Cover Image

Not for Sale



View/Hide Left Panel
Click for next page ( 23


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 22
22 3.3.1 Risk Analysis Terms Risk Event. A discrete occurrence that may affect the project for better or worse. Biases. A lack of objectivity based on the individual's po- sition or perspective. There may be system biases as well as Risk Identification. Determining which risks might af- individual biases. fect the project and documenting their characteristics. Confidence Level. The probability that a range will con- Risk Management. All of the steps associated with man- tain the value under consideration. For example: "there is a aging risks: risk identification, risk assessment, risk analysis 90 percent probability that the ultimate project cost will be (qualitative or quantitative), risk planning, risk allocation, less than $(number)." and risk monitoring control. Probability. A measure of how likely a condition or event Risk Management Plan. A document detailing how risk is to occur. It ranges from 0 to 100 percent (or 0.00 to 1.00). response options and the overall risk processes will be carried out during the project. This is the output of risk planning. Qualitative Risk Analysis. Performing a qualitative analy- sis of risks and conditions to prioritize their effects on project Risk Mitigation. This technique of the risk planning objectives. It involves assessing the probability and impact of process seeks to reduce the probability and/or impact of a risk project risk(s) and using methods such as the probability and to below an acceptable threshold. impact matrix to classify risks into categories of high, moder- ate, and low for prioritized risk response planning. Risk Monitoring and Control. The capture, analysis, and reporting of project performance, usually as compared to Quantitative Risk Analysis. Measuring the probability the risk management plan. and consequences of risks and estimating their implications for project objectives. Risks are characterized by probability distri- Risk Planning. Analyzing risk response options (accep- butions of possible outcomes. This process uses quantitative tance, avoidance, mitigation, or transference) and deciding techniques such as simulation and decision tree analysis. how to approach and plan risk management activities for a project. Risk. An uncertain event or condition that, if it occurs, has a negative or positive effect on a project's objectives. Risk Register. A document detailing all identified risks, in- cluding description, cause, probability of occurring, impact(s) Risk Acceptance. This technique of the Risk Planning on objectives, proposed responses, owners, and current status. process indicates that the project team has decided not to change the project plan to deal with a risk, or is unable to Risk Transference. This technique of the Risk Planning identify any other suitable response strategy. process seeks to shift the impact of a risk to a third party together with ownership of the response (see also, Risk Risk Allocation. Placing responsibility for a risk to a Allocation). party through a contract. The fundamental tenants of risk al- location include allocating risks to the party that is best able Sensitivity. When the outcome is dependent on more to manage them, allocating risks in alignment with project than one risk source, the sensitivity to any specific one of goals, and allocating risks to promote team alignment with those risks is the degree to which that specific risk (event or customer-oriented performance goals. condition) affects the outcome or value. Risk Assessment. A component of risk management that Simulation. A simulation uses a project model that bridges risk identification and risk analysis in support of risk translates the uncertainties specified at a detailed level into allocation. Risk assessment involves the quantitative or qual- their potential impact on objectives that are expressed at the itative analysis that assesses impact and probability of a risk. level of the total project. Project simulations use computer models and estimates of risk at a detailed level, and are typi- Risk Avoidance. This technique of the Risk Planning cally performed using the Monte Carlo technique. process involves changing the project plan to eliminate the risk or to protect the project objectives from its impact. 3.4 Risk Management Framework Risk Documentation. Recording, maintaining, and re- porting assessments, handling analysis and plans, and moni- This Guidebook will apply the five step risk management toring results. It includes all plans, reports for the project framework to the various phases of project development to manager and decision authorities, and reporting forms that provide a structure for the application of management tools may be internal to the project manager. and practices to control transportation project costs. Table 3.3

OCR for page 22
23 Table 3.3. Risk management framework relationship to project phases. Risk Management Planning Programming Design Step Risk Identification Identification of Complete and non- Appraisal of highest level risks to overlapping identified risks project scope and identification of risks Identification of new feasibility for baseline project risks as design estimate progresses Risk Assessment/ Initial ranking of Qualitative analysis/ Updating of Analysis risks ranking of risks on qualitative or Order of magnitude minor projects quantitative risk risk costs and total Detailed quantitative analyses cost range risk analysis on Updating/resolution major projects of contingency Contingency for baseline cost estimate Risk Mitigation Initial development Finalization of risk Completion of risk and Planning of red flag list, risk register or risk management plan register or formal risk management plan Continued tradeoff management plan Tradeoff analysis for analysis for risk mitigation options mitigation options Risk Allocation Initial analysis or Trade-off analysis for Final risk allocation selection of project risk allocation (e.g., in contract provisions delivery method contract provisions for time, payment, delay, etc). Risk Monitoring Planning for risk Implementation of Active management and Control monitoring and risk register or risk of risk register or risk control management plan management plan Establishment of key Active management risk management and resolution of milestones contingency provides an overview of how each of the steps applies to the flag items can then be assigned to individual team members to project development phases with some important notes watch throughout the project development process and used on project complexity and the steps in the estimating process. for risk allocation purposes as described later in this document. The next section provides a detailed description of the On major, high-cost projects that are by nature uncertain steps in the risk management process. Their ultimate rela- (many risks), the risks can feed the rigorous process of assess- tionships to the project phases and project complexity are de- ment, analysis, mitigation and planning, allocation, and mon- tailed in Chapters 6 through 8. itoring and updating described in this document. The risk identification process should stop short of assess- ing or analyzing risks, so as not to inhibit the identification of 3.4.1 Risk Identification "minor" risks. The process should promote creative thinking and leverage team experience and knowledge. In practice, 3.4.1.1 Objectives of Risk Identification however, risk identification and assessment are often completed The objectives of risk identification are to identify and cate- in a single step and this process can be called risk assessment. gorize risks that could affect the project and document these For example, if a risk is identified in the process of interviewing risks. The outcome of the risk identification is a list of risks. a team member or expert, it is logical to pursue informa- Ideally, the list of risks should be comprehensive and non- tion on the probability of it occurring, its consequences/ overlapping. What is done with the list of risks at that point de- impacts, the time associated with the risk (i.e., when it pends on the nature of the risks and the nature of the project. might occur), and possible ways of dealing with it. The latter On minor, low-cost projects with little uncertainty (few risks); actions are part of risk assessment, but they often begin dur- the risks may simply be kept as a list of red flag items. The red ing risk identification. This document, however, will treat

