Anda di halaman 1dari 14

International Journal of Project Management 19 (2001) 147±160

The controlling in¯uences on e€ective risk identi®cation and

assessment for construction design management
Robert J. Chapman
Capro Consulting Limited, Sea Containers House, 20 Upper Ground, SE1 9LZ, London, UK

Received 11 May 1999; received in revised form 28 September 1999; accepted 7 October 1999

Project risk management (PRM) can provide a decisive competitive advantage to building sponsors. For those sponsors who take
risks consciously, anticipate adverse changes, protect themselves from unexpected events and gain expertise to price risk, gain a
leading edge. However, the realisation of this commercial advantage on design-intensive multi-disciplinary capital projects hinges to
a large extent on the approach to the initial identi®cation of risk. The very way the identi®cation process is conducted will have a
direct in¯uence on the contribution that risk analysis and management makes to the overall project management of construction
projects. This paper examines the steps involved in conducting the identi®cation and assessment process and how they may in¯u-
ence the e€ectiveness of risk analysis. A series of issues are examined in turn, which are considered to have a direct bearing on the
quality of the identi®cation and assessment process. By focusing on these issues, our understanding of the contribution that risk
management makes to improving project performance may be enhanced. # 2001 Elsevier Science Ltd and IPMA. All rights
Keywords: Risk identi®cation; Risk assessment; Risk analysis; Design process

1. Introduction identi®cation and assessment in turn, so that their con-

tribution may be better understood.
The literature, in the main, implies that there has been
a tendency for the approach to Project risk management
(PRM), to be overly prescriptive and mechanistic. In 2. Setting risk identi®cation and assessment in context
addition that there has been undue emphasis on the
techniques of the process rather than focusing on the The overall process of project risk analysis and man-
most crucial areas of the overall process, identi®cation agement may be described in simple terms as being
and assessment [1]. While it may be obvious that the composed of two stages, risk analysis and risk manage-
quality of the outputs from a quantitative analysis are ment, as illustrated in the risk breakdown structure
largely dependent on the identi®cation and assessment (RBS) included in Fig. 1. The ®gure provides a readily
process, prescriptive methods underplay the importance assimilated subdivision of the tasks to be undertaken.
of this initial sub-stage. Unidenti®ed and therefore Thompson and Perry [2] adopted this two-stage sub-
unmanaged risks are clearly unchecked threats to a division in their model of the stages of risk analysis and
project's objectives, which may lead to signi®cant over- management, which they advise has proved acceptable
runs. Should the circumstances be so extreme, then the to a wide range of experienced practitioners. It was also
failure of a single project may be seriously damaging to incorporated in the series of publications produced by the
the ®nancial status of a company. The degree to which CCTA which includes Introduction to the Management of
the identi®cation process will in¯uence the e€ectiveness Risk [3] and within an article entitled Specialising in risks
of risk management and its contribution to the overall [4]. The risk analysis stage of the PRM process may be
project management of any particular project, is dependent considered to be divided into two sub-stages: a qualitative
on the way the steps of the process are implemented. analysis sub-stage that focuses on identi®cation together
The purpose of this paper is to review the steps of with the assessment of risk, and a quantitative analysis
0263-7863/01/$20.00 # 2001 Elsevier Science Ltd and IPMA. All rights reserved.
PII: S0263-7863(99)00070-8
148 R.J. Chapman / International Journal of Project Management 19 (2001) 147±160

Fig. 1. Risk breakdown structure.

