A risk mapping tool for construction projects

A.E. Yildiz & I. Dikmen & M.T. Birgonul

Department of Civil Engineering, Middle East Technical University, Turkey

K. Ercoskun
Department of Architecture, Yeditepe University, Turkey

S. Alten
INNOCENT- Innovation Centre for Design and Technology, Turkey

Abstract
Since construction industry is highly fragmented and involves several parties, it is more vulnerable to
changes in the macro as well as project environment, vagueness in the project scope and changing
company objectives. In order to achieve a successful and desirable construction outcome, early
provision of risk and vulnerability has become a crucial step in project management. Several risk
assessment methodologies have been developed to facilitate risk management. In this research, it is
argued that a risk assessment methodology that takes into account of interdependencies between
individual risk factors as well as vulnerability factors should be utilized for realistic prediction of
project outcomes. Within the context of this study, it is aimed to develop a risk mapping tool for
international construction projects using an ontology that relates risk and vulnerability to cost overrun
and a novel risk-vulnerability assessment methodology. Configuration of the risk map is based on the
hierarchical structure and interdependency coefficients of risk-related factors found by using Structural
Equation Modeling (SEM) in the previous stages of the research project. The risk mapping tool also
incorporates a “lessons learned” database in which experiences of construction experts about cause-
effect relations of risk sources, events, vulnerability factors and cost overrun can be stored. This paper
reports finding of this on-going research project about how risk related knowledge can be codified,
stored and retrieved to facilitate learning from previous projects and constructing the risk map for a
forthcoming project. Risk event histories of real construction projects will be presented and how risk
scenarios as well as risk maps can be generated using this information will be demonstrated on a real
case study.

Keywords: Risk management, lessons learned database, risk map, international construction projects

1 Introduction
The time, cost and quality goals in construction projects are hardly achieved due to their complex and
fragmented nature which involves high degree of risk and uncertainties from the beginning to the end
of projects (Akintoye and Macleod, 1997; Mustafa and Al-Bahar, 1991). Risk analysis and
management are crucial steps of project management (Kartam and Kartam, 2001). Due to unique
characteristic of construction projects, there is usually insufficient objective data to assess probability
of occurrence of risk consequences; therefore decision-makers rely on intuition and judgment which
brings subjectivity in some extents. (Perry and Hayes, 1985; Mustafa and Al-Bahar, 1991; Akintoye
and Macleod, 1997). Mechanisms to capture and reuse knowledge (Kıvrak et al., 2008) are necessary
to facilitate learning from previous projects and decrease subjectivity during risk assessment. Dikmen
et al. (2008) proposed a “learning-based risk management” which can be carried out by constructing a
corporate risk memory that also facilitates knowledge transfer between projects.
In this paper, preliminary results of an on-going research project are reported. The objective of this
research project is developing a risk mapping tool that incorporates a lessons learned database. In the
risk mapping tool, a risk assessment methodology that takes into account of interdependencies
between individual risk factors as well as vulnerability factors is used. The risk-vulnerability ontology
reported in Fidan et al. (2011) and risk assessment methodology presented in Eybpoosh et al. (2011)
constitute the foundation of the risk mapping tool. These previous studies will be briefly explained in
the next section. While developing the tool, it has been understood that although the ontology and
methodology are reliable and applicable in practice, some kind of assistance is necessary for the
decision-makers to assign risk and vulnerability ratings. Thus, a lessons learned database is decided to
be incorporated into the tool which can help decision-makers to assign ratings considering the
experience gained in previous projects.