OCR for page 22
24 the two activities of risk identification and assessment dis- ful to think of risk in broader terms of uncertainty. Uncer- cretely for clarity. tainty involves both positive and negative events. Risk is de- fined in this document as an uncertain event or condition that, if it occurs, has a positive or negative effect on a project's 3.4.1.2 Risk Identification Process objectives (PMI 2004). However it is often helpful to separate The risk identification process begins with the team compil- uncertain events into those events that can have a negative ef- ing the project's risk events. The identification process will vary fect (risks) and those that can have a positive effect (opportu- depending upon the nature of the project and the risk manage- nities). Case studies developed in this research with the FTA, ment skills of the team members, but most identification the WSDOT, and the DOE use the terminology of both risk processes begin with an examination of issues and concerns and opportunity to characterize uncertainty in their risk created by the project development team. These issues and management programs. However, teams must be cautious concerns can be derived from an examination of the project not to overlook risk or focus on solving problems with using description, work breakdown structure, cost estimate, design the risk/opportunity characterization during the risk identi- and construction schedule, procurement plan, or general risk fication process. Engineers and project managers inherently checklists. Checklists and databases can be created for recur- have an optimistic bias when thinking about uncertain items ring risks, but project team experience and subjective analysis or situations because they are, by nature, problem solvers. It will almost always be required to identify project-specific risks. is often better to focus on risks during the identification stage The team should examine and identify project events by re- and explore opportunities during the mitigation process. ducing them to a level of detail that permits an evaluator to Another characteristic of risks is that many have triggers. understand the significance of any risk and identify its causes, Triggers, sometimes called risk symptoms or warning signs, that is, risk drivers. This is a practical way of addressing the are indications that a risk has occurred or is about to occur. large and diverse number of potential risks that often occur Triggers may be discovered in the risk identification process on highway design and construction projects. Risks are those and watched in the risk monitoring and updating process. events or conditions that team members determine would The identification and documentation of triggers early in the adversely affect the project. process can greatly help the risk management process. Upon identification, the risks should be classified into groups of like exposures. Classification of risks helps to re- 3.4.1.4 Risk Identification Summary duce redundancy and provides for easier management of the risks in later phases of the risk analysis process. Classifying The risk identification process identifies and categorizes risks aids in creating a comprehensive and non-overlapping risks that could affect the project. It documents these risks list. Classifying risks also provides for the creation of risk and, at a minimum, produces a list of risks that can be checklists, risk registers, and databases for future projects. assigned to a team member and tracked throughout the Figure 3.6 shows an example from the U.S. Department of project development and delivery process. Risk identifica- Energy (DOE) of their highest level classification. tion is continuous and there should be a continual search for new risks that should be included in the process. The tools and techniques outlined in this section should support 3.4.1.3 Risk Characteristics the risk identification process, but it will be the people in- During the risk identification step, risks can be character- volved in the exercises who are most critical to the success ized to aid in later assessment and planning. It is often help- of the process. Project Name Project Risk Technical Risk Internal Risk External Risk Schedule Mechanical Management Change Regulatory Cost Electrical Procedure Change Funding Quality Nuclear Reorganization Political Figure 3.6. Risk identification classification (DOE 2003).