R.J. Chapman / International Journal of Project Management 19 (2001) 147±160 149

sub-stage that focuses on the evaluation of risk. The risk is necessary to revisit earlier steps, test decisions and
management phase is concerned with the monitoring of assumptions and make revisions as appropriate.
the actual progress of the project and the associated risk
management plans. It speci®cally involves identifying, 4.1. Step 1: knowledge-acquisition
implementing and tracking the e€ectiveness of the
planned responses, reviewing any changes in priority of The ®rst step involves knowledge-acquisition. That is,
response management and monitoring the status of the ®rst and foremost, understanding what the project
risks. While the activities are the same, more recently objectives are, which are commonly time, cost and
the process is described as being composed of a series of quality. To understand the threats to these objectives
phases which commence in a staggered pattern subse- (or project parameters), it is fundamental to examine
quently running in parallel and conducted in an iterative the brief, programme, cost plan and quality statement.
cycle, as described in the PRAM Guide [5] and Chapman Where it is identi®ed that there are inconsistencies
and Ward [6]. between the activities recorded in the programme and
the cost plan, then these must be remedied. To under-
stand the information supplied, it may be necessary to
3. Scope and plan decompose the project into a set of component activities
(or sub-system tasks) and to document what is involved
Prior to embarking on any PRM study, it is necessary to in each. If a work breakdown structure (WBS) has not
de®ne the PRM scope and to plan its implementation in been compiled, then at this juncture the activities should
operational terms as if it were a project in its own right. be coded. Every time an activity is referred to in a project
The aim is to provide a clear unambiguous shared under- document, it is accompanied by its identifying code. The
standing of the process that will be implemented. The rationale for implementing this coding system is to
tasks required to accomplish this aim are the production ensure clear communication. This breakdown should be
of a scope document and a plan document. The scope based, when appropriate, on the Common Arrangement
document identi®es information such as who is under- of work sections published by the Co-ordinating Com-
taking the analysis for whom, the reason for the formal mittee for Project Information [7], the bene®ts of which
project risk analysis and management process, the are clearly set out in the CCPI guide. In addition, where
desired bene®ts and the overall project objectives. This it is transparent that any of these key documents are
is a critical document as it will be a benchmark against incomplete, project management activities must be
which the deliverables will be judged. The plan docu- undertaken to ®ll the gaps. This can be particularly
ment addresses the resources to be used, the time frame, time-consuming. Moreover, it is necessary to review: the
the models and techniques to be employed, the software project execution plan (if one exists), the sequence of
to be used, the way in which the results will be recorded design activities (compare with the RIBA Plan of Work
and the con®dence levels that will be shown. Once these [8]) and the procurement route to be followed. The
documents are prepared, signed-o€ by the client and thoroughness with which this task is undertaken will
disseminated, the PRM process can be commenced. directly in¯uence the risk analyst's ability to assess
whether all of the principle project areas have been
covered during the Identi®cation step.
4. The process of risk identi®cation and assessment for
design projects 4.2. Step 2: selection of the representatives of the core
design team
The two principle approaches to risk identi®cation
and assessment, are semi-structured interviews con- The second step is the selection of the ``core design
ducted with individual design team members in turn and team'' or principal designers from the project team who
the risk analyst leading a working group. Whichever are to participate in the identi®cation and assessment of
approach is adopted, it will be necessary to put into e€ect the risks facing the project. These are the essential per-
a series of incremental steps including, knowledge acquisi- sonnel upon whom the progress of the design would
tion, selection of the representatives of the core design team, ultimately depend and who have a full-time committed
presentation of the process to the core design team, identi®- role throughout the project life cycle. These personnel
cation, encoding and veri®cation. While these steps are would include the senior representative of each design
numbered below for ease of reference, the approach discipline such as the architect, landscape architect,
adopted will vary for each project to suit its particular structural engineer, mechanical and electrical engineers,
circumstances and it may be appropriate to omit a step, together with the project manager and quantity surveyor.
combine steps or introduce additional ones. In addition, It is essential that all the design disciplines are repre-
like design itself, risk analysis can be a highly iterative sented otherwise there is potential for critical risk areas
process; whereas more information becomes available, it to be overlooked. Hence, on large complex projects it is
150 R.J. Chapman / International Journal of Project Management 19 (2001) 147±160

common to include the ``second tier design team'' or medium, low and very low. Against these ®ve classes
specialist designers, such as the geotechnical engineer, must be allocated a likelihood of occurrence and an
arboralist, acoustician, ®re engineer, environmentalist impact, as shown in Table 1. The time and cost increments
and interior designer. selected to match the scales of severity must be tailored
speci®cally to the project priorities. An assessment must
4.3. Step 3: presentation of the process to the core be made of the criticality of late completion (e.g. the
design team project completion date linked to the expiry of a lease)
and project overspend (e.g. a speci®c limit set on the size
The analyst describes the thinking behind the of the development loan).
approach and encourages the airing of any doubts or
scepticism among the core team that can be laid to rest 4.3.2. Step 3 process: comprehension of probability
and encourage participation in and adoption of the distributions
process [9]. Ecient management of building projects Where the intention is to follow the qualitative sub-
demands clear e€ective communication and if risk ana- stage with quantitative analysis, the assessment of the
lysis and management is to be used as a tool to assist the impact of any risk must re¯ect how the risk would occur
management of projects, then it must itself be clearly in reality. This in turn will have a direct bearing on the
communicated and understood. cost and time information that will need to be collected
The aim of this third step is for the risk analyst to to feed into representative probability distributions. As
clearly communicate the: a consequence, the Presentation Step should include a
description of what probability distributions are, the
. objectives of the risk management process; circumstances under which particular distributions
. the question the risk assessment is required to would be used and the data required to construct them.
answer (de®nition of scope); Seven of the most commonly used distributions are tri-
. potential bene®ts; angle, trigen (available in @ Risk) uniform (also known
. timeframe; as rectangular), general, normal (also known as Gaus-
. steps involved; sian) discrete and pert. All the distributions permit
. participation required of the core design team/sec- modelling using limited parameters, when historical
ond tier design team; data is not available.
. deliverables (such as, risk register and cumulative
frequency curve); 4.3.3. Step 3 process: comprehension of conditioning
. de®nition of the measures of impact and prob- A further component of the Presentation Step is to
ability; minimise cultural di€erences between the team members
. construction of the PI ``scoring'' grid; and to increase their awareness of the in¯uence of
. allocation of risk owners; potential biases on their judgement of the magnitude of
. how the responses are to be de®ned and managed risks facing the project. Historical records are com-
and monly limited and in consequence data collected from
. conditioning. the core team will, mainly be composed of subjective
judgements. Tversky and Kahneman [10] have demon-
The active participation and commitment of the pro- strated that these judgements are arrived at by reliance
ject team to the overall risk management process has a on a limited number of inference rules known as heur-
signi®cant in¯uence on its success and hence the bene®ts istics, which are employed to reduce dicult mental
must be emphasised and repeated as appropriate. tasks such as assessing probabilities and likely impacts,
to simpler ones. They go onto to say that these heur-
4.3.1. Step 3 process: constructing measurement criteria istics sometimes lead to severe and systematic errors
A key component of the Presentation Step is to elicit with serious implications for decision makers. This
from the core team or obtain con®rmation of acceptance unreliability is the result of the heuristics generating
of proposed measures of the likelihood of occurrence biases in the minds of the individual core team members;
and impact, to ensure consistency of assessment. Without however, for risk analysis and management to aid
these measures, any assessment would be seriously e€ective decision making the data collected must be as
impaired. By the application of these measures together reliable as possible. The core team must be helped to
with a probability/impact (PI) matrix, risks can be confront their biases.
scored so that attention can be focused on those risks
that have the greatest potential to jeopardise a project. 4.4. Step 4: identi®cation
When dealing with subjective assessments in the con-
struction industry, team members appear to be more The third step in assessing risk involves identifying as
comfortable with ®ve classes of risk, i.e. very high, high, exhaustively as practicable, the risks associated with
R.J. Chapman / International Journal of Project Management 19 (2001) 147±160 151

