Addis Ababa University

College Of Business and Economics

School Of Commerce
Department of Project Management

An Assessment On The Risk Management Practice Of construction Projects;

Case Study Of Addis Ababa Saving Houses Development Enterprise.

By: Lidya Erstu

A project work submitted to Addis Ababa University College of Business and Economics School
of Commerce in partial fulfillment of the requirements for the Degree of Masters of Arts in
project management

June, 2017

AAU, Ethiopia
 Addis Ababa University
College Of Business and Economics
School Of Commerce
Department of Project Management

An Assessment On The Risk Management Practice Of construction Projects;

Case Study Of Addis Ababa Saving Houses Development Enterprise

By: Lidya Erstu

A project work submitted to Addis Ababa University College of Business and Economics School
of Commerce in partial fulfillment of the requirements for the Degree of Masters of Arts in
project management

Advisor: Wubshet Bekalu (PhD)

June, 2017

AAU, Ethiopia

I
 Addis Ababa University
College Of Business and Economics
School Of Commerce
Department of Project Management

An Assessment On The Risk Management Practice Of construction Projects;

Case Study Of Addis Ababa Saving Houses Development Enterprise

A project work submitted to Addis Ababa University College of Business and Economics School
of Commerce in partial fulfillment of the requirements for the Degree of Masters of Arts in
project management

By: Lidya Erstu

Approved By:

____________________________ _________________________ ___________________

Advisor Signature Date

___________________________ ________________________ __________________

Internal Examiner Signature Date

___________________________ ________________________ ___________________

External Examiner Signature Date

II
Letter of Certification

This is to certify that Lidya Erstu has carried out this research on the topic "An Assessment on
the risk management practice of construction projects; case study of Addis Ababa Saving Houses
Development Enterprise" under my supervision. This work is original in the nature and suitable
for submission in partial fulfillment of the requirement for the award of Masters of Arts Degree
in Project Management and the student has my permission to present it for assessment.

Advisor: Wubeshet Bekalu (PhD)

here:
Sign______________________
Date.______________________

III
Declaration

I, the undersigned, declare that this thesis is my work and that all sources

Of materials that are used for this study have been dully acknowledged.

Name: Lidya Erstu

Signature__________________

Date _____________________

IV
 Acknowledgement

I would like to forward the deepest of my appreciation and gratitude to my advisor Wubshet
Bekalu (PhD) for his constructive advice throughout the course of the thesis. I also owe a great
deal of gratitude to my friend Enas for her valuable comments.

I would also like to thank Mr. Melaku and Mr.wondimu form Addis Ababa Saving Houses
Development Enterprise office for their great help on the data collection process.

Above all, I thank the almighty god for guiding me all through the study.

I
Acronyms and Abbreviations

PMBOK Project Management Book of Knowledge

RM Risk Management
RMP Risk Management Process

II
Contents
Acknowledgement..........................................................................................................................................I
List of tables...................................................................................................................................VI

Abstract.........................................................................................................................................VII

Chapter I....................................................................................................................................................... 1
Introduction ……………………………………………………………………………………..1

1.1 Back ground ............................................................................................................................... 1

1.2 Problem statement ...................................................................................................................... 2
1.3 Research question ....................................................................................................................... 5
1.4.Objective of the study ................................................................................................................ 5
1.4.1 General Objective..................................................................................................................................5
1.4.2 Specific objective .................................................................................................................... 5
1.5 Limitation ................................................................................................................................... 5
1.6 Scope .......................................................................................................................................... 6
1.7 Significance ................................................................................................................................ 6
Chapter II.......................................................................................................................................... 7
Review of Related Literature ........................................................................................................... 7
2.1 definition .................................................................................................................................... 7
2.2 Theoretical review ...................................................................................................................... 7
2.2.1 Risk identification ................................................................................................................... 7
2.2.1.1 Methods of risk identification .................................................................................................... 10
2.2.1.2 Risk identification gaps............................................................................................................... 11
2.2.2 Risk impact assessment and prioritization................................................................................... 11
2.2.3 Risk action plan ..................................................................................................................... 14
2.2.4 Risk response......................................................................................................................... 15
2.2.5 Risk Register..........................................................................................................................16

2.2.5.1 The Importance of a Risk Register ............................................................................................ 17

2.2.6 The different methods of risk management...................................................................................17
2.2.7 Life cycle risk management ........................................................................................................... 19
2.2.8 Risk culture ........................................................................................................................... 20
2.2.8.1 Characteristics of a Strong Risk Culture .................................................................................. 21
2.2.8.2 Importance of risk culture........................................................................................................... 22
2.2.8.3 Changing a risk culture ............................................................................................................... 22
2.2.9 Owners role in risk management .................................................................................................. 23
2.2.10 Importance of risk management ................................................................................................. 24
2.2.11 Impacts of risk management failure ........................................................................................... 25
2.3 Conceptual frame work ............................................................................................................ 27
Chapter III ...................................................................................................................................... 28
Research Methodology ................................................................................................................... 28
3.1 Research design ........................................................................................................................ 28
3.2 Data collection, measurement & research variables ...................................................................... 28
3.3Population and Sampling technique ................................................................................................. 28
3.4 Validity and reliability ....................................................................................................................... 29
3.6 Ethical issues ............................................................................................................................ 30
3.7 Data analysis method ............................................................................................................... 30
Chapter IV ...................................................................................................................................... 31
Data interpretation and analysis .............................................................................................................. 31
4.1 List of participants .................................................................................................................... 31
4.2 Risk management process of Addis Ababa Saving Houses Development Enterprise .............. 32
4.2.1 Risk identification process ............................................................................................................. 32
4.2.1.1 Impacts of poor risk identification ............................................................................................ 36
4.2.2 Impact assessment ................................................................................................................. 38
4..2.3 Risk prioritization ................................................................................................................. 43
4.2.4 Risk response planning, management, monitoring and Risk register practice ....................... 44
4.3 Life cycle risk management practice ............................................................................................... 46
4.4 Risk culture of Addis Ababa Saving Houses Development Enterprise ...................................... 48
Chapter V ....................................................................................................................................... 51
Conclusion and Recommendation .......................................................................................................... 51
5.1 Summary...............................................................................................................................................51
5.2 Conclusion ................................................................................................................................ 52
5.3 Recommendation ...................................................................................................................... 54
REFERENCE................................................................................................................................ 56
Appendix I - Questionnaire...............................................................................................................I

Appendix II - Interview question.....................................................................................................V

Appendix III - Preliminary interview questions............................................................................VII

V
List of Tables

Table 4.1. List of participants ..........................................................................................................32

Table 4.2.1. Risk identification process..........................................................................................32
Table 4.2.1.1 Identification impacts..............................................................................................38
Table 4.2.2 Impact assessment process..........................................................................................40

Table 4.2.3 Prioritization process............................................................................................................45

Table 4.2.4. Risk response planning, management, monitoring and risk register
process................................................................................................................................................46

Table 4. 3 Life cycle risk management.........................................................................................48

VI
 Abstract

Managing risk is an essential process for project success. Risks are unseen events that could
have a positive or a negative impact on the project success. Managing risks and preparing risk
management plan will help the project to identify and estimate the level of the impact of the risk
and help for prior preparation to risk impacts. The purpose of this study is to assess the risk
management practice of the construction projects in the specific case of Addis Ababa Saving
Houses Development enterprise. The enterprise is managed by the Ethiopian government and the
study specifically focused on 40/60 housing project. The enterprises risk management practice
was measured by three variables; risk management method, lifecycle risk management and risk
culture. questionnaire was developed based on the three variables mentioned. The data obtained
from the questionnaire was analyzed quantitatively using SPSS software. The data collected from
interview and open ended questions were analyzed qualitatively. The quantitative data were
presented using tables and the qualitative data was used to support and elaborate the
quantitative data. From the quantitative and qualitative data it was found that the enterprise
doesn't use scientific and proper risk management. Risks arise at each stage of project and these
risks are managed throughout the project lifecycle. The risk culture of the enterprise is recently
developing. Trainings and experience sharing were made to increase employee awareness of risk
management. Top level managers still have not realized the importance of established risk
management system. The absence of risk management system is creating negative financial,
schedule and quality impacts. To overcome the condition mentioned above, the researcher
suggested, ownership and accountability of risks to be created to minimize risk occurrence.
Separate risk management department should be created and once created proper division and
assignment of responsibility should be made regarding risk management. enterprise need to be
more flexible and it should have a fixed communication centre for risks. Furthermore, frequent
trainings need to be made to deepen the concept of risk management and its importance into
employees mind to enable them to manage risks on their everyday work. At enterprise level risk
aspects should be incorporated in the principles and strategies.

Key words: Risk, Risk management, Risk management method or system

VII
Chapter I

Introduction

1.1 Back ground of the study

As defined by The Project Management Institute, risk is an uncertain event or set of
circumstances that, should it occur, will have an effect on the achievement of the project‟s
objectives.

Every project has risk. Many of today's projects are intrinsically more complex than those of
yesterdays in terms of their structure, technology and resource demands, their financial and
organizational arrangements.Present day projects are also performed in a constantly changing
environment. Which resulted in difficulty of predicting the future(Wiley J.& Sons, 2008).

The aim of each organization is to be successful and risk management can facilitate it. However,
it should be underlined that risk management is not a tool which ensures success but rather a tool
which helps to increase the probability of achieving success. Risk management is therefore a
proactive rather than a reactive concept (EwelinaGajewska E. RopelM ,2011).

One concept which is widely used within the field of risk management is called the risk
management process (RMP) and consists of four main steps: identification, assessment, taking
action and monitoring the risks (Cooper et al., 2005).

Some projects perform many of the risk management activities at the early stage of the project
life cycle. Although, new risks may become known as the project progresses through its life cycle
and previously identified risks may drop out. Managing risk could be a tough task but an essential
one. According to PMBOK, lack of proper risk management results in underperformance. Which
is the opposite of any project's objective.

Construction projects can be unpredictable. Managing risks in construction projects has been
recognized as a very important process in order to achieve project objectives in terms of time,
cost, quality, safety and environmental sustainability.

1
This study will be done on a major construction project undertaken by the government. The
project is called 40/60 housing project and is undertaken by the Addis Ababa Saving Houses
Development Enterprise. TheAddis Ababa Saving Houses Development Enterprisehas four
branches under it. From these four branches this study will focus on branch 2. The 40/60 housing
project aimed to improve the quality life of urban dwellers. It has built substantial houses as
much as 150,000 houses all over the country and 80,000 in Addis Ababa which is about 38 % the
total planned 400,000 houses.

Managing risk is an essential activity for every project's success. Especially in such kinds of large
and country wide projects. Therefore, assessing the risk management practice of Addis Ababa
Saving Houses Development Enterprise /40/60 housing projectis of great importance.

1.2 Problem statement

Construction projects are always unique and risks raise from a number of the different sources
(Oyegoke A. Pheng L. 2006). Construction projects involve multiple feedback processes. A lot of
participants, individuals and organisations are actively involved in construction project(Sterman
JD, 1992&Uher TE, 2004).

Large construction projects are exposed to uncertain environment because of such factors as
planning, design and construction complexity, presence of various interest groups (owner,
consultants, contractors, suppliers, etc.), resources (manpower, materials, equipment, and funds)
availability, environmental factors, the economic and political environment and legal regulations
(Nerija B and Audrius B. , 2012)

Risk is associated to any project regardless the industry and thus risk management should be of
interest to any project manager. Risks differ between projects due to the fact that every project is
unique, especially in the construction industry (Gould and Joyce, 2002). However, there are still
many practitioners that have not realized the importance of including risk management in the
process of delivering the project (Smith et al., 2006). Even though there is an awareness of risks
and their consequences, some organizations do not approach them with established RM methods.
(Gajewska E. RopelM ,2011)

2
Regardless of the negative effects the occurrence of risks bring on a project, ignoring risks and
risk management is still a major problem in many projects. Some considerate it as extra activity,
some prefer to cover risk consequences by extra costs than to spend time to identify and analyze
risks.

Risks and uncertainties, involved in construction projects, cause cost overrun, schedule delay and
lack of quality during the progression of the projects and at their end. (Aibinu and
Odenyinka,2006) investigated and assessed the causes of delays in building projects in Nigeria.
The authors pointed the poor risk management as one of the principal delay factors and
concluded that actions and inactions of construction project participants contribute to overall
project delays.

It‟s evidential and many researchers have proved that poor risk management affects projects cost,
schedule and quality aspect and also many significant but unnoticed areas of project. Some risks
even threaten the completion of the project.

There are several methods of project risk management in common use. It is important to be clear
about what you want from risk management and how it fits into your organization‟s other
processes and tailor your approach to suit. (Grey S.1999).

Using an effective and suitable risk management method is essential in an organization. There are
many risk management options, so picking the right one may be difficult. The best option is
ensuring that your company complies with the most recent and suitable one( Wanson p. 2016).
There are numerous approaches companies use today to manage risks. These approaches vary in
terms of scope and complexity. The appropriate practice is determined by the organization‟s
industry, culture, resources available, regulatory environment, current risks faced, and the nature
of the enterprise. (Reidy D, 2015).