OCR for page 22
25 3.4.2 Risk Assessment 3.4.2.3 Risk Screening Risk Frequency and Severity 3.4.2.1 Objectives of Risk Assessment Following the risk identification and qualitative risk assess- ment phases, a set of identified risks exists with individual Risk assessment is the process of quantifying the risk events risks characterized as to their frequency of occurrence and the documented in the preceding identification stage. Risk assess- severity of their consequences. Frequency and severity are the ment has two aspects. The first determines the likelihood of a two primary characteristics that are used to screen risks and risk occurring (risk frequency); risks are classified along a separate them into risks that are minor and do not require continuum from very unlikely to very probable. The second further management attention, and those that are significant judges the impact of the risk should it occur (consequence and require management attention and possibly quantitative severity). Risks affect project outcomes in diverse ways. Risk analysis. Various methods have been developed to help clas- effects are usually apparent in direct project outcomes by in- sify risks according to their seriousness. One very common creasing cost or schedule. Some risks influence the project by method is to develop a two dimensioned matrix that classifies affecting the public, public perception, the environment, or risks into three categories based on the combined effect of safety and health considerations. Risk can also affect projects their frequency and their severity. This matrix method is in indirect ways by requiring increased planning, review, and commonly referred to as a "Probability times Impact" (P x I) management oversight activity. The risk assessment phase matrix. Figure 3.7 requires classifying risks into one of five has as its primary objective the systematic consideration of likelihood states (remote through near certain) and into five risk events and their likelihood of occurrence and the conse- states according to their consequences (minimal through un- quences of such occurrences. acceptable). These assessments yield a five by five matrix that classifies a risk as either a "high" risk (red), a "moderate" risk 3.4.2.2 Conducting Risk Assessment (yellow) or a "low" risk (green). Risk assessment is fundamentally a management activity Risks that are characterized as low (green) risks can usually that is supported by individuals familiar with risk management be disregarded and eliminated from further assessment. As activities. Managers and analysts approach risk using different risk is periodically reassessed in the future, these "low" risks but complementary viewpoints. Managers tend toward quali- are either closed, retained or elevated to a higher risk category. tative assessment of risks. They evaluate risks relative to their Moderate (yellow) risk events are either high likelihood/low worst case effects and their relative likelihood of occurrence. consequence events or they are low likelihood/high conse- What is more, managers tend to focus on strategies and tactics quence events. An individual high likelihood/low consequence for avoiding risks or reducing a risk's negative impacts. Ana- event by itself would have little impact on project cost or sched- lysts, on the other hand, tend toward quantitative assessment ule outcomes. However, most projects contain myriad such of risks. They evaluate risk impacts in terms of a range of tan- risks (material prices, schedule durations, installation rates, gible results and they evaluate risk of occurrence in terms of etc.); the combined effect of numerous high likelihood/low probabilities. The analyst's focus is on the combined tangible consequence risks can significantly alter project outcomes. effect of all the risks on project scope, cost, and schedule. A Commonly, risk management procedures accommodate these comprehensive risk assessment combines both a qualitative high likelihood/low consequence risks by determining their assessment and a quantitative assessment. The qualitative combined effect and developing cost and/or schedule contin- assessment is useful for screening and prioritizing risks and gency allowances to manage their influence. for developing appropriate risk mitigation and/or allocation Low likelihood/high consequence events, on the other hand, strategies. The quantitative assessment is best for estimating the usually warrant individualized attention and management. At numerical and statistical nature of the project's risk exposure. a minimum, low likelihood/high consequence events should This section will present qualitative risk assessments and the be periodically monitored for changes in either their probabil- next section will discuss quantitative risk analysis. ity of occurrence or in their potential impacts. The subject of It should be noted that risk assessment techniques are scal- risk registers or risk watch lists is discussed in more detail later able. They can be applied to small highway reconstruction in this Guidebook. Some events with very large, albeit unlikely, projects or to large corridor programs. An application of a impacts may be actively managed to mitigate the negative con- risk assessment on a minor resurfacing project can yield a pri- sequences should the unlikely event occur. oritized list of red flag items that should be monitored over High (red) risk events are so classified either because they the course of a projects development, design, and construc- have a high likelihood of occurrence coupled with, at least, a tion. An application of a risk assessment on a major highway moderate impact or they have a high impact with, at least, corridor project can yield the basis for a detailed probabilis- moderate likelihood. In either case, specific directed man- tic cost estimate, and a comprehensive risk management plan agement action is warranted to reduce the probability of will be discussed later in this document. their occurrence or to reduce the risk's negative impact.

OCR for page 22
26 RISK ASSESSMENT ASSESSMENT GUIDE High (Red) Level Likelihood E M M H H H Likelihood Unacceptable. Major disruption A Remote D L M M H H likely. Different approach required. B Unlikely C L L M M H Priority management attention required C Likely B L L L M M Moderate (Yellow) D Highly Likely A L L L L M Some disruption. Different E Near Certainty a b c d e approach may be required. Consequence Additional management attention may be needed Low (Green) Minimum impact. Minimum Level Schedule and/or Cost oversight needed to ensure risk remains low a Minimal or no impact Minimal or no impact Additional resources b <5% required; able to meet Minor slip in key milestones; c 5-7% not able to meet need date Major slip in key milestone or d 7-10% critical path impacted Can't achive key team or e >10% major program milestone Figure 3.7. Risk assessment process (Adapted from DOE 2003). 3.4.2.4 Risk Assessment Summary to view projects from the contractor's perspective through a better understanding of their risks. More commonly, the The goal of risk assessment is not to eliminate all risk from overall risk assessment is used to determine cost and sched- the project. Rather, the goal is to recognize the significant risk ule contingency values and to quantify individual impacts of challenges to the project and to initiate an appropriate man- high risk events. Ultimately however, the purpose of quanti- agement response to their management and mitigation. This tative analysis is to not only compute numerical risk values recognition of risk challenges is accomplished through an as- but to provide a basis for controlling transportation project sessment of each risk's likelihood of occurrence and the im- costs through effective risk management strategies. pact if it does occur. A comparison of each risk's probability There are many methods and tools for quantitatively com- and impact yields a relative ranking of the risks that can be bining and assessing risks. The selected method or tool will used for risk management or, if warranted by project com- involve a trade-off between sophistication of the analysis and plexity, a detailed quantitative risk analysis using probabilis- its ease of use. There are at least five criteria to help select a tic models to generate ranges of possible outcomes. suitable quantitative risk technique. 3.4.3 Risk Analysis The tool should help determine project cost and schedule contingency. 3.4.3.1 Objectives of Risk Analysis The tool should have the ability to include the explicit Typically, a project's qualitative risk assessment will recog- knowledge of the project team members concerning the nize some risks whose occurrence is so likely or whose conse- site, the design, the political conditions, and the project quences are so serious that further quantitative analysis is approach. warranted. A key purpose of quantitative risk analysis is to The tool should allow quick response to changing market combine the effects of the various identified and assessed risk factors, price levels, and contractual risk allocation. events into an overall project risk estimate. This overall as- The tool should help foster clear communication among the sessment of risks can be used by the transportation agency to project team members and between the team and higher make go/no-go decisions about a project. It can help agencies management about project uncertainties and their impacts.