Table 1
Measures of probability and impact

Scale Probability Mid-value Impact

Time Cost Performance

Very high >70% 85% >15 weeks > £20m Project does not satisfy business objectives
High 51±70% 60% 10±15 weeks £5m±£20m Major shortfall in satisfaction of the brief
Medium 31±50% 40% 5±10 weeks £0.5m±£5m Minor shortfall in brief
Low 10±30% 20% 1±5 weeks £0.1m±£0.5m Failure to meet speci®cation clauses
Very low <10% 5% <1 weeks < £0.1m Failure to meet speci®cation clause

each activity and documenting what is involved. Most core design team'' is critical to ensuring identi®cation is
authors claim it is important to understand exactly what as penetrating and complete as possible.
is meant by risk before it can be managed. There are
numerous de®nitions of risk which attempt to draw 4.4.1. Step 4 process: comprehension of the
together into one de®nition the likelihood of occurrence characteristics of the design process
and the degree of impact of a negative event adversely The characteristics of the design process include its
a€ecting an activity. These de®nitions appear to have highly iterative nature, the use of primary generators (a
changed little over the last twenty years. The de®nition relatively simple idea to test solutions), the sequence and
by Wideman [11] which follows is appealing, for he content of the common design stages, the sequencing of
places risk in the context of project management. He the exchange of information, the impact of external
de®nes project risk ``as the chance of certain occurrences agencies and the management of client changes to the
adversely a€ecting project objectives''. However, this brief. The team's understanding of these issues will
de®nition ignores positive outcomes. The de®nition of determine their comprehension of the risks which may
risk adopted here is ``an event, which should it occur, erode their ability to keep the four main components
would have a positive or negative e€ect on the achieve- (see Fig. 2) of the design process Ð ``the four Ts''
ment of a project's objectives''. This de®nition deliberately (Team, Targets [or objectives], Tactics [or controls] and
excludes any reference to the term uncertainty which is Tasks) in balance for the achievement of a project's
considered here to be distinct from risk. The terms are objectives. (The RIBA Plan of Work can be re-de®ned
not considered to be synonymous as some authors state, using those component descriptions as illustrated in
and hence are not used interchangeably. The term Table 2). Accomplishing this balance has been histori-
uncertainty is adopted here to describe the lack of cer- cally proved dicult to accomplish, as reported in the
tainty over the quantum of an activity which is con- literature, for design management is highly exposed to
sidered certain to take place. An example would be the risk and uncertainty, regardless of the size of the project,
length of time required to obtain a planning decision Ð building type or construction value.
the activity is certain but the duration is uncertain.
The literature states that all risks should be con- 4.4.2. Step 4 process: comprehension of the sources of
sidered at the outset. Identi®cation is considered by design risk
many to be the most important element of the complete Past performance of construction projects demonstrates
process, as once a risk has been identi®ed it is possible that risks have proved dicult to manage with the result
to take action to address it. This issue is acknowledged that projects have not met their stated objectives. This
or stressed by, Cooper and Chapman [12], CCTA [13], diculty emanates from the exposure of design to
CCTA [14], Perry et al. [15] and Hertz and Thomas [16]. diverse sources of risk and uncertainty similar to the
The success of the identi®cation process, , to a large Information Systems/Technology industry. For instance,
degree, will be dependent on the design team's in depth the risks described within the CCTA publication
knowledge of the design process and the sources of risk. ``Management of Project Risk'' [14] can be directly
Their understanding will be in¯uenced by their profes- translated into design risks, as follows:
sional training together with their length of exposure to
the construction industry, the role occupied, the level of . diculty in capturing and specifying the user
responsibility held, the number of designs seen through requirements;
from start to ®nish, the materials deployed, the archi- . volatile and innovative nature of the environment;
tectural ``styles'' adopted and the building types . diculty of estimating the time and resources
involved in. Direct experience of projects will in¯uence required to complete the design;
the team's knowledge of the characteristics of the process. . diculty of sequencing the exchange of informa-
Hence, Step 2 ``selection of the representatives of the tion required to match the iterative design process;
152 R.J. Chapman / International Journal of Project Management 19 (2001) 147±160

Fig. 2. Four main components of the design process.

