) option B would be the preferred choice based on the extent of evidence of success
and a smaller level of uncertainty, whereas in case (iii) option A is the preferred choice as although
the level of uncertainty is similar there is more supporting evidence for the success of option A.
i
Option B preferred to option A
Option A
Option B
ii
Option B preferred to option A
Option A
Option B
iii Option A preferred to option B
Option A
Option B
Figure 3.7
Selecting preferred options based on their Italian flag depiction
3.6.2 Modelling uncertainty using Bayesian networks
An approach called ‘Bayesian probability theory’ or ‘Bayesian belief networks’, based on
conditional probability, is growing in popularity in risk management and in engineering decision
making. This is partly because of the increased availability of software approaches and partly
because it allows probabilities to be learned in the light of experience or data. However unlike the
Italian flag it omits explicit recognition of incompleteness. A brief outline of the technique is given
as follows.
19
Bayesian networks (BNs) integrates dependencies directly between trigger events, risk drivers and
consequences. The uncertainties are made explicit and can be refined through observation over
time. Models are developed to represent knowledge about uncertainty and the evidence for it.
Normally, a BN has a clear directed hierarchical structure where the nodes on a higher level are
the ‘parents’ of ‘child nodes’ connected to them via a logical causal relationship.
The construction of a BN is quite intuitive as both qualitative knowledge (eg high, medium, low)
and quantitative data, even distributions, can be used together. The key aim of BNs is to capture
expert knowledge as best as possible and then the model is coached to learn from the actual
evidence observed.
The analytical power of BNs lies in their ability to enable inference and learning, and also
predictions as well as diagnosis. If the ‘parent’ information is available, the states of a ‘child’ can
be obtained using Bayes’ theorem, while if the evidence of a child’s state is observed or observable,
the states of parent nodes can be likewise reasoned.
The fundamentals of BNs are simple to capture but they are not easy to apply without the use of
computers as they rely heavily on calculations. The recent development of user-friendly software
packages have enabled more people to engage in the development of BNs and this might partially
explain the increasing popularity of using them in many areas including project management.
For more detail on this approach, see the Further reading section.
3.7
SUMMARY
Uncertainty and risk are distinctly separate concepts. This chapter has explained the relationship
between uncertainty and risk enabling a wider understanding of both. Sources of uncertainty
faced on projects have been discussed as well as the nature of the uncertainty faced and why
knowing this will help organisations to more effectively handle the risks arising from different
forms of uncertainty.
This chapter has highlighted ways to visualise uncertainty to aid decision making and
communicate with project stakeholders.
An organisation needs to be both robust and flexible enough in order to cope with unexpected
adverse circumstances and, where possible, take advantage of opportunities that may emerge as
the project progresses.
As previously defined, risk is the effect of uncertainty on objectives. In order to manage risk
effectively a clear set of well-defined objectives need to be understood by those managing risk.
Chapter 7 will look in more detail at why this is important and how it is done.
3.8
REFERENCES AND FURTHER READING
BLOCKLEY, D (2013) “Analysing uncertainties: Towards comparing Bayesian and interval
probabilities” Mechanical Systems and Signal Processing, vol 37, 1–2, Elsevier BV, UK, pp 30–42
BLOCKLEY, D and GODFREY, P (2000) Doing it differently: systems for rethinking construction, first
edition, Thomas Telford, London (ISBN: 978-0-72772-748-0)
BLOCKLEY, D and GODFREY, P (2007) “Integrating soft and hard risks” Int. J. Risk Assessment
and Management, vol 7, 6–7, Inderscience Publishers, UK, pp 787–803
BLOCKLEY, D and GODFREY, P (2013) “On communicating the uncertainty of risk” International
Review of Civil Engineering, vol 4, 1, Integrated Publishing Association, USA, pp 24–34
CLEDEN, D, (2009) Managing project uncertainty, Gower Publishing Ltd, Farnham (ISBN: 978-0566-08840-7)
20
C747 Engaging with risk
FENTON, N and NEIL, M (2012) Risk assessment and decision analysis with Bayesian Networks, CRC
Press, UK (ISBN: 978-1-43980-910-5)
HALL, J, DAVIS, J and BLOCKLEY, D (1998) “Uncertainty analysis of coastal projects”. In: Proc
of the 26th conference on coastal engineering, Copenhagen, Denmark, 22–26 June, B L Edge (ed)
Coastal engineering, ASCE, USA (ISBN: 978-0-78440-411-9), pp 1461–1474.
JANSSEN, P H M, PETERSEN, A C, VAN DER SLUIJS, J P, RISBEY, J S and RAVETZ, J R
(2005) “A guidance for assessing and communicating uncertainties” Water Science & Technology ,
vol 52, 6, IWA Publishing, London, pp 125–131
JOHANSEN, A, HALVORSEN, S, HADDADIC, A and LANGLOD, J (2014) “Uncertainty
management – a methodological framework beyond ‘the six W’s’” Procedia – Social and Behavioral
Sciences, vol 119, March, selected papers from the 27th IPMA (International Project Management
Association) World Congress, Dubrovnik, Croatia, pp 566–575
SPIEGELHALTER, D, PEARSON, M and SHORT, I (2011) “Visualizing uncertainty about the
future” Science, vol 333, 6048, American Association for the Advancement of Science (AAAS),
Washington DC, USA, pp 1393–1400
21
4
Risk governance
Aims of this chapter:
zz Introduce governance at a corporate, programme and project level.
zz Build awareness of the role of risk governance.
zz Recognise the advantages of understanding risk appetite at these different levels.
zz Understand how risk can be appropriately distributed across a project network.
zz Highlight developments in the use of contracts to manage risks.
zz Introduce a risk management framework.
4.1
INTRODUCTION
At the start of the industrial revolution, business ownership and business control were held and
conducted by one person or a small group of people. However, as the ownership and control of
organisations have become separate functions, spread among a much wider group of people, then
the need for a more formalised understanding of who has the responsibility and authority to do
what has increased.
Also, as introduced in Chapter 2, the trends in economic and demographic growth,
internationalisation, technological innovation, legislation and regulation, and information
availability have placed the role of governance a the cornerstone of good practice. Since SP125
was published demand has grown for organisations to become more transparent to all their
stakeholders and there is a greater requirement to clearly communicate the actions taken to
protect their interests.
Corporate governance (see Definitions) has become an accepted management function of
organisations as a whole, with frameworks and policies to support this. Typically, individual
projects may be included within the corporate risk register where their performance or nature
poses a risk to delivering the corporate business plan. Elements of project and programme
governance have become established such as:
zz
project approvals
zz
budget approvals
zz
authorisations based on risk/revenue levels
zz
evidence to support decision making
zz
project execution plans to demonstrate management of projects and risks
zz
delivery assurance and gateway reviews.
Definitions
Corporate governance
Involves a set of relationships between a company’s management, its
board, its shareholders, and other stakeholders. Corporate governance
also provides the structure through which the objectives of the company
are set, and the means of attaining those objectives and monitoring
performance are determined (OED, 2004).
Overall the function of governance is to ensure
that corporate and project objectives are
delivered in accordance with the aspirations
of their stakeholders and that there is an
appropriate information flow to support this
(see Chapter 5). However, effective governance
requires a holistic approach.
Increasingly, project risk management will feed through into an organisation’s corporate
risk management process. Typically key risks from project risk registers are passed up to
a corporate risk register. The board will want to be informed about key risks included on
the register. They can then devote attention as appropriate to those risks, which the project
teams cannot manage themselves. Additionally, this can highlight where there might be
similar thematic risks with other projects. For larger organisations with audit committees,
risk management through the presentation of risk registers and risk management plans is an
important part of corporate governance.
22
C747 Engaging with risk
4.2
PROJECT GOVERNANCE AND RISK MANAGEMENT
Increasingly organisations are linking project governance (see Definitions) to risk management
through the use of project and programme boards. While the roles and responsibilities of project
boards will vary depending on the size of the organisation, project board members represent the
management of the organisation. They provide oversight to ensure that projects are more likely to
succeed and deliver the expected benefits. They are also able to authorise changes to the project.
Key information in providing this oversight comes from the risk management process. Project
boards will want to understand and track the main risks in a project and be satisfied that the
project strategy reflects an appropriate response. For example, payment delays are a common
problem for many suppliers, which result in high levels of project capital that need to be selffunded. Certain levels may be tolerated, but an organisation will manage the risks this presents if
they understand their own tolerances and set internal practices accordingly.
4.3
RISK GOVERNANCE
While project governance is establishing
itself as an element of best practice for project
management, by comparison the application
of risk governance is still in its early stages
(see Definitions).
SP125 discusses the concept of ownership
of risk. This has since been developed
further by applying the principles of good
governance to the identification, assessment,
management, monitoring and communication
of risks as promoted by the International Risk
Governance Council (IRGC) in 2003.
Definitions
Project governance
The governance of project management ensures that an organisation’s
project portfolio is aligned to the organisation’s objective, that it
is delivered efficiently, and it is sustainable. Governance of project
management also supports the means by which the board, and other
major project stakeholders, are provided with timely, relevant and
reliable information (APM, 2011).
Risk governance
Includes the totality of actors, rules, conventions, processes and
mechanisms and is concerned with how relevant risk information
is collected, analysed and communicated, and how management
decisions are taken. It applies the principles of good governance that
include transparency, effectiveness and efficiency, accountability,
strategic focus, sustainability, equity and fairness, respect for the rule
of law and the need for the chosen solution to be politically and legally
feasible as well as ethically and publicly acceptable (IRGC, 2008).
Risk governance provides guidance on how
risk-related decision making should take
place by focusing on the components of the risk management function (eg people, processes) and
how they interact (eg information exchange). It also builds on the need for co-ordination and
reconciliation of many different perspectives across organisational hierarchies as well as between
organisational, industry, national and international boundaries.
Change that has been anticipated, ie listed as risks in a risk register with mitigation and manage
actions, will provide comfort to a project board that the project strategy is on track and realistic.
A number of larger organisations now link the risk allowance in the project budget to levels of
expenditure that are authorised to be spent by the project team in managing change.
For example, the London 2012 Olympic Delivery Authority (ODA), with overall oversight of a
multi-billion pound complex delivery programme of capital and operational projects had to put
in place multiple layers of assurance. A system of Olympic programme and project boards were
set up to oversee change linked to the quantified assessment of risk allowances and contingencies.
Given the immovable deadline and tight budget, these regular reviews against targets not
only gave comfort on project progress but also provided proactive confidence on the ‘forecast’
outcomes, budgets, contingencies and achievability of hard deadlines.
4.4
RISK POLICY, RISK APPETITE AND RISK
TOLERANCE
Good risk governance provides a risk policy and ensures a suitable system for risk management is
in place. A risk policy requires a board to consider all the risks that it may face (its risk universe)
23
Are you
aware of your
organisation’s
risk appetite
and tolerance?
Does it exist in
an explicit form?
Is it used and
updated?
and communicate appropriately the type and extent of the risk it is willing
(risk appetite) and able (risk tolerance) to accept as it seeks to achieve its
objectives, as illustrated in Figure 4.1.
Also, it is important that the policy is kept ‘live’ through sufficiently regular
updates so that those using it are confident that it reflects the current risk
appetite (Rittenberg and Martens, 2012). An organisation’s risk appetite should
be responsive to changes within its environment (aspects as represented by
the PESTEL framework) and to its own capabilities. A risk appetite can only
be an effective tool if the organisation’s tolerance to risk is understood, as an
appropriate appetite needs to fall within the boundary of what it can and cannot
tolerate. Being able to define the organisation’s risk tolerance requires the
development of meaningful measures of the impact specific risks will have on
their ability to survive those risks. For example, payment delays are a common
problem for smaller contractors. They may be able to tolerate certain levels of
late payments over certain periods of time but are they clear about where their limits lie? A wellarticulated risk appetite is one that expresses its limits through identifying what it will and will not
tolerate, with this exercise cascaded down from strategic risks to operational and task risks.
Figure 4.1
Risk appetite, tolerance and universe (from IRM, 2011)
Where an organisation needs to establish its risk appetite, a simple table with examples of what
is and what is not acceptable can be helpful in communicating those limits to the project team, as
shown in Table 4.1.
Table 4.1
24
Examples of varying risk appetites and specified risk tolerances
Risk category
Risk appetite
Risk limits – acceptable
Risk limits – unacceptable
Reputation
Moderate
A negative article in the local press of
nomore than one week in duration
A major item of negative coverage
on a mainstream channel
Operational
delivery
Low
The project does not impact normal
The project does impact normal service
service delivery for more than 24
delivery for more than four hours
hours
Financial
Low
The project budget can be extended up
to five per cent in justified and board
No level of fraud is acceptable
approved instances
Compliance –
legal/regulatory
Moderate
Prepared to accept challenges where
chances of a successful win are more
than 50 per cent
Not prepared to accept challenge
with less than a 50 per cent chance
of a successful win
Safety
Low
One minor accident that does not
require hospital treatment per quarter
Any serious injury or fatality to
workers or public
C747 Engaging with risk
Techniques such as sensitivity analysis help identify what the key sources of project uncertainty
are, how they affect deliverables and the range in variance of the impact. This allows project
managers to determine how best to respond within the limits of a stated risk appetite. With a
stated risk appetite, suitably experienced project managers are left to make this determination.