OCR for page 22
27 The tool, or at least its output, should be easy to use and The mode and the mean of two example continuous distribu- understand. tions are illustrated in the Figure 3.8. The other key consideration when defining an input variable 3.4.3.2 Risk Characterization for Risk Analysis is its range or dispersion. The common measure of dispersion is the standard deviation which is a measure of the breadth of There are three basic analyses that one can conduct during values that are possible for the variable. Normally, the larger a project risk analysis. There is technical performance analysis the standard deviation the greater the relative risk. Probability (will the project work or is the scope sufficient?), schedule risk distributions with different mean values and different standard analysis (when will the project be completed?) and cost risk deviation values are illustrated in Figure 3.9. analysis (what will the project cost?). A technical performance All four distributions have a single high point (the mode) risk analysis can provide important insights into technology- and all have a mean value that may or may not equal the mode. driven cost and schedule growth for projects that incorporate Notice too that some of the distributions are symmetrical about new and unproven technology. However, this discussion of the mean while others are not. Selecting an appropriate prob- quantitative risk analysis will concentrate only on cost and ability distribution is a matter of which distribution is most schedule risk analysis. The following section will discuss the like the distribution of actual data. For transportation proj- various alternative methods that can be used for quantitative ects, this is a difficult choice because historical data on unit risk analysis. prices, activity durations, and quantity variations are often dif- At a computational level there are two considerations ficult to obtain. In cases where insufficient data is available to about quantitative risk analysis methods. First, for a given completely define a probability distribution, one must rely on method, what input data is required to perform the risk a subjective assessment of the needed input variables. analysis? Second, what kind of data, outputs and insights does the method provide to the user? 3.4.3.4 Outputs of Risk Analysis 3.4.3.3 Inputs for Risk Analysis The type of outputs that a technique produces is an impor- tant consideration when selecting a risk analysis method or The most stringent methods are those that require as inputs tool. Generally speaking, techniques that require more rigor, a probability distribution for the various performance, sched- demand stricter assumptions, or need more input data gen- ule, and costs risks. Risk variables are differentiated based on erally produce results that contain more information and are whether they can take on any value in a range (continuous vari- more helpful. Results from risk analyses may be divided into ables) or whether they can assume only certain distinct values three groups according to their primary output: (discrete variables). Whether a risk variable is discrete or con- tinuous, two other considerations are important in defining an Single parameter output measures; input probability: its central tendency and its range or disper- Multiple parameter output measures; and sion. An input variable's mean and mode are two alternative Complete distribution output measures. measures of central tendency; the mode is the most likely value across the variable's range. The mean is the value where the The type of output required for an analysis is a function of variable has a 50 percent chance of taking on a value that is the objectives of the analysis. If, for example, an agency needs greater and a 50 percent chance of taking a value that is lower. approximate measures of risk to help in project selection Probability Distribution Probability Distribution (Normal) (Lognormal) Mode Mode Probability Probability Mean Mean Cost or Duration Cost or Duration Figure 3.8. Mean and mode in normal and lognormal distributions.

OCR for page 22
28 Continuous Distribution: Continuous Distribution: Normal Lognormal Probability Probability Cost or Duration Cost or Duration Continuous Distribution: Discrete Distributions Triangular Probability Probability Cost or Duration Cost or Duration Figure 3.9. Distributions for risk analysis. studies, simple mean values (a single parameter) or a mean risk output measures are desired. The following paragraphs and a variance (multiple parameters) may be sufficient. On describe some of the most frequently used quantitative risk the other hand, if an agency wishes to use the output of the analysis methods and an explanation of the input requirement analysis to aid in assigning a contingency amount to a project, and output capabilities. These methods range from simple, knowledge about the precise shape of the tails of the output empirical methods to computationally complex, statistically distribution or the cumulative distribution is needed (com- based methods. plete distribution measures). Finally, when the identification Traditional methods for risk analysis are empirically devel- and subsequent management of the key risk drivers is the goal oped procedures that primarily concentrate on developing of the analysis, a technique that helps with such sensitivity cost contingencies for projects. The method assigns a risk fac- analyses is an important selection criterion. tor to various project elements based on historical knowledge Sensitivity analysis is a primary modeling tool that can be of the relative risk of various project elements. For example, used to assist in valuing individual risks, which is extremely pavement material cost may exhibit a low degree of cost risk, valuable in risk management and risk allocation support. A whereas acquisition of rights of way may display a high degree "tornado diagram" is a very useful graphical tool for depicting of cost risk. Project contingency is determined by multiply- risk sensitivity or influence on the overall variability of the risk ing the estimated cost of each element by their respective risk model. Tornado diagrams graphically show the correlation be- factors. Table 3.4 provides an example of a traditional risk tween variations in model inputs and the distribution of the analysis for the calculation of contingency through the ex- outcomes. They highlight the greatest contributors to the over- pected value of each identified risk. This method profits from all risk. Figure 3.10 is a tornado diagram for a portion of the San its simplicity and the fact that it does produce an estimate of Francisco Oakland Bay Bridge project. The length of the bars cost contingency. However, the project teams' knowledge of on the tornado diagram corresponds to the influence of the risk is only implicitly incorporated in the various risk factors. items on the overall risk (in this case, risk to schedule duration). Due to the historical or empirical nature of the risk assess- ments, traditional methods do not promote communication of the risk consequences of the specific project risks. Likewise, 3.4.3.5 Risk Analysis Methods this technique does not support the identification of specific The selection of a risk analysis method requires an analysis project risk drivers. These methods are not well adapted to of what input risk measures are available and which types of evaluating project schedule risk.