. frequent reliance on the specialist skills of sub- internal (non-technical), technical and legal. British
contractors; Standard 6079 [18] considers that risks or adverse events
. diculty of measuring progress during the devel- generally fall into one of the following ®ve categories:
opment of the design; technological, political, managerial, sociological and
. enormous choice of materials of varying cost, col- ®nancial. Raftery [19] considers that there are three sepa-
our, durability, maintainability, and aesthetic rate areas of risk: risks internal to the project, risks external
appeal; to the project, and the client/the project/project team and
. variety of working practices between disciplines project documentation. Conroy and Soltan [20] refer to
and design practices; four categories of risk, namely human failings, organisa-
. fragmentation of the industry; tional failings, design group failings and design process
. number of external agencies that have to be con- failings. Perry [21] describes sixteen sources of risk, ®ve of
sulted or complied with; which relate to construction and three to ®nance issues.
. volume of standards and codes of practice to be One possible way of understanding and structuring
consulted or complied with. the risks facing a project is to combine the holistic
approach of general systems theory with the discipline
From this list it would appear that design is bom- of a work breakdown structure as a framework [22].
barded by risk from all directions making it dicult to General systems theory is a useful vehicle for the exam-
grasp the primary sources of risk. Authors are clearly ination of the management of projects as its approach
undecided on how to categorise the source of risk. to the examination of complex processes enables the
While there might be similarities between the categories interrelationships of the parts and their in¯uence on the
proposed, there is no common consensus. Flanagan and total process to be better understood and improved. A
Norman [17] de®ne the sources of risk as a risk hierarchy project can be viewed as a ``sub-system'' of a client's
composed of four ``layers'': the environment, the market ``system'', which in turn is a ``sub-system'' of the industry
or industry, the company and the project/individual. within which the client operates all enveloped in an
Wideman [11] has compiled a risk identi®cation break- environment known as the ``external system''. These
down structure as a framework of the major sources of four elements can be adopted as the major components
risk which is subdivided into ®ve classi®cations of risk: of a risk identi®cation breakdown structure. Such a
external unpredictable, external predictable but uncertain, breakdown structure is included in Fig. 3.
Table 2
Modi®ed RIBA plan of work

Inception Feasibility Sketch Plan Scheme Design Production Information

Team Agree consultant's form Assemble nucleus team. Assemble design team. Establish Establish roles and responsibilities Identify need for any specialist
of appointment. Agree Establish roles and roles and responsibilities for this for this stage. Agree programme design support
team composition responsibilities for this stage
Targets Establish project objectives. Restate project objects Establish user expectations.Develop Complet e any outstanding user Agree quality standards
Clarify initial statement of and review attainability. brief and conduct studies studies
requirements. Discuss Commence development of
quality parameters the brief and conduct studies
Tactics (controls) Establish ®nancial limit. Prepare programme State Prepare outline cost plan. Update Prepare ®nal cost plan Consider insurance. Agree contract
Examine time parameters cost range programme particulars
Tasks Make initial site visit. Site inspection. Examine Produce diagram matic analysis Prepare full scheme design Prepare production information
Obtain OS map accommodation requirements and try out solutions
against site
Assemble details of those Assemble data for feasibility Prepare outline scheme indicating Prepare presentation drawings Prepare documentation in a format
to be consulted to develop report main spaces and uses to suit selected procurement process
the brief in subsequent
Review planning status. Make outline planning Discuss scheme with Local Authority Make planning application Ensure design re¯ects planning
Make enquiries with LA application as appropriate conditions
Prepare report, present and Prepare report including Prepare report, present and discuss Prepare report including outcome Complete Building Regulati on
discuss outcome of application, of application, present and discuss. application. Obtain necessary
present and discuss Freeze design approvals
R.J. Chapman / International Journal of Project Management 19 (2001) 147±160
154 R.J. Chapman / International Journal of Project Management 19 (2001) 147±160

Fig. 3. Risk identi®cation breakdown structure.