2 Research background
In literature, the word “risk” is used in different meanings with different words such as hazard or
uncertainty (Al-Bahar and Crandall, 1990). Jannadi and Almishari (2003) defined risk as a
combination of the probability, the severity, and the exposure of all hazards of an activity. Kartam and
Kartam (2001) defined risk as “the probability of occurrence of some uncertain, unpredictable, and
even undesirable event(s) that would change the prospects for the profitability on a given investment.”
According to Project Management Body of Knowledge (PMBOK, 2008) risk is “an uncertain event or
coordination that, if it occurs, has a positive or a negative effect on at least one project objective, such
as time, cost, scope or quality, which implied an uncertainly about identified events and conditions.”
Risk management has four steps; risk identification, risk analysis, risk response and risk
monitoring. (Perry and Hayes, 1985; Al-Bahar and Crandall, 1990; Akintoye and Macleod, 1997;
Thevendran and Mawdesley, 2004; Zou et al., 2007; Mojtahedi et al., 2010; Dey 2010). Several risk
identification, analysis and response techniques are proposed to be used during systematic risk
management (Thevendran and Mawdesley, 2004). Some of the risk analysis techniques defined in the
literature are Sensitivity Analysis, Monte Carlo Simulation, Decision Tree Analysis, Fault Tree
Analysis, Event Tree Analysis, Stochastic dominance, Subjective Probability, Fuzzy Risk Rating
(Perry and Hayes, 1985; Akintoye and Macleod, 1997; Zeng et al., 2007). On the other hand, several
authors listed some of the shortcomings regarding these risk analysis techniques. Zeng et al. (2007)
stated that, high quality data should be collected to perform these quantitative techniques effectively,
but such data are hard to obtain or even do not exist. Kangari and Riggs (1989) proposed that,
although risk-related information is expressed as words or sentences in natural language rather than
numerical data, those mentioned quantitative risk analysis techniques require numerical data. Authors
such as Chapman (2001), Dikmen et al. (2008), Tah and Carr (2001), Han et al. (2008) highlighted the
significance of interrelations of risk-related classes and suggested that, they should be constructed and
represented rather in cause-effect diagrams or risk paths to show interdependencies among them.
In the previous study that constitutes the foundation of the risk mapping tool, the aim was
“developing an ontology that can be used as the basis of a risk event history database that entails risk
paths rather than individual risk sources and vulnerability factors that affect the impact of risks on a
project” (Fidan et al., 2011). While risk source is defined as a cause that owes to adverse change from
the expected conditions of project or an unexpected event, risk event is mainly about variations such
as decreases or increases in project goals due to a risk source and lead to a risk consequence (Fidan et
al., 2011). A risk event can be related with productivity, performance, quality, time, economy
attributes of a project. (Al-Bahar and Crandall, 1990). A risk consequence is, however an outcome of
risk events and a deviation of project goals such as duration, cost, quality and safety (Tah and Carr
2001; Al-Bahar and Crandall, 1990). In addition to aforementioned risk classes; Fidan et al. (2011)
also proposed the term “vulnerability” as a measure to represent “systems innate characteristics and
capacities the existence of which creates possibilities for future harms and their subsequent
consequences”.
As a further step to the risk-vulnerability ontology developed by Fidan et al. (2011), Eybpoosh et
al. (2011) developed a risk path structure which was based on the conducted risk-vulnerability
ontology. Eybpoosh et al. (2011) argued that “assessment of magnitude of individual risk factors
regardless of probability of occurrence of a chain of risk events and probability of co-occurrence of
several risk factors that emerge from the same source may result in underestimation of overall risk
level of the project”. Authors suggested that rather than individual risk factors, risks should be
patterned in risk paths with their interrelations to achieve better visualization of project conditions.
Within the aim of this context, authors identified 36 interrelated risk paths using the data of 166
projects carried out by Turkish contractors in international markets and utilizing Structural Equation
Modeling (SEM) technique. In addition to these, interdependency coefficients of vulnerability, risk
sources, risk event and risk consequence on the related risk paths and total effects of each vulnerability
factor and risk path on cost overrun were assessed through SEM.
This study aims to develop a risk mapping tool for international construction projects. The tool will
be used to predict potential risk paths and cost overrun using the findings of the previous studies
discussed above. A “lessons learned” database in which experiences of construction experts about
cause-effect relations between risk sources, events, vulnerability factors and cost overrun are stored
will be constructed as an additional feature. Main advantages of lessons learned database can be
summarized as; providing a knowledge capturing platform that stores past experiences of several
decision-makers instead of individual experiences which incorporates a company level learning
system, enabling experience storing during whole project life cycle, codifying past projects with
respect to their project attributes and risk-vulnerability information, and transferring and sharing the
past experiences to the forthcoming projects with the aim of diminishing the subjectivity level of the
project outcomes.
The tool is being developed in collaboration with a construction company that gives project
management consultancy service in the international construction market. The aim is to incorporate
their experience while developing the tool.