Risk culture makes stakeholders every operation risk sensitive. Deepening the value of risk in the
minds of every stakeholder is key for it creates sense of ownership and accountability. Risk
culture highly reduces the occurrence and impact of risks. Smith R, (2015) in his article found by
interviewing 231corporate decision makers, that a 25%of saving on safety expenses and 75%
insurance premium saved by increasing the risk culture in companies. Inadequate risk cultures

3
are often characterized by performance contentment or the normalization of unwelcome incidents
(Smith R. , 2015)

Deloach J. (2016) after 31 years of experience in the field of management, has put absence of risk
culture (Not Integrating Risk Management with Strategy-Setting and Performance Management)
as one of the main risk management failures.

Although managing risks from early stage of projects is important, it is equally important to
manage risks throughout a project lifecycle. Risks arise at different stage of a project and pre
identified high impacts risks might not be that of a risk going through the project life cycle. And
risks that are thought to have minor impact might become more risky throughout the project life
cycle. Some risks might even go insignificant and no more an issue. The environment
continuously changes and through the project life cycle many things change that cause for project
risks to also change. Therefore in managing risk, it is highly important to monitor and manage
risks throughout a project life cycle.

(Gajewska E. Ropel M. ,(2011) identified in their research that type of risks identified differs
significantly over the various stages of the PLC. Problems closely related, for instance to design
process, were not identified as a potential threats in any other phases. They suggested close
attention need to be given to risks at each stage. Westland (2006) also suggested that risk
assessment should be performed during the review of each phase of the PLC.

Poor risk management has been put to be the major reasons why many projects fail by several
researchers. This study takes the concept of risk management and assess its application on
construction projects focusing on gaps of its application on a government construction enterprise.

The study assess the risk management practice of the Addis Ababa Saving House Development
Enterprise and measures its practice according to the three following variables. The organizations
risk culture, suitability and adequacy of the risk management method and use of life cycle risk
management.

As per the preliminary interview made with managing director of the enterprise on my first visit
to the enterprise, projects undertaken by the organizations were affected by lack of risk
management which contributed to their underperformance. They explained that there is no risk

4
manager or risk management office in the organization and have no structured risk management
system. The organizations approach to risks has affected the time, cost and quality aspects of the
projects. Therefore detail assessment on the risk management practice of the enterprise is done,
gaps are identified and are recommended to the problem.

1.3 Research questions

What is the kind of the risk management system used in the enterprise?

What is the enterprise's practice in managing risks throughout the projects life cycle?

What is the level of risk culture in the organization?

1.4Objective of the study

1.4.1 General objective

 Assess the risk management practice of Addis Ababa Saving Houses Development
Enterprise.

1.4.2 Specific objective

 Determine if the enterprise has scientific & established risk management system.
 Determine if risks are identified and managed throughout the project lifecycle.
 Determine the existence and level of risk culture in the organization.

1.5 Limitation
As it is a government organization, it was to some extent difficult to get some confidential
information. Employees were not free to give some information about the organization‟s working
situation. Also the knowledge gap on the concept of risk management was limitation to get
detailed and conceptualized information from participants. Concepts on the questionnaire were
misunderstood due to lack of awareness on risk management issues. Data collection from senior

5
managers, consultants or project managers was time taking as they are mostly tied with meetings
and site visitations.

1.6 Scope
From the different areas of project management, this study focuses on risk management. Even
though, the aim of the study is to assess the practice of risk management in the construction
industry it specifically focuses on housing project undertaken by the government. Furthermore,
among the different construction projects under the government, the study focuses on the 40/60
housing project undertaken by Addis Ababa Saving Houses Development Enterprise and
specifically branch two will be assessed in this research.

1.7 Significance
The 40/60 housing project is a huge country wide project that is meant to improve urban housing.
As effective risk management increases project success, it is greatly significant to identify the
gaps in the risk management practice of such massive project and recommend ways of
improvement. The finding of this research is also expected to cause current or future projects that
will be undertaken by Addis Ababa Saving House Development Enterprise, review their risk
management system and make adjustments. The identification of construction project risks will
also help other construction projects to point out common and major risks in the sector and learn
from risk management gaps identified by this study. Over all this research will deepen the
concept of risk management into the hearts of construction projects and projects as a whole.

6
Chapter II

Review of Related Literature

2.1 Definition
The PMBOK Guide 4th Ed. defines a project risk as an uncertain event or condition that, if it
occurs, has a positive or negative effect on at least one project objective. risk can be managed,
minimised, shared, transferred, or accepted but It cannot be ignored (Jardin S. ,2017)

Ana D. (2012) also defined risk as an uncertain but potential element that always appears in the
technical, human, social and political events, reflecting changes in the distribution of possible
outcomes and subjective probability values and objectives, with possible damaging and
irreversible effects.

2.2 Theoretical review

2.2.1 Risk identification

Identifying risks is the first and perhaps the most important step in the risk management process.
If there is a failure to identify any particular risk, then the other steps in the risk management
cannot be implemented for that risk. All of the success of any risk management tool, method or
process you use centers on effective risk identification. Understanding the risk is part of the
identification process. A risk poorly identified means the project manager will struggle or fail to
communicate this risk to high level stakeholders or team members. They will not understand the
magnitude or an aspect of the risk.(Brown J. ,2016)

Sometimes lack of knowledge of the risks will not affect the project that much. Therefore, the
project manager and stakeholders will think as if the risk identification and understanding part is
a waste of time. But mostly that has not been the case projects suffer from lack of understanding
of risks.

7
Risks and other threats can be hard to eliminate, but when they have been identified, it is easier to
take actions and have control over them. If the causes of the risks have been identified and
allocated before any problems occur, the risk management will be more effective (PMI, 2004)

The purpose of risk management is to identify potential problems before they occur so that risk-
handling activities may be planned and invoked as needed across the life of the product or project
to mitigate adverse impacts on achieving objectives.(Ana D. ,2012)

Risks are associated with every project and should be identified in order to avoid negative
impacts on the overall performance. Many problems which are faced in later phases of the PLC
result from unmanaged risks from the earlier stage (Chapman and Ward, 2003).this also indicates
that risks need to be identified earlier in the project.

Effective risk management includes early and aggressive risk identification through the
collaboration and involvement of relevant stakeholders. Strong leadership across all relevant
stakeholders is needed to establish an environment for the free and open disclosure and
discussion of risk.

The earlier that risk management was used in a project, the more successful it was. It is essential
that the risks of a project be assessed at the project brief stage. Risks identified here will not only
help the production of the necessary project products, but will increase the chance of overall
project success. A significant risk that is not identified and mitigated will become a real problem
at some point during the project life cycle (Tinnirello, 2000).

Ana D. (2012) identified two distinct phases of risk identification;

 initial risk identification (for an organization which has not previously identified its risks
in a structured way, or for a new organization, or perhaps for a new project or activity
within an organization);
 on-going risk identification (which is necessary to identify new risks which did not
previously arise, changes in existing risks, or risks which did exist ceasing to be relevant
to the organization).

Kenneth F., Lloyd A. & Michael A. (2003) also suggested two possible approaches for
identifying risks (1) to identify the root causes of risk. that is, identify the undesirable events or

8
things that can go wrong and then identify the potential impacts on the project of each such
event—and (2) to identify all the essential functions that the project must perform or goals that it
must reach to be considered successful and then identify all the possible modes by which these
functions might fail to perform. The authors added that both approaches can work, but they also
pointed that the project team may find it easier to identify all the factors that are critical to
success, and then work backward to identify the things that can go wrong with each one.

In order to find all potential risks which might impact a specific project, different techniques can
be applied. It is important to use a method that the project team is most familiar with and the
project will benefit from. The aim is to highlight the potential problems, in order for the project
team to be aware of them. Authors describe many creative alternative methods.(PMI, 2004)..

Ropel E. (2011) mentioned on her study mentioned the claim by Winch (2002) that the first step
in the RMP is usually informal and can be performed in various ways, depending on the
organization and the project team. It means that the identification of risks relies mostly on past
experience that should be used in upcoming projects.

Guomin Z.(2007) listed number of researches done in the field of risk management for
construction projects, a significant outcome of which is the identification of risks that may
influence the construction project delivery. Chen et al. (2004) proposed 15 risks concerned with
project cost and divided them into three groups: resources factors, management factors and parent
factors. Through a case study on the West Rail Project of Hong Kong, Chen found that “price
escalation of material” pertaining to resource factors, “inaccurate cost budget” and “supplier or
subcontractors‟ default” pertaining to management factors, and “excessive interface on project
management” pertaining to parent factors are the most significant risks in this particular project.
Summarizing other researchers‟ work, Shen (1997) identified eight major risks accounting for
project delay and ranked them based on a questionnaire survey with industry practitioners. Shen
also proposed risk management actions to cope with these risks and validated their effectiveness
through individual interview surveys. Tam et al. (2004) conducted a survey to examine the
elements of poor construction safety management in China and as a result, identified the main
factors affecting safety performance including “poor safety awareness of top management”, “lack

9
of training”, “poor safety awareness of project managers”, “reluctance to input resources to
safety” and “reckless operation”.

Gajewska E.& Ropel M. (2011) identified that past experience and discussions were the most
commonly used techniques to identify potential risks. In fact, no time in the project was reserved
for RM and respondents declared that potential risks were handled at the time of their occurrence.
In order words, the members of the project team were not identifying risk in a structured way.
They believed that their time was used more efficiently when they worked on the actual project
instead of searching for problems. Only to a small extent were risks in the project identified by
experience. Moreover, a number of risks which are characteristic for a construction project can be
gathered in the form of a checklist and be used in future projects. Their other finding was that
discussion along with brainstorming and using previous experience, was used by the project
team.

Furthermore they identified that there is a differentiation between how risks are managed by
individuals and in a team. Individuals and their organizations most often use checklists and other
manuals while groups use discussion as the most common technique to identify risks and
problems

2.2.1.1 Methods of risk identification

Many organizations do follow risk management but hardly ever do we get to see an organization
following defined techniques to identify risks. Ana D. (2012). There are many techniques to
identify risks of which few common methods, that are identified through research review are
listed below

Brainstorming: this is a creative process that takes place among project team members after
objectives are clearly understood. When the objective is clearly understood team will collaborate
well and lists of risks will can be generated. In the session, risks that are known unknowns may
emerge, and perhaps even some risks that were previously unknown unknowns may become
known.

Experiential Knowledge: is the collection of information that a person has obtained through their
experience. Caution must be used when using any knowledge based information to ensure it is
relevant and applicable to the current situation
10
Surveys: are a technique where lists of questions are developed to seek out risk in a particular
area. A limitation of this method is that people inherently don't like to complete surveys and may
not provide accurate information.

Checklists: contains lists of hazards, risks or control failures that have been developed usually
from experience, either as a result of a previous risk assessment or as a result of past failures or
incidents.
Interviews: are an effective way to identify risk areas. Group interviews can assist in identifying
the baseline of risk on a project. The interview process is essentially a questioning process.

Delphi Technique: It‟s a type of interview The interviews are with subject matter
experts).participants comments are anonymous. It‟s used when there may be conflicts. It is Slow
and hard-working.

2.2.1.2 Risk identification gaps

Focusing on the wrong areas where risks are not usually observed and ignoring project areas
where risks are mostly involved exposes the project to impacts by unidentified major risks. such
kinds mistakes result in skipping areas that could be too risky and that could lead to total project
failure and spending too much time analysing minor risk. Mohammed Kishk1 and Chioma Ukag
(2007) also analysed a case where risky project areas were ignored and too much focus was made
on project area where there is little risk.

There are many possible risks which could lead to the failure of the construction project, and
through the project, it is very important to know what risk factors are acting simultaneously. As
stated by Raz Z.(2002), too many project risks as undesirable events may cause construction
project delays, excessive spending, unsatisfactory project results or even total failure.

2.2.2 Risk impact assessment and prioritization

Risk assessment is the way in which enterprises get a handle on how significant each risk is to the
achievement of their overall goals. To accomplish this, enterprises require a risk assessment

11
process that is practical, sustainable, and easy to understand. The process must proceed in a
structured and disciplined fashion. It must be correctly sized to the enterprise‟s size, complexity,
and geographic reach.

risk assessment follows event identification and precedes risk response. Its purpose is to assess
how big the risks are, both individually and collectively, in order to focus management‟s
attention on the most important threats and opportunities, and to lay the groundwork for risk
response. Risk assessment is all about measuring and prioritizing risks so that risk levels are
managed within defined tolerance thresholds without being over controlled or forgoing desirable
opportunities.

Develop assessment criteria. The first activity within the risk assessment process is to develop a
common set of assessment criteria to be deployed across business units, corporate functions, and
large capital projects. Risks and opportunities are typically assessed in terms of impact and
likelihood. Many enterprises recognize the utility of evaluating risk along additional dimensions
such as vulnerability and speed of onset.

Traditional risk analysis defines risk as a function of likelihood and impact. Indeed, these are
important measures. However, unlikely events occur all too often, and many likely events don‟t
come to pass. Worse, unlikely events often occur with astonishing speed. Likelihood and impact
alone do not paint the whole picture.

To answer questions like how fast could the risk arise, how fast could you respond or recover,
and how much downtime could you tolerate, you need to gauge vulnerability and speed of onset.
By gauging how vulnerable you are to an event, you develop a picture of your needs. By gauging
how quickly it could happen, you understand the need for agility and rapid adaptation.