R.J. Chapman / International Journal of Project Management 19 (2001) 147±160 155

4.4.3. Step 4 process: comprehension of controllable and be negative or positive. Coecients are used to describe
uncontrollable risks correlation and range from ÿ1 to +1. A value of 1
Controllable (endogenous) risks are those risks over indicates a complete positive correlation between the
which, in part, a project manager has direct control, two variables, a value of ÿ1 indicates a negative corre-
whereas uncontrollable (exogenous) risks (predominately lation. A value of 0 indicates that there is no correlation
emanating from the environment) are those which he between the variables, they are independent. The
cannot in¯uence. However, it is normally possible to understanding of risk relationships and groupings is
reduce the degree of exposure to such risks. A limited often aided by representing them in the form of pre-
number of examples of these types of risks are included cedence, in¯uence diagrams or ¯ow charts which can be
in Table 3. appended to the risk log. With the aid of the allocation
of unique numbers to causes and resultant risks, the log
4.4.4. Step 4 process: comprehension of cause, risk and and illustration of the relationships, can be readily read
outcome together. Included in Fig. 4 is a graphical representation
When identifying risks it is important to ensure that of the basic relationship pattern of ®ve risks drawn from
the participants in the risk identi®cation process remain a hypothetical rail infrastructure project, together with
focused on the distinction between risks and their their respective causes. The ®gure shows that a risk may
potential e€ect or outcome. Perry [21] and the HM have multiple causes and be correlated to other risks.
Treasury Procurement Guidance note No. 2 [23] refer to
the importance of the distinction between risks and their 4.4.6. Step 4 process: comprehension of risks in series
e€ects without stating why it is important. In simple and parallel
terms the distinction is important as it prevents the risk The terminology of series and parallel is borrowed
log becoming a confused mixture of risks and e€ects, from the description of the di€erent ways of arranging
making the response process particularly dicult, if not electrical circuits described within the science of physics.
impossible. For instance, where a risk has been recorded The term series refers to say bulbs connected in a row,
as ``programme overrun'' it is dicult to think through one after another. Should one bulb fail, it will break the
a response without knowing what the risk nominee circuit. The term parallel refers to the parallel lines of a
thought would trigger the delay. ``Programme overrun'' circuit. A parallel circuit allows separate lights to be
is the e€ect or outcome, not the risk itself. Each risk will switched on and o€ without a€ecting the others. This
have one or more causes and it is important that these terminology is used to de®ne the characteristics of risks
are recorded alongside the risks within the risk register, which are decided not only by their own features, but
as intimated in the RAMP approach [24], to facilitate also by other risks occurring on the same project.
the identi®cation of responses. Included above are Commonly risks mutually a€ect, magnify or diminish
examples of causes, risks and their e€ects relating to each other. This kind of mutual in¯uence among risks
cost, programme and business case. Each risk is given a on a project is de®ned as the risk relationship [25].
unique identi®cation number and each cause is given a Comprehension of and a study of the relationship
reference which combines its own unique number together between the risks on a project are fundamental to
with the risk to which it is attached. Hence, C1/R1 implementing PRM. The two main classi®cations of risk
represents Cause 1 pertaining to Risk 1 (see Table 4). relationships are dependent risks in series and indepen-
dent risks in parallel. Risks occurring in series, describes
4.4.5. Step 4 process: comprehension of correlation the situation where one risk event generates another risk
Correlation is a quantitative measurement of the strength event in a continuous sequential action. In other words,
of a relationship between two variables. Correlation may risk event B is dependent on the occurrence of risk A. If
risk A occurs, then risk B occurs directly as a result of
Table 3 A. If risk A does not occur, then risk B de®nitely does
Controllable and uncontrollable risks not occur (see Table 5). Risks occurring in parallel,
describes the situation where several risk events occur at
Controllable Uncontrollable
the same time. Where three risk events have been iden-
Late planning submission Planning conditions imposed on ti®ed, which will occur at the same time and have an
the design impact on the same programme activity; then it is the
Lack of change control Designer going into receivership
risk which will have the largest negative e€ect, that is
Lack of design co-ordination In¯ation considered in any probabilistic analysis (see Fig. 5). For
Late commissioning of Taxation example, where the risks of changes in legislation, late
sub-contractors drawings Client changes to brief and design rework to realign
Late completion of design Late completion of infrastructure design to cost plan have been identi®ed against a pro-
drawings by others
Production information errors Changes in legislation
gramme activity called ``production information'' and
the risk of design rework to realign design to cost plan is
156 R.J. Chapman / International Journal of Project Management 19 (2001) 147±160

Table 4
Distinction between cause, risk and e€ect

Cause Risk (direct impact on cost, E€ect

programme or business case)

C1/R1 LA Planning Gain requirements exceed R1 Increase in project scope Increase in project costs (design and
expectations construction)
C1/R2 Proposed design not kept within cost plan R2 Extensive design rework Failure to meet design programme
C1/R3 Signalling incompatibility R3 Desired train frequency not Failure to meet business case

Fig. 4. Risk relationships.

Table 5
Representing risks in series, in a model


Risk ID Risk occurs Time (weeks) Distribution Calculation Outcome

Min Most likely Max

1 Risk A = RiskDiscrete ({0, 1},{50, 50}) 10 11 12 = RiskTriang (10, 11, 12) = RiskTriang (10, 11, 12)B1 = G1+G2
2 Risk B Depends on risk A 3 4 5 = RiskTriang (3, 4, 5) = IF(G1 = 0, 0, F2)a
``IF'' equations are constructed from three components-some logical test, a value for the test if true and a value for the test if false. In this
instance the logical test is if risk A equals zero (i.e. risk A does not occur), then the value for the test is 0; however, if risk A materials, the value for
the test when false is Risk Triang for risk B.