3 Research methodology
Before the development of the risk mapping tool; interviews and literature surveys were conducted to
justify the validity of the risk-vulnerability parameters identified in Fidan et al. (2011). As a further
step to the justification of risk-vulnerability parameters, lessons learned database was aimed to be
developed mainly using the partner firm’s experiences in previous projects. The partner firm was
established in August 2001 with the aim of incorporating project management and IT sector to develop
project management models and tools. The firm facilitates project management consultancy for both
Turkish and international construction projects with the experience of firm staff that had carried out
international projects with leading Turkish construction firms. The experts in the partner firm were
requested to give some information about not only the risk events they faced in previous projects but
also the triggering factors that affected the occurrence of these events, in other words, risk sources and
vulnerabilities, their consequence and impacts on cost. The idea behind defining cases in terms of risk
sources, vulnerabilities is; codifying and storing cases in database such a way that, decision-maker can
retrieve cases with respect to their related risk-vulnerability parameter, examine past records and
experiences about related parameter and define a more objective impact rating during the risk
assessment process. 37 different cases from 8 projects were collected from partner firm. Two
illustrative cases of lessons learned database are provided in Figure 1 and Figure 2.
Figure 1. Example 1 of a case from lessons learned database.

Project Information
Type Duration Year Location Budget
Housing, business center 45 months 2003-2007 Latvia -

Case
A housing project, which had been undertaken at Latvia, faced financial crises, accordingly due to project failure, company
that was set up for this project, faced bankruptcy. In the earlier period of the project, company provided its budget by taking
loans from bank and selling some houses for individuals who were also taking loan from banks to buy the houses. On other
hand, due to unstability of the economic conditions of the country, after a while start of the project, economical crisis was
rised, which caused banks to have strict requirements while providing loans. Therefore, it made not only
individuals, but also company difficult to take loans and provide enough budget.

Summary
Risk Source Vulnerability Attribute Consequenc e
Adverse Country Related Consition Instability Of Economic Growth Existence of Financial crises 5
Contractor's Lack of Resources Lack of financial resources Unavailability of Bank credits 5
Engineer's Incompetency Engineer's Lack of financial resources Lack of a contigency planning 3
Figure 2. Example 2 of a case from lessons learned database.

4 The risk assessment and mapping process

The risk assessment and mapping process starts with the entry of the project information by tool user.
Project information entry constitutes entry of project name, country name, project type, project
description, start date, finish date, duration, contract value, project size, contract type, delivery system
type, payment type and company’s role in the project. After defining all project information entities, it
depends on the tool users’ expectations from the tool to rather add project case to the tool library or
run risk assessment. The user can only add a new project case, run risk assessment or both.
The process of risk assessment starts with definition of vulnerability ratings. The user should go
through the following steps;
 After selecting the vulnerability factor, sources of selected vulnerability factor will be listed.
Tool user should assign ratings to the vulnerability sources so that vulnerability factor rating can
be estimated. Vulnerability source ratings can be defined by retrieving similar cases from the
lessons learned database or by the user himself without any aid or both.
 If the user prefers to use the lessons learned database, cases related to the selected risk source
and vulnerability factors are retrieved from the database. The user can refine search results with
respect to their project type, duration, country, year and/or budget. Additionally, he/she can also
search a keyword from the results and if that keyword exits in case description, then it would be
 highlighted. In the light of retrieved case and their consequence rating, user can decide on a
rating to the vulnerability source.
 After all the vulnerability factors are assessed, risk ratings will be estimated by using the
coefficients found by SEM.
 Finally, the user can monitor potential risk paths, calculate magnitude of risk paths and estimate
expected cost overrun.

5 An Illustrative case study

The prototype tool is developed and tested on a real shopping mall project whose duration is 48
months, and contract value is 15.000.000 $. (Fig.3.) The case is defined by the partner firm and the
lessons learned database is constructed by using the projects previously carried out by the firm.

Figure 3. Project information data entry.