Speed of onset refers to the time it takes for a risk event to manifest itself, or in other words, the
time that elapses between the occurrence of an event and the point at which the company first
feels its effects. Knowing the speed of onset is useful when developing risk response plans

Vulnerability refers to the susceptibility of the entity to a risk event in terms of criteria related to
the entity‟s preparedness, agility, and adaptability. Vulnerability is related to impact and
likelihood. The more vulnerable the entity is to the risk, the higher the impact will be should the
event occur. If risk responses including controls are not in place and operating as designed, then
12
the likelihood of an event increases. Assessing vulnerability allows entities to gauge how well
they‟re managing risks(Curtis, 2012).

Curtis P. (2012) illustrated an example for impact scale assigning 1 to 5. Naming each impact
scale starting from 1, incidental, minor, moderate, major and extreme. He illustrated what each of
the impacts could cause to an organization. Extreme impacts of risks could damage the financial
ability of the organization that senior managers might be forced to leave the organization. Would
be too late to take corrective actions for such kind of risks and leaders might face litigation. At
major impact risks corrective action would be possible but a huge project need to be designed to
correct the consequence. Still at this stage some senior managers might leave as they find the
projects or the organization‟s state hopeless. At a moderate stage the financial loss and the
employee turnover rate will be decrease but still high. But still employee morale might be
affected. At this stage also immediate corrective action need to be taken. At a minor and
incidental impact level the financial and other effects will be lower and easier to manage.

Risk assessment is often performed as a two-stage process. An initial screening of the risks and
opportunities is performed using qualitative techniques followed by a more quantitative treatment
of the most important risks and opportunities lending themselves to quantification (not all risks
are meaningfully quantifiable). Qualitative assessment consists of assessing each risk and
opportunity according to descriptive scales as described in the previous section. Quantitative
analysis requires numerical values for both impact and likelihood using data from a variety of
sources.

The quality of the analysis depends on the accuracy and completeness of the numerical values
and the validity of the models used. Model assumptions and uncertainty should be clearly
communicated and evaluated using techniques such as sensitivity analysis.( MITRE systems
engineers (SEs), 2017).

As Gajewska E. & Ropel M. (2011)found to manage and analyze the potential risks, the most
widely used tool was discussion. The risks were primarily managed within the actor's
organization concerning only the scope of worked assigned, then later managed and consulted
with the other members of the project team. Within the project, there had been few meetings
organized where risk issues were raised. The purpose was to consult the problems with experts
from the field in which the problem was identified. Systemizing and mapping were those only
13
techniques of handling risk used at those meetings. Furthermore, interviews revealed that
respondents were using a variety of methods to prioritize already identified risks. The most
common way was to set criteria in order to rank the most critical risks. The type of criteria used
depended on the profession of the actor. Based on the created pattern, all potential risks were then
listed and put in order. An example of the order obtained from prioritizing risks was the economy
related problems which were ranked higher in the hierarchy than the time related problems.

The other way to prioritize risks within the project was a discussion which involves more than
two actors. Most respondents declared that they use experience from previous projects to
facilitate discussions. Moreover, such discourse was used as a tool to alert other participants
about potential risks and by discussing prioritize these which had the biggest impact on the
project.

Lyons and Skitmore (2004) found that respondents were not familiar with any method used to
analyze potential risks. Overall not many practitioners in the construction industry who work
with residential projects use these structured methods. They found that intuition, judgment and
experience are the tools most often used in risk analysis while structured methods like Monte
Carlo or risk impact assessment are used only to some small extent. One of the reasons for not
using structured methods according to respondents was limited budget. Moreover. the qualitative
approach is the most common type of technique to analyze risks. At the same time, it is the
easiest tool to assess the risks, since it only includes the probability and impact assessment. There
is no need of doing complicated calculations which require i.e. computer software. The
quantitative methods are much more resource consuming and require skilled personnel and
technical equipment.

2.2.3 Risk action plan

A risk action plan is the course of action which an organization agrees upon to help them to
address potential risks. Creating a risk action plan comes at the middle of the risk management
process, between evaluation of risks and before the monitoring process. In order to develop an
appropriate risk action plan, risks must first be identified and evaluated. A plan is created to

14
ensure that the right actions are carried out in a timely manner. A plan also provides a go-to
guide, in case the “unexpected” happens. A risk action plan will provide you with strategies
which are appropriate dependent on the levels of risk which your organization faces.When
developing a risk action plan, those involved with creating the strategies must carefully consider
whether the costs incurred in preventing the risk from occurring would be less than the costs
incurred if it did occur(Forostenko P. ,2014).

2.2.4 Risk response

There are a number of possible responses to risks and as risks can be threats or opportunities
there are four risk response methods. Avoid, transfer, reduce and accept (PRINCE2 2009 Ed).

Using the acceptance strategy means that the severity of the risk is lower than our risk tolerance
level. Many of these risks cost less to fix when they occur than it would cost to investigate and
plan for them(Adeak, 2010).

when risks go above the risk tolerance maximum and something had to be done about them,
mitigation strategy will be used. Mitigation is a strategy where some work is done on
unacceptable risks to reduce either their probability or their impact to a point where their severity
falls below the maximum risk tolerance level Using the risk mitigation strategy involves taking
some money out of the contingency budget that was the expected value of the risk before
mitigation(Adeak, 2010) .

Gajewska E.& Ropel M. (2011) concluded from the interview they conducted on a certain
construction project, that the actors in the risk management process have no knowledge about
any type of response. Only few respondents gave answers which could be interpreted as
transferring risks and by this, mitigating the problem. However, discussion and checklists were
the main tools to support the actions. in this they concluded that there is also lack of knowledge
within this area. In Lyon's and Skitmore's (2004) study, Many of the respondents agreed that all
(construction) risks are manageable and therefore reduction is the best alternative.

15
2.2.5 Risk register

The purpose of a risk register is to record the details of all risks that have been identified along
with their analysis and plans for how those risks will be treated. It is the responsibility of the
project managerto ensure that the risk register is updated whenever necessary.(Chandana s.
2013).

Although there are no standards set to what a risk register components should be like, PMBOK
4th Ed. made recommendations for risk register components.(Chandana s. 2013).

Date: As the risk register is a living document, it is important to record the date that risks are
identified or modified.

Reference Number: Reference Number of the key element.

Key Element: A brief description of the key element. Except for very small projects, risk
identification becomes unproductive if we consider the project as a whole. It is much easier and
productive to break up the whole project into sections or key elements for risk identification.

Risk Group: This column is used for grouping similar risks.

Unique Identifying Number: A unique identifying number for the risk.

Risk: A brief description of the risk, its causes and its impact.

Existing Controls: A brief description of the controls that are currently in place for the risk.

Consequence: The consequence rating for the risk, using scales.

Likelihood: The likelihood rating for the risk, using scales.

Agreed Priority: Agreed priority for the risk, based on an initial priority determined from a
matrix, adjusted to reflect the views of the project team in the risk assessment workshop.

Inherent Rating: The inherent rating for the risk, if there were a credible failure of controls or
they failed to work as intended, using scales.

Action Summary: A cross reference to the action summary for the risk.

16
Responsibility: The name of the individual responsible for managing the risk.

2.2.5.1 The Importance of a Risk Register

Risk management is critical to the success of any project and must be developed during the
planning stages of the project management process. The risk register or risk log becomes
essential as it records identified risks, their severity, and the actions steps to be taken. . The
register provides a framework in which problems that threaten the delivery of the anticipated
benefits are captured. Actions are then instigated to reduce the probability and the potential
impact of specific risks. The project manager must seek input from team members as well as
stakeholders and possibly even end users. They may flag risks you haven't identified and give
other options for risk mitigation. (Linda R. , 2014).

2.2.6 The different methods of risk management

There are several methods of project risk management in common use. It is important for the
project manager, consultants, risk manger or anyone that is responsible for risk management to be
clear about what they want from the risk management and whether it will suit the organization
(Grey S. ,2007).

Grey S.(2007) has categorized methods of managing risks into six. Informal direct assessment
(subjective judgment by professionals), Check list (list of risks or risky projects), Risk Indicator
scales(scoring),Structured brainstorming and evaluation (which is a way of making the
professionals that are involved in the risk identification more focused), probability-impact
calculations and probabilistic modeling of costs, schedules and cash flows( a way of realistically
measuring the outcomes of the risks).

Guy M. and Preston G. (2004) from their experience suggested five steps of managing risk. They
recommend for risk management to be based on facts. Covering the reality and working as if the
risks don‟t exist is not a way they recommend. They adopted a model that is used to manage risks
based on facts that is called standard risk model. The five steps they mentioned are; identify risks,
analyze risks, prioritize risks, create action plans and monitor progress.

17
Medica P. (2005) identified seven crucial steps to effective risk management. Embed risk
management as an integral part of the project, identify risk, Assign ownership, estimate or
prioritize risk, analyze the risk, manage the risk, create a risk register.

Jutte B.(2015) gave ten golden rules for managing risks after fifteen years of experience in
projects. He named the steps to risk management as rules to risk management. Most of these rules
are same as the steps suggested by other authors with a little additional points. the rules are, make
risk management part of your project, Identify risks early, communicate about risks, consider
both threats and opportunities, clarify ownership issues, prioritize risks analyze risks, Plan and
Implement risk response, register project risks and track risks and associated tasks.

Kielmas M.(2017) mention one more risk management method that is rarely mentioned by other
authors. Kielmas noted risk transfer as an additional point to the usual steps to manage risks. she
mentioned six steps. Identifying risks, analyze risks, prioritize risks, create action plans, risk
transfer and monitor progress.

Different authors suggested different methods of managing risk. Grey (2007) suggested a much
different and detailed risk management method by splitting the risk identification step into two.
He putted it as two steps Informal direct assessment (subjective judgment by professionals),
Check list (list of risks or risky projects). He also added two more steps that are not mentioned
often by other authors. The steps are Structured brainstorming and evaluation and probabilistic
modeling of costs, schedules and cash flows( a way of realistically measuring the outcomes of the
risks. Although all of the steps he mentioned are important for risk management it doesn't include
the most common steps such as monitoring risk management progress and risk register.

There are seven steps that are commonly suggested by all of the authors. Those are, identify risks,
analyze risk, prioritize risks, create action plan, implement risk response, risk register and
monitor progress.

Lyons and Skitmore (2004) found in their study that many companies in the construction industry
tend to adapt risk management to only some extent. Organizations within the construction
industry do not work with risk management in such a structured way, which means that there are
some other ways of managing risks when it occurs.

18
Klemetti (2006) found that most respondents were not familiar neither with the concept of risk
management nor any methods of risk management. Risk processes and theoretical models were
totally unknown. However, on Lyons and Skitmore's study (2004)respondents declared that they
could start implementing methods, if only they had more information about them and a guide
how to use them.

2.2.7 Life cycle risk management

The use of risk management from the early stages of a project, where major decisions such as
choice of alignment and selection of construction methods can be influenced, is essential.
(Eskesen S.Tengborg P, Kampmann J &Veicherts T, 2004)

As much research suggested, addressing project risks earlier rather than later in the project life
cycle can minimize the negative consequence brought by the risks. Although it is essential to
identify risks earlier it is also important to identify possible occurrence of risks in each stage and
making appropriate actions to cope with them (Ward and Chapman, 1995; Smith, 2003).

More effective management of risks would be possible if these risks are managed from the
perspective of a project life cycle. Many risks may arise in more than one phase of a construction
project and hence they need to be considered in more than one phase.

Mohammed Kishk1 and ChiomaUkag (2007) analyzed another project where lack of risk
management throughout the execution of a project resulted in project failure. Although there was
some form of risk management process undertaken during the course of executing the project, it
was not carried out continuously throughout the project lifecycle. This led to the failure to
properly mitigate the risks. It is therefore important to undertake the risk management process
from inception to completion in any given project because of the frequently changing nature of
projects.

Some researchers investigated risk management for construction projects in the context of a
particular project phase, such as conceptual/feasibility phase (Uher and Toakley, 1999), design
phase (Chapman, 2001), construction phase (Abdou, 1996), Rather than from the perspective of a
project life cycle (Patrick X. , 2007)

19
Smith et al. (2006) in his study on construction project, found that initially, risks were rather
broad, such as the risk of misunderstanding client's requirements, not choosing the right
consultants or not achieving a good final result. The further in the PLC, the more specific the
range of the risk became, as a result of more detailed planning and design process. Therefore in
the next phase, planning and design, respondents identified shortage in resources, problems with
design or cheap solutions as those main risks. Looking further on the longest phase, project
operation, only very characteristic risks such as delays in the construction schedule or moisture
were identified. Smith et al. (2006) suggests that the nature of risks changes with the project
progress, from a broad to a narrower range of issues. Furthermore, the author implies that the
type of risk is closely associated with the type of activity undertaken in a certain phase. Gajewska
E.& Ropel M. (2011)also identified in their research that the type of risks identified differs
significantly over the various stages of the PLC.

2.2.8 Risk culture

Risk culture is a set of encouraged and acceptable behaviors, discussions, decisions and attitudes
toward taking and managing risk within an institution.

As risk is about uncertainty in facing the future, it would seem logical that a desirable risk culture
would position the organization to be proactive as an early mover that quickly recognizes a
unique opportunity or risk and uses that knowledge to evaluate its options, either before anyone
else or along with other firms that likewise seize the initiative. Such a culture would give
management the advantage of time, with more decision-making options before shifts in the
market invalidate critical assumptions underlying the strategy (Larry T., 2011).

Because risk culture often evolves as the organization evolves, it may make sense for
organizations to use self-assessment techniques, internal surveys, focus groups and other
techniques to understand the current state of risk culture in the organization. (Larry T., 2011).