assessed as having the highest probability and impact, on the programme would not be greater than the impact
then it is this dominant risk which is incorporated into identi®ed for design rework to realign design to cost plan.
any assessment of the risks in combination. If one or In this example the dominant risk is represented by a
both of the other risks materialised at the same time, triangular distribution.
their impact would be absorbed within the programme
prolongation caused by the risk Ð design rework to 4.4.7. Step 4 process: modelling risks in series
realign design to cost plan. If one of the other risks When collecting data during the identi®cation and
materialised on its own, from the assessment, its impact assessment stages, it is important to uncover and record
R.J. Chapman / International Journal of Project Management 19 (2001) 147±160 157

the relationships between the risks for evaluation of the 4.4.9. Step 4 process: determining multiple permutations
risks in combination at some later date. Risk dependency, using probability theory
where the occurrence of risk B is entirely dependent on Probability theory can be applied to determining the
the occurrence of risk A (as discussed above), can be likelihood of di€erent combinations of events (in series)
represented by ``IF'' equations within risk models which using ``tree diagrams'' also known as decision trees. In
are Microsoft Excel based, as illustrated in Table 5. the example included in Fig. 7, dependent risks are
examined arising from the risk of changes in legislation.
4.4.8. Step 4 process: modelling risks where they occur As you progressively move through the tree (working
in series and parallel together from left to right) the risks become less likely and hence
In the section above, the occurrence of risks in series the probabilities are multiplied together. It can be seen,
and parallel were described (i.e. risks occurring in series, for instance, that the likelihood of having to make
describes the situation where one risk event generates alterations to the ``structural engineering'' is only 3.6%
another risk event in a continuous sequential action and arising from a 20% chance of having to make ``fabric
risks occurring in parallel, describes the situation where alterations'' and a 90% chance of having to make
several risk events occur at the same time). On live pro- ``changes to the juxtaposition of spaces''.
jects it is common for risks to be identi®ed as potentially
arising in a combination of these patterns. In the example 4.4.10. Step 4 process: comprehension of identi®cation
included in Fig. 6, one risk may be followed by one of techniques
three risks. This situation can be represented in risk There are several techniques available for risk identi-
models that are Microsoft Excel based, by a combina- ®cation. (These techniques may also be described as
tion of ``IF'' functions and ``MAX'' functions illustrated methods or procedures.) The two techniques most
in Table 6. The MAX function selects the largest value commonly used are structured one-to-one interviews
from the list of cell references it is instructed to examine. and brainstorming. The Nominal Group and Delphi
techniques are less frequently employed. All of these
techniques may be implemented with the aid of support
``tools''. These may include check/prompt lists, in¯u-
ence diagrams, system dynamic models (see Chapman
[26]), repertory grids and activity schedules. Each of
these techniques and support tools is described in out-
line below. A fuller appraisal of the di€erent techniques
is provided in Chapman [27].

. Semi-structured one-to-one interview technique:

This technique is an interactive dialogue aid for
eliciting risks directly from the interviewee. Expert
knowledge, however, is not easily captured and
requires an e€ective method for drawing it out.
The process is time-consuming and due to com-
mercial pressures normally present during risk
Fig. 5. Risks in parallel.
analysis assignments, the risk study must be care-
fully managed to optimise the time invested in
each stage. There are a series of problems that are
commonly encountered which must be addressed if
the interview process is to be productive. Similar
problems have been described by those constructing
expert systems and refer to the specialist being
misunderstood, the specialist's explanations wan-
dering, interruptions, false information being
given, biased questions asked by the interviewer
and inaccurate representation of the information
gained. These issues must be addressed during the
risk analysis and management process.
. Brainstorming technique: The brainstorming process,
borrowed from business management and not
speci®cally created for risk management, involves
Fig. 6. Risks in series and parallel. rede®ning the problem, generating ideas, ®nding
158 R.J. Chapman / International Journal of Project Management 19 (2001) 147±160

Table 6
Representing risks in series in a modela


Risk ID Risk occurs Time (weeks) Distribution Calculation Outcome

Min Most likely Max

1 RiskA = RiskDiscrete ({0, 1}, {80, 20}) 10 11 12 = RiskTriang (10, 11, 12) = RiskTriang (10, 11, 12)B1 = G1 + IF
(G1 = 0, 0, G5)
2 RiskB = RiskDiscrete ({0, 1}, {95, 5}) 12 20 = RiskUniform (12, 20) = RiskUniform (12, 20)B2
3 RiskC = RiskDiscrete ({0, 1}, {80, 20}) 12 14 = RiskUniform (12,14) = RiskUniform (12, 14)B3
4 RiskD = RiskDiscrete ({0, 1}, {50, 50}) 2 4 = RiskUniform (2,4) = RiskUniform (2, 4)B4
5 = MAX(G2, G3, G4)
RA: Unexpected signi®cant change in user requirements/brief; RB: Comprehensive redesign and new planning application required; RC: Major
redesign and new planning application required; RD: Minor redesign and revision to planning proposal through delegated powers.

