Chapter 07 – Risk Analysis

Risk Analysis – The Concept

 Risk is the likelihood that a specific undesired event will occur

during work activities.
 Almost all of the things that we do in a business involve risk of
some kind!
 The kind of risks, for example in the construction sector, include:
 lack contractor’s capacity to do work
 late materials delivery
 labor difficulties
 unexpected manufacturing costs
 unexpected subsurface conditions (soil type, groundwater)
 late-stage design changes, etc.
Risk Analysis – The Concept

 As a result, much time in construction management is spent

focusing on risks.
 Of course, many practices in construction are driven by risk
such as:
 Bonding requirements
 Insurance
 Licensing
 Contract structure
o General and specific conditions
o Payment Terms
o Delivery Method
o Selection mechanism
Risk Analysis – The Concept

 Therefore, we shall get prepared for risk in a business, though it

can sometimes be challenging to identify; let alone prepare for
and manage !

 Risk Analysis helps us to identify and understand risk, so that we

can manage/control it, and minimize disruption to the events.

 Risk Analysis can be defined as a set of systematic methods to

identify and quantify risks; and determine safety measures and/or
human interventions important for business safety.
 Risk Analysis is the art and science of identifying, analyzing, &
responding to risk throughout the life of a project and in the best
interests of meeting project objectives.
Risk Analysis – Functions:

 Risk analysis is useful in many situations:

 When you're planning projects, to help you anticipate and
neutralize possible problems.
 When you're deciding whether or not to move forward with a
project.
 When you're improving safety and managing potential risks in
the workplace.
 When you're preparing for events such as equipment or
technology failure, theft, staff sickness, or natural disasters.
 When you're planning for changes in your environment, such as
new competitors coming into the market, or changes to
government policy.
Risk Analysis – The Process

 Generally, a risk analysis is carried out by:

– first identifying the possible threats to face, and
– then estimating the likelihood that these threats will
materialize.
– finally, identifying, selecting, and adopting of management
measures.
 A complete risk analysis covers the following five steps:
Step 1—Identify Risks
Step 2— Assess event to determine levels of risk
Step 3—Identify methods to manage Risks
Step 4—Implement Methods
Step 5—Manage and Evaluate
Risk Analysis – The Process

Risk Analysis Process

2
Assess
Risks

1 3
Identify Identify Methods
Risks to Manage Risks

5 4
Manage & Implement
Evaluate Methods
Risk Analysis – Identifying Risks

 Step 1: Identify Risks: Identify the existing and possible threats

that you might face.
 Look for and identify threats by thoroughly dissecting the activity;
and consulting with members of the organization.
 And, see if any of these threats are relevant.
Risk Analysis – Identifying Risks

 Some examples of threats:

 Human – Illness, death, injury, or other loss of a key individual.
 Operational – Disruption to supplies and operations,
 Reputational – Loss of customer or employee confidence,
 Procedural – Failures of accountability, internal systems, or controls
 Project – Going over budget, taking too long on key tasks, or experiencing
issues with product or service quality.
 Financial – Business failure, stock market fluctuations, interest rate
changes, or non-availability of funding.
 Technical – Advances in technology, or from technical failure.
 Natural – Weather, natural disasters, or disease.
 Political – Changes in tax, public opinion, government policy,
 Structural – any situation where products, or technology can be harmed
Risk Analysis – Assessing Risks

 Step 2: Assess/Estimate Risks: Once you've identified the threats

you're facing, you need to work out both the likelihood of these
threats being realized, and their possible impact.

Tip:
Don't rush this step. Gather
as much information as you
can so that you can estimate
the probability of a threat
occurring.
Risk Analysis – The Concept

 Risk is made up of two things:

 the probability of something going wrong, and
 the negative consequences that will happen if it does.

Likelihood of Occurrence Levels of Impact

1. Low —May occur in time/ will 1. Slight: Hazard presents a minimal
seldom occur/Unlikely to threat to safety, health and well-
occur. being of participants.
2. Serious: May cause minor injury,
2. Medium— Probably will occur
illness, property damage, financial
in time.
loss
3. High — Likely to occur 3. Major: May result in death, severe
immediately or in a short injury, major property damage,
period of time, or expected to significant financial loss, and/or
occur frequently. result in negative publicity for the
organization
Risk Analysis – Assessing Risks

 Risk assessment can be made by two approaches:

1. Qualitative or subjective assessment:

2. Quantitative risk assessment (QRA):

Risk Analysis – Assessing Risks

1. Qualitative or subjective assessment:

 It involves making a formal judgement on the likelihood and
impact of identified risks to determine their magnitude and
priority.

