Risk management is everywhere. The principles, definitions, and plans involving risk management can be applied to almost any industry or endeavor. Depending on the industry, the sources of risk and the consequences of a particular risk, the approach to risk management will vary. Some risk management is mandatory. For instance, the EPA requires facilities that use extremely hazardous substances to submit a risk management plan (RMP) every five years to be in compliance with Sec. 112(r) of the 1990 Clean Air Act Amendments. On the national level, the Department of Homeland Security developed a National Infrastructure Protection Plan outlining, “how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.”
Some risk management plans are recommended by government agencies as industry standards. The US DOT Federal Highway Administration published a guidebook, Risk Assessment and Allocation for Highway Construction Management, concluding that, “(t)he business case for including risk assessment and allocation as a standard project management component of major capital projects is unambiguous: The ability to better understand potential risks and how to manage them yields benefits far in excess of the costs of adopting risk management practices.” CalTrans has developed a Scalable Risk Management Handbook, “as a handbook for all project team members to use during all phases of delivery.”
Larger organizations develop risk management departments to create and audit the risk management process. Some examples are: universities, pipeline companies, particle accelerators, and even fraternities. Smaller companies without formal risk management departments can adopt many of the best practices by incorporating them into job descriptions and by using checklists.
What is Risk Management?
Risk Management is broadly defined as preserving an organization’s assets, reputation and other value while maximizing profits / shareholder value through the management of both pure and speculative risks. Examples of pure risks include fire, wind, unsafe employee conditions, theft and pollution. Such risks are also known as static risks and are by definition are considered to be “bad” risks. Examples of speculative risks include investments in equipment, investments in land, new employees, new markets and business mergers & acquisitions. Speculative risks can be either good or bad risks. The most basic risk categories are focused on profit, assets and legal liability.
There are numerous other similar but overlapping definitions of risk management available. They can generally be boiled down to some application of the following strategies:
- Mitigation – Control – Minimization
- Allocation – Transfer to Others
How to Avoid the Contractor’s Wheel of Misfortune
The building process presents a number of risks that do not exist in other industries such as weather and hidden conditions. In “design – bid – build” project delivery systems, the lowest bidder and subcontractors may not have the knowledge, experience or resources to effectively manage the risks that occur on a project. Borrowing from poet Robert Burns, “the best laid schemes o’ Mice an’ Men,” oft go awry.” In construction, S#!Ⱦ Happens, and when it happens, disputes can arise about fault and damages. And with most disputes comes the loss of profit, good will, reputation, and other misfortune.
The Risk Management Process
The risk management process involves working through steps:
- Identification of Risk
- Analysis of Risk
- Selection of Appropriate Means to Deal with each Risk; and
- Monitoring Results (Improvement)
This process can easily be visualized reviewing and adapting the various flowcharts found in a Google image search for the term, “risk management process”. There are also numerous risk management plan templates available in Microsoft Word format.
Identification of Risk
The sources of misfortune are many and the following graphic from my risk management presentation highlights some of the typical construction risks.
In addition to the examples in the “wheel” above, common risk categories include:
|Facilities & Equipment||Design||Operational Requirements|
|Testing & Commissioning||Value Engineering||Schedule|
|Supplier Capabilities||Cost – Budget Cycle||Integration of technology|
Fortunately there are also many opportunities to identify risks in advance and adopt a practical set of processes and strategies to manage them in advance.
Analysis of Risk
The analysis and evaluation of risk must be conducted both from a qualitative and quantitative perspective. Each identified risk must be evaluated in terms of the probability of its occurrence, the cost of its occurrence and the potential scheduling impact.
The consequences of the occurrence of a risk range from little or no impact (e.g., for a non-critical path work item) to a project failure. Many methods exist to quantify the probabilities and impacts to project scope, cost and schedule. A simple, risk severity matrix can be created using a spreadsheet to compare the probability levels to the consequence levels. (Severity = Probability X Consequence).
Dealing with Identified Risks using Contracts
- One size does not fit all.
- Generally, anything not illegal or against public policy can be in a contract.
- Court’s role is to interpret and enforce terms and expectations of parties to contract.
- Contracts can allocate, avoid, limit, quantify, transfer, disclaim or otherwise manage risk.
- Contract’s goal can be to push away as much risk as possible, so you can focus on the core objective of delivering quality work.
- The clearer and more detailed the contract, the less likely a dispute will arise, the less likely that the dispute will need a lawyer’s service, the more likely that it can be worked out.
- Courts interpret contacts using the concept of “Omitted Cases.” This means that if your contract omits discussing part of the contractual relationship (e.g., allocation of risk), then the court will try to essentially divine what the parties intended based on common law, course of dealing and other concepts developed to construe (interpret) the contract. There is a risk that undiscussed terms will be decided against you.
- Understand Legal Concept of “Flow Down”
- Understand Legal Concept of “Incorporated by Reference”