However, where the experience of project managers is lacking this judgement has the potential to
be a risk in itself.
If a project manager is aware of the organisation’s up-to-date risk appetite and risk tolerance they
will be better placed to more effectively negotiate risk distribution during a project.
4.5
RISK ALLOCATION
Negotiation of risk allocation is directly influenced by the level of competition for work. In a
highly competitive market where companies are trying to retain or expand market share and may
be willing to accept greater risk exposure then clients can relatively easily transfer risks to the
supply chain. However, when there are alternative sources of work or when working as a niche
supplier with leverage in the market, the supply chain will be able to negotiate more favourable
terms or appropriate remuneration for risk taking. Accepting the transfer of risks within the
supply chain provides an opportunity to make greater returns and is ideally done so when there
is a clear strategy for their management. Inappropriate risk transfer places both the owning party
and client at risk through non delivery (Yates and Sashegyi, 2001).
Inappropriate risk transfer places both the owning party and the client at risk through non
delivery. For example, the government public-private partnership (PPP) involves the purchase
of a reduced risk, long-term service where the government takes no asset-based risk. They can
then withhold payment, or are permitted to reduce payments and abatements if the service is not
supplied to the stated standards, as defined in a service agreement.
However, capital intensive projects necessitate risks to be allocated to the
contractual party that is better able to monitor, control, mitigate or to bear
them. This can involve the UK government ‘taking back’ risks it is more
capable of managing. If risk is poorly distributed among the project parties
this increases the likelihood of risks arising and the consequences when
they do, not only on ‘hard’ aspects (eg extra costs, delays) but also on ‘softer’
aspects (eg morale within the team, willingness to co-operate between
partners)
There are some well established guidelines (Ng and Loosemore, 2006) that
affect risk distribution for PPP projects, ie a risk is only allocated to a party
who has:
Can you easily
determine which
risks have been
allocated to your
project area
and who has
responsibility for
them?
zz
been made fully aware of the risks they are taking
zz
the greatest capacity (expertise and authority) to manage the risk effectively and efficiently
(and will charge the lowest risk premium)
zz
the capability and resources to cope with the risk materialising
zz
the necessary risk appetite to want to take the risk
zz
been given the chance to charge an appropriate premium for taking it.
Table 4.2 illustrates how risk allocations tend to be distributed for PPP projects.
25
Table 4.2
Examples of risk allocation in PPP projects (from Ng and Loosemore, 2006)
Source of risk
Risk sub-group
Risk taken by
Site conditions
Ground conditions, supporting
structures
Construction contractor
Land use
Cultural heritage
Government
Inefficient work processes, wastage
of materials
Construction contractor
Changes in law, delays in approval
Project company/investors
Lack of co-ordination of contractors
Construction contractor
Insured force majeure events
Insurer
Site risks
Construction risks
Cost overrun
Delay in completion
Quality shortfall/defects in
Failure to meet performance criteria construction/commissioning tests
failure
Construction contractor/project
company
Operating risks
Project company request or change
in practice
Operating cost overruns
Project company/investors
Industrial relations, repairs occupational
Operator
health and safety, maintenance
Government change to output
specifications
Government
Increase in input prices
Contractual violations by private
supplier
Private supplier
Changes in taxes, tariffs
Fall in revenue
Project company/investors
Force majeure risk
Floods, earthquakes, riots, strikes etc Shared
Revenue risks
Historically, PPP projects have tended to provide better value for money, more closely meeting
budget and delivery targets (Grimsey and Lewis, 2007), although they are not immune to the
same risks other projects face. A major initiative to reduce the number of claims between project
partners (a common risk) has been the development of improved contracts.
4.6
RISK GOVERNANCE THROUGH CONTRACTS
Construction projects most commonly involve multi-disciplinary teams often from a number
of partner organisations. Part of the governance function is undertaken through what can be
a complex system of contracting. A well written contract will clearly outline the relationships
between parties and the responsibilities and obligations they hold.
Contracts can further be viewed as a legally binding medium to deliver risk governance as they
serve as a risk transfer vehicle between the involved parties. From a client’s point of view, they
provide the right to supervise and monitor a contractor and connect performance levels to
payment stages. From a contractor’s point of view, they provide protection from unreasonable
demands or unfair practices (eg unreasonable delays in payments).
26
The construction industry is trying to move towards a more collaborative approach to delivering
projects, partly as a result of the impact of changes in the economic climate and partly from a
growing body of evidence of the success of this kind of approach (such as the London Olympics).
As a result contracts have had to develop shifting from ‘traditional’ templates to alliancing and
framework agreements.
C747 Engaging with risk
Traditional contracts involve each party maintaining a separation, being
able to take decisions to satisfy their own interests and have a focus on the
cost and transfer of risks, an outcome of which is often adversarial claims
and counter claims. In response, the Institution of Civil Engineers (ICE) has
produced a more flexible ‘suite’ of contracts, the new engineering contracts
(NEC). The key objectives of these contracts are flexibility, clarity, the
effective management of project change and to stimulate good management
between the two parties to the contract. Additionally, the NEC suite of
contracts meets the principles set out in the Latham report (Latham, 1994)
and is supported by government.
What changes
have you noticed in
your organisation
that indicates a
drive towards a
more collaborative
approach between
projects partners?
Similarly, alliancing and framework agreements focus on the benefits, to
both the client and the contractor, of working collaboratively. The contracts
emphasise decisions made in the interest of successful project delivery, with risks ‘shared’ by the
alliance. While this is not a new way of working the aims previously mentioned are securing more
interest for the application of this approach.
Common features of alliancing contracts include:
zz
each party sharing both identified and emerging risks (along with potential savings from
opportunities realised)
zz
co-operative decision making, through a project alliance board or leadership team
zz
a no blame culture
zz
participants should make decisions on a ‘best for project’ basis
zz
open book accounting (and often)
zz
foregoing the right to sue, except for deliberate breach or fraud.
Each element is aimed at generating an open, trusting and sharing project environment that
delivers successful outcomes for all parties.
NECs can be onerous to administer. This is partly due to its processes and the requirement
that the parties adhere to them rigorously, and partly due to less rigorous prescriptive
language and absence of past cases (when compared to older, more established contractual
suites). They are not suitable for every project. However, the underlying principles of mutual
trust and co-operation, an emphasis on discipline, simplicity in language, visual tools to
aid communicating an understanding of agreed obligations, document standardisation and
the early warning of issues with a focus on a swift resolution, are useful risk management
measures to most projects. So, any contract that is purposefully
constructed to better communicate an understanding of the established
risk governance and focus on delivering the project rather than enabling
an expensive litigation fight may be more suitable.
However, it should be noted that in a highly competitive market or when one
party has greater leverage over the other, more onerous terms may have to be
accepted to win work. This should only be accepted in the supply chain with a
full awareness of the obligations and consequences, and with a fully approved
risk management plan in place.
4.7
Do you understand
the obligations
your contracts
impose on you
and the liability
they create?
RISK GOVERNANCE AND THE RISK MANAGEMENT
PROCESS
Chapter 2 discussed the role that ISO 31000 has played in standardising good practice. As well
as developing a single set of definitions for risk terms (in ISO 73) the ISO have produced a model
(see Figure 4.2) to illustrate how risk governance (the oversight of the risk management process),
in the form of a framework (central box), relates to a systematic risk management process. The
27
framework links 11 guiding risk management principles (left box) to a comprehensive approach to
risk identification, treatment and communication (right box).
Figure 4.2ISO 31000 model of the relationships between risk management principles, a governance
framework and process
The risk management principles, framework and processes of ISO 31000 are intended to assist in
the development of improved and more formal approaches to risk management within existing
management systems. It is not intended that the model is applied universally.
4.8
CLARIFYING RISK ROLES AND RESPONSIBILITIES
While communication of risks across a team or organisation is important,
it is also important that within a project or organisation, there is clear
understanding of different individuals’ roles. This might include defining
who is responsible for:
zz
setting out policy
zz
identifying risks
zz
assessing risks
zz
reporting upwards when risks need to be escalated.
An approach used to communicate this is the Responsible, Accountable,
Consulted and Informed (RACI) chart. Table 4.3 is a schematic of a RACI
chart.
28
Have you
considered how
you can align the
principles of ISO
31000 into your
own corporate
risk management
system?
C747 Engaging with risk
Enterprise risk manager
Risk reporting
Risk management
Project
Risk assessment
Commercial
Risk identification
RACI for project risk
management activities
Policy
Risk estimating
RACI chart
Risk policy, guidance,
process and systems
Table 4.3
AR
A
Project manager
I
A
A
A
A
R
Project board
I
I
I
I
C
I
Project team
I
C
R
R
R
C
Commercial
C
R
C
C
I
I
Examples:
Risk appetite
Costing risk
budget
Risk
workshop
Time cost
impact
Mitigation
planning
Reporting
risks
Key:
A: accountable
R: responsible
C: consulted
I: informed
4.9
SUMMARY
This chapter has demonstrated that risk governance is the organisational function that links an
organisation’s legal obligations to its strategic objectives and the internal activities put in place to
achieve these objectives.
The concepts of governance, project governance and risk governance are described. Also, key
aspects of effective risk governance are discussed such as risk appetite (the extent to which
an organisation wants to take on risk), risk tolerance (the extent to which an organisation can
successfully bear risk), risk allocation (the distribution of risk across project partners), and the
management of risk through new approaches to contracts.
In all of this, project teams should be trained and knowledgeable in the information they should
be providing to support decision making by others. Additionally, as demand has grown for
organisations to become more transparent to their stakeholders, there is a greater requirement to
clearly communicate actions taken and the reasoning behind them.
Finally, a systematic model for the risk management process as conveyed by ISO 31000 was
introduced.
Chapter 6 explores in more detail the role of stakeholders in risk management, which is central
in risk governance.
4.10 REFERENCES AND FURTHER READING
APM (2011) Directing change: a guide to governance of project management (v2), Association for Project
Management, Buckinghamshire, UK (ISBN: 978-1-90349-419-6).
Go to: https://www.mosaicprojects.com.au/PDF/Directing_Change-v2.pdf
29
GRIMSEY, D and LEWIS, M (2007) Public private partnerships. The worldwide revolution in infrastructure
provision and project finance, Edward Elgar Publishing, Camberley, UK (ISBN: 978-1-84720-226-0)
HMSO (2006) Thinking about risk. Managing your risk appetite: A practitioner’s guide, PU134, HM
Treasury, London (ISBN: 978-1-84532-232-8)
IRGC (2008) An introduction to the IRGC risk governance framework, International Risk Governance
Council, Switzerland. Go to: http://tinyurl.com/7j5lmhh
NG, A and LOOSEMORE, M (2006) “Risk allocation in the private provision of public
infrastructure” International Journal of Project Management, vol 25, 1, Elsevier, BV, pp 66–76
OECD (2004) OECD Principles of corporate governance, OECD Publications Service, France. Go to:
www.oecd.org/corporate/ca/corporategovernanceprinciples/31557724.pdf
RITTENBERG, L and MARTENS, F (2012) Enterprise risk management. Understanding and
communicating risk appetite, Committee of Sponsoring Organizations of the Treadway Commussion,
USA. Go to: http://tinyurl.com/6str93e
YATES, A and SASHEGYI, B (2001) Effective risk allocation in major projects: rhetoric or reality?
A survey on risk allocation in major WA construction projects, Institution of Engineers, Australia &
Chamber of Commerce and Industry of Western Australia (ISBN: 0-85825-824-2).
Go to: www.engineersaustralia.org.au/issues/publications.html
IRM (2011) Risk appetite and tolerance: a guidance paper, Institute of Risk Management, London.
Go to: www.theirm.org/knowledge-and-resources/thought-leadership/risk-appetite-and-tolerance/
Websites
Centre for Advanced Engineering: http://caenz.squarespace.com
Committee of Sponsoring Organisations of the Threadway Commission (COSO): www.coso.org
International Risk Governance Council (IRGC): www.irgc.org
30
C747 Engaging with risk
5
Stakeholders in risk
management
Aims of this chapter:
zz Build awareness of the role of stakeholders in the risk management process.
zz Provide mechanisms for identifying, analysing and managing stakeholders.
zz Illustrate the mitigating role of collaborative working.
5.1
INTRODUCTION
Identifying and managing stakeholder needs, interests and expectations are vital practises in
the delivery of successful project outcomes. Project stakeholders are a source of uncertainty
and so can present risks as well as opportunities (see Definitions). Project leaders will have little
or no formal power over many project stakeholders. So, they rely on their ability to cultivate
appropriate relationships with key stakeholders and enable successful influencing strategies
to minimise risks and take advantage of suitable opportunities. Properly
integrating information about stakeholders into an appropriately designed
Definitions
risk management system is one way to manage this.