Once an initial assessment of the current risk culture is completed, executive management should
consider whether any organizational changes are needed and take steps to implement those
changes as directed by the Board (Larry T., 2011).

20
Larry T. (2011) listed steps management should consider when transitioning an organization to a
desired risk culture.

Embed it in the organization : To illustrate, accountabilities for risk management and desired risk
management behaviors should be reinforced through committee charters, policies, job
descriptions, limit structure and procedures.

Make it a priority at the highest levels: Executive management must support the desired risk
culture by demonstrating the desired behaviors through their actions and decisions over time, as
well as by periodically communicating value contributed by the organization‟s risk culture.

Undertake an integrated approach: Standing alone, such programs as periodic policy

communications, awareness campaigns and training strategies are useful ways of reinforcing the
desired risk cultures for employees.

Periodically evaluate progress: Monitor employee behavior for new trends, attitudes or
perceptions requiring attention. Track quantitative and qualitative measures of an effective risk
culture.

Be alert for signs of change, for better or worse :Consider the effects of changes in strategy and
the organization as well as the occurrence of external events, including regulatory developments,
when evaluating whether changes are necessary to strengthen risk culture.

2.2.8.1 Characteristics of a Strong Risk Culture

Commonality of purpose, values and ethics: The extent to which an employee‟s individual
interests, values and ethics are aligned with the organization‟s risk strategy, appetite, tolerance
and approach.

Universal adoption and application: Whether risk is considered in all activities, from strategic
planning to day-to-day operations, in every part of the organization.

A learning organization: How and if the collective ability of the organization to manage risk more
effectively is continuously improving.

21
Timely, transparent and honest communications: People are comfortable talking openly and honestly
about risk, using a common risk vocabulary that promotes shared understanding.(deloitte.wsj.com,2013)

In principle, risk culture should not be seen as something separate from the overall culture of the
organization, and for risk to be truly embedded, it should be regarded as one element, albeit one
that currently deserves special and specific attention.(Davidson O., Mackenzie P., Wilkinson M.
and Miller R, 2012).

2.2.8.2 Importance of risk culture

All organizations need to take risks to achieve their objectives. The prevailing risk culture within
an organization can make it significantly better or worse at managing these risks. Risk culture
significantly affects the capability to take strategic risk decisions and deliver on performance
promises. Organizations with inappropriate risk cultures will inadvertently find themselves
allowing activities that are totally at odds with stated policies and procedures or operating
completely outside these policies. An inappropriate risk culture means not only that certain
individuals or teams will undertake these activities but that the rest of the organization ignores
and does not see what is going on. At best this will hamper the achievement of strategic, tactical
and operational goals. At worst it will lead to serious reputational and financial
damage.(Anderson R., 2012).

2.2.8.3 Changing a risk culture

It is possible for an organization to drive change in its risk culture. This requires a clear
understanding of the current culture and the desired „target‟ culture. It requires recognition that
this is a major change program and requires discipline to see it through. The culture change
should be treated as a change management project in its own right, with appropriate allocation of
board time and resources. A culture cannot be rewritten simply by mandating that the values or
ideology of an organization have changed.

The organization must approach the risk culture change as a project, with a set of objectives, a
design for intervention and with regular review of both progress and outcomes. Change can be
implemented by pulling on certain „levers‟ to make noticeable change in important areas.
22
Successful change ultimately requires awareness that the board itself, and the executive
management, are an integral part of the existing risk culture. Sustained change in the risk culture
needs to start at the top and may require a reappraisal of approaches consistent with bringing
greater diversity of thinking into the boardroom.(Richardson P. , 2012).

Gajewska E. & Ropel M. (2011) found in their study on certain organization that there was no
risk culture that made the stakeholders aware of proper risk management concept at all and only
few respondents were familiar with this concept and knew some of its elements. The others
described similar but not such systematized processes used in their everyday life or work
situations. In other words, risk management was not described as the structured form of
identification, analysis, response and monitor, but rather as a process of managing risk. It could
be assumed that everybody was using RM but not always was aware of it.

2.2.9 Owners role in risk management

Kenneth F. , Donald A. , Lloyd A. & David N. (2003) argued that managing risk is one of an
owner‟s most important functions in making any major project successful. They stated that from
the initial stage of the project the owner is responsible for all of the project risks, and make the
decision whether to execute the project or not.(Of course, the owner may not have a completely
risk-free strategy, because not executing the project may entail risks to the successful
implementation of the owner‟s mission or business plan.). They added owner has the ultimate
responsibility for identifying, analyzing, mitigating, and controlling project risks, including
acceptance of the project risks, or modification, or termination of the project. All of which are
project risk management activities. This is true whether the project execution is managed directly
by the owner or by contractors under the owner‟s supervision.

Furthermore, they argued since the owner organization will be responsible for many risks arising
from different sources it can delegate responsibilities such as Identification and reduction of risks
to contractors and consultants. Nonetheless, Ensuring that adequate and timely risk identification
is performed is the responsibility of the owner, as the owner is the first participant in the project.
Contractors and consultants may play major roles in identifying, analyzing, mitigating, and
controlling project risks, but project risk management is not a function that the owner can
completely delegate to contractors or to consultant.

23
2.2.10 Importance of risk management
The PMBOK Guide 4th Ed. recognises nine knowledge areas typical of almost all projects. Risk
management is one of the nine knowledge areas.

Applying principles of risk management supports the quality improvement and improves cost
estimation by identifying and mitigating potential risks before a project begins. Risk management
puts processes in place to ensure management receives organised risk information early enough
to apply corrective actions that will allow realistic schedule and cost estimates and assure
successful completion of the project (Tinnirello , 2000). Risk management principles increase
team involvement by providing a mechanism for the reporting of potential problems and
increasing the team‟s stake in the overall success of the project. The embedding of risk is a long-
term exercise to ensure that risk consideration is at the heart of the decision-making process
(Hodge, 2002). Failure to appreciate risk issues may give rise to serious consequences (Fraser &
Henry, 2007).

Mobey& Parker, (2002) suggested that, to increase the chances of a proposed project succeeding,
it is necessary for the organisation to have an understanding of potential risks, to systematically
and quantitatively assess these risks, anticipating possible causes and effects, and then choose
appropriate methods of dealing with them. To ensure that any potential risks are managed
effectively, the risk process needs to be explicitly built into the decision-making process.

Mohammed Kishk1 and ChiomaUkag (2007) concluded in their analysis that managing risks
with understanding of the identified risks and assigning ownerships to project stakeholders and
the project team, directly influences the success of project. Assigning ownerships for risks is
important. And a department or a person should be hold accountable for managing risks. So
tracing back responsibilities for risk management will not be difficult.(Chandana s. 2013).

Risk management is probably the most difficult aspect of project management. Despite its
difficulty risk management process must be taken by the project manager. Project manager must
be able to recognise and identify the root causes of risks and to trace these causes through the
project to their consequences. Furthermore, risk management in the construction project
management context is a comprehensive and systematic way of identifying, analysing and
responding to risks to achieve the project objectives (PMI, 2007).

24
Although today‟s organizations appreciate the benefits of managing risks in construction projects,
formal risk analysis and management techniques are rarely used due to lack of knowledge and to
doubts on the suitability of these techniques for construction projects.

2.2.11 Impacts of risk management failure

Ignorance of identified risks by the project managers is one of the factors why many projects are
damaged by risk consequences. Consultants sometimes identify risks and provide mitigations for
them but the attitude of project managers to manage those identified risks lead to huge amounts
of cost overruns and delays. Kishk M. and Ukag C. (2012) have analysed a particular project that
this situation has been evidenced with huge cost overrun and schedule delay. The project
manager did not adhere to the risk report submitted nor did he have a visible risk management
plan of his own.

Cost of risk is a concept many construction companies have never thought about despite the fact
that it is one of the largest expense items (Cavignac J,2009). Risks and uncertainties, involved in
construction projects, cause cost overrun, schedule delay and lack of quality during the
progression of the projects and at their end (Wysocki RK, 2009). As stated by (Baloi and Price,
2001) poor cost performance of construction projects seems to be the norm rather than the
exception, and both clients and contractors suffer significant financial losses due to cost overruns.

Simon J, (2002) mentioned three cases that were investigated by UK government‟s National
Audit Office. One was erection of British library building project where a more than three times
of the original budget was spent to complete the project. The second case was when a hospital
redevelopment project was undertaken. The project doubled its original budget. The house of
parliament was the third case that was investigated which was completed with a cost two times
more than the original budget. The NAO claimed poor risk management is the reason behind all
the three cases. Unrealistic estimation together with problem of risk identification resulted the
cost overruns. They recommended that proper risk analysis should be done that could lead to
realistic estimations.

Aibinu and Odenyinka (2006) investigated and assessed the causes of delays in building projects
in Nigeria. The authors pointed the poor risk management as one of the principal delay factors

25
and concluded that actions and inactions of construction project participants contribute to overall
project delays.

Different researchers looked at different aspects of risk management on construction projects.

This research will find out the common kinds of risks in the construction industry, identify the
intensity of their impacts, asses the current practice of risk management in the industry and
recommend ways of improvements

26
 2.3 Conceptual frame work
There are different risk management methods suggested by several authors. This study, from its
research review, will take the common steps of risks management and measure the method of risk
management used by the organization under study accordingly. Also the study considers
managing risks throughout a project life cycle, as a major success factor for risk management.
Furthermore organizations risk culture involves each individual in the organization in risk
management. And lessens the probability of risk occurrence plus makes the risk management
process transparent and easy.

Therefore the study takes the above mentioned three points as anchors to strong risk
management. And to a bigger point the study accounts strong risk management as a major factor
to project success.

Project success

Strong risk management

Risk management method Risk culture Life cycle Risk Management

Implementing structured RMS
Risk identification Design framework for RM Detail risk identification at y
initial stage
cycle risk nagement
Impact assessment Integration into organizational
process Analyze risks at the review of
Prioritization each phase
Establishing internal
communication and reporting
Create action plan mechanisms
Implement response
Implementing structured RMS
Register risks

Monitor risks Monitor and review the frame

work

27
Chapter III

Research Methodology

3.1 Research design

This research is a case study. To examine the current risk management practice of construction
projects the study applied descriptive design. Descriptive studies are aimed at finding out
"what is,". it involves gathering data that describe events(Glass & Hopkins, 1984). This design
was chosen because this study aims to identify and describe the risk management practice of
Addis Ababa saving houses development enterprise.

3.2Data collection, measurement & research variables

The research variables are method of risk management, lifecycle risk management and risk
culture. The variables measured the risk management practice of Addis Ababa saving houses
development enterprise. And the variables also determined if further works need to be done on
the risk management practice of the organization.

The questionnaire was developed following the research questions. Part of the interview
questions were adopted and a bit modified in a way that it fits the organization under the study.
interviews were conducted to get detailed and supporting information in addition to the
questionnaire responses.

Survey method was used and the questionnaires were distributed to 55 participants. The interview
question was prepared for senior managers that were 5in number.

3.3 Population and Sampling technique

The research is done on Addis Ababa Saving Houses Development enterprise (40/60 housing
project) branch two. This is done because of the Saving Houses Development enterprise has four
branches under it and data collection would not be manageable to due to its size. The second
reason is most of the projects under this branch are finished or in the completion stage. Therefore,
it made the data and study conclusion more complete.

28
The total number of stakeholders involved in the project and risk management process are 64. 46
contractors,3consultants,5 top level managers and the rest are employees that are directly or
indirectly involved in the risk creation and management process of the projects. Those are site
engineers, office engineers, Forman, contract administrator and project coordinator.As
preliminary interview with few senior managers, Consultants play the role of connecting the
client and contractor and filling the gap where ever they are needed. They are also responsible for
quality assurance. The 46 contractor hire professional project managers with qualifications set by
client. Therefore, project managers are highly involved in the risk management than the
contractors. Senior managers delegate responsibilities to consultants and contractors but they are
still responsible to supervise their actions and make decisions. Therefore, the population in the
study was carefully picked to satisfy the objective of the study.

The sample size is 55 calculated using sample size calculator software with Confidence level
95% and confidence interval 5%. source:www.raosoft.com. From 55 participants 5 top level
managers were selected for interview to assess the risk culture of the organization. And
questionnaire was distributed to 55 people.

3.4 Validity and reliability

 Questionnaire and interview questions were prepared in a way that is closely related to
research question.
 Appropriate and careful data collection method was used.
 The likert questionnaire was developed following research questions and the interview
questions were adopted and modified to fit the purpose of the study.

Reliability Statistics

Cronbach's N of Items
Alpha

.848 43

As it can be referred from the above table, the reliability of the likhert scaleQuestionnaire was tested for
43 variables usingcronbach's alpha and it resulted .848.
29
3.5 Ethical issues
 Respondents were treated with at most respect.
 Questionnaires were distributed and interviews were made based on complete willingness
of respondents.
 Respondents were free from any risks.
 The purpose of the study was clearly communicated to respondents.

3.6 Data analysis method

The data is analyzed by descriptive analysis using SPSS software.The data collected from the
questionnaires is measured by ordinal scale and analyzed quantitatively and is illustrated using
tables. Data obtained from interviews and open ended questions is analyzed qualitatively and is
used to support the quantitative data and to get more insight about the data from the
questionnaire.

Applying the above method was helpful to assess the risk management practice of construction
projects, in the specific case of the organization under my Addis Ababa Saving Houses
Development Enterprise.