 Risk quantification tools and techniques include:

a. Probability/impact matrixes
b. The Top Ten Risk Item Tracking
c. Expert judgment
Risk Analysis – Assessing Risks

a) Probability / impact of risk (Impact Matrix)

Numbers that represent the overall risk of specific events based on their
probability of occurring and the consequences to the project if they occur

Risk = Severity of Harm x Likelihood of occurrence

This simple computation gives a risk value of between 1
and 9 enabling a rough and ready comparison of risks.
Risk Analysis – Assessing Risks

b) Top Ten Risk Item Tracking: helps to identify risks and maintain an
awareness of risks throughout the life of a project.
Risk Analysis – Assessing Risks

2. Quantitative Risk Assessment (QRA):

 QRA tends to deal with avoidance of low probability events with
serious consequences to the project and the surrounding
environment.
 Large, complex projects involving leading edge technologies
often require extensive quantitative risk analysis.
Example: Process industries like oil and gas industries, mass
transportation (rail way transport) and the nuclear
industry.
 Main techniques used in QRA include:
 Decision tree analysis
 Simulation
 Sensitivity analysis
Risk Analysis – Assessing Risks

a) A Decision Tree Analysis is a diagramming analysis technique

used to help select the best course of action in situations in which
future outcomes are uncertain.

We have seen this in chapter 5 (Decision Analysis)

Risk Analysis – Assessing Risks
b) Simulation uses a representation or model of a system to analyze
the expected behavior or performance of the system.

See back the Monte Carlo simulation in chapter 2

Risk Analysis – Assessing Risks
c) Sensitivity analysis is a technique used to show the effects of
changing one or more variables on an outcome.

See back the LPP sensitivity analysis in System Analysis & Techniques I
Risk Analysis – Identifying methods

 Step 3: Identify Methods to Manage Risks: After identifying and

quantifying the risks, start looking at ways to eliminate or control
the risks.

 Generally, there are four main response strategies for negative

risks:
 Risk avoidance
 Risk acceptance
 Risk transfer
 Risk mitigation

Tip: Always look for cost-effective approaches

Risk Analysis – Identifying methods
 Risk Avoidance – This strategy involves a conscious decision on the part of
the organisation to avoid completely a particular risk by discontinuing the
operation producing the risk.
 This is a good option when taking the risk involves no advantage to
your organization, or when the cost of addressing the effects is not
worthwhile.
Example: replacing a hazardous chemical by one with less or no risk
potential.
 Risk Retention/acceptance – The risk is retained in the organisation
where any consequent loss is financed by the company. There are two
aspects to consider here, risk retention with knowledge and risk retention
without knowledge.
 This option is usually best when there's nothing you can do to prevent
or mitigate a risk, or when the potential loss is less than the cost of
insuring against the risk.
Risk Analysis – Identifying methods

 Risk Transfer/share the risk – This refers to the legal assignment of the
costs of certain potential losses from one party to another. The most
common way is by insurance or outsourcing or shareholding.

 Risk Reduction/Mitigation – Here the risks are systematically reduced

through control measures, according to the hierarchy of risk control.
 Preventative action involves aiming to prevent a high-risk situation
from happening. It includes health and safety training, firewall
protection on corporate servers, and cross-training your team.

 Detective action involves identifying the points in a process where

something could go wrong, and then putting steps in place to fix the
problems promptly if they occur. It includes double-checking finance
reports, conducting safety testing before a product is released, or
installing sensors to detect product defects.
Risk Analysis – Implementing methods

 Step 4: Implement methods: Record the findings and state how

they can be controlled to prevent harm.
Risk Analysis – Implementing methods

 Upon the above strategies, the risk control measures to adopt may be:
 Using existing assets - this may involve improving existing methods
and systems, changing people's responsibilities, improving
accountability and internal controls, improving safety procedures and
so on.

 Developing a contingency plan - accept a risk, but develop a plan to

minimize its effects if it happens.
A good contingency plan will allow us to take action immediately.

 Investing in new resources - this is particularly important where the

risk is so great that it can threaten the participants safety, the
organization’s reputation.

Legislation requires employers to reduce risks to a level that is as low as

is reasonably practicable.
Risk Analysis – Implementing methods

Example: general risk mitigation strategies for technical, cost, and

schedule risks in the construction industry
Risk Analysis – Managing and Evaluating

 Step 5: Manage and Evaluate: Risk management and

evaluation allows us to determine the significance of risks to the
event and decide to accept the specific risk or take further action
to prevent or minimize it.
Risk Analysis – Managing and Evaluating

 Main outputs of risk management and evaluation are:

– Work performance information
– change requests
– updates to the project management plan, other project
documents, and organizational process assets
THANK YOU