The decision-maker preferred to use lessons learned database to retrieve past cases. Fig.4. illustrates a
retrieved case of vulnerability factor “V6- Contract Specific Problems” from lessons learned database.
It should be highlighted that, user aimed to obtain cases which are also shopping mall projects and
take part in Turkey. Therefore, he searched the results with respect to their type and country in
addition to the selecting the word “contract” as a keyword. As a result, only 3 cases whose type is
shopping mall project or country is Turkey were retrieved and shown in the case list.
Fig.4. demonstrates one of the retrieved cases of a shopping mall project that was undertaken in
Turkey. The case was related with the delay of a project of a Turkish company that had provided its
budget by a project financier company which is from Germany. Due to misinterpreted contract
clauses, parties faced with several conflicts after a while construction process had started. Decision
maker can conclude from this case that, before doing business with a foreign project party, all
variations among procedures, requirements and rules regarding to the design and construction process
should be defined and interpreted in the contract. In order to decide in what extent the new project can
be affected by the “V6- Contract Specific Problems”, decision maker examined requirements of each
project parties of this project. Although the project financer and client are from Turkey and follow
same specifications and standards with the contractor firm, they insisted on strict quality requirements
which were also not specified in contract. Therefore, decision maker concluded that his project can
also be affected with the same extent of the illustrated case and defined the rating of “V6- Contract
Specific Problems”, as 5 ( Very High).
Figure 4. Lessons learned database.

Figure 5. Risk assessment result on risk map.

Fig.5. demonstrates the risk assessment results of the tool. Ratings of each risk-related parameter
are calculated and demonstrated on the risk map.
 Cost overrun rating of the project was estimated as 4 (High), and the critical risk path, which had
the highest contribution to the cost overrun of the project, was obtained as;
V9- Adverse Site Conditions, F18- Adverse Change in Performance of Contractor, F15- Conflicts
with Project Stakeholders, F22- Delays/Interruptions, F27- Lags in Cash Flow, F28- Cost Overrun.
During the critical path estimation, path coefficients and the rating of the vulnerability factor that
initiates each path have been used. Since V4- Uncertainty of Geological Conditions, V6- Contract
Specific Problems, V12- Contractor Lack of Managerial Skills were the vulnerability parameters
which had the highest rating value, 5 (Very High), it was expected that one of path initiated with these
vulnerability factors should be the critical path.
Other paths which also had considerable contributions to the cost overrun are;
 V4- Uncertainty of Geological Conditions, F20- Adverse Change in Site Conditions, F18- Adverse
Change in Performance of Contractor, F15- Conflicts with Project Stakeholders, F22-
Delays/Interruptions, F27- Lags in Cash Flow, F28- Cost Overrun.
 V6- Contract Specific Problems, F15- Conflicts with Project Stakeholders, F22-
Delays/Interruptions, F27- Lags in Cash Flow, F28- Cost Overrun.
 V1- Adverse Country Related Conditions, F13- Adverse Change in Country Economic Conditions,
F16- Adverse Change in Performance of Contractor, F15- Conflicts with Project Stakeholders,
F22- Delays/Interruptions, F27- Lags in Cash Flow, F28- Cost Overrun.
 V12- Contractor Lack of Managerial Skills, F27- Lags in Cash Flow, F28- Cost Overrun.

6 Benefits and Shortcomings of the Tool

The features and expected benefits of the tool, as mentioned by the experts in the partner firm can be
summarized as follows:
 It facilitates systematic risk identification and classification by providing a common language about
risk-related information such as vulnerability, risk source, risk event and risk consequence.
 The “lessons learned database” in which risk-related information can be codified, stored, updated,
retrieved, and transferred enables storing risk information, which otherwise would be lost.
 Risk maps provide an effective way to visualize risk and vulnerability factors.
 The tool provides a documentation and report mechanism which enables the user to transfer and
share the risk mapping results. Report options of the tool are; a cost overrun report, risk path report,
risk rating report and sensitivity analysis report.
The major shortcomings of the tool are;
 It still depends on subjective judgments
 If the number of cases in the lessons learned database is low, then similar cases can not be retrieved.
 The cost overrun prediction results may not be reliable since estimated value depends on statistical
analysis of limited data.
 Before using the tool, the decision-maker should learn the terminology about risk, vulnerability etc.
A Help menu may facilitate this process.