OCR for page 22
29 Top 15 Corridor Schedule Risks SAS RFAB3 - Tower Lift 1 Fabrication SAS RFAB1 - Deck 1-6 Fabrication SAS R180A - Delays with PWS Installation SAS RBRG - Barge Crane PROG R17A - Corridor System conflicts - Eastbound OTD2 R16 - Elect/Mech completion issues Eastbound SAS R25A - Alignment of Tower Lift 1 SAS R40 - Shear Leg Barge Crane Commissioning delay SAS R11D - Conflicts over welding Deck 1W to 6W/7-14 Erect SAS R11F - Conflicts over welding Tower Lift 1 Erection SAS R120 - Removal of Temporary Towers A-C YBI1 R20B - Problems with Hinge KW completion SAS R190 - Camber error SAS R180B - Delays in Load Transfer SAS R11E - Conflicts over welding Deck 1E-6E Erection 0 5 10 15 20 25 30 35 40 45 50 Relative Likelihood to Increase Schedule Duration Figure 3.10. Example sensitivity analysis with tornado diagram. While traditional methods are quite simple, they do not re- and distribution shape. Yet, Monte Carlo methods are the flect the complexity of many highway projects. Risk analyses most common method for project risk analysis for they pro- for major projects are most often modeled through simula- vide detailed, illustrative information about risk impacts on tion methods. Simulation models, also called Monte Carlo the project cost and schedule. methods, are computerized probabilistic calculations that use Figure 3.11 shows typical probability outputs from a Monte random number generators to draw samples from probabil- Carlo analysis. The histogram information is useful for under- ity distributions. The objective of the simulation is to find the standing the mean and standard deviation of analysis re- effect of multiple uncertainties on a value quantity of interest sults. The cumulative chart is useful for determining project (such as the total project cost or project duration). There are budgets and contingency values at specific levels of certainty or many advantages of Monte Carlo methods. They can deter- confidence. In addition to graphically conveying information, mine risk effects for cost and schedule models that are too Monte Carlo methods produce numerical values for common complex for common analytical methods. They can explicitly statistical parameters such as the mean, standard deviation, incorporate the risk knowledge of the project team for both distribution range, and skewness. cost and schedule risk events. They have the ability to reveal, through sensitivity analysis, the impact of specific risk events 3.4.3.6 Risk Analysis Summary on the project cost and schedule. However, Monte Carlo methods require knowledge and The risk analysis process can be complex due to both the training for successful implementation. Input to Monte Carlo complexity of the modeling that is required and the subjec- methods requires the user to know and specify exact proba- tive nature of the data available to conduct the analysis. How- bility distribution information; mean, standard deviation, ever, the complexity of the process is not overwhelming and Table 3.4. Traditional risk analysis method example. Project Cost Element Estimated Probability of Cost Impact Occurrence Contingency Initial purchase of right of way $1,200,000 20 $240,000 Known hazardous substance 125,000 10 12,500 Coordination with railroad companies 50,000 10 5,000 Treatment of water discharged from site 400,000 3 12,000 Total $269,500

OCR for page 22
30 Distribution for Total Project Costs Cumulative Total Project Costs (Current $) (Current $) 0.020 1.00 Mean = 499.57 Mean = 499.57 0.015 0.75 0.010 0.50 0.005 0.25 0.000 0.00 400 500 600 700 400 500 600 700 5% 90% 5% 5% 90% 5% 437.98 566.93 437.98 566.93 Figure 3.11. Typical Monte Carlo output for total costs. the generated information can prove to be extremely valu- a series of risk response actions that can help agencies and their able. There are many methods and tools for quantitatively industry partners avoid or mitigate the identified risks. Wide- combining and assessing risks. The selected method will in- man (1992), in the Project Management Institute standard, volve a trade-off between sophistication of the analysis and its Project and Program Risk Management; A Guide to Managing ease of use. Adherence to sound risk analysis techniques will Risks and Opportunities, states that a risk may be: lead to more informed decision making and a more transpar- ent allocation of project risk. Unrecognized, unmanaged, or ignored (by default); Recognized, but no action taken (absorbed by a matter of policy); 3.4.4 Risk Mitigation and Planning Avoided (by taking appropriate steps); 3.4.4.1 Objectives of Risk Mitigation and Planning Reduced (by an alternative approach); Transferred (to other through contract or insurance); The objectives of risk mitigation and planning are to explore Retained and absorbed (by prudent allowances); or risk response strategies for the high-risk items identified in the Handled by a combination of the above. qualitative and/or quantitative risk analysis. The process iden- tifies and assigns parties to take responsibility for each risk The above categorization of risk response options helps to response. It ensures that each risk requiring a response has an formalize risk management planning. The Caltrans (Califor- owner. The owner of the risk could be an agency planner, nia Department of Transportation) Risk Management Hand- engineer, or construction manager depending upon the point book (Caltrans 2007) suggests a subset of strategies from the in project development or it could be a private sector contrac- categorization defined by Wideman. The Caltrans Handbook tor or partner depending upon the contracting method and states that the project development team must identify which risk allocation. strategy is best for each risk and then design specific actions Risk mitigation and planning efforts may require that agen- to implement that strategy. The four strategies and actions in cies set policies, procedures, goals, and responsibility stan- the Caltrans Handbook include: dards. Formalizing risk mitigation and planning throughout an agency will establish a risk culture that should result in bet- Avoidance--The team changes the project plan to elimi- ter cost management from planning through construction. nate the risk or to protect the project objectives from its impact. The team might achieve this by changing scope, adding time, or adding resources (thus relaxing the so- 3.4.4.2 Risk Response Options called "triple constraint"). Risk identification, assessment, and analysis exercises form Transference--The team transfers the financial impact of the basis for developing sound risk response options. There are risk by contracting out some aspect of the work. Transfer-

