Lec (3) 12/26/2012

1 2
Cairo University
Faculty of Engineering
Risk response strategies

There are four known strategies to deal with project

risks:
RISK MANAGEMENT IN 1. Acceptance

CONSTRUCTION INDUSTRY 2. Avoidance

STRN-421 3. Transfer

4. Mitigation
Dr. Hatem ElBehairy

Lecture (10)

3 4

Response plans Resources and Costs

Response plans requires resources to implement Even if physical materials are not needed, human

You may need: resources will always be required.

Buy materials/suppliers Resources, no matter what they are doing, cost the
Spend time and effort by your own workforce (e.g. contingency company money.
planning), With possible alternative response strategies, costs and
Hire contractors on fixed-price basis, benefits should be evaluated for selection of the most
Purchase insurance. suitable action to take.

1
Lec (3) 12/26/2012

5 6

Resources and Costs: Ex 1 Resources and Costs: Ex 1

Let us consider the risk of late delivery of a constructio The following estimates were made:
material Impact of risk occurrence is $5,000.

Assume the material to be newly introduced to the Probability of risk occurrence is 40%.

market. Cost of avoidance (use the other commonly available material) is

an extra $1,000.
An old and rather common material has been used in
Cost of mitigation (pay a premium for a more reliable supplier) is
past projects, but it costs more.
an extra $3,000

7 8

Resources and Costs: Ex 1 Resources and Costs: Ex 2

Cost of risk occurrence (expected value) is $2,000. Let us consider the risk of Equipment Failure.

Cost of avoidance is $1,000, while cost of mitigation is Assume that adopting a periodic maintenance procedure
$3,000. for owned equipment will reduce chances of failure.

Cost of mitigation exceeds benefit--
rejected. An agreement can be made with an equipment supplier

Cost of avoidance is less then the benefit. to insure availability of equipment at all times (with
immediate replacement in case of failure).
Thus, use the other common material.

2
Lec (3) 12/26/2012

9 10

Resources and Costs: Ex 2 Resources and Costs: Ex 2

The following estimates were made:
Impact of risk occurrence is $40,000.
Probability of risk occurrence is 40%.
Cost of mitigation (through periodic maintenance is an extra
$5,000). In this case chances will become 2%.
Cost of transfer (paying a premium for rental vs. use of own
equipment) is an extra $10,000.
Cost of risk occurrence (expected value) = $16,000.
Cost of mitigation is $5,000.
Cost of transfer is $10,0000.
Cost of mitigation and transfer are both below the benefit

both accepted.
Cost vs. benefit is better in case of mitigation.

Thus, adopt a periodic maintenance procedure.

12

Contingency

There are risks that will be:

Accepted (passively or actively), or

Mitigated so they become with the tolerance level of the risk

contingency owner.

Thus contingences should be established to cover these

risks if they occurred.

3
Lec (3) 12/26/2012

13 14

Contingency Unknown / unpredictable risks

Different terms are used to represent the contingency In any project, there is also possibility of unknown /
values unpredictable risks that are:
Time contingency & cost contingency. Not recognized during the identification stage, and/or

Time buffer & cost Buffer. Not planned for during the risk response planning.

Contingency reserve. Think of the external risks that could take place in the
business environment, while you had no clue they could
ever occur.

15

Management reserves

You have also to account for unknown / unpredictable

risks.

Management reserves are used to depict the value put

aside to deal with such risks. Risk Plan
Sometimes, the term contingency reserve is used to
imply both the contingency and management reserve
put together.

4
Lec (3) 12/26/2012

17 18

Risk plan (as a document) Risk register

This documents typically contains the following: Called also risk lo.
Purpose, definitions and methodology. Think of a database with records, each corresponding to
Roles and responsibilities. an identified risk.
Contingency.
The question is what kind of info to associate with each
Risk register.
identified risk.
Tracking system.

Reporting.

19 20

Risk register Risk register

The risk register typically contains the following: Expected value (risk score)

Risk ID number Response strategy (including contingency plan reference).

Risk name and description Resources needed to implement the strategy/plan.

Risk category Any information needed to track and monitor the risk throughout
the project.
Risk triggers

Risk originator

Risk owner

Probability

Impact

5
Lec (3) 12/26/2012

21 22

Risk register example Risk register example

An illustration for a given risk: Probability: 40%

Risk ID number: 029 Impact: $20,000
Risk name and description: mechanical vendor delays.
Expected value (risk score): $80,000
Risk category: market risks.
Response strategy: mitigation (pre-qualification) &
Risk triggers: market instability, unsatisfactory onsite inspections,
transfer (performance bond).
missed dates for interim deliverables.

Risk originator: vendor for mechanical supplies. Resources needed: personnel and procedures for

Risk owner: procurement specialist for electromechanical works.

vendor selection and on-site inspection.

24

Risk monitoring & control

Monitoring the project environment (for risk triggers)

Monitoring / reviewing the status of identified risks

Identifying new risks.

Risk monitoring and control Responding to risks as they occur

Ensuring that risk polices and procedures are followed.

Evaluating risk response plans as they are put into

action

Take corrective action as necessary.

6
Lec (3) 12/26/2012

25 26

Implementing contingency/response plan Implementing contingency/response plan

Steps of implementation: 5. Approval process for expenditures is done (if plan requires money
to implement).
1. Risk owners notifies the project manager (PM) of the risk event or
risk trigger. 6. Resources are assigned in preparation for the risk response.

2. PM and risk owner together agree that the response plan should 7. Response plan is implemented.

be put into action. 8. Risk owner monitors the effectiveness of the response plan and

3. Response plan is reexamined to assure the suitability of the risk reports status at project meetings.

response strategy. 9. Risk owner and PM document results of the risk event and the

4. If needed, a meeting of the project team and stakeholders is called response plan for the benefit of future projects.

to review the risk event and response plan prior to implementing. 10.

27 28

Responding to unknown risks Workarounds

Projects have unknown/unpredictable risks, for which
response plans do not exist.
In this case, response plans which are called
workarounds- are devised as the unpredictable risks
materialize.
This term is used to imply:
Unplanned response to risks that were unknown/unidentified
during the risk identification process.
Unplanned response to risks that were passively accepted.
Workarounds are similar to contingency plans, expect
that they are devised and implemented as the
risk/problem is recognized.

7
Lec (3) 12/26/2012

30

What is risk audit

A risk audit is a review performed to examine the

effectiveness of:
Projects risk management planning, and

Risk Audits Risk response plans.

Think of risk audits as a means to define the lessons

learned

31 32

When to perform a Risk Audit What to examine in a Risk audit?

A risk audit is performed at the end of a project. Completeness of the risk management plan.

Success of the risk identification process.

Further, for medium and large projects, risk audits may
be performed at major milestones throughout the project. Level of accuracy of probability and impact scores.

Performance of the risk owners.

Identification and monitoring of risk triggers.

Effectiveness of the risk response strategies.

Budget allocated for risks.

Contingency plans.

Recommendations for future risk plans.

8
Lec (3) 12/26/2012

33

Risk mitigation

A systematic reduction in the extent of exposure to

a risk and/or the likelihood of its occurrence. Also called risk
reduction.
Definition: Risk mitigation planning is the process of
developing options and actions to enhance opportunities and
reduce threats to project objectives . Risk mitigation
implementation is the process of executing risk mitigation
actions. Risk mitigation progress monitoring includes tracking
identified risks, identifying new risks, and evaluating risk
process effectiveness throughout the project .