7 Conclusions
This paper proposes a risk mapping process that considers the interdependencies of risk-related
parameters and a lessons learned database that may help decision-makers to learn from previous
projects so that they can assign reliable ratings to risk and vulnerability factors. A prototype tool is
developed and tested by a case study. Case study results show that the tool can be used to store risk
related data, carry out risk assessment and visualize potential risk paths. Lessons learned database may
help decision-makers, but its effectiveness depends on the number and variety of cases stored in the
database. Thus, in order to increase reliability of the tool, the user company should aim to codify and
store its risk-related experience. This can only be possible by encouraging knowledge sharing within
the company and making it a part of the project management process.

Acknowledgments
This paper presents the preliminary findings of a two-year on-going research project entitled “
Development of Knowledge-Based Risk Mapping Tool for International Construction Projects”
sponsored by Ministry of Science, Industry and Technology.

References
AKINTOYE, A. and MACLEOD, M., 1997. Risk analysis and management in construction. International Journal of Project
Management, 15(1), 31-38.
AL-BAHAR, J. F. and CRANDALL, K. C., 1990. Systematic risk management approach for construction projects. Journal
of Construction Engineering and Management, 116(3), 533-546.
CHAPMAN, R. J., 2001. The controlling influences of effective risk identification and assessment for construction design
management. International Journal of Project Management, 19(3), 147-160.
DEY, P. K., 2010. Managing project risk using combined analytic hierarchy process and risk map. Applied Soft Computing,
10(4), 990-1000.
DIKMEN, I., BIRGONUL, M.T., ANAC, C., TAH, J.H.M. and AOUAD, G., 2008. Learning from risks: a tool for post-
project risk assessment. Automation in Construction, 18 (1), 42-50.
EYBPOOSH, M., DIKMEN, I. and BIRGONUL, M T., 2011. Identification of risk paths in international construction
projects using structural equation modeling. Journal of Construction Engineering and Management, 137 (12), 1164-1175.
FIDAN, G., DIKMEN, I., TANYER, A. M. and BIRGONUL, M. T., 2011. Ontology for relating risk and vulnerability to
cost overrun in international projects. Journal of Computing in Civil Engineering, 25(4), 302-315.
HAN, S. H., KIM, D. Y., KIM, H. and JANG, W., 2008. A web-based integrated system for international project risk
management. Automation in Construction, 17 (3), 342-356.
JANNADI, O. and ALMISHARI, S., 2003. Risk Assessment in Construction. Journal of Construction Engineering and
Management, 129(5), 492-500.
KARTAM, N.A. and KARTAM, S.A., 2001. Risk and its management in the Kuwaiti construction industry: a contractors’
perspective. International Journal of Project Management, 19(6), 325-335.
KIVRAK, S., ARSLAN, G., DIKMEN, I. and BIRGONUL, M. T., 2008. Capturing knowledge in construction projects:
knowledge platform for contractors. Journal of Management in Engineering, 24(2), 87-95
KANGARI, R. and RIGGS, L.S., 1989. Construction Risk Assessment by Linguistics. IEEE Transactions on Engineering
Management, 36(2), 126-131.
MOJTAHEDI, S. H., MOUSAVI, S. and MAKUI, A., 2010. Project risk identification and assessment simultaneously using
multi-attribute group decision making technique. Safety Science, 48(4), 499-507.
MUSTAFA, M. A. and AL-BAHAR, J. F., 1991. Project risk assessment using the analytic hierarchy process. IEEE
Transactions on Engineering Management, 38(1), 46-52.
PERRY, J.G. and HAYES, R.W., 1985. Risk and its management in construction projects. Proceedings of the Institution of
Civil Engineers, 78(3), 499-521.
PROJECT MANAGEMENT INSTITUTE, 2008. A guide to Project Management Book of Knowledge. Newtown Square, PA:
Project Management Institute.
TAH, J.H.M. and CARR, V., 2001. Knowledge-based approach to construction project risk management. Journal of
Computing in Civil Engineering, 15(3), 170-177.
THEVENDRAN, V. and MAWDESLEY, M.J., 2004. Perception of human risk factors in construction projects: an
exploratory study. International Journal of Project Management, 22 (2), 131-137.
ZENG, J., AN, M. and SMITH, N. J., 2007. Application of a fuzzy based decision making methodology to construction
project risk assessment. International Journal of Project Management, 25(6), 589-600.
ZOU, P. X.W., ZHANG, G. and WANG, J., 2007. Understanding the key risks in construction projects in China.
International Journal of Project Management, 25(6), 601-614.