OCR for page 22
31 ence reduces the risk only if the contractor is more capable 3.4.4.4 Risk Planning Documentation of taking steps to reduce the risk and does so. Mitigation--The team seeks to reduce the probability or Each risk plan should be documented, but the level of doc- umentation detail will vary with the unique attributes of each consequences of a risk event to an acceptable threshold. This is accomplished via many different means that are project. Major projects or projects with high levels of uncer- specific to the project and the risk. Mitigation steps, al- tainty will benefit from having detailed and formal risk man- though costly and time consuming, may still be preferable agement plans that record all aspects of risk identification, to going forward with the unmitigated risk. risk assessment, risk analysis, risk planning, risk allocation, Acceptance--The project manager and the project team and risk information systems, documentation, and reports. decide to accept certain risks. They do not change the proj- Other projects that are smaller or contain minimal uncertain- ect plan to deal with a risk, or identify any response strategy ties may only require the documentation of red flag item lists other than agreeing to address the risk if and when it occurs. that can be updated at critical milestones throughout the project development and construction. Given a clear understanding of the risks, their magnitude, A red flag item list is created at the earliest stages of project and the options for response, an understanding of project risk development and maintained as a checklist during project de- will emerge. This understanding will include where, when, velopment. It is perhaps the simplest form of risk identifica- and to what extent exposure will be anticipated. The under- tion and risk management. Not all projects will require a standing will allow for thoughtful risk planning. comprehensive and quantitative risk management process. A red flag item list can be used in a streamlined qualitative risk management process. 3.4.4.3 Risk Planning The creation of a risk register is a more formal identification Risk planning involves the thoughtful development, im- of risks than the simple red flag item listing. It is typically com- plementation, and monitoring of appropriate risk response pleted as part of a formal and rigorous risk management plan. strategies. The DOE's Office of Engineering and Construc- The risk register provides project managers with a listing of sig- tion Management (2003) defines risk planning as the detailed nificant risks and includes information about the cost and formulation of a plan of action for the management of risk. It schedule impacts of these risks. It supports the contingency res- is the process to: olution process by tracking changes as a result of actual cost and schedule risk impacts, as the project progresses through Develop and document an organized, comprehensive, and the development process and the risks are resolved. interactive risk management strategy; A risk register is used as a management tool to identify, Determine the methods to be used to execute a risk man- communicate, monitor, and control risks. It provides assis- agement strategy; and tance in setting appropriate contingencies and equitably allo- Plan for adequate resources. cating risks. As part of a comprehensive risk management plan, the risk register can help to control cost escalation. It is Risk planning is iterative and includes describing and sched- appropriate for large or complex projects that have significant uling the activities and processes to assess (identify and ana- uncertainty. A risk register is based on either a qualitative or lyze), mitigate, monitor, and document the risk associated with quantitative assessment of risk, rather than simple judgmen- a project. For minor or moderately complex projects, the result tal decisions. The identified risks are listed with relevant infor- should be a risk register. For major projects or moderately mation for quantifying, controlling, and monitoring them. complex projects with a high degree of uncertainty, the result The risk register may include relevant information such as: should be a formal risk management plan. Planning begins by developing and documenting a risk Risk Description management strategy. Early efforts establish the purpose and Status objective; assign responsibilities for specific areas; identify ad- Date Identified ditional technical expertise needed; describe the assessment Project Phase process and areas to consider; delineate procedures for con- Functional Assignment sideration of mitigation and allocation options; dictate the re- Risk Trigger porting and documentation needs; and establish report re- Probability of Occurrence (%) quirements and monitoring metrics. This planning should Impact ($ or days) address evaluation of the capabilities of potential sources as Response Actions well as early industry involvement. Responsibility (Task Manager)