30
Chapter IV

4. Data interpretation and analysis

4.1 List of participants

From the 55 questionnaires that were be distributed 38 were returned. This was mainly because
most of the participants were not available around the organization at known interval/time or
difficult to track and collect all the questionnaires and as they travel from site to site
questionnaires were missing. Due to meetings and site visitations from the five top level
managers 2 were available and willing to cooperate. Data analysis was based on the data from the
38 questionnaires and interviews with the 2 top level managers.

As mentioned above, the data is collected from the following participants.

Table 4.1. list of participants

Position
Frequency Percent Valid Percent Cumulative Percent
project manager 22 57.9 57.9 57.9
site engineer 5 13.2 13.2 71.1
Consultant 2 5.3 5.3 76.3
office engineers 2 5.3 5.3 81.6

Valid contract administration officer 1 2.6 2.6 84.2

General Forman 3 7.9 7.9 92.1
project coordinator 2 5.3 5.3 97.4
senior input control 1 2.6 2.6 100.0

Total 38 100.0 100.0

31
4.2 Risk management process of Addis Ababa Saving Houses
Development Enterprise

4.2.1 Risk identification process

Table 4.2.1. Risk identification process

Agree Strongly Neutral Disagree Strongly

agree disagree

Risks are identified at initial

stage of the project or early 42.1% 15.8% 10.5% 28.9% 2.6%
in the project
The risks are identified
42.1% 5.3% 10.5% 39.5% 2.6%
when their effects are seen
When identifying risks our
focus is on the areas highly 52.6% 28.9% 7.9% 7.9% 2.6%
vulnerable to risk
There is lack of
professionals to identify 36.8% 26.3% 0.0% 26.3% 10.5%
risks early.
The factors causing the
risks have been identified in
31.6% 18.4% 13.2% 28.9% 7.9%
order to eliminate the risks
from occurring.
Identified risks are
documented to be used for 50.0% 26.3% 5.3% 10.5% 7.9%
future projects
Risks are identified when
they come or when their
31.6% 13.2% 10.5% 42.1% 2.6%
impact is seen or felt by the
project
The factors causing risks
are registered to be 31.6% 15.8% 10.5% 31.6% 10.5%
eliminated for future projects

32
The common kinds of risks
a construction project faces
47.4% 23.7% 10.5% 10.5% 7.9%
is registered to identify the
common kinds of risks
Identifying common kinds of
39.5% 57.9% 0.0% 2.6% 0.0%
risks helps the project.
We use a structured and
formal risk identification 26.3% 7.9% 28.9% 31.6% 5.3%
method
We identify risks by
47.4% 36.8% 10.5% 5.3% 0.0%
experience
We identify risks by
15.8% 7.9% 18.4% 36.8% 21.1%
guessing
Our risk identification
36.8% 13.2% 21.1% 21.1% 7.9%
method was successful

Source: Own survey, 2017

According to the information gathered from the interview the client forces the contractors to hire
a professional and experienced project managers. This is done as per the detailed requirements
listed in the contract between the client and the contractor. Also the client over sees the capacity
of other personnel. Therefore, although the organization doesn't have a separate risk manager and
risk department that is sole responsible for managing risks, the project managers tried to manage
risks using their experiences and expertise. As it can be referred from table 4.2.1 above, 42.1%of
the respondents agree, 15.8% strongly agree,10.5% are neutral,28.9disagree,2.6% strongly
disagree that they identify risks at the initial stage or early in the project. Overall, this shows that
risks are identified at the initial stage of the project. Identifying risks from the initial stage of
project is most important activity in risk identification. It helps to warn the stakeholders whether
the project is vulnerable to risks and if it needs proper attention.Although we can say that the
majority of the projects identified risks from their initial stage large sum also responded that they
fail to identify some risks early in the projects and face bad consequences. This is because as per
the data from the interview, despite Stakeholder's effort to identify risks early some high impact
unidentified risks were experienced frequently. This shows that proper identification method was
not employed. It's also the case that risk department or risk manager that is dedicated for risk
management is creating problem and is increasing the occurrence of unidentified risks. The

33
respondents mentioned that these unidentified risks had a severe impact. It had all financial,
schedule and quality impacts.

Not few respondents also responded that they identify the risks as they occur. This was mainly, as
per the respondents, because there is lack of risk management understanding or absence of risk
management expert in the enterprise and also project manager's negligence to incorporate detail
risk aspect in the plan. Furthermore, there is also lack of awareness on the importance of proper
risk management. 42.1%agree, 5.3%strongly agree, 10.5% neutral, 39.5% disagree and 2.6%
strongly disagree that they manage risks as their effect is seen.

52.6% agree,28.9 strongly agree,7.9%neutral,7.9%disagree and 2.6%strongly disagree that they

focus on vulnerable areas to risk. This could be related to the experiences of the stakeholders and
especially the project managers. As it can be referred fromtable 4.2.1, more than 3/4of the
respondents responded that they identify risks by experience. From their experiences project
managers and stakeholders identified areas highly vulnerable to risk.

As mentioned repeatedly throughout this study the organization under this study has no risk
management department or risk manager dedicated for its projects. this fact is also supported by
the respondents. 36.8% agree, 26.3% strongly agree, 0%neutral, 26.3 disagree 10.5 strongly
disagree that there islack of experts to identify risks.

Identifying the factors that are causing the risks help to eliminate or reduce the probability of the
risk occurrence. According to the data from the table the majority of the respondents has put that
they identified factors causing the risks. 31.6% agree,18.4% strongly agree,13.2% neutral,
28.9%disagree and 7.9 strongly disagree. The respondents also mentioned that these factors
change frequently due to several reasons. Too many stakeholders are involved in the projects
which made risks to rise from here and there. Technological change, environmental change
etc..also account for the frequent change of risk factors. But involvement of many stakeholder
was mentioned by many respondents as main contributor.

50%of the respondents agree, 26.3%strongly agree, 5.3 neutral, 10.5 disagree and 7.9 strongly
disagree that the identified risks were documented. As mentioned above it can be said that the
expertise of the project manger contributed to this. Documenting the risks needs understanding

34
the importance of risk management. Undocumented risks could easily be forgotten. Documenting
risks will make future risks identification process quicker, cost effective and efficient.

Identifying factors that are causing the risks is one step of eliminating risk occurrence and
documenting these factors will minimize time and cost spent in factors identification for future
projects. The majority of the respondents also responded that they document the risk causing
factors. Additionally they mentioned even though there is no separate document to register the
factors, theyare found in weekly, monthly and quarterly reports. 31.6% agree, 15.8% strongly
agree, 10.5 neutral, 31.6%disagree and 10.5 strongly disagree that they register the factors.

47.4% of the respondents agree, 23.7strongly agree, 10.5% neutral, 10.5% disagree and 7.9
strongly disagree that they identify and document common risks a construction project faces. As
the risks factors, these common risks are also found in the reports and project documents.

To assess what benefits the documentation of common risks brought, respondents were asked
whether the documentation helped the projects or made no change. 39.5 % agree, 57.9% strongly
agree,0% neutral, 2.6%disagree and0%disagree that documentation of common risks help.

There are several formal risk identification methods mentioned in the theory part of this study.
Majority of the respondents responded that they don't employ these formal identification methods
rather they mentioned they mostly use weekly performance review meetings to collect different
suggestions from employees about risks. And also they use their experience to identify risks but
are not aware of the different scientific risk identification methods. Therefore, 26.3% agree, 7.9%
strongly agree, 28.9% Neutral, 31.6% disagree and 5.3% strongly disagree that they use formal
risk identification method.Mostof the respondents that responded neutral mentioned that they
responded neutral because they didn't understand what the risk identification techniques are.
Therefore their responses can be summed up with those that responded they don't have formal
risk identification method.

47.4% of the respondents agree, 36.8% strongly agree, 10.5% neutral, 5.3% disagree and 0%
strongly disagree that they identify risks using their experience. As it can be referred from the
percentages they mostly rely on their experiences to identify risks. Sometimes depending on
current situation of projects project managers, consultants or other stakeholders guess project
risks even though this is not a recommended method. Therefore, it was assessed if this method is

35
employed by the projects.15.8%agree, 7.9% strongly agree, 18.4% neutral, 36.8% disagree and
21.1% strongly disagree that they use guessing to identify risks. This shows that guessing risks is
not a widely used method by the projects.

36.8% agree, 13.2% strongly agree, 21.1% neutral, 21.1% disagree and 7.9% strongly disagree
that their risk identification method was successful. Almost half of respondents believe that the
risk identification method they use was successful. As per the respondents, even though formal
identification method will avoid financial, schedule and quality impacts that results from
identification gaps, using experiences is also helping the projects to a high level as some risks
come repeatedly from projects to projects. The other respondents mentioned relying on
experiences shouldn't cover the fact that there are still major financial ,schedule and financial
impacts resulting from informal and disorganized risk identification method is currently being
used.

Common risks the project faces are also identified through interview. supply risks, supply
quality, contractor and consultant capacity, price risks, soil quality risk, infrastructural risk( road
light and water facilities), risk created by mother nature, residents claiming the land after the
work is started, unfinished license for the project and the risk of contractors leaving in the middle
of project due to payment problems.

4.2.1.1 Impacts of poor risk identification

Table 4.2.1.1 identification impacts

Agree Strongly Neutral Disagree Strongly

agree disagree

The project have

experienced two or more
34.2% 18.4% 15.8% 31.6% 0.0%
unidentified risks coming at
same time.
The unidentified risks are
44.7% 42.1% 5.3% 7.9% 0.0%
usually with high impact
the risks we face change
44.7% 15.8% 28.9% 10.5% 0.0%
frequently

36
we have experienced lose of
money quality, etc...by not
60.5% 31.6% 2.6% 5.3% 0.0%
identifying risks before they
come, and by not preparing.

Source: Own survey, 2017

Even though the respondents responded that they identify the risks at the initial stage of the
project, the identification was not done by risk experts which led to the occurrence of
unidentified high impact risks. More than one unidentified risks threatened the project the
respondents briefly explained that the unidentified risks resulted in financial, schedule and
especially quality impacts. Quality of the supplies was compromised to minimize the cost and
schedule impacts. 34.2% agree,18.4% strongly agree, 15.8% neutral, 31.6 disagree and 0%
strongly disagree that they faced two or more unidentified risks coming at the same time.

Also to show the intensity of the impact unidentified risks create, respondents were asked to
determine if the unidentified risks they face were of high impact. As mentioned above the
projects face two or more unidentified risks coming at the same time. And if these risk are of high
impact, we can say that the projects are suffering from identification problem. 44.7% agree,
42.1% strongly agree, 5.3% are neutral, 7.9 disagree and 0% strongly disagree that the
unidentified risks are usually with high impact. The respondents added some easily identifiable
risks bring great damage to the project because efforts were not made to deeply investigate their
existence. The absence of risk manager and risk experts that are dedicated for this task is the
main reason for this.

The respondents and even the senior managers mentioned that they use their experience to
manage risks because some risks repeat themselves. But respondents also mentioned that the
involvement of multiple stakeholders has made the nature of the risks to change frequently.
Therefore, a more detailed and focused approach need to be taken to control the risks. As it can
be referred from the literature review of this study, Ownership and accountability for risks should
be created to control risk. 44.7 agree, 15.8% strongly agree, 28.9% neutral, 10.5% disagree and
0%strongly disagree that the risk they face change frequently.

Overall. Despite their effort to identify risks early, lack of experts has made some risks to go
unidentified. The respondents admitted that they need a more organized risk management system.

37
Currently everybody try to manage risks on top of his/her basic job. This as the respondents
mentioned, created loose management of risks. Respondent admitted that absence of risk
management plan and the existence of unidentified risks caused financial, schedule and quality
impacts. 60.5% agree, 31.6% strongly agree, 2.6% are neutral, 5.3% disagree and 0% strongly
disagree that they have experienced the above mentioned losses by their risk identification and
their preparation system.

Gajewska E.& Ropel M. (2011) also found the same result as in the analysis above. In their
investigation the identified that past experience and discussions were the most commonly used
techniques to identify potential risks. In fact, no time in the project was reserved for RM and
respondents declared that potential risks were handled at the time of their occurrence. In order
words, the members of the project team were not identifying risk in a structured way. They
believed that their time was used more efficiently when they worked on the actual project instead
of searching for problems. Their found that discussion along with brainstorming and using
previous experience, was used by the project team.