SP125 recognised the value of gaining input on risk evaluation from different
perspectives. Since 1996, risk management has understood the value of
casting a much wider net in this process. The advantage of this is that not only
are stakeholders a source of potential risk but they can also be useful potential
sources of risk mitigation. When project leaders approach stakeholder
relationships with both these perspectives in parallel and apply the principles
of risk management (see Section 4.5) they are more able to create successful
stakeholder strategies.
Project stakeholder
Any group or individual who:
zz have any interest in the project
zz have some form of rights related
to the project outcomes
zz have financial or some other
form of ownership in the project
zz can contribute to the project
zz are able to influence the project
zz will be impacted by the project.
Stakeholder consultation often fails because project leaders may have already
made up their mind on the future shape of projects, ie a ‘decide, announce, defend’ approach. A
better relationship will prevail if options are kept open for as long as possible and stakeholders
understand aspects that are fixed and others that are not, ie an ‘engage, deliberate, decide’
approach (Collier, 2011 and Cooper et al, 2013.
The starting point for this is being able to:
zz
identify the project stakeholders
zz
determine the nature of their influences, the contributions they make and the uncertainties
they bring
zz
the degree of connectedness among stakeholders
zz
their perceptions of the risks involved
zz
their criteria for project success as well as the needs they are expecting to have met.
The challenge will then be to build a clear and shared world view of the project’s purpose, which
is consistently communicated. By engaging stakeholders and managing the relationship between
project stakeholders, it is possible to appreciate the risks stakeholders bring to the project, as well
as the risks they can assist in eliminating, in order to achieve successful project outcomes.
31
5.2
STAKEHOLDER IDENTIFICATION
The project manager is responsible for acquiring all the necessary contributions to carry out a
project successfully. Building a strong coalition of supportive stakeholders first requires that the
broad range of stakeholders is identified.
This is why it is necessary to initiate the stakeholder management process at the very beginning
of the life of the project. Project budgets can then be determined in the light of the assessed risks
associated with the appropriate management of stakeholders across each phase of a project.
How have the
projects teams
you have been
part of identified
key stakeholders?
Figure 5.1
For example, an expensive but thorough stakeholder communication plan
may be considered a highly worthwhile risk mitigation cost when compared
to the heavy costs of delays to the project, experienced when legal action is
taken by local community groups who feel their concerns are being ignored.
Generating a list of stakeholders usually begins with a brainstorming session
by the initial project team and will likely elicit a variation of the groups shown
in Figure 5.1.
Types of stakeholder groups
It is useful to check with stakeholders that have already been identified if, from their particular
perspective, there are other stakeholder groups or sub-groups that they believe are affected by,
or are likely to influence, the project. Again, this question should also look for stakeholder subgroups across each stage of a project.
Stakeholder sub-groups will be those who have additional needs to be addressed. For example, in a
school building project a main stakeholder group will be the students using the building. However,
there may be a sub-group among these with a physical or learning disability (see Figure 5.2).
32
C747 Engaging with risk
Figure 5.2
Identifying potential stakeholder sub-groups in a school build project
Searching for stakeholder sub-groups in this way helps to avoid the risk of not
seeing the bigger picture. By developing a comprehensive list of stakeholders,
the risk of unidentified stakeholder groups emerging, and presenting issues
not planned (or budgeted) for is reduced. Once the broad set of stakeholders
has been established, they are segmented in order to develop the stakeholder
strategy most suited to their project contribution and particular needs.
5.3
STAKEHOLDER TYPE
Is there an occasion
when a stakeholder
group has delayed
project activity
leading to costs
being occurred?
Distinguishing between different classes of stakeholders is the first stage in targeting specific
strategies. Stakeholders have an impact on a project in three different ways:
1
2
3
Decision takers (eg project sponsor):
a
take responsibility and are represented by the final outcome
b
must say ‘yes’
c
announce when a decision has been made.
Decision shapers (eg design team):
a
assemble the evidence and consider potential issues
b
identify and rank potential routes for action
c
produce recommendations that usually determine the outcome.
Decision influencer (eg local communities):
asit outside the direct decision making process, although the project cannot start without
their consent (they have the capacity to create extensive delays or veto)
b
allow decisions to be made.
Making these distinctions highlights the degree of influence each stakeholder has. This will
indicate the potential severity of risk (and potential scale of opportunity) presented by each
group. This allows priority to be placed on risk management activities directed at lessening
project uncertainty from stakeholders to minimise project risk and maximise project value.
Additionally, the interdependency between stakeholders can be established. There may be
financial links between them, along with regular communication links outside the project
33
and potential incentives leading to one influencing the other in order to steer the project in a
specific way.
This is why careful stakeholder analysis in the first stages of a project is critical for successful
stakeholder engagement and alignment, enabling more effective risk and value management (see
Figure 5.2).
Figure 5.3Identifying potential stakeholder impact on decisions and their interconnectedness in a school
build project
5.4
STAKEHOLDER ANALYSIS
An improved ability to anticipate opportunities or difficulties, when the project team still have
the possibility to either capitalise on or remedy them respectively will be a benefit to project risk
managers. Using the knowledge within the project team, an outline stakeholder profile can be
completed along the lines of a single project phase analysis as illustrated in Table 5.1.
As the first column indicates it is important to acknowledge that a stakeholder profile table is
required for each phase of a project as stakeholder expectations often shift between phases or
their ability to contribute may develop over time.
For example, a project sponsor may be replaced with a new sponsor who brings with them an
additional or different set of criteria through which they judge project success.
34
Construction phase
Decision shaper
4National
pressure group
Decision taker
lobbying
Opposition in
principle to project
Ability to generate
revenue
Decision influencer
3 Local media
Communication
channel
Decision influencer
2 Local residents
Sense of
community
Budget decisions
Decision takers
1 Project sponsor
Professional
reputation
‘Stake’
Communal land
Contribution(s) or
sacrifices
Stakeholder group Stakeholder type
Stakeholder profile
Project phase
Table 5.1
Changes in/termination of
the project
Stories of ‘value’ to report
(local interest, scandal etc)
Space for community
activity
4 Personal kudos.
3 Satisfied stakeholders.
2 Ahead of schedule.
1 Under budget.
‘Success looks like..’
Advocate project
benefits
Happy ‘feel good’
segments
Promote goodwill
towards project
Timely decisions,
resource acquisition
Positive ways to
influence the project
Positively influence
local residents
Hand over engagement
to board or client body-
Demand timeinvestigations of the
project at every phase
Engage early to
understand position
and find solutions
Access to additional
funds/resources
Define scope/agreed
variation procedure
Risk mitigation
potential
Negative press
coverage
Legal action, eg time
delays, costs
End the project
Change scope or
requirements
Negative ways to
influence the project
C747 Engaging with risk
35
5.5
STAKEHOLDER MANAGEMENT STRATEGY
Where there are gaps in the table or there is uncertainty then this provides the starting point for
an opening dialogue with various stakeholder groups. In this process it is important to verify the
assumptions that have been used to fill out the rest of the table. Section 3.2 discussed uncertainty
of various forms. When a project is time constrained, project team members may decide that a
legitimate way to eliminate uncertainty is to make assumptions in place of obtaining more detail,
or acquiring information to fill knowledge gaps, directly from stakeholders. Sometimes making
assumptions based on experience is the most logical or pragmatic approach. Yet, there is never a
guarantee that an assumption will become reality.
An important part of the project manager’s role is to understand the perspectives, needs and
expectations of the project stakeholders. If these are not addressed then stakeholders will begin
to withdraw their support or limit/withhold their contribution, which introduces risks to the
successful completion of the project. Establishing direct, easy and trusting lines of communication
with stakeholder groups will reduce the need to make assumptions and is also likely to enable less
expensive stakeholder strategies.
The most commonly used approach to building a greater awareness of stakeholder perspectives and
positions is through project workshop meetings. This will be a forum to elicit the
position of a stakeholder in terms of their support or opposition to the project.
Both qualitative and quantitative data can be acquired in such sessions through
one-to-one interviews, discussion groups or surveys. Other methods, such as well
managed social media, can provide inexpensive communication channels.
What approaches
are used on
your projects
to establish
stakeholder needs
and contributions?
5.6
Stakeholder requirements are unlikely to perfectly align. What sets them
apart from each other are different needs and perspectives. While there may
be some overlap in requirements, successful risk management will include
balancing the sometimes conflicting stakeholder claims.
COLLABORATION
More organisations are finding that working as a collaborative team with project stakeholders has
a significant impact on delivering a successful outcome. The synergies that are realised through
effective collaboration can provide a genuine risk management advantage. The principles of
collaborative working are given in BS 11000:2010.
An example of this in practice is in the UK rail sector, which has recognised that greater
collaboration between organisations within the industry is one way of providing better value
for passengers and taxpayers, central industry stakeholders. In 2012 Network Rail and Balfour
Beatty gained BS 11000:2010 certification.
In a BSI case study of how Network Rail and Balfour Beatty used BS 11000:2010 on a Crossrail
project, Steve Kirby, managing director of Network Rail infrastructure projects states:
“BS 11000 gives us the strategic framework to develop, with our key suppliers, the policies and
processes, the culture and behaviours required to establish successful collaborative relations and to
drive continual improvement. Maintaining collaborative business relations can only lead to benefits
for Network Rail and its suppliers, for the rail industry and for Britain.” (BSI, 2012)
Network Rail has developed their capacity in this area but recognise that change does not occur
overnight. They are focusing on forming relationships with stakeholders earlier and giving more
time to allow behaviour to change. This has resulted in improvements in the treatment of risks.
36
On very large projects, ensuring there is a good fit between a client body and the main contractor
is a key determinant in developing swift, effective and innovative ways to manage risk. In 2004
the European Commission (EC) introduced a process called competitive dialogue to enable this
C747 Engaging with risk
(Directive 2004/18/EC). Competitive dialogue is a procurement procedure for particularly large
and complex projects that carry a high level of uncertainty (and therefore high risk potential),
which could not be resolved until the project started.
In 2006, the ODA undertook contractor selection using competitive dialogue.
One advantage of the process is that it enables both parties to test the
‘chemistry’ between them before making a major commitment. In the case of
the ODA tender, this would be a six year commitment.
What activities
are undertaken on
your projects to
increase levels of
collaboration?
During the competitive dialogue process the individuals from all parties, and
all competing consortia, who will be working on the project after the contract
is awarded, take part in a series of dialogue sessions. Through a number
of meetings, workshops and role play exercises consortia can establish all
of their potential clients’ likes, dislikes, hopes and fears. Simulations in the ODA competitive
dialogue process included many risk scenarios such as a labour relations melt-down, security
breaches, legal wrangling, a health and safety emergency, a terrorist threat and a National Audit
Office (NAO) inspection. The process gave the ODA the opportunity to gain insight into the
personalities, strengths and weaknesses of each of the consortia and their staff.
In this way, the risks from central client-contractor relationships that, if they turn sour, can be
the single most significant negative impact on project outcomes, are then minimised. Competitive
dialogue will not be suitable for use with all projects but current processes can be adapted to
embrace suitable aspects of the approach.
The benefit of active stakeholder engagement and relationship management is that it acts as a
monitor for early warning signs of potential risks further into the project life cycle. So, the focus
of stakeholder activities needs to be on truly understanding stakeholder perspectives.
While the terms used to populate the stakeholder mapping tables need to be open and honest
they should also be uncontroversial and non-judgemental. Otherwise an additional risk is created
by poorly written stakeholder statements that could offend a stakeholder group.
It can be a problem to find the resources to carry out stakeholder mapping activities or to gather
all those concerned together at the same time. Both the Network Rail and London Olympics
examples show the benefit of regarding this activity as a risk management strategy.
Improved collaboration leads to improved project communication, an important aspect of
stakeholder engagement. Communication and language is further discussed in Chapter 7.
5.7
SUMMARY
This chapter has considered the role played by stakeholders in the risk management activities of
a project. Mechanisms for identifying a broad set of various types of stakeholders were illustrated
and approaches for analysing the risks they presented were provided.
Stakeholders are undoubtedly central to a successful project. From project sponsors and
employees to end users and community groups, each stakeholder group brings layers of
uncertainty. It is the project team’s role to effectively uncover each layer of uncertainty that is
relevant to the project and determine the risks it presents. In this way project objectives are
protected throughout each stage of a project.
Lastly, the risk reducing effects of collaboration and competitive dialogue were discussed through
instances of their use.
A significant aspect of ensuring effective stakeholder engagement is maintained is for each project
team member to represent their organisation in a positive and consistent manner. There is a greater
likelihood of achieving this by establishing an appropriate project risk culture (see Chapter 6).
37
5.8
REFERENCES AND FURTHER READING
COLLIER, D (2011) SAFEGROUNDS: Community stakeholder involvement, version 3, W38, prepared
for the SAFEGROUNDS Learning Network, CIRIA, London.