OCR for page 22
32 The most extensive risk planning, which is typically reserved standards. Formalizing risk mitigation and planning through- for major projects, is through the creation of a formal risk out the agency will establish a risk culture that should result in management plan. The project development team's strategy better cost management from planning through construction. to manage risk provides the project team with direction and basis for planning. The formal plan should be developed dur- 3.4.5 Risk Allocation ing the planning and programming phases, and then updated during the preliminary and final design phases. Since the abil- 3.4.5.1 Objectives of Risk Allocation ity of the agency's and the contractor's teams to plan and build The contract is the vehicle for risk allocation. Whether the the facility affects the project's risks, industry can provide valu- contract is for construction, construction engineering and able insight into this area of consideration. inspection, design, or design-build, or some other aspect of The plan is the roadmap that tells the project team mem- highway construction management, the contract by defining bers how to approach all phases of risk management at a cor- roles and responsibilities assigns risks. Risk allocation in any porate level. Since it is a map, it may be specific in some areas, contract affects cost, time, quality, and the potential for dis- such as the assignment of responsibilities for agency and con- putes, delays, and claims. In fact, contractual misallocation of tractor participants and definitions, and general in other areas risk has been found to be a leading cause of construction dis- to allow users to choose the most efficient way to proceed. A putes in the United States (Smith 1995). risk management plan should contain some or all of the fol- The Construction Industry Institute (CII) is a group of lowing items: construction industry owners, contractors, and academics that study the industry and create best practices. In a 1990 1. Introduction study, CII states that: 2. Summary 3. Definitions The goal of an optimal allocation of risk is to minimize the 4. Organization total cost of risk on a project, not necessarily the costs to each 5. Risk management strategy and approach party separately. Thus, it might sometimes seem as if one party 6. Risk identification is bearing more of the risk costs than the other party. However, 7. Risk assessment and analysis if both owners and contractors take a long-term view, and take into consideration the benefit of consistently applying an opti- 8. Risk planning mal method to themselves and to the rest of their industry, they 9. Risk allocation will realize that over time optimizing risk allocation reduces 10. Risk register and risk monitoring everyone's cost and increases the competitiveness of all parties 11. Risk management information system, documentation involved. and reports The objectives of risk allocation can vary depending upon As previously stated, each risk plan should be documented, unique project goals, but four fundamental tenets of sound but the level of detail will vary with the unique attributes of risk allocation should always be followed. each project. Red flag item lists, risk registers, and formal risk management plans provide flexibility in risk management Allocate risks to the party that is best able to manage them. documentation. Allocate the risk in alignment with project goals. Share risk when appropriate to accomplish project goals. Ultimately seek to allocate risks to promote team align- 3.4.4.5 Risk Planning Summary ment with customer-oriented performance goals. Risk mitigation and planning utilizes the information from the risk identification, assessment, and analysis processes to 3.4.5.2 Allocate Risks to the Party formulate response strategies for key risks. Common strate- Best Able to Manage Them gies are avoidance, transference, mitigation, or acceptance. The mitigation and planning exercises must be documented A fundamental tenet of risk management is to allocate the in an organized and comprehensive fashion that clearly as- risks to the party that is best able to manage the specific risk. signs responsibilities and delineates procedures for mitigation The party assuming the risk should be able to best evaluate, and allocation of risks. Common documentation procedures control, bear the cost, and benefit from its assumption (ASCE frequently include the creation of red flag item lists, risk reg- 1990). For example, the risk of an inadequate labor force, a isters, and formal risk management planning documentation. breakdown in equipment, or specific means of construction is Risk mitigation and planning efforts may necessitate that best borne by the contractor, while a risk of securing of proj- agencies set policies, procedures, goals, and responsibility ect funds or project site availability is best borne by the agency.

OCR for page 22
33 Following this principle of allocating the risks to the party However the term "risk sharing" can be somewhat mis- that is best able to manage them will ultimately result in lowest leading. In reality, there is no risk that is truly shared, but overall price because contractors will not be forced to include rather, exposure to the risk is split amongst the parties. Risk contingency for possible financial losses or take gambles in an sharing is clearly defining the point at which the risk is trans- extremely competitive bidding environment. Inappropriate ferred from one party to the other. These transfer points risk shifting from the owner to the contractor can result in mis- should be scrutinized for appropriateness, and then explicitly aligned incentives, mistrust, and an increase in disputes. and clearly addressed in the contract. For example, a risk that A second CII study (CII 1993) discusses the concept of is commonly shared is the risk for unusually severe weather. allocating risks to the party that is best able to accept them: A contract provision for unusually severe weather may grant the contractor a right to a time extension while not providing Because of the advantages and disadvantages associated with for additional compensation of costs. In this situation, the efficient and equitable allocation of risk, each project should be agency is allocated the risk of delay while the contractor is al- assessed individually and to determine for each risk what alloca- tion consideration will reduce the overall cost to the project's located the risk of additional costs. total cost of risk. Another example of risk allocation comes from the WSDOT. The agency had traditionally maintained the risk for differing site conditions on drilled shafts for bridge piers. 3.4.5.3 Risk Allocation in Alignment On a number of projects, they had experienced substantial with Project Objectives cost growth for differing site conditions claims from contrac- Risks should be allocated in a manner that maximizes the tors who were using equipment that was insufficient to re- probability of project success. The definition of a clear and move small boulders in the drilled shafts. The agency deter- concise set of project objectives is essential to project success mined that they had two choices: 1) specify the equipment and these objectives must be understood to properly allocate and method for drilling the shaft so that these small boulders project risks. For instance, if the public needs a project com- could be removed when encountered; or 2) allocate the risk pleted sooner than would be achievable under traditional for removing these boulders to the contractor in hopes that contracting and risk allocation methods, the agency may be they will choose the appropriate method for removing the forced to ask the contractor to assume more risk for timely or rocks. Unfortunately, both of these options were not aligned expedited completion and the agency must be willing to com- with standard agency policy. Because the agency foresaw too pensate the contractor for assuming this risk. much risk in prescribing the means and methods of construc- Allocating risks in alignment with project objectives begins tion, they chose the second solution of allocating the risk of with a clear understanding of the project objectives by the the differing site conditions to the contractor. agency and clear communication of these objectives to the Communication between parties is a key to any sharing of contracting, consulting, or design community. While this risk allocation. Risk sharing provisions should be written with idea seems to be quite simple, in practice it is often difficult the principle of risk management and alignment of projects to identify and prioritize concise objectives due to the com- objectives as described above. All nontraditional allocation of plex nature of many highway construction projects. risk should be clearly pointed out to the contractors. The importance of clearly understanding and defining proj- ect objectives cannot be overemphasized. Project objectives 3.4.5.5 Risk Allocation in Alignment with directly determine optimum risk allocation strategies, or when Customer-Oriented Performance Goals project risk allocation is justified in deviating from traditional industry standards. Additionally, project objectives can affect The ultimate goal of risk allocation should be to help align the procurement methods and contracting strategies. The ob- the project team with customer oriented performance goals. jectives should be understood early in the project process and A primary finding of the 2005 FHWA Construction Manage- referred to before any important design, procurement, con- ment Scan (FHWA 2005) was that the European highway tracting, or construction management decision. community is allocating more risk to the private sector and this has resulted in better alignment of team goals with cus- tomer goals. For example, the Highways Agency in England 3.4.5.4 Share Risks Appropriately has key performance indicators that deal with client satisfac- The concept of risk sharing is often used synonymously tion with the product, client satisfaction with the service, pre- with the concept of risk allocation. The American Society of dictability of time, predictability of cost, safety, and process Civil Engineers has gone as far as to define risk allocation as improvement. They have found that traditional risk alloca- "the process of identifying risks and determining how--to tion practices do not always align teams with these customer- what extent--they should be shared" (ASCE 1990). oriented performance goals.