4.2.2 Impact assessment

Table 4.2.2 Impact assessment process

Agree Strongly Neutral Disagree Strongly

agree disagree

We react fast to identified

risks (asses impacts of 42.1% 18.4% 23.7% 13.2% 2.6%
identified risks fast enough)
We assess impacts of
63.2% 13.2% 18.4% 5.3% 0.0%
identified risks
We assess risks using
formal method. for example
36.8% 10.5% 15.8% 34.2% 2.6%
by calculating impact
&likelihood of risks.
We assess risks impacts
57.9% 31.6% 5.3% 2.6% 2.6%
using our experience
Risk impacts are guessed 23.7% 5.3% 13.2% 44.7% 13.2%

38
 The risks assessment
technique we used was 42.1% 7.9% 18.4% 31.6% 0.0%
effective or successful
We analyze low impacted
risks thinking if when
situations change in the
44.7% 18.4% 15.8% 18.4% 2.6%
future, they might create
high risks. we don't simply
accept them as small risks.
We have lost money .time,
quality etc..because we
44.7% 42.1% 0.0% 13.2% 0.0%
didn't asses impact of
identified risks.
There are lack of
professionals to assess 34.2% 21.1% 0.0% 44.7% 0.0%
impact of risks
There is no need for
professionals and proper
risks assessment we are
7.9% 10.5% 0.0% 50.0% 31.6%
doing good without
professionals and structured
impact assessment
We study the vulnerability
of the project. (to check if it's
a kind of project sensitive to
even small impact risks. we
study if the project will be 36.8% 7.9% 28.9% 26.3% 0.0%
highly damaged even by
insignificant or small impact
risks or if it will survive even
through high impacts
When we identify risks, we
analyze the time gap
between the risk happening
and the organization seeing 39.5% 10.5% 18.4% 26.3% 5.3%
the effect. so we know
exactly the damage created
by existing but unfelt risks

Source: Own survey, 2017

39
As mentioned in the literature review section of this study,after risk identification assessing their
impacts and determining what to do with them is the next step. Impact assessment need to be
taken fast enough in order to minimize the risk impacts. Therefore, it was assessed if risks were
treated same way in the construction organization under study. 42.1% agree,18.4% strongly
agree, 23.7% are neutral, 13.2% disagree and 2.6% strongly disagree that they react fast enough
to identified risks. This shows that majority of the respondents agreed that they do the impact
assessment fast enough. This is because as the contractors and project managers mention on the
interview, since the impact assessment is not done in a scientific way it doesn't take much time.
They simply use their experience to determine which risk will have higher negative impact and
which will not. Sometimes they share experience with other organizations and projects. Same
way 63.2% agree, 13.2% strongly agree, 18.4% are neutral and 5.3 disagree and 0% strongly
disagree that they do impacts assessment on identified risks. even though they use their
experiences and not scientifically proven and proper assessment techniques, they explained that
they assess current situations and past situations and also share the opinion of other project
managers and companies to judge risk impacts.

Most of the respondents explained that they don't understand what formal or proper risk
assessment should be like. They do probability and impact assessment but not scientifically. they
simply use their experience to judge the probability of risks. Therefore, 15.8 % of respondents
responded neutral because they don't understand formal assessment method and the 36.8% that
agree and the 10.5% that strongly disagree are those that thought that using experiences and
judging impacts is formal impact assessment. the rest 34.2% that disagree and 2.6% that strongly
disagree because they don't think their way of assessment is not showing the needed result and
those that believed it needs to be improved and so they disagreed that they have formal impact
assessment method. Almost all of the respondents don't have detail understanding of
scientifically proven impact assessment methods. Thus, we can say that their overall risk
assessment technique is not formal and structured.

As repeatedly mentioned the project managers and consultants assess impact of the project risks
using their experiences. The respondents explained that they use guessing impacts very rarely
when they face unique risks and due to negligence of project managers. therefore, 57.9% agree,
31.6% strongly agree, 5.3% are neutral, 2.6% disagree and 2.6 strongly disagree that they use
40
their experience to assess impacts of risks. And 23.7% agree, 5.3% strongly agree, 13.2% are
neutral, 44.7% disagree and 13.2 strongly disagree that they use guessing to asses impacts of
risks.

The respondents believe that the project benefited from their experience of managing projects.
They said that the project would have suffered greatly have they not used their experience to
identify high impact risks and take action. Given the working situation and the expert provision
the project managers believe that they have so far assessed risk impacts successfully. But they
also admitted that there is lack of understanding in the technicality of the risk impact assessment
process and is negatively and highly affecting the projects in quality schedule and financial
aspects. They believe hiring risk experts or training existing employees should really be
considered. Thus as it can be referred from above table, 42.1% agree, 7.9 strongly agree,18.4%
are neutral, 31.6% disagree and 0% strongly disagree that their impact assessment method was
successful.

44.7% of the respondents agree, 18.4% strongly agree ,15.8 are neutral, 18.4% disagree and
2.6% strongly disagree that they analyze low impact risks deeply thinking that they might create
high impact as the project progresses. they mentioned that they do this by collecting opinions at
performance meetings. They also added they don't do it in an organized manner and it needs
adjustment.

44.7% of the respondents agree, 42.1% strongly agree,0% are neutral, 13.2% disagree and 0%
strongly disagree that they faced financial, schedule and quality impacts as a result of their risk
assessment method. This shows that more than 80% of the respondents agree that their impact
assessment method is costing the projects. This also indicates that, even though the project
managers and consultants believe their experience is helping them a lot, their lack of in-depth risk
management understanding has still created a gap.

The above statement can also be supported by the respondent‟s response that there is lack of
professionals to do the risk impact assessment. 34.2% agree, 21.1% strongly agree, 0% are
neutral, 44.7 disagree and 0% strongly disagree that there is lack of professionals to assess the
risk impacts. more than 50% of the respondents agreed that there is lack of professionals to do the
risk impact assessment. this shows no matter how experienced the project manager and the
consultants are the risk assessment process should still be done by professionals. and the all the
41
existing financial schedule and quality impacts can be highly reduced as the risk experts are
involved.

The respondents highly supported the need for risk management professionals. it was assessed if
the respondents think there is no need for professionals and 7.9% agree, 10.5 strongly agree,
0%are neutral, 50% disagree, 31.6% strongly disagree. They said they suffered from high
financial, schedule and quality impacts as a result of risks and professional risk managers with
experience on risk management is needed.

As mentioned in the literature review section of this study, assessing the vulnerability of projects
help to check if the project is a kind of project that sensitive to even small impact risks. if the
project will be highly damaged even by insignificant or small impact risks or if it will survive
even through high impact. this is part of the impact assessment process. Respondents were also
assessed if they assess the vulnerability of projects and 36.8% agree, 7.9% strongly agree, 28.9%
are neutral, 26.3% disagree and 0% strongly disagree. the respondents added that they don't
know the technical term(vulnerability) assessment and thus responded as neutral. some said they
perform then assessment during initial project meetings but there is not focused discussion on the
issue. the rest explained that they simply manage risks as they come and don't do such detailed
assessment. Therefore, their overall response indicates that they don't do proper project
vulnerability assessment

The other thing mentioned in the literature review section as an impact assessment criteria was
analyzing the time gap between the risk happening and the organization seeing the effect. This is
done to determine exactly the damage created by existing but unfelt risks. Such analysis requires
deep understanding of risks and their impacts. And the organization under study has no
professionals with such understanding. Although the respondents admitted the activity is not done
with required detail, some said that from their experience they identify such gaps. The rest of the
respondents say that they don't have knowledge of such concept.Thus,39.5% of respondent
sagree, 10.5% strongly agree, 18.4% are neutral, 26.3% disagree and 5.3% strongly disagree that
they analyze the time gap between the risk happening and the organization seeing the effect.

In their study Lyons and Skitmore (2004) also found that respondents were not familiar with any
method used to analyze potential risks. Overall not many practitioners in the construction

42
industry who work with residential projects use these structured methods. They found that
intuition, judgment and experience are the tools most often used in risk analysis.

4.2.3 Risk prioritization

Table 4.2.3 Prioritization process

Agree Strongly Neutral Disagree Strongly

agree disagree

we prioritize risks before we

57.9% 23.7% 0.0% 13.2% 5.3%
take action on them
we prioritize risks based on
34.2% 7.9% 15.8% 36.8% 5.3%
budget available
we prioritize risks based on
50.0% 15.8% 10.5% 15.8% 7.9%
their impacts
we are successful by our
42.1% 15.8% 10.5% 23.7% 7.9%
prioritization method

Source: Own survey, 2017

Majority of the respondents agreed that they prioritize the risks they assessed. The majority
represent the 57.9% respondents that agree, and 23.7% strongly agree. 0% were neutral.13.2% dis
agree and 5.3% strongly disagree. They also agreed that they prioritize the risks based on impact
more than based on budget. This shows that they followed risk management process if the risk
impacts are assessed properly. But based on the above impact assessment analysis, the
respondents admitted that they faced financial, quality and schedule impacts as a result of their
impact assessment method. This is mostly because they use their experience rather than proper
assessment techniques to assess impact of identified risks. They also responded that they
prioritize risks based on budget. This also shows, and as identified from the interviews, that there
is problem on getting budgets as fast and as needed. As a result, the risks that can be taken care of
by the fund on hand will be taken care of first. Therefore, 34.2% agree, 7.9% strongly agree,
15.8% are neutral, 36.8% disagree and 5.3% strongly disagree that they use available budgets as a

43
basis for prioritizing impacts. And 50.0% agree, 15.8% strongly agree, 10.5% are neutral, 15.8
disagree and 7.9% strongly disagree that they use risk impacts to prioritize risks.

42.1% agree, 15.8 strongly agree, 10.5% are neutral, 23.7% disagree and 7.9% strongly disagree
that their prioritization method was successful. The respondents added they believe that their
method was successful because they did what they can regardless of the existing system provided
to them and using their experience. They also admitted that they were affected negatively by the
existing prioritization technique because it is constrained by the little understanding of risk
concept and the availability of funds. They said it will be better and will minimize financial
quality and time loss if it‟s done by professionals and following proper scientific method.

4.2.4 Risk response planning, management, monitoring and Risk register

practice

Table 4.2.4.risk response planning, management, monitoring and risk register process

Agree Strongly Neutral Disagree Strongly

agree disagree

We create action plans

36.8% 21.1% 13.2% 21.1% 7.9%
before we respond to risks.
We carefully analyze which
risks to transfer, mitigate, 47.4% 31.6% 10.5% 7.9% 2.6%
avoid or accept
Risk management or
response is carefully 42.1% 28.9% 7.9% 15.8% 5.3%
monitored
Risk register is created with
26.3% 18.4% 28.9% 18.4% 7.9%
its appropriate contents

Source: Own survey, 2017

36.8%, of the respondents agree, 21.1% disagree, 13.2% are neutral,21.1% disagree and7.9%
strongly disagree that they create action plans before they respond to risks. They project

44
managers explained that with the help of the consultants they tried to plan what to do with each
identified and assessed risk.

Most of the respondents also agreed that they carefully analyse their risk response method. They
explained on the open ended questions that they transfer design issues to consultants, bond risks
to banks, and safety risk to insurances. They accept small impact risks , try to mitigate risks as
per their impact level. Hence, 47.4%of the respondents agree, 31.6% strongly agree, 10.5% are
neutral, 7.9% disagree and the 2.6% strongly disagree that they carefully analyse their risk
response method.

41.1% agree, 28.9% strongly agree, 7.9% are neutral, 15.8% disagree and 5.3% strongly disagree
that they carefully monitor the risk response. Table 4.2.1 shows that most of the respondents are
project managers and they explained that from their experience they know what could wrong and
how lightly stakeholders might take identified risks. Therefore, monitoring implementation of
risk responses is done well in their projects.

26.3% agree, 18.4% strongly agree, 28.9% are neutral, 18.4% disagree and 7.9% strongly
disagree that they created risk register with its appropriate contents. Respondents explained in the
open ended questions that they don‟t understand the term risk register and that there is no such
habit in the projects. But since the constituents of risk register are mentioned in the question they
identified some and explained that they include list of risks they face, their description, their
impact and how they are managed in reports. But there is no separate document to register risks.
They further explained that they responded as neutral because they are not aware of the concept
and even those that responded agree thought that registering risks in different document can be
counted as risk register. I have identified all of this during data collection and interview.
Therefore, their responses are analysed as if they responded disagree and that they have no
practice of creating risk register.

45
4.3 Life cycle risk management practice

Table 4. 3 life cycle risk management

Agree Strongly Neutral Disagree Strongly

agree disagree

Risks are identified and

managed through the 47.4% 23.7% 13.2% 15.8% 0.0%
project life cycle
New risks arise at different
57.9% 31.6% 2.6% 7.9% 0.0%
stage of the project
Risks change in their impact
through the project. some
risks even disappear or 63.2% 23.7% 2.6% 10.5% 0.0%
become small impact and
some will become damaging
We try to identify and
reduce risks in our everyday 55.3% 23.7% 7.9% 13.2% 0.0%
work

Source: Own survey, 2017

The other thing assessed was if the projects manage risks throughout the project life cycle. 47.4%
agree, 23.7% strongly agree, 13.2% are neutral, 15.8% disagree and 0% strongly disagree that
they identify and manage risks throughout the project life cycle. More than 60% of the
respondents agree that they manage risks throughout project life cycle. Respondents explained
that risk arise at each stage of the project. they added the phase where many risk arise is at the
initial stage of project. They said they face high risk at excavation stage and earth work and that
they try to manage these risks discussing with other stakeholders on meetings. but the rest of the
respondents explained since there is no tradition to incorporate risks in detail in the plan, it
creates managing problem throughout the project life cycle. Therefore, the risks are identified as
they come throughout the project lifecycle and the timing of their identification has affected the
projects highly. They also argued that trying to manage risks at each stage of the project takes
time and affects project completion time. Since, there is no dedicated person or team for risk
management, workers manage risks on top of their basic work. This puts additional work on them
46
and will demoralize the workers. Therefore, they admitted that they manage risks as they come
throughout the project lifecycle and it should be kept this way until a dedicated department is
created.