Go to: www.safegrounds.com/pdfs/W38_Safegrounds_Community_Stakeholder_final.pdf
COOPER, N J, BOWER, G, TYSON, R, FLIKWEERT, J J, RAYNER, S, HALLAS, A (2013)
Guidance on the management of landfill sites and land contaminationon eroding or low-lyoing cpoas;lines,
C718, CIRIA, London (ISBN: 978-0-86017-721-0). Go to: www.ciria.org
JEPSEN, A L and ESKEROD, P (2009) “Stakeholder analysis in projects: Challenges in using
current guidelines in the real world” International Journal of Project Management, vol 27, 4, Elsevier
BV, UK, pp 335–343
Websites
British Standards Institute: www.bsigroup.co.uk
38
C747 Engaging with risk
6
Risk culture
Aims of this chapter:
zz Provide a broad understanding of how culture affects risk management practice.
zz Illustrate the key organisational elements that generate culture.
zz Examine the role of leadership in developing a strong risk culture.
zz Consider mechanisms for sustaining or changing a risk culture.
6.1
INTRODUCTION
SP125 provides a set of risk management tools, which will generate a number of risk management
activities. The tools selected, the way they are applied and particularly the way in which the
mitigation measures are communicated and undertaken will influence the risk culture of an
organisation.
An organisational culture is not a visible or tangible entity yet the effect it has is readily
acknowledged. The role of risk governance is to help shape an appropriate risk culture and
find ways to make it obvious. Since SP125 was published risk culture has become a more
widely discussed concept across a number of industrial sectors. As identified by independent
investigators, this is mostly due to the key role of organisational culture in several recent large
scale events (see Chapter 2). As a result there is greater attention on how organisations can
develop their cultures as a protection mechanism rather than this element being a potential
source of risk.
As in previous chapters it is useful to begin with defining exactly what
is meant by organisational culture and risk culture. There are several
definitions that already exist for organisational culture that point to a broad
set of elements such as patterns of behaviour, habits of thinking, traditions
and rituals as well as shared values and shared language. Culture is a complex
concept and the impact it will have on the behaviour of a project team when it
comes to managing project risk is interesting to note.
Definitions
Risk culture
The patterns of behaviour,
habits of thinking, traditions
and rituals, shared values and
shared language that shape and
direct the management of risk in
an organisation.
Risk culture is a strand of organisational culture that emerges from the
specific factors of the organisation directed at managing risk (see Definitions). Where there is little
time or resource supporting these factors then a risk culture will be fragile whereas a strong risk
culture will emerge in organisations that support such factors.
However, before considering what organisational factors generate an organisation’s risk culture, it
is important to look at how different levels of cultures can have an influence and the importance
of this to understanding a specific risk culture.
6.2
DIFFERENT LEVELS OF CULTURAL INFLUENCE
Culture is a phenomenon found within all the communities and at all levels of those communities.
Whether at the level of a national community, an industry, a particular organisation or a team,
each of these groups will have their patterns of behaviours, traditions and shared language that
people learn in order to be effective within these communities. Conforming to these common
behaviours, traditions and languages is how a sense of belonging, which is a natural human
necessity, is achieved. It is this need to conform that enables cultures to have an influence.
The strongest and most direct influence at work is the culture of the ‘work group’ that people
belong to (see Figure 6.1). The choice of work group will depend heavily on each person’s role
within the project. The culture of the work group will be influenced by the culture of the whole
39
project/programme, which is governed by the organisations overarching culture, which is in turn
affected by an industry culture. Research has also identified that an influence is present at a
national cultural level although it can be subtle and might be weaker than expected.
Figure 6.1
Influencing levels of culture
Have you worked
on a project that
affects groups with
different views on
risk?
Attitudes from one level can be drawn down into another level. Cultural
attitudes to risk have been shown to be different within separate nations.
In light of these national differences, project managers can build into their
risk management processes how national risk attitudes may have an influence
on their project and what will the impact be when a projects spans locations
in more than one country. Additionally, as discussed in Chapter 5, project
managers will benefit from considering the effect that different stakeholder
attitudes have on the risks involved within their industry.
The influence of differing risk attitudes is a source of uncertainty that should be considered
before moving onto a more direct influence, which is the culture inherent in the organisation.
6.3
ORGANISATIONAL CULTURE
One of the reasons why culture of any social form, ie national, regional or organisational, is
intangible and not easily described is because it emerges from the dynamic interactions of
several elements. A well-established model for understanding these elements is the 7S’s, shown
in Figure 6.2.
The model was developed from a study of several highly successful large companies and the way
they were organised and led. Seven key factors were identified as positively contributing to the
success of the company’s in the study and these were found to be highly connected. Each factor is
outlined here in relation to a project:
1
40
Structure. The dual function of dividing tasks across the project life cycle and providing
the co-ordination that determines who will do what and when. A project structure needs to
allow for specialisation but it must also provide essential integration. The most common way
this is achieved is through job specification and formal lines of communication.
C747 Engaging with risk
2
Strategy. The actions that a
project team plan in response
to or anticipation of changes
or variations in its external
environment, eg site conditions,
client requirements.
3
Systems. All the processes,
formal and informal, that make
the project work, day by day and
year by year.
4
Style. Project teams may listen
to what project managers say,
but it is what a project manager
does that has the most lasting
impact. What a project manager
spends time on, how they allocate
resources, what they put at
the top of a meeting agenda
rather than at the bottom is
how a project manager’s style is
understood.
5
Staff. This refers to how a
Figure 6.2
The 7S’s model (from Peters and Waterman, 1982)
project manager engages with
the entire team especially new recruits. Giving young project staff the opportunity to work
on meaningful aspects of a project, encouraging their development, connecting them with
mentors all contribute to building an enthusiastic project team especially on projects that
have a lifetime measured in years rather than months.
6
Skills. This section considers the necessary skills the project requires now and in the future.
Whether developing the capacity to work collaboratively, building a capability of innovation
or creating teams with a strong focus of positive and long-term client relationships.
7
Shared values. This area is seen as key to the whole success of an organisation and of a
project, and is shown at the centre of the model. It relates to the common points of view held
by the project team and is what is referred to as ‘culture’. Shared
values give direction about not just what the top management team
wants to achieve but how they want to achieve it. These are the main
aims that shape the actions and behaviours of a group. When there
are no clear, stated approaches to handling a situation project teams
will look to their understanding of the project values as guidance.
Can you recognise
these seven
elements within
your organisation?
How are they
connected?
Creating shared values among a group of individuals, each of whom
have many other influences that affect them is a central leadership
responsibility. A value is a personal reference that guides behaviour. To
create a shared value a shared set of references are needed. A common
way to achieve this is when the origins and founders of organisations are used as part of company
communications. The two examples here illustrate this point:
‘From our first contract, the repair of a mine chimney for £2.45, to today’s huge stadia
and shopping centres, it is a journey throughout which we have held true to our founder’s
commitment to service and quality.’
‘Ever since the Railway Age, [our business] has applied its skills and ingenuity to all areas of civil
engineering while guarding the integrity and objectivity of its independence.’
The first example is simpler, highlighting the values of service and quality. The second has several
values it is promoting, ie the application of skills, ingenuity, integrity, and objective independence.
41
By looking at the value statements of many organisations several can be
understood as relating to a risk managing function, for example:
zz
integrity – a common value for most organisations, implying trust and
reliability
zz
quality – a value that protects the reputation of the company
zz
fairness – being just and objective etc.
These last examples illustrate that values can be subjective to each individual,
one person’s idea of fairness may not be the same as someone else’s. So how
can shared values be built around managing risk?
It has been shown that it is not sufficient for the values of an organisation to
simply be stated. It is crucial that they are seen to be important and are being
implemented by the leadership. An often cited example is at ENRON.
6.4
What are the stated
values of the project
you work on or the
organisation you
work for? Can you
relate to any of them
as guidance on how
project risks should
be managed?
BUILDING RISK MANAGEMENT VALUES
To begin with the very function of risk management needs to be seen as a valued project and
organisational activity. In general, this is starting to happen. The reasons can be understood
when parallels are drawn with the increased prominence that safety culture now has on the
majority of projects. Most projects encourage a healthy shared value around the importance of
project safety, although this has not always been the case.
Attitudes to safety in construction and operation have changed significantly in recent decades.
Individuals are encouraged to consider their own safety and that of others on site, and for
designers to consider safety in both the construction and operational stages.
The importance of a ‘safety culture’ grew following investigations into the Chernobyl Disaster in
1986. The human errors in management practice (leading to the flawed design of the reactor and
violations in operating procedure, both of which were key contributing factors of the disaster)
were attributed to a ‘poor safety culture’. Examination of other disasters such as the NASA
Challenger Space Shuttle explosion the same year, the Piper Alpha oil rig fire two years later and
the Clapham Rail crash also in 1988 further built on this sense that both attention and resources
needed to be consistently given to improving the way organisations thought and acted in relation
to safety. It has become a central question – how can the culture within an organisation be
developed in order to protect an organisation, its employees and a wider set of stakeholders from
potential harm?
In a similar way the concept of a risk culture has recently become more prominent in
management discussion following several major failures in the financial sector, and also through
high profile incidents in other industries (see Chapter 2). In each case post incident analysis has
looked closely at the management function in these incidents and has found it
to be lacking in the necessary level of maturity of its risk management skills.
On your project,
6.2 shows that skills are one of the six organisational factors directly
do safety risks Figure
linked to culture (shared values). If risk management begins to receive the
receive the same resources and attention that safety management has, then a risk management
(or greater) level culture will become as equally prominent on projects as a safety culture.
of attention and
resource when 6.5 HOW A RISK MANAGEMENT CULTURE
compared to other EMERGES
project risks?
Culture is a property of the working environment that emerges from the
interactions of several organisational components. So to understand how
42
C747 Engaging with risk
developed a risk culture is, simply look at the development of these components in relation to risk
as shown in Table 6.1.
Table 6.1
Contributing components to a risk culture
Contributing risk
management component
Format of organisational risk
management element
Representative risk management
activities
Risk systems
The procedures that are designed to
capture, analyse and treat risk
From internally designed risk reports to
externally designed risk software
Risk strategies
The long-term plans devised to manage
the risks
The way the risk appetite is set and
managed across projects
Risk structures
The risk roles and positions embedded
throughout a project
Assigning risk roles and building
awareness of who has responsibility for
each risk
Risk skills
The risk management capabilities
developed
Risk training, certification and
professionalism
Risk styles
Rewarding the behaviour that
The way managers lead in relation to risk demonstrates risk awareness and
appropriate action taken
Risk behaviours
The way the right attitudes to risk
management are encouraged in staff
The emerging risk behaviours that result
from the actions presented here
By developing the organisational risk management elements in a way that matches the project
needs, an appropriate risk culture suited to the project environment will emerge.
It is important to recognise that when it comes to culture of any sort, the goal is to achieve the
appropriate culture for a work group or organisation rather than to aim for a prescribed idea of
what ‘good’ risk culture is.
6.6
THE KEY ROLE OF LEADERSHIP
A common expression associated with cultures within organisations is the ‘tone at the top’. The
role a leader plays in shaping or altering an existing culture has been extensively written about.
Leaders give powerful signals by what they do and do not pay attention to, what they ignore or
what they act inconsistently towards.
Several different studies show that when people are faced with an ethics, compliance, or riskrelated decision, they consider the following (and in this order):
1
How their frontline supervisor behaves and/or how they might respond
to the same issue.
2
How their peers are acting.
3
Their own moral compass.
In other words, the prevailing culture matters – more than a personal set of
values.
Do project leaders
actively engage in
risk conversations
on day-to-day
interactions?
A study of several events taken from the nuclear, construction, aerospace,
rail, and oil and gas industries found a number of key organisational and
cultural factors, of which leadership was the most fundamental (Gadd and Collins, 2002). Specific
characteristics of leadership found to be significant, because they relate to risk management, are
outlined as follows:
zz
the need for a commitment to risk management by the leaders
zz
the clear evidence and communication to the workforce of this commitment
zz
ensuring clarity of risk management roles and risk management responsibilities
43
zz
a questioning attitude focusing on operational reality not just ‘good news’
zz
appropriate and relevant industry experience allowing informed decision making
zz
driving the development of systems and policies that support risk management and provide
an intelligent balance between central control and operational unit discretion
zz
consistent monitoring of risk management performance and regular review of performance
measures
zz
design and maintenance of effective risk communication channels.
These would allow risk management expectations to flow out to the
workforce and feedback to freely flow in to decision makers (this
feedback is used to drive change)
zz
enabling processes and systems that ensure risks are properly
assessed, reviewed and challenged is welcomed. Also learning and
sharing of lessons learnt is encouraged
zz
awareness that client and commercial change is undertaken in order to
maintain good practice.
“A genuine leader
is not a searcher
of consensus
but a molder of
consensus”
–Martin Luther King Jr
While this guide is advocating the importance of effective risk
management as a central leadership responsibility it is one of several functions. Project leaders
have to drive forward on many fronts balancing requirements in the process.