OCR for page 22
34 While the concept of allocating risks in alignment with 1. Develop consistent and comprehensive reporting proce- customer-oriented performance goals may seem to be a sig- dures; nificant departure from traditional practices in the United 2. Monitor risk and contingency resolution; and States, highway agencies are already doing this through the 3. Provide feedback of analysis and mitigation for future risk use of alternative contracting techniques. For example, A + B assessment and allocation. (cost + time) procurement is used on selected projects by many highway agencies in the United States. In essence, A + B procurement passes the risk for accurately setting the fastest 3.4.6.2 Reporting construction completion date from the agency to the contrac- Risk reporting involves recording, maintaining, and stating tor. In an extreme example, the use of Public Private Partner- assessments. Monitoring results and assessing the adequacy of ship techniques is shifting the risk for customer satisfaction existing plans are critical. The DOE's Office of Engineering almost entirely to the private sector. Agencies and the indus- and Construction Management (2003) states that primary cri- try should strive to innovate and develop new risk allocation terion for successful management is formally documenting the techniques that align all team members with customer goals. ongoing risk management process. This is important because: 3.4.5.6 Conclusions It provides the basis for program assessments and updates as the project progresses; The rigorous process of risk identification, assessment, Formal documentation tends to ensure more comprehen- analysis, and mitigation described in this Guidebook allows for a more transparent and informed allocation of project risk. sive risk assessments than undocumented efforts; It provides a basis for monitoring mitigation and alloca- When risks are understood and their consequences are mea- sured, decisions can be made to allocate risks in a manner that tion actions and verifying the results; It provides project background material for new personnel; minimizes costs, promotes project goals, and ultimately aligns the construction team (agency, contractor, and consultants) It is a management tool for the execution of the project; and with the needs and objectives of the traveling public. It provides the rationale for project decisions. A comprehensive risk register can form the basis of docu- 3.4.6 Risk Monitoring and Control mentation for risk monitoring and updating. Caltrans has de- 3.4.6.1 Objectives of Monitoring and Control veloped a standard risk register format that provides documen- tation for risk monitoring and updating. Table 3.5 provides The objectives of risk monitoring and control are to 1) sys- a summary of the risk monitoring items contained in the tematically track the identified risks; 2) identify any new risks; Caltrans risk register template. 3) effectively manage the contingency reserve; and 4) capture lessons learned for future risk assessment and allocation The output of risk registers and risk information systems efforts. Risk monitoring and updating occurs after the risk can be graphically oriented. Figure 3.12 provides one exam- mitigation and planning processes. It precedes the risk allo- ple of a status presentation of top-level risk information that cation process in the planning phase, but is performed in con- can be useful to management as well as others external to the junction with allocation during programming and design program. The example has been adapted from the DOE's Of- phases. It must continue for the life of the project. Risks are fice of Engineering and Construction Management (2003) dynamic. The list of risks and associated risk management and populated with risks for a typical highway project. strategies will likely change as the project matures and new The most complex projects can employ a risk management risks develop or anticipated risks disappear. information system. Risk management information systems Periodic project risk reviews repeat the tasks of identifica- can vary in form depending upon project or program needs, tion, assessment, analysis, mitigation, planning, and allocation. but the systems generally contain the same information that Regularly scheduled project risk reviews can be used to ensure would be found in the most comprehensive risk registers in a that project risk is an agenda item at all project development database system that can be accessed by multiple users. Cal- and construction management meetings. If unanticipated risks trans has created a very sophisticated risk management infor- emerge, or a risk's impact is greater than expected, the planned mation system for the San Francisco Oakland Bay Bridge Proj- response or risk allocation may not be adequate. At this point, ect and the Toll Bridge Seismic Retrofit Program. The graphic the project team must perform additional response planning in Figure 3.13 shows an input screen for the program's risk to control the risk. management information system. The risk management in- Risk monitoring and updating tasks vary depending upon formation system provides Caltrans staff with a variety of unique project goals, but three tasks should be integrated into input methods and reporting functions. Caltrans is using the design and construction management plans: risk management information system to actively manage its

OCR for page 22
35 Table 3.5. Selected monitoring items from Caltrans risk register (Caltrans 2007). Status Functional Risk Trigger Assessment Monitor and Assignment (Qualitative or Control Quantitative) Active = risk is Capital delivery Event that Probability and Responsibility = being actively function indicates risk has impact of the risk name of manager monitored (planning, design, occurred responsible for the This can be right of way, risk Dormant = risk is Used to determine qualitative (very environmental, not currently high when to high, high, Status Interval or engineering priority, but may implement the risk medium, etc.) or Milestone Check = services, become active in response strategy quantitative point of review construction, etc.) the future (involving a % Date, Status and probability of Retired = risk has Review occurrence and been resolved Comments impact in $ or days) Risk Risk Issue High Moderate Low Status/Comment Plan # T-01 Unexpected geotechnical Soils investigations ongoing issues Closed T-02 Need for design exceptions Design nearly complete E-01 Landowners unwilling to sell All property successfully acquired Closed E-02 Local community objections Outreach plan complete E-01 Inexperienced staff assigned Training in progress Figure 3.12. Example risk status report (Adapted from DOE 2003). Figure 3.13. Risk management information system example (Caltrans).