When respondents were asked if risks arise at different stage of the project, 57.9% agree, 31.6%
strongly agree, 2.6% are neutral, 7.9% disagree and 0% strongly disagree that risks arise at
different stage of the project. This shows that close to 90% of the respondents agree that risks
arise at different stage of the project. Thus, identifying risks at the initial stage of the project only
is not enough. Risk management should be done throughout the project lifecycle. Respondents
mentioned that as the project progresses the number of risks increase. But it takes time to perform
risk management activity at each stage. This can be attributed to the lack of risk professionals. If
there were dedicated professionals, their main focus would only be on risks and risk management
will not take other stakeholder‟s time. But in the existing situation everybody is performing risk
management on top of their basic activity which added burden on the employees.

Respondents were also asked if the impacts of risks change throughout the project life cycle.
63.2% of the respondents agree, 23.7% strongly agree, 2.6% are neutral, 10.5% disagree and 0%
strongly disagree that risks change in their impacts throughout the project lifecycle. More than
85% of the respondents agreed that the risks change in their impacts throughout the project
lifecycle. This shows that there need to be continuous follow up on pre identified risks as they
impact changes throughout the project life cycle.

Respondents were asked if they try to identify and reduce risk in their every day work. 55.3%
agree, 23.7% strongly agree, 7.9% are neutral, 13.2% disagree and 0% strongly disagree. There is
some degree of risk management understanding developed in the enterprise as a result of
conducting risk management trainings three times and consulting with high scholars from Addis
Ababa university at head office level. Employees have a general but not deep understanding of
risk issue. They try to raise risks they face in weekly meetings. Therefore they somehow perform
their daily activities being risk conscious. But there is no deep understanding of from where risks
could arise what are the signs, how it can be solved fast etc... There are gaps created as a result of
not having a dedicated and professional risk manager solely responsible for risk management.

47
4.4 Risk culture of Addis Ababa Saving Houses Development Enterprise

As per the date collected from interview, The Addis Ababa Saving Houses Development
Enterprise has no risk management department or dedicated risk manager. Lack of proper
attention and understanding of risk management importance has created this problem. But there is
some attempt made by the planning team to incorporate risk aspects into the pan although it lack
details and clarity.
There are no proper follow ups made by the management to check the current level of risk
understanding in the organization. The management mentioned an attempt was made to
incorporate risk into the minds of the workers is in the Planning work that is done twice a year.
It is mentioned in the literature review of this section that rewarding employees as per their risk
management performance will motivate them, raise healthy competition among workers and
strengthen the risk culture of the enterprise. Regarding this aspect, the managers explained that
sometimes as general best performer employees are rewarded but it employees rarely been
recognized for managing risk. It‟s not a tradition in the enterprise.

Recently, project managers and consultants started training employees not formally but sharing
their experiences alarming employees which risks are common whish are not and their impacts.
Sine it‟s a government enterprise there are some tight working procedures that hinders employees
from getting their answers fast regarding risk. Despite the structure employees raise the risks they
are facing and suggest way out. The employees try to solve the risks they face by themselves and
bring it to meeting and report to consultants when it is out of their control.

Three times trainings were given by international project organizations and high scholars from
Addis Ababa University to contractors and consultants. After the training some improvements are
witnessed. The general understanding of risk management increased, the concept become more
familiar and there was thinking spread across the enterprise that there are ways of managing risk
other than the ways they are following. The communication about risk aspects increase and even
adjustments were made in planning to incorporate risk in detail. But the senior managers also
mentioned that it still needs work. Follow up after training need to be done and a department of
its own needed to be created.

48
Employees are encouraged to share their concerns regarding risk, there are weekly meeting where
such kind of issues can be raised. But sometimes due to government working situations there
demand might not be answered fast and this discourages them. No matter how the working
environment ties them employees never hesitate form raising any risk issue they face.

There are no procedure as to who, when, what and when can manage risk. No authority
assignments to dictate employees to managing risk at their everyday work. This creates a big
communication gap and lags risk response or actions.

Different risk response mechanisms are used. Risks such as bond risk are transferred to
insurance. Quality risks are transferred to consultant. As they are the ones responsible for quality
assurance. But there is also a mechanism where in a given time interval stakeholders check
supply qualities. They mentioned this is a task done attentively and in detail. Since the enterprise
submits the project to bank and bank submits to user. The quality checking is done seriously.

At current practice, risks are generally shared between client and contractor. The contractor and
client together discuss what to do with existing risks and take their share. Contractors cover the
risk consequences form the advance payment given to them by the client. But sometimes these
funding might take time as the fund is getting released from government to client. Many
contractors leave the project exhausted from late fund release. And new contractor need to be
replaced and this lags the project schedule. There is also a risk created by negligence in contract
administration with contractors. Contractors quit after they start the project. They use the advance
payment they receive for their own investment and will go out of money to cover the work with
the advance payment. Thus, they simply leave the project.

The top managers admitted that lack of scientific understanding of risk has created financial
schedule and quality impacts. If study is made to try to identify where major costs go to in past
projects, large part will be found on risks. Because of ineffective identification of risks from start
projects have compromised customer satisfaction. They concluded that their current risk
management system is not efficient and that it definitely needs adjustment.

But experience sharing was made with contractors known for their success twice before. And
such kind of practices should be developed further. Also high scholars were invited at the head
office level to share their opinions.

49
Interview participants tried to point out the enterprise‟s strength and weakness on risk
management. Although the strength part is not dependable the day to day progress in the
understanding of risk from top level managers, weekly meetings, every 15 days site visit, sharing
experiences from successful organizations, scholars and the trainings that are being given are
steps that are supporting the risk management aspect of the enterprise.

And they mentioned as weakness late reaction to risk reports by consultants, late fund release and
performing risk activities on top of employee‟s basic activities or lack of formal risk management
system and department. To solve all these they recommended that studies need to be undertaken
that can transform the current risk management situation, the already undertook studies need to
be taken seriously and used as a guide to deepen the risk management practice into the enterprise
and that top level managers also need to give higher attention for risk management.

Finally, managers optimistically say that according to the risk understanding that they are trying
to create through training and sharing experience of successful the organization‟s path is expected
to be led in to creating a separate risk management department and professional risk manager.

Different form Gajewska E. & Ropel M. (2011) finding on certain organization, where there was
no risk culture that made the stakeholders aware of proper risk management concept at all and
where only few respondents were familiar with this concept and knew some of its elements, the
enterprise under study recently tried to create awareness of risk management through trainings
and experience sharing. But Just as Gajewska E. & Ropel M. (2011) finding, not such
systematized processes used in their everyday life or work situations. In other words, risk
management was not described as the structured form of identification, analysis, response and
monitor, but rather as a process of managing risk. It could be assumed that everybody was using
RM but not always was aware of it.

50
Chapter V

Summary, Conclusion and Recommendation

5.1 Summary
Risks are identified early in the project using experiences and discussions. But there are no
professionals to identify risks in scientific way. Common kinds of risks are identified and
documented in reports and project documentations. Impacts of risks are judged using experiences
and sometimes are guessed. prioritization is mostly done based on impacts of risks. Some also
prioritize risks based on available budget. There is a practice of planning for risk responses. Risk
response methods are also carefully analyzed and risks are monitored. But there is no habit of
creating risk register. The concept of risk register is known by very few and the once that are
aware of risk register are not aware of its contents.

Experiences, opinions gathered from Meetings and judgments are the main tools used for
identifying and analyzing risks. The enterprise has no scientific and established risk management
system. Risks are managed throughout project lifecycle but not by all of the project managers.
Main tool used to identify and manage risks throughout the project life cycle is experiences and
judgments.

There is no practice of preparing risk management plan. Unidentified risks arise at different stage
of the project as a result of poor risk identification at the initial stage of the project. Employees
are burdened by risks management issues on top of their basic activities. There is no risk
management department or professionals in the enterprise.

The enterprise tried to create awareness of risk management by conducting trainings given by
international organizations, experience sharing with successful contractors and consulting with
high scholars from Addis Ababa University. But the enterprise has rigid structured and
employees are discouraged by the late or no responses for their demands regarding risk issues.

51
5.2 Conclusion
As a step of risk management process it can be said that the risk identification practice of The
Addis Ababa Saving Houses Development Enterprise is doing good in trying to identify risks
early even if scientifically proven and efficient risk identification method is not being used.
Because they don't use effective risk identification method, many risks were skipped or
unidentified initially and negatively affected the projects. They focused on vulnerable areas of
project where risks could happen when they identify risks and also tried to identify factors that
are causing the risks and document common risks faced. Although all of risks are found in project
documentations and reports, no risk register is created to document risks in a detail required.
There are no risk professionals in the enterprise and there are no formal risk identification
methods used. The project managers are experienced and educated and tried to manage risks in
the way they know. But still occurrence of unidentified risks, absence of task or authority
assignment in the risk identification process and lack of assignment of ownership and
accountability brought high financial, schedule and quality impact. Risk identification is the
major step in risk management process. If risks are not identified properly the rest of the process
or trying to analyze and prioritize wrongly identified risks is waste of time. lack of proper and
structured identification left the projects exposed to high impact unidentified risks. These
unidentified risks brought high and negative financial, schedule and quality impacts and also
demoralized employees. All of these resulted from lack of separate risk management department
and proper risk management practice.

As in the risk identification, risk impact assessment is also not done following the formal process.
project managers and consultants assess the probability and impact of risks based on their
experience. They mostly use their judgements. Lack of professional that properly understand
steps of impact assessment also created high financial, schedule and quality impact. Risks are
prioritized based on their impact. Even though prioritizing risks based impact is right risk
management decision, there is no guarantee for how reliable the impacts assessment is. This
makes the whole process defective.

The enterprise has good risk response practice. Action plans are prepared before implementation.
Implementations are monitored and they carefully analyze which response method should be
used for which risks. But there is no habit of creating risk register. They document identified
risks in project documentation and reports.
52
Therefore, the enterprise has tried to follow the steps in the risk management process but not in
an effective manner. Lack professionals that can analyze the risk management process in detail
has resulted high financial, schedule and quality impact and also affected employee morale. when
their work is repeatedly interrupted by unseen circumstances employees get discouraged.

Risks are identified and managed at each project life cycle. As mentioned above, due to lack of
dedicated risk management personnel, the identification and management process has
effectiveness problem. But despite its ineffectiveness the project managers and consultants tried
to raise risk issues throughout the project lifecycle. such risk awareness of the project managers
and consultants can be attributed to their experience and educational level. The lack of
effectiveness that is created by the little attention given to manage risks in detail and with
dedicated personnel, created financial, schedule and quality impacts and also employee morale
diminished. The fact that the project faces different risks at different stages and the fact that there
is variety in the impact of identified risks throughout the project life cycle shows that proper
attention need to be given to life cycle risk management in the projects

There are attempts to create a risk culture in the enterprise. Three times trainings were given by
international organizations, there was experience sharing with successful contractors and also
they try to consult high scholars from Addis Ababa University about risk issues. The above
mentioned steps has created an increasing level of awareness regarding risk. The management
don't follow up on the current level of risk culture. No attention is given to that area. This shows
the magnitude of attention given to the enterprise risk culture.

Project managers and consultants tried to create awareness among workers through discussions.
The awareness creation made employees to think of risk in their everyday work. but since the
structure of the enterprise is somehow tight communicating risk issues has been a problem to
employees. fast reaction was not given to their demand regarding risk problems which
demoralized employees.

All the attempted risk trainings, weekly meetings held to share opinions of risk issues, 15 days of
site visit by top level managers and making discussions with contractors of what risk issues
should be addressed can be taken as strong sides of the enterprise so far.

53
But the rigid structure of the enterprise to react to employee demands fast such as fund release
and risk issues, the lack of scientific way of managing risks or absence of separate risk
management department and personnel shows that the enterprise needs more work to develop its
risk culture.

Overall, the enterprise is showing progress in managing quality risks by giving detail attention to
quality assurance and performing quality checks in given intervals. Cost and schedule impacts
that come as a result of risk were also to some degree minimized by hiring qualified project
managers and consultants as per the requirement of the client. But still on structural level, the
lack of risk department and the little attention given to proper risk management created high and
negative cost, schedule and quality impacts an also reduced employee morale.

5.3Recommendation
Starting from risk creation aspect, the involvement of many stakeholders is generating risks from
everywhere. Thus, there should be assignment of ownership and accountability for risks. The
level of risk management burden that is being put on employees should be transferred to a
dedicated risk manager or risk management department. Also as some respondents explained
performing life cycle risk management and identifying risks at each stage is not done because of
the additional work it will create on employees. All of these things plus the ineffectiveness of the
current risk management should be solved by creating a separate risk management department
and personnel that understand details of risk management.

Even at the current situation there is no division of responsibility which created confusions on
who, what, when and how the risks should be managed. Therefore, assignment of responsibilities
should be done in a clear manner ones the risk department is created. Responsibility matrix
should be adopted which is linear responsibility chart useful to clarify roles in cross-functional/
departmental projects. The responsibility matrix should clarify which person is responsible for
each step of risk management process. This way it would be easier for the project manager to
evaluate performance of each individual in the risk management process and also will make
monitoring of risk management progress easier. Top level managers need to give better attention
and give faster response to demands made by employees regarding risk issues such as fund
release. The structure of the enterprise need to be more flexible and it should have a fixed
communication centre for risks. Clear and fixed hierarchy should be set for how suggestions and
54
demands regarding risk should be addressed. Even though there is central risk department and
risk manager to handle such issues, there should be a clear guideline for how even low level
employees can forward their concerns to top level managers. Senior managers should also fix a
meeting and explain the issues they are facing to address employee demand regarding risk to
upturn employee morale that was affected by the late or no responses on their demands such as
fund release.