6.7
BALANCING RISK CULTURE WITH OPPORTUNITY
Many people engage in behaviours that are believed to provide some influence on how to avoid
undesirable outcomes (a personal risk management approach). From brushing one’s teeth and eating
healthily to changing jobs or seeking promotion, individuals make choices that will give protection
from unwelcome consequences on a number of fronts, eg physical, financial, mental, emotional and
spiritual. However, while avoiding risks it is important to be aware that the choices made are balanced
in order to take advantage of beneficial new discoveries and valuable opportunities.
Risk management processes also need to reflect this. Projects need to be able to move quickly
at times to take advantage of opportunities and if risk management processes are over designed
and restrictive they act as an inhibitor potentially increasing costs and as such creating risk.
Running opportunity management workshops in parallel with risk management workshops can
enrich both. A key risk management skill in preventing major incidents is being able to design
appropriate risk management systems that suit the uniqueness of each project.
This level of intricacy and complexity makes managing culture a less than straightforward
activity, particularly for large or complex teams and projects. By understanding that the aim is for
an appropriate culture that fits the project environment, it is easy to see that one organisation or
project, spread across different locations or undertaking different functions, will contain several
separate cultures.
6.8
DIFFERENT POCKETS OF CULTURAL INFLUENCE
Different cultures can be found between different working environments. Even within the same
organisation or the same project. Certain ways of behaving are accepted and even expected in
an office headquarters that would seem out of place on a construction site and likewise some
construction site behaviours would be out of place at an office headquarters.
The same applies when it comes to risk management. For example, the risk culture of a steel
reinforcement fixing gang will naturally be different to the risk culture of an operating nuclear
facility, and the risk culture of the research department of a cement manufacturing company will need
to be different to the risk culture of its sales department. Although there will be some commonalities,
each organisation or department will undertake a set of specific activities related to their industry and
44
C747 Engaging with risk
function and will need to consider the risks unique to those environments and
activities. So, managing risk within the cement company’s research department
will be geared towards ensuring product safety and efficacy on the one hand,
while focused on bringing a new cement based product to market, cost effectively
and before the competition. For the sales department managing risk will mostly
be concerned with ensuring the new product is widely adopted among its target
market, while operating within a code of practice that will not include using
misleading communication about the benefits and effects. Different risk cultures
will lead to these issues being dealt with in different ways.
6.9
Have you ever
found one working
environment to be
quite different to
another?
SUSTAINING AN APPROPRIATE CULTURE
Culture is seen to be a difficult organisational element to manage because of the emergence
of both intended and unintended consequences. When intended consequences emerge it is
believed that management has ‘done a good job’. When unintended consequences emerge
somehow management has got it wrong when in actual fact on many occasions this is down to the
unpredictable nature of complex systems (see Chapter 8). This leads to a greater appreciation
of the benefits of an open and honest (rather than highly controlled) culture and transparency
in decision making. It is this transparency in decision making that some industry regulators are
seeking to achieve through the use of risk frameworks, risk strategies and risk appetites.
Being able to generate and sustain a coherent risk culture on a complex construction project needs
to be a consideration for any manager. Multiple partnering organisations and the growing breadth
of professions and trades that are now involved with complex projects means that this activity needs
to be given time and attention. This is an ongoing requirement as project changes occur continually.
6.10 SUMMARY
This chapter has shown how risk culture exists as a strand within the accepted concept of
organisational culture. By understanding the factors that, through their interaction, create a risk
management culture, a culture can be developed that most effectively suits an organisation’s project.
The chapter also highlighted that while appropriate risk strategies, systems, skills, staff, style
and structures are needed, it is those in risk leadership roles who will drive the development of
effective and balanced risk management cultures.
Establishing the conditions at the start of a project for an appropriate risk culture to develop will
mean that projects with long timescales will be well placed to benefit as the risk culture matures.
Alternatively, risk management procedures become tick box exercises without the value being
understood or derived.
A key component of creating the most suitable conditions and making the most of this to allow
a risk management culture to grow is through the consistent use of appropriate language and
effective communication as discussed in Chapter 7.
6.11 REFERENCES AND FURTHER READING
BREAKWELL, G (2007) The psychology of risk: an introduction, Cambridge University Press,
Cambridge, UK (ISBN: 978-0-52100-445-9)
HANDY, C (1999) Understanding organizations, fourth edition, Penguin Books, London (ISBN: 9780-14015-603-4)
45
HOFSTEDE, G (1980) Culture’s consequences: international differences in work related values, Sage
Publications, UK (ISBN: 978-0-80391-306-6)
OLTEDAL, S, MOEN, B, KLEMPE, H and RUNDMO, T (2004) Explaining risk perception. An
evaluation of cultural theory, Department of Psychology, Norwegian University of Science and
Technology, Trondheim, Norway (ISBN: 8-27892-025-7).
Go to: www.svt.ntnu.no/psy/Torbjorn.Rundmo/Cultural_theory.pdf
PETERS, T J and WATERMAN, R H J (1982) In search of excellence, Profile Books, UK (ISBN:
978-1-86197-716-8)
ROBERTSON, S M and ALLAN, N (2005) “Cultural movement in engineering organizations in
the UK”. In: Proc Engineering management conference 2005, 2005 IEEE International, vol 1, 11–13
September, IEEE International, UK (ISBN: 0-78039-139-X), pp 26–30
WHITELY, A and WHITELY, J (2007) Core values and organizational change, World Scientific
Publishing Co Pte Ltd, London (ISBN: 978-9-81256-902-8)
46
C747 Engaging with risk
7
Risk language and
communication
Aims of this chapter:
zz Emphasise the central role of language in risk management.
zz Discuss the benefits of a common risk language.
zz Highlight the disconnect between what people do and what people say and the impact of this on risk
management.
zz Outline approaches to risk communication.
7.1
INTRODUCTION
Communication skills are credited with being the vehicle that has enabled the success of
the human species. Yet miscommunication, or poor communication, is one of the most cited
factors contributing to failures of all levels, across all sectors. SP125 highlighted that a lack of
communication was the biggest hazard to a project and many of the tools provided in the guide
helped to improve risk communication. The risk management community has continued to
look for ways to enhance the capabilities of project teams in this area especially in relation to
overcoming cultural (eg ‘it’s not acceptable to question the decisions of line managers’) and
structural (eg ‘it’s not my role’) communication barriers.
Having a broad and relevant risk vocabulary, which is shared across a project team and where
there is an absolute common understanding of the meaning of each term, is something of
an idealistic state. Today, there is still debate over which definition of ‘risk’ is most accurate
(see Section 3.1). However, it is not just the words used that need to be taken into account in
understanding the importance of language and communication, there are other elements that are
factored into the interpretation of an intended meaning.
7.2
THE FUNDAMENTAL ROLE OF LANGUAGE
As stated in previous chapters risk management is about managing the uncertainties on a project.
In seeking to understand and manage uncertainty information is needed. This information
is codified in a language. Whether the language uses words or numbers, both are used to
communicate and share a greater understanding. Language and communication has been
developing, as has sophisticated expressions of meaning, over the years. However, although
humans are a single species, around 7000 different languages presently exist across the globe.
Knowledge and the information discussed is created collectively. Language is not created by
isolated individuals. Words, and the meanings they carry, are the product of groups and the
environments in which they live and work. In this way language is an important tool to be able to
work successfully in a group.
Language is a source of power. It can be openly passed on and empower others to become
members of the group or it can be made obscure or withheld to disempower others. When
aiming for all involved on a project to take responsibility for risk they need to be part of the risk
community.
7.3
SHARING A COMMON RISK LANGUAGE
The meaning each community ascribes to a particular word and the context in which the use
of the word is judged to be appropriate, takes longer to learn than any direct translation. For
example, ‘risk’ in the financial sector carries different connotations to ‘risk’ in the construction
47
sector. Learning the language of a new community takes time and effort, which is why it is often
easier to make assumptions about what is being said.
This issue has been recognised within the risk community, and a set of definitions has been
developed with the aim of bringing clarity to disparities in meaning that currently characterise
the risk management practice.
Do you have
confidence in the
meaning of the risk
terminology you
use and that the
understanding you
have of each term
is shared by all in
your project team?
Groups who have been working in the risk management field for some
time have been building up a common set of definitions for the growing
vocabulary of risk management practices.
They argue that decision makers should have the assurance that the
information they receive from separate project groups is based on the same
assumptions. This way ambiguity is removed to some extent and decision
making becomes more robust.
As part of the release of ISO 31000:2009 the ISO also released an updated
version of ISO 73:2009, which provides definitions for 50 terms associated
with risk management. However, these 50 terms do not include some of those
contained within this guide, which is an indication that the field has continued
to progress and the vocabulary of the risk lexicon needs to keep pace.
Projects managers can actively work on building a common understanding of risk terms among
their project teams by creating reference documents, which are made openly accessible.
While a common risk vocabulary is beneficial, developing a mutual understanding of the
uncertainties and resultant risks and how they are connected is the key. To achieve a good outcome,
recognise and embrace a diversity of language rather than overly focus on a set of common terms.
7.4
COMMUNICATING RISK
The very nature of information about the risks faced by an organisation means that risk
communication needs careful consideration. A lot of minor detail leads to major risks potentially being
lost in the ‘noise’ of minor risks. But dismissing risks assessed as ‘low likelihood’ before considering
how connected they are to ‘high likelihood’ risks (see Chapter 8) can obscure serious risk potential.
This is not a new perspective. Small errors (in judgement as much as in calculations) could build
up over time through poorly communicated risk (Turner, 1978). Recent research by the London
School of Economics into the risk cultures of financial organisations found that this was still a
major concern, which required both effective information structures and management practices
(Ashby et al, 2012).
Good risk management requires that:
1
Information relating to risk is easily collected, in accessible formats and distributed through
risk communications channels for analysis and assessment.
2
Feedback (in accessible formats) is given to each stakeholder group affected by identified
risks along with the steps they need to take to protect their interests. This is linked to risk
governance as discussed in Chapter 4.
7.5
48
RISK COMMUNICATION SYSTEMS
Risk communication systems, such as the generic one illustrated in Figure 7.1, need to be
designed with the understanding that openly communicated risks are likely to generate greater
levels of conflict. If more information on risks is provided to a project team, and greater
interaction and response is encouraged, then some of it will challenge what has been conveyed.
Encouraging openness and transparency should be matched with processes, policies, standards
C747 Engaging with risk
Board
Use feedback,
recognise
successes of
system
Review of risk appetite
Support risk managers
Set risk appetite
and communicate it
to staff consistently
and regularly
Risk managers
Welcome/reward
appropriate
feedback
Develop risk
communication skills
in the team and
construct intuitive risk
communication channels
Provide risk
communication
training
Frontline staff
Fulfil managers’
expectations
to feedback
meaningful risk
information
Figure 7.1
Learn how to develop risk
messages, how people
process them and how
to incorporate divergent
viewpoints within them.
Build tools to accommodate
and promote it
Reward staff for
their engagement
with risk
communication
training
A generic model of a risk communication system
and authorities in respect to how differing views on risks are to be managed and how conflicting
risk priorities are to be dealt with.
Better organisation and project decisions can be made where there is an understanding of the risk
appetite (see Section 4.2). Project teams need to have a working knowledge of both organisational
and project levels of risk appetite.
Figure 7.1 illustrates a generic risk communication system designed to push critical information
down into a risk management system and to get feedback. A risk communication system would
allow easy dissemination of project risks to stakeholders.
7.6
RISK COMMUNICATION CYCLE
Any communication system can
be seen as a continual cycle of
information, processing and
feedback as shown in Figure
7.2. If the cyclical nature is not
maintained then it becomes
reduced to broadcasting in
one direction, less effective
at targeting messages and
delivering less value.
Additionally, useful and at
times vital pieces of information
are not captured or processed
into new information, which
eventually discourages the flow
Figure 7.2
A continuous communication cycle
49
Can you identify
communication
issues on your
project that create
uncertainty and so
present risks?
of feedback. This creates the classic breakdown in communications identified
as being at the centre of several well publicised adverse risk incidents.
The most common tools for accessing information on project risks are
brainstorming sessions, meetings with agenda items specifically dealing with
project risks and the risk register, the most common tool for recording and
sharing information when working to manage risk (see SP125).
The diagram in Figure 7.2 is a much simplified depiction of the stages and
components of a communication cycle. Clear and rapid information flow
into a system designed to manage risk is beneficial and requires unobscured
and uncluttered channels of communication, which need to be added to the model in Figure 7.2.
Distinct risk reporting structures support this objective with allocated risk roles having associated
communication responsibilities.
7.7
RISK COMMUNICATION SKILLS AND TOOLS
An additional consideration is the impact the sender and receiver has on how information is
filtered and processed. People can misrepresent as well as misunderstand information. They
can hold onto information they believe is ‘undesirable’ or only see what they are looking for,
perhaps ‘shifting’ new information so that it fits with their existing ideas and therefore presents
no challenge. These biases all come into play especially in pressured situations or at times of
heightened stress. The following sub-sections describe tools available to combat these issues.
7.7.1
Assertive communication
A successful technique, developed in the aviation industry, is now being adopted by other
industries to encourage early communication of vital information, avoiding situations escalating.