Fig. 7. Tree diagram for risk ``changes in legislation.''.

possible solutions, developing selected feasible standing as the more senior panel members tend to
solutions and conducting evaluation. Originated indirectly discourage ``free-wheeling''.
by Osborn [28] in the early 1950s, brainstorming . The NGT technique: The Nominal Group Technique
was proposed as a problem solving method which (NGT) was developed by Delbecq et al. [29] in
would produce a much larger quantity of ideas in 1968. It was derived from social-psychological
less time than existing group problem solving studies of decision conferences, management-
techniques. In the third revised edition of his text science studies of aggregating group judgements
entitled ``Applied Imagination'', originally issued and social work studies. Delbecq et al. [30]
in 1953, Osborn argues the e€ectiveness of brain- describe the operation of the NGT method as
storming is derived from two essential compo- commencing with the group members (between
nents. These are succinctly described by Johnson seven and ten) without discussion, writing ideas
[23] as (1) group thinking is more productive than related to the problem down on a pad of paper.
individual thinking and (2) the avoidance of criti- After ®ve to ten minutes each individual in turn
cism improves the production of ideas. Osborn brie¯y presents one of the ideas. These are recorded
states that based on experience the optimum size on a ¯ip chart in full view of the group members.
of a brainstorming group is twelve and that the Round-robin listing continues until all members
ideal panel should consist of a leader, an associate indicate that they have no more ideas. Discussion
leader, about ®ve regular or ``core'' members and does not take place until all the ideas are recorded.
about ®ve guests. It has been found that a panel Then each one is discussed. Finally each individual
should be composed of people of the same rank or writes down their evaluation of the most serious
R.J. Chapman / International Journal of Project Management 19 (2001) 147±160 159

risks, by rank ordering or rating. Then these are veri®cation where the analyst asks the core team member
mathematically aggregated to yield a group decision. if he feels that the results are consistent across one stage
. The Delphi technique: Delphi is perhaps the best- of the elicitation process; for instance if two di€erent
known method of using group judgements in risks have approximately the same probabilities of
forecasting. It was developed at the RAND Cor- occurrence, the analyst will ask the expert if he feels this
poration by Dalkey, Helmer and others primarily re¯ects his view of the risks. Having obtained the results
for technological forecasting, but has seen a wide the analyst asks the design team members whether they
variety of applications. The Delphi Technique is a give a fair view of the consequences Ð that is, do they
method for the systematic collection and collation compare with their own ideas about consequences. This
of judgements from isolated anonymous respon- is quite easily done and if discrepancies do occur then
dents on a particular topic, through a set of carefully they can be traced back to the base data. Veri®cation
designed sequential questionnaires interspersed with using the ®nal results can be conducted by providing
summarised information and feedback of opinions, risk maps for each design stage which have been com-
derived from earlier responses. The basic principles pleted to show the top ten risks identi®ed for each stage.
of the multistage method are the elimination of Each map will illustrate the assessment made for each
direct social contact providing unattributed con- risk in terms of likelihood of occurrence and impact.
tributions, the provision of feedback and the The design team members are requested to compare the
opportunity for the revision of opinions. The par- maps to see if the degree of exposure described actually
ticipants are asked individually, usually by mailed re¯ects their thinking. The least and most exposed
questionnaires but more recently by interactive stages are examined to see if there is common accep-
computer contact, for their estimates of the vari- tance of the assessment.
ables in question. These are then collated and
summarised in such a way as to conceal the origin
of individual estimates. The results are then circu- 5. Summary
lated and the participants are asked if they wish to
revise their earlier forecasts. These rounds can The steps of the overall process were described as:
continue until the estimates stabilise, though in knowledge acquisition, selection of the core design team,
practice the procedure rarely goes beyond a second presentation of the process, identi®cation, encoding and
round. veri®cation. From the examination of how these steps
are implemented, it can be seen how the e€ectiveness of
4.5. Step 5: encoding the overall process may be in¯uenced and better under-
stood. The observations are a re¯ection of the rudiments
The aim of this step is to draw from the interviewees of the process and might be described as obvious to the
or workshop attendees the assessment of the impact and seasoned practitioner, however they are fundamental if
probability for each of the risks identi®ed, using the bene®ts are to be drawn from the process. From the
measures agreed during the Presentation Step. This knowledge acquisition step it may be concluded that the
information is captured in a risk register or risk log. contribution of the facilitator is enhanced if he/she has a
Depending on the stage of the project, di€erent assess- detailed understanding of the project prior to the com-
ment criteria may be appropriate. At the commencement mencement of the identi®cation process. The e€ectiveness
of a project the focus will be on identifying any ``show- of the identi®cation process will be directly correlated to
stoppers''. Later in the development the assessment may how broad and comprehensive the examination of the
centre around evaluating feasibility options. threats to a project are. The breadth of examination will
be dependant on whether all of the core design team
4.6. Step 6: veri®cation members (and where appropriate the second tier design
team members) were present during brainstorming. The
The aim is to gain a consensus among the design team participants must be properly briefed during the pre-
members/interviewees to establish if there is general sentation step. For the measures of impact to be mean-
agreement as to the risks identi®ed and the measures ingful they must spring from the project objectives, the
assigned to them. In addition, it is aimed at cross signi®cance of accomplishing them (or not) and how
checking for consistency between measures assigned to they have been prioritised. Identi®cation of design man-
risks by individuals. Veri®cation can be conducted using agement risks requires an understanding of the char-
three di€erent techniques identi®ed by Spetzler and acteristics of the process and how its main components
Stael von Holstein [31], cross checking for consistency must be maintained in balance. All design processes,
between values, veri®cation using di€erent elicitation whether they be within the IT or construction indus-
techniques and veri®cation by using the ®nal result. tries, have common problems that must be understood
Cross checking for consistency is a simple method for and addressed. Identi®cation requires an understanding
160 R.J. Chapman / International Journal of Project Management 19 (2001) 147±160