Top level managers should also be more concerned about the current impacts the risk
management system is creating on the projects and take measures to employ scientific and proper
risk management system. They should involve in the recruitment of risk professionals and show
their great interest in establishing proper risk management system in the enterprise. They should
follow up on the successful establishment of the risk management department and evaluate
improvements.

Frequent and more conceptualized trainings to be given to employees to make them understand
and identify the nature of risks, factors that could create risks and the level of impacts risks bring
if they are ignored. This will deeply embed the concept of risk management in the enterprise and
employees will learn to manage risks even before they become a problem to the project.
Experience sharing should be more focused on the cost saving function of risk management. It
should be emphasized on the kinds of improvements proper risk management creates in an
organization rather than focusing only on the tools used to manage risks. Employees should also
be motivated to involve in the risk management process by rewarding them based on their
involvement and performance in the risk management process. Bonuses should be given to risk
management professionals as per the cost savings made due to good risk management. Finally, at
enterprise level risk aspects should be incorporated in principles and strategies to dictate daily
operations of the enterprise.

55
REFRRENCE

Ana D. (2012) Modern Methods of Risk Identification in Risk Management. Junior PhD.,
University of Targoviste, Romania.

Aibinu and Odenyinka, (2006) causes of delays in building projects

Anthony M. (2001), A systematic approach to risk management for construction, Structural

survey, vol. 19, no. 5, pp. 245-252. Available: http://hdl.handle.net/10536/DRO/DU:30037100

A Guide To Project Management Body Of Knowledge Body Of Knowledge (PMBOK® Guide )

4th Ed.
A Guide by The Association For Project Management, (2000). project risk analysis and
management, The University of Birmingham.

Banaitiene N. and Banaitis A. ,(2012) Risk Management in Construction Projects. Department of

Construction Economics and Property Management, Faculty of Civil Engineering, Vilnius
Gediminas Technical University, Vilnius, Lithuania Avaliable: http://dx.doi.org/10.5772/51460
Brown J. (2017) Why is Risk Identification so Important in Project Management?

Chandana, (2013). Risk register - An important component of overall risk management

framework,

Chapman, C. and Ward, S. ,( 2003). Project risk management: Process, techniques and insights.
2nd Edition. Chichester: John Wiley and Sons.

Curtis P. (2012). risk assessment in practice. Avaliable:www.coso.org

Davidson O. , Mackenzie P., Wilkinson M. And Miller R, (2012). The Need To Build A Strong
Risk Culture

David H. (2010). Developing effective risk responses, , manager of consultancy, project

management professional services Ltd. Philadelphia, Pennsylvania, USA.

Ewelina Gajewska Mikaela Ropel ,(2011) Risk Management Practices in a Construction Project.
Department of Civil and Environmental Engineering, Chalmers University of Technology.
Göteborg, Sweden.

Fernando F. (2014) A conceptual framework on establishing a risk management framework

56
within existing university assessment and evaluation practices.University of Southern
Queensland

Grey S. (2007) Project risk management methods. Available: www.Broadleaf.com.au

Guy M. Merritt Preston G. Smith, (2004). Techniques for managing project risk,

Jardin S.( 2007) managing risks in construction project; How to achieve a successful outcome.

John Wiley & Sons, 2008 Project Risk Management: Processes, Techniques and Insights, 2nd
Edition

JutteB. ,(2017) . Golden Rules of Project Risk Management-

Kenneth F., Donald A.,Lloyd A. & David N. , (2003). The Owner's Role in Project Risk
Management. The National Acadamies Press. Available http://nap.edu/11183

Kishk M. and Ukag C. , (2012) The Impact Of Effective Risk Management On Project Success.
The Scott Sutherland School of Architecture and the Built Environment, The Robert Gordon
University, Garthdee Road, Aberdeen AB10 7QB, UK.

Klemetti A.,( 2006). Risk Management in Construction Project Networks. Helsinki University of
Technology Laboratory of Industrial Management Report. Espoo Lester

Larry Taylor, (2011). Risk Culture: From Theory to Evolving Practice

Linda R, (2014). Importance of risk register.

Lyons T. and Skitmore M., (2004). Project risk management in the Queensland engineering
construction industry: a survey. International Journal of Project Management. Vol. 22, pp. 51-
61.

MITRE systems engineers (SEs), (2017). Available: mitre.org

Mwangi G., (2015). The Effects Of Risk Management At Project Planning Phase On
performance of construction projects in Rwanda. Department of Entrepreneurship, Technology,
Leadership and management. School pf Entrepreneurship, Jomo Kenyatta University of
Agriculture and Technology.

Patrik X, & Guomin Z (2007), Identifying Key Risks in Construction Projects: Life Cycle and
Stakeholder Perspectives . International Journal of Project Management. Faculty of the Built
57
Environment, School of Architectural and Mechanical Engineering, University of New South
Water, Sydney, Autralia.

PhillForostenko ,(2014) . Risk action plan

PMI, (2015). Practice Standard Project Risk Management. Available: www.pmi.org.

PRINCE2, (2009). Latest edition. Managing Successful projects. TSO, London

Ricardo Viana Vargas (2017), Basic Risk Identification Techniques,

Avaliable.www.vargasmacrosolutions.com.br

Richard A. (2012) risk culture. The Institute of Risk Management

Simon Jackson,(2002). Project Cost Overruns And Risk Management. School of Construction
Management and Engineering, The University of Reading, White knights, UK

Smith R. ,(2015). Risk culture, think of the consequences. Marsh & Meclennan Companies,
Bingham.

Smith. N.J., Merna, T. and Jobbling P., (2006). Managing Risk in Construction Projects. 2nd
edition Oxford: Blackwell Publishing

Stuart C. , (2009). Developing and Populating a Risk Register Best Practice Guidance
Tony H. , (2016). In Consult ; the various risk identification and assessment approaches:
Available: www.tonyhinconsult.com.au

www. deloitte.wsj.com, ,(2013). Risk Culture: Three Stages of Continuous Improvement

58
 Appendix I
Question Agree Strongl Neutral Disagree Strongly
y agree disagree
Position_________________________
1. risks are identified at initial stage of the project or early in
the project
2. the risks are identified when their effects are seen

3. when identifying risks our focus is on the areas highly

vulnerable to risk
4. we react fast to identified risks (asses impacts of identified
risks fast enough)
5.the project have experienced two or more unidentified risks
coming at same time.
6. the unidentified risks are usually with high impact
7. the risks we face change frequently
8. There is lack of professionals to identify risks early.
9.The factors causing the risks have been identified in order to
eliminate the risks from occurring.
10.we have experienced lose of money quality, etc...by not
identifying risks before they come, and by not preparing.
11. Identified risks are documented to be used for future
projects
12. risks are identified when they come or when their impact is
seen or felt by the project
13. the factors causing risks are registered to be eliminated for
future projects
14. The common kinds of risks a construction project faces is
registered to identify the common kinds of risks
15. identifying common kinds of risks helps the project.
16. we use a structured and formal risk identification method
17. we identify risks by experience
18.we identify risks by guessing
19. our risk identification method was successful
20. we assess impacts of identified risks
21. we assess risks using formal method. for example by
calculating impact &likelihood of risks.
22 we assess risks impacts using our experience
23. risk impacts are guessed
24. the risks assessment technique we used was effective or
successful
25. we analyze low impacted risks thinking if when situations
change in the future, they might create high risks. we don't
simply accept them as small risks.
26.We have lost money .time, quality etc..because we didn't
asses impact of identified risks.
Question Agree Strongl Neutral disagree Strongly
y agree disagree
27. there are lack of professionals to assess impact of risks
28. there is no need for professionals and proper risks
assessment we are doing good without professionals and
structured impact assessment
29. we study the vulnerability of the project. (to check if it's a
kind of project sensitive to even small impact risks. we study if
the project will be highly damaged even by insignificant or
small impact risks or if it will survive even through high
impact risks).
30.when we identify risks, we analyze the time gap between
the risk happening and the organization seeing the effect.so we
know exactly the damage created by existing but unfelt risks.
31. we prioritize risks before we take action on them
32. we prioritize risks based on budget available
33. we prioritize risks based on their impacts
34.we are successful by our prioritization method
35. we create action plans before we respond to risks.
36. we carefully analyze which risks to transfer, mitigate,
avoid or accept
37. risk management or response is carefully monitored
38. risk register is created with its appropriate contents
39. risks are identified and managed through the project life
cycle
40. new risks arise at different stage of the project
41. risks change in their impact through the project. some risks
even disappear or become small impact and some will become
damaging.
42.we try to identify and reduce risks in our everyday work

please give explanations for the below questions

49. at which stage of the project do you usually identify risks? Initiation, planning, execution, monitoring,
completion or throughout the project lifecycle? why?

50. what kind of impacts did you face from the timing of your identification? negative or positive impact?
financial impacts, schedule impacts, quality impacts or other? how bad were the impacts?

51. what impacts did you face form focusing in the wrong areas of project to identify risks? negative or
positive? how bad was the impact? ? was the impact financial schedule, quality or other?

II
52. have you faced two or more unidentified risks happening at the same time.? do you face financial
impacts, schedule impacts ,quality impacts or other? how bad was the impact?

53.have you experienced unidentified risks coming in the middle of the project or after the project started
and threatened to damage your project? how did you manage it ? was the impact financial schedule,
quality or other?

54. did you identify the factors creating the risks and try to eliminate them? if yes what benefits did you
get from that? and if no what impact did you face? was the impact financial schedule, quality or other?

55. does the factors creating the risks change from time to time ? How?

56. What are the common risks your project faces?

57. if you don't identify common risks, how did it impact your project? ? was the impact financial
schedule, quality or other?

58. do you understand the risks management processes(risks identification, assessment, prioritization,
response and monitoring and have you been trained to know the concepts? do you think it is necessary to
know about risk management process?

59 did your risk register contain the basic constituents of risk register such as ; impact, likelihood,
description, prioritization, responsible person and existing control method of the risks? if not
what impact did you face as a result?

III
60. what impact did your, a .risk identification technique b. risk impact assessment technique
c. prioritization technique e. monitoring technique d. response technique, have on your project?
please list each? ? was the impact financial schedule, quality or other?

61. what impact did you face by not knowing your projects vulnerability (sensitivity to risks)? was the
impact financial schedule, quality or other?

62.what kinds of risks you transfer? and what kinds of risks you mitigate ,avoid or accept?

63 how do you manage risk in the concept of project lifecycle. do you try to identify risks at each stage of
project? if you don't manage risks throughout the project life cycle, how did it affect the project?

64, how do you explain your overall risk management system? informal and done by experience, by
guessing what can happen, or formal structured system? Please explain in detail? do you say your current
system benefits the project?

65. do you think this risk assessment is beneficial for your organization?

Thank you!

IV
Appendix II

Assessment on risk management practice of A .A Saving Houses Development

Enterprise
1. is there a risk management department or risk manager responsible for risk management?

2. Is there a culture of risk management or is risk management a familiar issue in your business?
if no why and what is the impact?

3.is Risk management clearly supported by management?

4.Do you manage risks proactively? Are improvements are made before problems arise?

5.have you ever carried out individual risk management control measures?

6. do you motivate or reward employees or worker with good risk management? if yes how and if
no why?

7.Do you have a structured method for reporting risks? if no why?

8.Do Employees have enough training in risk management and understand the basics of risk
management?

9.Are employees motivated to report risks as they identified them or earlier? is there a clear and
transparent communication available for them? if yes how beneficial is it?

10.is an employee from any position encouraged to report risk?

11.how do you respond to risks? is there a structure mechanism or it changes from time to time?

12 are there procedures (instructions; who, when, what & how) that can dictate an employee to
manage risks at their every day work?

13 is Risk management monitored and reported as part of your normal management reporting
system?

14 do management approve budget or anything necessary to mitigate or reduce the risks fast
enough?

15. do you check if the item suppliers are supplying are of good quality to eliminate quality risk?

16. is the project acceptance criteria designed to avoid quality risks. do you receive and sign off
the project to avoid quality risks?

V
17. do you think formal risk management process is waste of time and money? do you think it
should be done by experience ?or by other method?

18. how do you think your current risk management process affected the projects?

19.does the company’s organizational structure defines key areas of responsibility and establishes
accountability for risks?

20. Does the company’s assignment of authority and responsibility clearly establishes the degree
to which individuals and teams are authorized and encouraged to act to address risks?

21.do you use the experience of other organizations risk management?

22 do you use the services of consultants, insurance companies and other experts?

23. is your method of working modified to minimize the level of risk? if yes, how?

24. does everything wait until management approval or some risks that need quick treatment are
treated before managements approval? has this impacted the project?

25.Do you use other risk management methods that is different from the common (identification,
impact assessment, prioritization &response) method? if yes? please explain your method?

26. Strengths and weaknesses, What are the three best features of your risk management?

27. What are the main areas of risk management that you need to develop?

VI
Appendix III
Preliminary interview questions for Addis Ababa Saving Houses Development Enterprise

1. What is the objective of the project?

2. What is the goal of the project?

3. How is the project organized?

4. How many houses are built so far?

5. How many percent of the total planned houses is built?

6. Is there risk management practice in the Enterprise?

7. Is there risk management department or risks manager in the Enterprise?

8. Who is responsible for risk management in your Enterprise?

9. Do you have established risk management system?

VII