The crew resource management (CRM) approach provides a team with training in an easily
adopted process for everyday use.
A key element of the training programme is a process that will appropriately set an open
culture. To enable this team members are given appropriate language through which they
can comfortably but assertively raise queries or challenges to actions or decisions without
undermining a project leader or their manager’s authority. The five step technique is called the
‘assertive statement method’.
1
Bring attention to the issue by directly addressing the project/task leader and do so
personally, ie use their name.
2
State what the concerns or the emotional reactions are, ie “I’m very uncomfortable with/
worried about…”.
3
State the problem as seen, real or perceived, ie “the data indicates a bigger problem than we
have anticipated...”.
4
Offer a solution, ie “I think we should…”.
5
Obtain engagement, ie “What do you think?”.
While offering a solution is considered a major component in the assertive statement, the lack of a
solution should not prevent a project team member from pointing out a potential problem.
An additional communication mechanism is that of anonymous reporting. This can be set up
through internal channels or by using external service providers. Where an organisation knows
it has barriers to open reporting of issues this can provide a useful channel for discovering
underlying problems.
50
C747 Engaging with risk
7.7.2
Stakeholder risk communication
Chapters 4 and 5 highlight that there is mounting expectation for project teams to engage with
the stakeholder groups affected by their project. A process for doing this is as follows:
1
Identify a risk related issue or scenario.
2
Identify key stakeholders (audiences).
3
Identify stakeholder questions and concerns.
4
Develop key messages consistent with risk communication principles.
5
Develop supporting information.
6
Conduct testing.
7
Plan for delivery.
7.7.3
Visual tools and symbols
The successful use of visual techniques has proved to be a useful tool for many project managers.
Openly displaying risk information relating to each project phase in the communal areas and
main meeting areas helps to keep risk conversations current. Display boards such as illustrated in
Figure 7.3 have proved beneficial.
Function sponsor A.N.Other 1
Last updated
Risk management
Jan 14
ANO1
Risk mitigation actions Prepare risk mitigation detail
Closed
not developed
sheets for top ten risks on register
Feb 14
ANO2
Risk register risks
lacking consistency
Mar 14
ANO2
Risk management plan Prepare time schedule for risks
incomplete
reviews
Figure 7.3
Review all risks to ensure cause,
effect and impact set out in
description
EBT
Jun
14
ANO2
Apr 14
Status
Date
Issue/concern
Responsibility
August 2014
Actions/counter
measure
A.N.Other 2
By
Date raised
Function lead:
Typical display board of risk information
51
7.8
THE COMMUNICATION GAP – WHY ‘SAYING’ AND
‘DOING’ ARE OFTEN DIFFERENT
As people grow up they become adept at understanding that what others say is not always
what they mean or what they do. People learn to notice such discrepancies. Similarly, in their
professional lives, they are looking to understand the rules that determine which statements
always hold true. By observing others, particularly those in more senior roles, people learn.
The key aim is to establish an open and responsible communication culture so that management
can trust important information will be shared and the project team can trust that they will be
heard. This is why developing listening skills among the project team is a significant part of
developing good communication skills. Effective listening takes a lot of energy and focus but the
results can prove invaluable.
Where there are gaps between what is said and what is done, most people tend to look for
additional information about what is deemed to be the right way to behave. This is how language,
communication, culture and behaviour all link together. Working with this dynamic is a central
tool in managing behaviour on a construction project so that the desired risk behaviours acquire
the necessary prominence and become reliably established.
7.9
SUMMARY
Project environments are often time restricted and to overcome degradation in risk information
flow and quality, communication skills and tools need to be developed across a project team at the
early stages. Skills in the use of risk language and of being mindful that information can be coded
and decoded with particular bias, are developed through experience.
This chapter underlined the importance of developing a shared and easily understood set of
risk terminologies relevant to the circumstances of the project. While there are lexicons of risk
vocabulary available to help develop this, the context of a project should not be ignored.
Additionally, the development of appropriate systems through which to build up project
knowledge and communicate risks to stakeholders will be most successful if it forms an integral
part of the structure of the project.
As understanding of the risks being faced grows, then language and communication skills need to
keep up in order to express the risk complexities identified and the risk connections found. These
topics are discussed in Chapters 8 and 9.
7.10 REFERENCES AND FURTHER READING
ALI, R, HALDANE, A and NAHAI-WILLIAMSON, P (2012) “Speech: Towards a common
financial language”. In: Proc Building a global legal entity identifier framework symposium, 12 March,
New York, Securities Industry and Financial Markets Association, Bank of England, New York.
Go to: www.bankofengland.co.uk/publications/Documents/speeches/2012/speech552.pdf
CONNOLLY, M and RIANOSHEK, R (2002) The communication catalyst, Dearborn Trade
Publishing, Kaplan Professional, USA (ISBN: 978-0-79314-904-9)
ISO Guide 73:2009 Risk management – vocabulary
PAGEL, M (2012) “War of words” New Scientist, vol 2894, 8 December, Reed Business Information
Ltd, UK, pp 39–41
SALAS, E, WILSON, K, BURKE, C and WIGHTMAN, D (2006) “Does crew resource
management training work?” Human Factors, vol 48, 2, National Center for Biotechnology
information, USA, pp 392–412
52
C747 Engaging with risk
8
Risk connectivity
Aims of this chapter:
zz Underline the importance of looking for the connections between risks.
zz Discuss how this can be used to highlight the potential of cascading risk failures.
zz Appreciate how connectivity can be elicited.
8.1
INTRODUCTION
Risk is often expressed in terms of the consequences of a series of events and the associated
likelihood of occurrence. If the focus of risk management on a project only looks at singular
causes and singular outcomes then there is a real danger that risks, which are connected, will
go unnoticed until it is too late. Understanding the connected nature of risks has been a key
development in risk management since SP125 was published.
Many major incidents cannot be tracked to a singular cause but to a series of errors, mistakes and
unfortunate coincidences. Similarly, a key event may trigger many subsequent failures, which with
hindsight seem obvious, but were hard to predict. They are hard to spot because connections have
not been made explicit between events, causes and consequences.
This broadening of a single event based view of risk to include how risks are interconnected
helps keep in mind wider implications, both short- and long-term. In practice not every possible
combination can be addressed but techniques are being developed to identify or make clearer the
links in a network of interconnected risks.
8.2
HOW RISKS ARE CONNECTED
Analysis of significant risk events has shown that a number of connected minor risks, which
as singular outcomes were seen as manageable have, when they occurred together, produced
a cascading failure. This is similar to a domino effect, the consequence of which was not
manageable. To illustrate this further, here is a simple example.
Example 8.1
Figure 8.1 shows six dominoes, each of which represents a separate risk with the number above
the line nominally representing the likelihood and the number below the line representing the
impact.
Figure 8.1
Six dominos representing six separate risks A to F
53
The two values can be added together or multiplied to give some sense of ranking of the risks. In
each case risk A will be ranked lowest and risk C will be highest.
However, by considering the
dominos (risks) in Figure 8.2
from the perspective of how
they might influence each
other due to their connectivity,
if domino (risk) A topples
then it will have an impact
on higher ‘ranking’ domino
(risk) D. Similarly if domino
(risk) B topples it will affect
D, E and F. For example, the
risk of reduced soil strength
(risk A) combines with the
risk of wet weather (risk B)
to increase the risk of trench
collapse (risk D). The number
of connections continues – if
the wet weather (B) increases
the risk of machinery being
Figure 8.2
Risk when considering the interconnected approach
prevented from accessing the
site (risk E), then the lack of progress could encourage hand digging, leading to possible loss of
life (risk F). The aim of understanding the connections between risks is to appreciate how many
connections an individual risk has and how far connections can be meaningfully made.
While on first glance domino (risk) C is the highest ranking risk its unconnected nature means
that it would have little chance of affecting the other dominos (risks). When considering the
connectedness of risks it is more than likely to provide a deeper understanding of project risks
and enabling them to be managed more effectively.
In practice it is possible to assess risks in this way and get the strength of influence on other risks in
the project or programme by constructing a network to represent the risks, as shown in Figure 8.3.
Figure 8.3
A network representation of the dominos in Figure 8.2
The key benefits from this approach enable risk managers to:
zz
54
understand which risks increase the likelihood of other risks occurring
C747 Engaging with risk
zz
categorise risks according to the reality of their likelihood, impact and connectivity
zz
focus efforts on both the most serious risks as well as the most connected in order to identify
potential sources of cascades and put measures in place to disable or counteract the effect.
In practice, most experienced project managers will carry out this sort of
connectivity analysis in their heads. They know where pinch points are and
what critical aspects of the project could trigger major delays, serious health
and safety threats or cost overruns.
Where the number of interactions increase software tools can be used to log
and visualise extensive risk networks.
8.3
What are the
most obviously
connected risks
on your current
project?
ELICITING, MAPPING AND MODELLING
CONNECTIONS
Risk connections can be elicited in a number of ways and technologies are progressing all the
time, mimicking social networks to allow risks to be mapped. Two common approaches are
discussed here that require little technological sophistication – concept mapping and the ‘bow tie’
approach. Both these approaches are best conducted in a group workshop environment.
8.3.1 Concept mapping
A concept map is a visual model which allows complex interconnected factors to be shown in a
simplified diagrammatic form, so that the overall picture can be understood and communicated
to a wide audience. Such maps are particularly useful for identifying and analysing strategic
issues, as these are often complex in nature and contain a wide range of interacting factors.
There are many ways to elicit the concepts and connections in a workshop session. Large sticky
notes can be used to allow each person to write down the key risks they believe are associated
with each objective under discussion. These are then put up on a wall or screen so everyone can
see them. Those participating in the session are then encouraged by the workshop facilitator to
collectively discuss the risks and arrange them until the concepts start to emerge and tell a story –
namely of how connected or unconnected the risks to the objectives are.
In the context of risk, people then have a shared mental map of the risk exposure they face.
An individual view will likely be incomplete, or maybe just hard to make sense of or articulate.
Concept maps draw upon everyone’s contribution and understanding of risks. Note that
participants are expected to focus on specific rather than on abstract risks, so it will be the job
of the facilitator to identify such instances and direct the group back to identifying the root risks
that may drive what has been mapped.
An example of a simplified concept map is shown in Figure 8.4. The nodes with lots of
interconnections are always worth looking at first. The red nodes in Figure 8.4 represent key
nodes, which are most central in the system and are key levers for action or mitigation. The blue
nodes are stated goals or aims. The orange nodes are beliefs about the strategic risk and risk
appetite. Typically an hour long interview with key stakeholders would generate over 100 nodes
and would be analysed with the assistance of computer programs to identify the key nodes, loops
and connections. Such programs are inexpensive and easy to use.
55
Figure 8.4
An example of a simplified concept map
8.3.2 Bow tie approach
Many existing mechanisms for eliciting connections in risk look at linear cause and effect
relationships as illustrated in Figure 8.5.
Cause
Figure 8.5
Risk event
Consequence
A simple chain of events model of risk
A bow tie diagram (see Figure 8.6) offers a more holistic approach. A diagram is constructed to
uncover the multiple causes that can lead to a particular risk event occurring and the multiple
consequences if it were to happen. The causes and consequences can be logically produced by a
fault tree type approach or by brainstorming in a workshop. Note that the connections between
them are made explicit (represented by arrows in Figure 8.6) through a technique like concept
mapping.
56
C747 Engaging with risk
Figure 8.6
Example of a bow tie diagram indicating multiple causes and consequences
The next step is to compare diagrams of separate risk events and look for connections between
them as shown in Figure 8.7.
Figure 8.7
A comparison of risk events to highlight connections
Similarly consequences can be linked together by type. It is then possible to use proprietary
software or charts to build a network of interconnected causes, events and consequences.
Once connections have been made, it is possible to further explore the relationships and
interdependencies using various software packages previously mentioned.
The principle of connectivity has been highlighted throughout this guide with indications of how
one chapter might be related or connected to another. This is further illustrated in Figure 8.8.
57
Note
In practice there are many more interconnections but their relative strength is less than the ones shown here
Figure 8.8
8.4
The interconnections between the six key chapters of this guide
SUMMARY
The connected nature of the world makes it hardly surprising that much can be gained from
understanding the connected nature of risks. In fact the evidence suggests that not doing so in
past events, has resulted in serious consequences.
This chapter underlined the importance of reviewing the connectivity between project risks.
The impact that risk connectivity has can be significant and time spent on this risk management
activity can help to avoid severe risk outcomes from unimagined sources.
As this perspective is gradually accepted, and the approaches and tools to help build the skills for
doing so are developed, a greater reserve of knowledge from which project teams can make more
widely informed decisions is created. A number of approaches have been set out to provide project
teams with techniques to capture and model the connections between risks.