of the sources of risk and General Systems Theory is put [17] Flanagan R, Norman G. In: Risk management and construction.
forward as a way of structuring those sources. In addition, Oxford: Blackwell, 1993. p. 54.
[18] British Standard 6079 HMSO, 1996, p. 29.
it is proposed that risks have distinctive characteristics
[19] Raftery J. In: Risk analysis in project management. London:
and that their interrelationship can be described in E&FN Spon (Chapman and Hall), 1994. p. 18.
terms of whether they are in series or parallel. To conduct [20] Conroy G, Soltan H. ConSERV: a project speci®c risk manage-
the assessment process, encoding is implemented ment concept. International Journal of Project Management,
whereby the impact and probability measures are used 1998;16(6):353±66.
to ``size'' the risks to describe their potential in¯uence [21] Perry JG. Risk management: an approach for project managers.
Project Management, 1986;4(4):213.
on the project should they materialise. Finally, veri®ca- [22] Chapman RJ. No need to gamble on risks. The Architects Jour-
tion is used to obtain consensus across the process par- nal 30 November 1995:49-51.
ticipants as to the risks, their likelihood of occurrence [23] HM Treasury Procurement Guidance No. 2: Value for money in
and impact should they arise. construction procurement, 1997, p. 16.
[24] RAMP Ð Risk analysis and management for projects, Institu-
tion of Civil Engineers and the Faculty and Institute of Actuaries,
References [25] Ren H. Risk lifecycle and risk relationships on construction pro-
jects. International Journal of Project Management
[1] Chapman RJ. The role of system dynamics in understanding the 1994;12(2):68±74.
impact of changes to key project personnel on design production
[26] Chapman, R. J., Unpublished PhD thesis "An investigation of
within construction projects. International Journal of Project the risk of changes to key project personnel during the design
Management 1998;16(4):235±47. stage", University of Reading, Department of Construction
[2] Thompson PA, Perry JG. In: Engineering construction risks, a
Management and Engineering, April (1998).
guide to project risk analysis and risk management. Dordrecht: [27] Chapman RJ. "The e€ectiveness of working group risk identi®-
Kluwer Academic Publishers, 1992. p. 7. cation and assessment techniques". International Journal of Pro-
[3] CCTA Ð The Government Centre for Information Systems. ject Management 1998;16(6):333±43.
Introduction to the management of risk. London: HMSO, 1993,
[28] Osborn AF. Applied imagination: principles and procedures of
p. 23. creative problem solving. 3rd revised ed New York: Charles
[4] Chapman RJ. Specialising in risks. The Architects Journal, 23 Scribners, 1963.
November 1995; 56±58. [29] Delbecq AL. The World within the span of control: managerial
[5] PRAM Ð Project risk analysis and management guide, The
behaviour in groups of varied size. Business Horizons, 1968.
APM Group. In: Simon Peter, Hillson David, Newland Ken, [30] Delbecq AL, Van de Ven AH. Gustafson DH, Group techniques
editors, 1997, p. 23. for programme planning. Scott and Foresman: Glenview, 1975.
[6] Chapman C, Ward S. In: Project risk management, processes,
[31] Spetzler CS, Stael von Holstein CA. Probability encoding in
techniques and insights. New York: Wiley, 1997. p. 49.
decision analysis. Management Science 1975;22(3):340±58.
[7] CPI Ð Co-ordinated project information, published by the Co-
ordinating Committee for Project Information, 1987.
[8] RIBA Ð RIBA Plan of Work, RIBA Publications, 1973.
[9] Clark RC, Pledger M, Needler HMJ. Risk analysis in the eva-
Robert J. Chapman is the Head of
luation of non-aerospace projects. Project Management
Risk Management at Osprey Project
Management. He obtained a PhD in
[10] Tversky A, Kahneman D. Judgement under uncertainty: heur-
Design/Risk Management and an MSc
istics and biases. Science 1974;183:1124±31.
in Construction Management from the
[11] Wideman RM. Risk management. Project Management Journal
Faculty of Urban and Regional Stu-
dies at the University of Reading,
[12] Cooper DF, Chapman CB. Risk analysis for large projects:
subsequent to becoming a chartered
models, methods and cases. New York: Wiley, 1987.
architect. He has provided project
[13] CCTA Ð The Government Centre for Information Systems. An
management and risk consultancy ser-
introduction to managing project risk. London: HMSO, 1993.
vices to several blue chip companies. He
[14] CCTA Ð The Government Centre for Information Systems.
has contributed to the development of
Management of project risk. London: HMSO, 1994.
the level ®ve National and Scottish
[15] Perry JG, Hayes RW. Risk management for project managers.
Vocational Quali®cations (NVQ) in
Building Technology and Management 1986;Aug/Sept:8±11.
Construction Project Management and conducted research into risk
[16] Hertz DB, Thomas H. Risk analysis and its applications. New
management practices on behalf of the Architects Registration Board.
York: Wiley, 1983.