8.5
REFERENCES AND FURTHER READING
ACTUARIAL PROFESSION and INSTITUTION OF CIVIL ENGINEERS (2006) Strategic risks –
a guide for directors, Thomas Telford Publishing, UK (ISBN: 978-0-72773-467-9)
ALLAN, N and YIN, Y (2011) “Development of a methodology for understanding the potency of
risk connectivity” Journal of Management in Engineering, vol 27, 2, ASCE, USA, pp 75–79
FENTON, N and NEIL, M (2012) Risk assessment and decision analysis with Bayesian Networks, CRC
Press, UK (ISBN: 978-1-43980-910-5)
58
C747 Engaging with risk
9
Risk complexity
Aims of this chapter:
zz Relate risk management to the concept of complexity.
zz Illustrate how current good practice is trying to measure project complexity and reasons why.
zz Provide a framework to aid decision making and understanding where complexity may be present.
9.1
INTRODUCTION
Projects of all shapes and sizes can be viewed as complex systems, primarily because of the variety
of human interactions that are required to accomplish them. In most cases, the behaviour of
a complex system cannot be adequately understood from only studying its component parts.
For complex systems, such as a large publicly funded project, with many stakeholders and
multiple objectives, traditional approaches cannot fully match risk management requirements.
Understanding more about complexity will provide a wider range of techniques used to overcome
some of the issues that arise.
While both clarity of purpose and experience in delivering complex projects
will help to mitigate the risks, it is particularly important to recognise that
risks are often context dependent, so experience in one context can lead to
complacency in another.
Definitions
Complex systems
Systems composed of many parts,
which interact with and adapt to
each other.
A different approach is required to understand and manage the diverse
and often unique nature of risk that emerges from the interactions within a
complex project. Not all projects necessarily need to be treated as if they are complex projects. So
what are the requirements that raise the level of complexity in a project?
9.2
DETERMINING PROJECT COMPLEXITY
The complexity of a construction project (see Figure 9.1) arises from the number and variety of
individual elements (eg stakeholders, project size, project value, number of subcontractors, and
funding arrangements) as well as how connected these elements are (eg one project stakeholder
group is closely related to another project stakeholder group but these connections fall outside of
the project boundary).
A complex project is also characterised when high levels of managerial uncertainty arises about
the current and future states of each element of the project, and the impacts arising from the
dynamic interplay between them. Changes in regulations, expertise of stakeholders, changes
in end-user requirements as well as time delays are all recognised as risks to successful project
completion.
Figure 9.1 provides an initial indication as to whether project complexity is characteristic of the
projects being worked on. It also provides a starting point for the build-up of project knowledge
required to minimise uncertainty. First identify the number and uniqueness of project elements
before determining their connectedness (see Chapter 8).
59
Number of separate
project elements
Variety of project elements
Complexity of
project scope
Connectedness of project
elements
Project complexity
Incomplete information
about current states of
elements of the project
Uncertainty on future states
of elements of the project
Complexity of
managerial decisions
Uncertainty about the
impact of elements
interactions
Figure 9.1
9.3
Distinct aspects contributing to project complexity aspect (from Geraldi, et al, 2011)
MATCHING PROJECT COMPLEXITY TO PROJECT
CAPABILITY
The most significant project failures usually occur when organisations unwittingly take on
projects of a much higher or different level of complexity than previously undertaken. When
complexity is increased beyond the organisation’s capability to deliver, then performance
decreases significantly. This risk phenomenon identified as the Helmsman’s Complexity Cliff is
illustrated in Figure 9.2.
Understanding both the initial assumptions about the project’s complexity, and how these
assumptions might change across the life of the project are important risk management
considerations.
The Helmsman
complexity scale
(Helmsman Institute,
2009) used in Figure
9.2 is derived from the
key elements shown in
Table 9.1.
Figure 9.2Helmsman Complexity Cliff showing the drop in performance as
project complexity increases (courtesy Helmsman Institute)
60
C747 Engaging with risk
Table 9.1
Helmsman complexity scale (courtesy Helmsman Institute)
Helmsman
Organisational
level
Difficulty
level
Project characteristics
Examples
<4
SME
Minor/large
Projects that can be done by
smaller organisations
Build new custom home
Small
Projects normally performed
in the business units of large
organisations
Product maintenance and
competitive enhancements to
ongoing business operations
Core
Standard core projects in the
top 50 to 100 organisations.
Normally has executive
attention
Regulatory, environmental,
business upgrades, GST, Y2K,
clean fuels
6–7
Large
Largest projects commonly
Merger integration, core
undertaken across the top 50
system replacement, A380
to 100 organisations. Normally
introduction
have board attention
7–8
Large national
Largest projects commonly
undertaken nationally. Creates
a noticeable effect on the
community
Nationally
significant
Rare and highly complex
projects, seldom undertaken in Snowy river scheme, Olympics,
the country. Creates significant Collins
effect on national economy
International
Significant multi-national
project
4–5
5–6
Large
National
8–9
9–10
International
BHP Olympic dam, broadband
roll-out, some defence projects
Hadron Collider, Apollo, Joint
Strike Fighter, Basel II
Other project complexity assessments exist including an infrastructure route map produced by
HM Treasury and Infrastructure UK (2013). This route map measures organisational complexity
separately from the complexity of the delivery environment. The assessed levels of complexity are
then balanced against the capability of the delivery team to determine what is needed in order to
work effectively given the level of complexity envisaged.
Determining the level of complexity, and the related risk relationship, is important on large
scale projects. In addition, understanding the complexity profile of an organisation’s portfolio
of projects can be used to define the required level of maturity needed to deliver that portfolio.
Complexity can also be used as a triage tool across a portfolio to allocate individual projects to the
most appropriate sponsor, project manager and governance regime.
One option is to treat all projects as complex projects as they all involve human interactions.
By taking this approach managers can fully concentrate on being aware and making use of the
science to manage risks more effectively.
9.4
KEY COMPLEXITY ISSUES FOR RISK MANAGERS
Complexity in risk terms relates to the inter-relationship, interaction and inter-connectivity of
risks within a system and between the system and its environment.
As previously noted a project is a complex system in which a large number of investors,
companies, agencies, regulators, and other participants are interacting with each other. Imagine
all of the interactions and relationships required for a complex project such as the build of the
Olympic 2012 Games facilities.
Some of the key features of complex systems that relate to the construction projects are discussed
in the following sub-sections.
61
9.4.1 Difficult to determine boundaries
It can often be difficult to determine the boundaries of a project, resulting in enhanced
risk as accountabilities become blurred. It is when the boundary is unclear, assumed or
miscommunicated due to language or competing values and objectives that risks emerge.
By bringing together project stakeholders, it is often relatively easy to identify and agree
boundaries and responsibilities. However, greater effort and time may consequently be required
to align perspectives. This is especially so when stakeholder diversity is increased. Although this
may be seen as too great an effort the benefits of such inclusion should not be underestimated.
9.4.2 Complex projects evolve
The history of a complex project is important, for example the reasons why the project was
initiated, and of each key decision made, should be explicit and kept on record for future
reference. Ignoring this and going straight into apparently obvious and simple solutions based on
assumptions can lead to serious errors.
Due to system evolution it is obvious that no two projects will ever be the same. However, what
is not so obvious is that using experienced staff on repeat projects can also be a source of risk
because their expectations influence perception of what is actually occurring. Their familiarity
creates blind spots, which can be minimised by using techniques such as an effective lesson
learnt process, checklists, and engendering the right culture in the project team to allow less
experienced or senior staff to voice their concerns about the risks they see.
9.4.3 Complex projects exhibit emergent phenomena
Projects may exhibit behaviours that are emergent, ie although each task is managed
appropriately, the ability to deliver the entire project on time cannot be guaranteed as unforeseen
emergent risks may hinder it. Such risks could have been simply the result of tasks interacting
with each other. Reputation risks can be seen as an example as they are rather hard to pinpoint in
terms of where and how they might occur in a project.
A culture of risk management is another emergent phenomenon that can be observed through a
group of people interacting in order to perform the function of risk management. Risk culture is
covered in more detail in Chapter 6.
9.4.4 Relationships in complex projects are non-linear
Non-linear relationships build upon the mathematical concept that a change in an independent
variable does not lead to a proportional change to a dependable variable. In practical terms, this
means a small change may have a large effect, a disproportional effect, or even no effect at all.
Stakeholder involvement is a good example of this, where protests can suddenly escalate rapidly
as opposed to gradually changing in a reassuring and predictable linear way.
9.4.5 Feedback loops in complex projects
Feedback loops are also related to non-linear properties of a system, such as seen in the ‘boom’
and ‘bust’ cycles in construction industries around the world. For example, a boom cycle can
start when property price increases are observed (the feedback). This leads to an increase in
construction of new properties (to take advantage of higher scale prices) demanding more
materials and labour (another feedback loop), which leads to higher prices placed on these
components as they become more sought after (more feedback) and this then leads to higher
property prices, and so the boom builds on itself. Such loops play a fundamental role in
constructing early warning systems.
62
C747 Engaging with risk
9.5
SUMMARY
As accomplishments in construction continue to grow, so do the complexity of the projects that
deliver them. Risk perspectives, and skills and techniques, need to keep up with the ability to
imagine new approaches to construction.
This chapter looked at the complexity involved with modern day construction projects and the
concepts associated with it. Models are provided to assist with understanding the nature and
extent of the complexity inherent in a project.
It should always be understood that the complexity of a project should not exceed the capability
of the project team. It is important that both the complexity of a project and the capability of a
project team are fully understood before this can be managed.
Technology is already being used to support this and project teams should be encouraged to
develop expertise in this area as this will provide them with more confidence to carry on.
9.6
REFERENCES AND FURTHER READING
HM TREASURY and INFRASTRUCTURE UK (2013) Infrastructure procurement route map: a
guide to improving delivery capability, HM Treasury, London (ISBN: 978-1-90909-656-1). Go to:
http://tinyurl.com/o5cg5tf
SNOWDEN, D J and BOONE, M E (2007) “A leader’s framework for decision making” Harvard
Business Review, November, Harvard Business Publishing, Harvard Business School, USA.
Go to: http://hbr.org/2007/11/a-leaders-framework-for-decision-making/ar/1
Websites
Helmsman Institute: www.helmsman-international.com/sites/institute/index.html
International Centre for Complex Project Management: www.iccpm.com
Systemic risks: www.systemciconsult.com
63
C747 Engaging with risk
10 Implementing the guidance
Here are some suggestions on how to take the points discussed in this guide and apply them to
your own project context.
Each of the chapters in this guide explore the key risk management topics that have, since the
publication of SP125, been recognised as having significant or increasing importance in the
successful management of construction projects.
64
65
References
ACTUARIAL PROFESSION and INSTITUTION OF CIVIL ENGINEERS (2006) Strategic risks –
a guide for directors, Thomas Telford Publishing, UK (ISBN: 978-0-72773-467-9)
ALLAN, N and YIN, Y (2011) “Development of a methodology for understanding the potency of
risk connectivity” Journal of Management in Engineering, vol 27, 2, ASCE, USA, pp 75–79
APM (2011) Directing change: a guide to governance of project management (v2), Association for Project
Management, Buckinghamshire, UK (ISBN: 978-1-90349-419-6).
Go to: https://www.mosaicprojects.com.au/PDF/Directing_Change-v2.pdf
ASHLEY, M, BOXALL, W, HALSTEAD, M R, HARRISON, J, BARTLETT, M, ROSE, T,
MURPHY, I, THOMAS, G, LONGSTAFFE, S, GARLICK, A, PENHALLURICK, D (2013)
Managing cost risk and uncertainty in infrastructure projects. Leading practice and improvement:
report form the Infrastructure Risk Group 2013, Infrastructure Risk Group and Institute of Risk
Management, UK. Go to: http://tinyurl.com/legahcg
BLOCKLEY, D and GODFREY, P (2013) “On communicating the uncertainty of risk” International
Review of Civil Engineering, vol 4, 1, Integrated Publishing Association, USA, pp 24–34
BSI (2012) Case study: Network Rail infrastructure projects, British Standards Institute, UK.
Go to: http://tinyurl.com/mb47jbx
CABINET OFFICE (2011) Government Construction Strategy, Cabinet Office, UK.
Go to: http://tinyurl.com/q2merqn
CLEDEN, D, (2009) Managing project uncertainty, Gower Publishing Ltd, Farnham (ISBN: 978-0566-08840-7)
COLLIER, D (2011) SAFEGROUNDS: Community stakeholder involvement, version 3, W38, prepared
for the SAFEGROUNDS Learning Network, CIRIA, London.
Go to: www.safegrounds.com/pdfs/W38_Safegrounds_Community_Stakeholder_final.pdf
COOPER, N J, BOWER, G, TYSON, R, FLIKWEERT, J J, RAYNER, S, HALLAS, A (2013)
Guidance on the management of landfill sites and land contaminationon eroding or low-lyoing cpoas;lines,
C718, CIRIA, London (ISBN: 978-0-86017-721-0). Go to: www.ciria.org
EGAN, P (1998) Re-thinking construction, The Report of the Construction Task Force, Department for
Trade and Industry, London. Go to: http://tinyurl.com/62ad7a
GADD, S and COLLINS, A (2002) Safety culture: A review of the literature, HSL/2002/25, Human
Factors Group, Health and Safety Laboratory, UK.
Go to: www.hse.gov.uk/research/hsl_pdf/2002/hsl02-25.pdf
GERALDI, J, MAYLOR, H and WILLIAMS, T (2011) “Now, let’s make it really complex
(complicated): A systematic review of the complexities of projects” International Journal of
Operations & Production Management, vol 31, 9, Emerald Group Publishing, UK, pp 966–990
GRIMSEY, D and LEWIS, M (2007) Public private partnerships. The worldwide revolution in
infrastructure provision and project finance, Edward Elgar Publishing, Camberley, UK (ISBN: 978-184720-226-0)
HALL, J, DAVIS, J and BLOCKLEY, D (1998) “Uncertainty analysis of coastal projects”. In: Proc
of the 26th conference on coastal engineering, Copenhagen, Denmark, 22–26 June, B L Edge (ed)
Coastal engineering, ASCE, USA (ISBN: 978-0-78440-411-9), pp 1461–1474.
HELMSMAN INSTITUTE (2009) Guide to complexity, Helmsman International Ptd Ltd,
Australia. Go to: http://tinyurl.com/pvs789u
HM TREASURY and INFRASTRUCTURE UK (2013) Infrastructure procurement route map: a
guide to improving delivery capability, HM Treasury, London (ISBN: 978-1-90909-656-1). Go to:
http://tinyurl.com/o5cg5tf
66
C747 Engaging with risk
HUGHES, W and MAEDA, Y (2002) “Construction contract policy: do we mean what we say?”
RICS Research Papers, vol 4, 12, RICS, UK, pp 1–25
IRGC (2008) An introduction to the IRGC risk governance framework, International Risk Governance
Council, Switzerland. Go to: http://tinyurl.com/7j5lmhh
IRM (2011) Risk appetite and tolerance: a guidance paper, Institute of Risk Management, London.
Go to: www.theirm.org/knowledge-and-resources/thought-leadership/risk-appetite-andtolerance/
JOHANSEN, A, HALVORSEN, S, HADDADIC, A and LANGLOD, J (2014) “Uncertainty
management – a methodological framework beyond ‘the six W’s’” Procedia – Social and Behavioral
Sciences, vol 119, March, selected papers from the 27th IPMA (International Project Management
Association) World Congress, Dubrovnik, Croatia, pp 566–575
LATHAM, M (1994) Constructing the team: Final report of the government/industry review of
procurement and contractual arrangements in the UK construction industry, Department for the
Environment, London (ISBN: 978-0-11752-94-6)
NG, A and LOOSEMORE, M (2006) “Risk allocation in the private provision of public
infrastructure” International Journal of Project Management, vol 25, 1, Elsevier, BV, pp 66–76
OCG (2010) Management of risk, Office of Government Commerce, London.
Go to: www.mor-officialsite.com
OECD (2004) OECD Principles of corporate governance, OECD Publications Service, France. Go to:
www.oecd.org/corporate/ca/corporategovernanceprinciples/31557724.pdf
PETERS, T J and WATERMAN, R H J (1982) In search of excellence, Profile Books, UK (ISBN:
978-1-86197-716-8)
RITTENBERG, L and MARTENS, F (2012) Enterprise risk management. Understanding and
communicating risk appetite, Committee of Sponsoring Organizations of the Treadway Commussion,
USA. Go to: http://tinyurl.com/6str93e
STRATEGIC FORUM FOR CONSTRUCTION (2002) Accelerating Change, Rethinking Contruction,
London (ISBN: 1-89867-128-1). Go to: www.strategicforum.org.uk/pdf/report_sept02.pdf
TURNER, B (1978) Man-made disasters, Wykeham, University of California, USA (ISBN: 978-085109-750-3)
WARD, S, and CHAPMAN, C, (2003) “Transforming project risk management into project
uncertainty management” International Journal of Project Management, vol 21, 2, Elsevier BV, UK,
pp 97–105
WOLSTENHOLME, A (2009) Never waste a good crisis: a review of progress since Rethinking
Construction and thoughts for our future, Constructing Excellence, London.
Go to: www.constructingexcellence.org.uk
YATES, A and SASHEGYI, B (2001) Effective risk allocation in major projects: rhetoric or reality?
A survey on risk allocation in major WA construction projects, Institution of Engineers, Australia &
Chamber of Commerce and Industry of Western Australia (ISBN: 0-85825-824-2).
Go to: www.engineersaustralia.org.au/issues/publications.html
STATUTES
Acts
Housing Grants, Construction and Regeneration Act 1996
Housing Grants, Construction and Regeneration (amendment) 2009
67
Standards
BSI 11000:2010 Collaborative business relationships
ISO 3100:2009 Risk management
ISO Guide 73:2009 Risk management – vocabulary
Directives
Directive 2004/18/EC of the European Parliament and of the Council of 31 March 2004 on the
coordination of procedures for the award of public works contracts, public supply contracts and
public service contracts
68
C747 Engaging with risk
Further reading
ALI, R, HALDANE, A and NAHAI-WILLIAMSON, P (2012) “Speech: Towards a common
financial language”. In: Proc Building a global legal entity identifier framework symposium, 12 March,
New York, Securities Industry and Financial Markets Association, Bank of England, New York.
Go to: www.bankofengland.co.uk/publications/Documents/speeches/2012/speech552.pdf
BLOCKLEY, D (2013) “Analysing uncertainties: Towards comparing Bayesian and interval
probabilities” Mechanical Systems and Signal Processing, vol 37, 1–2, Elsevier BV, UK, pp 30–42
BLOCKLEY, D and GODFREY, P (2000) Doing it differently: systems for rethinking construction, first
edition, Thomas Telford, London (ISBN: 978-0-72772-748-0)
BLOCKLEY, D and GODFREY, P (2007) “Integrating soft and hard risks” Int. J. Risk Assessment
and Management, vol 7, 6–7, Inderscience Publishers, UK, pp 787–803
BREAKWELL, G (2007) The psychology of risk: an introduction, Cambridge University Press,
Cambridge, UK (ISBN: 978-0-52100-445-9)
CONNOLLY, M and RIANOSHEK, R (2002) The communication catalyst, Dearborn Trade
Publishing, Kaplan Professional, USA (ISBN: 978-0-79314-904-9)
GRIMSEY, D and LEWIS, M (2007) “Public private partnerships and public procurement”
Agenda, vol 14, 2, Australian National University, pp 171–188
FENTON, N and NEIL, M (2012) Risk assessment and decision analysis with Bayesian Networks, CRC
Press, UK (ISBN: 978-1-43980-910-5)
HANDY, C (1999) Understanding organizations, fourth edition, Penguin Books, London (ISBN: 9780-14015-603-4)
HMSO (2006) Thinking about risk. Managing your risk appetite: A practitioner’s guide, PU134, HM
Treasury, London (ISBN: 978-1-84532-232-8)
HM TREASURY (2004) The Orange Book. Management of risk – principles and concepts, HM
Treasury, London. Go to: http://tinyurl.com/p4sbdqv
HOFSTEDE, G (1980) Culture’s consequences: international differences in work related values, Sage
Publications, UK (ISBN: 978-0-80391-306-6)
ICE (2014a) Risk and Management of Projects (RAMP), second edition, Faculty of Actuaries and
Institution of Civil Engineers, UK (ISBN: 978-0-72774-157-8).
Go to: www.icebookshop.com/bookshop_main.asp?ISBN=9780727741578
ICE (2014b) Risk management: Institution of Civil Engineers, London.
Go to: www.ice.org.uk/topics/management/ICE-ICES-Management-Panel/Risk-Management
JANSSEN, P H M, PETERSEN, A C, VAN DER SLUIJS, J P, RISBEY, J S and RAVETZ, J R
(2005) “A guidance for assessing and communicating uncertainties” Water Science & Technology ,
vol 52, 6, IWA Publishing, London, pp 125–131
JEPSEN, A L and ESKEROD, P (2009) “Stakeholder analysis in projects: Challenges in using
current guidelines in the real world” International Journal of Project Management, vol 27, 4, Elsevier
BV, UK, pp 335–343
OLTEDAL, S, MOEN, B, KLEMPE, H and RUNDMO, T (2004) Explaining risk perception. An
evaluation of cultural theory, Department of Psychology, Norwegian University of Science and
Technology, Trondheim, Norway (ISBN: 8-27892-025-7).
Go to: www.svt.ntnu.no/psy/Torbjorn.Rundmo/Cultural_theory.pdf
PAGEL, M (2012) “War of words” New Scientist, vol 2894, 8 December, Reed Business Information
Ltd, UK, pp 39–41
69
ROBERTSON, S M and ALLAN, N (2005) “Cultural movement in engineering organizations in
the UK”. In: Proc Engineering management conference 2005, 2005 IEEE International, vol 1, 11–13
September, IEEE International, UK (ISBN: 0-78039-139-X), pp 26–30
SALAS, E, WILSON, K, BURKE, C and WIGHTMAN, D (2006) “Does crew resource
management training work?” Human Factors, vol 48, 2, National Center for Biotechnology
information, USA, pp 392–412
SNOWDEN, D J and BOONE, M E (2007) “A leader’s framework for decision making” Harvard
Business Review, November, Harvard Business Publishing, Harvard Business School, USA.
Go to: http://hbr.org/2007/11/a-leaders-framework-for-decision-making/ar/1
SPIEGELHALTER, D, PEARSON, M and SHORT, I (2011) “Visualizing uncertainty about the
future” Science, vol 333, 6048, American Association for the Advancement of Science (AAAS),
Washington DC, USA, pp 1393–1400
WHITELY, A and WHITELY, J (2007) Core values and organizational change, World Scientific
Publishing Co Pte Ltd, London (ISBN: 978-9-81256-902-8)
WEBSITES
British Standards Institute: www.bsigroup.co.uk
Centre for Advanced Engineering: http://caenz.squarespace.com
Committee of Sponsoring Organisations of the Threadway Commission (COSO) (2014) Guidance
on enterprise risk management: www.coso.org/-erm.htm
Helmsman Institute: www.helmsman-international.com/sites/institute/index.html
Institute of Risk Management (IRM): www.theirm.org
International Centre for Complex Project Management: www.iccpm.com
International Risk Governance Council (IRGC): www.irgc.org
STRATrisk (a site dedicated to understanding and managing strategic risks and associated
opportunities): www.stratrisk.co.uk
Systemic risks: www.systemciconsult.com
70
Core and Associate members
AECOM Ltd
Ministry of Justice
Arup Group Ltd
Morgan Sindall (Infrastructure) Plc
Atkins Consultants Limited
Mott MacDonald Group Ltd
Balfour Beatty Civil Engineering Ltd
Mouchel
BAM Nuttall Ltd
MWH
Black & Veatch Ltd
Network Rail
Buro Happold Engineers Limited
Northumbrian Water Limited
BWB Consulting Ltd
Rail Safety and Standards Board
Cardiff University
Royal HaskoningDHV
Environment Agency
RSK Group Ltd
Galliford Try plc
RWE Npower plc
Gatwick Airport Ltd
Sellafield Ltd
Geotechnical Consulting Group
Severn Trent Water
Golder Associates (Europe) Ltd
Sir Robert McAlpine Ltd
Halcrow Group Limited
SKM Enviros Consulting Ltd
Health & Safety Executive
SLR Consulting Ltd
Heathrow Airport Holdings Ltd
Temple Group Ltd
High Speed Two (HS2)
Thames Water Utilities Ltd
Highways Agency
United Utilities Plc
Homes and Communities Agency
University College London
HR Wallingford Ltd
University of Bradford
Imperial College London
University of Reading
Institution of Civil Engineers
University of Southampton
Lafarge Tarmac
WYG Group (Nottingham Office)
London Underground Ltd
Loughborough University
September 2014
zz
zz
zz
It is a companion to CIRIA SP125 Control of risk: a guide to the
systematic management of risk from construction (Godfrey, 1996), which
provides advice and methods for identifying, assessing, monitoring and
managing risks in an informed and structured manner.
Engaging with risk
Engaging with risk
zz
emphasise the factors that have been shown to enable or constrain
effective risk management
provide direction on a range of techniques in risk management and
their general application
help readers relate these approaches to their particular project
circumstances
encourage appropriate approaches to risk, at all levels of the
organisation, which will help deliver a successful project outcome.
C747
The purpose of this guide is to:
Risk
governance
Risk
complexity
Risk
stakeholders
Risk
connectivity
Risk
culture
Risk
communication
and language
View publication stats
CIRIA
C747
Related documents
Propagation Of Uncertainty In Chemistry Lab Reports
Propagation Of Uncertainty In Chemistry Lab Reports
Summary of Rules for Error Propagation
Summary of Rules for Error Propagation
( ) ( ) 7
( ) ( ) 7
Forecasting - Cal State LA
Forecasting - Cal State LA
Chapter 9 Project Management
Chapter 9 Project Management
Elementary Statistics of Measurement
Elementary Statistics of Measurement
Download