Risks to Infrastructure Projects
Risk is an uncertain event or condition that, if occurs, has a positive or negative effect on a project objectives. Sources of risk can include inherent variability, or uncertainties related to various factors including human behavior, organisational structures, or societal influences. Every infrastructure project undergoes the process of risk management outlined below in order to develop risk response strategies suitable for particular circumstances.
Risk management
Risk management is a systematic process of identifying, analyzing, and responding to project risks.
Effectiveness of risk management throughout the project life-cycle is correlated with the level of its inclusion into governance and decision-making mechanisms as part of the project as well as appropriate engagement of stakeholders. Thoroughly planned strategic risk management maximises the effect of positive risks and minimises the negative risks, increasing the likelihood of project success.
One of the objectives of risk management in an organization is to develop and implement an effective mechanism for assessing potential hazards that may lead to material and non-material losses for organiation, as well as a mechanism for responding to these hazards in order to minimize their negative effect on the goals and objectives of the organization and maximize potential benefits to effectively manage the organization's resources.
Scope, Context, Criteria
-
Tailoring the risk management process to circumstances and constraints of the project
-
Alignment with strategic goals and objectives of the organisation
-
Defining boundaries of risk management activities
-
Understanding internal and external context of project risks
-
Establishing a consistent basis for risk evaluation and treatment
Risk Identification
Risk identification is the primary and arguably most important stage of the risk management process. It is done in continuous and systematic manner by identifying sources of risk using specific methods, classifying risks into categories, describing and documenting significance of each risk.
The goal of risk identification is to detect and characterise potential risks that could either facilitate or hinder an organisation from accomplishing its objectives. Risk identification is conducted using various methods of gathering information on the sources of risks that might have an impact on the achievement of the project objectives.
Risk Evaluation
Risk evaluation allows organizations to prioritise identified risks based on their potential impact and likelihood.
Risk evaluation stage enables organisations to allocate necessary resources more efficiently by focusing on most significant risks. At this stage the risks are compared against the established criteria in order to understand their impact on the project and strategic objectives of the organisation.
Monitoring & Reviewing
-
Ensure the risk management process is up-to-date with the organisation's internal and external changes over the project life-cycle
-
Exercising change management as a response mechanism to changes in internal and external project environment, including changes to strategic objectives
-
Identification of new risks due to availability of additional data
-
Refining information to enhance understanding and management of identified risks
Scope, Context, Criteria
Recording & Reporting
Communication & Consultations
Monitoring & Reviewing
Risk Identification
Risk Analysis
Evaluation
Risk treatment
Communications & Consultations
-
Engagement of internal and external stakeholders throughout the risk management process
-
Promotion of awareness and understanding of risks across the organisation
-
Facilitation of exchange of evidence-based, timely, relevant, and accurate information
-
Building trust and transparency within the organisation
-
Supporting better decision-making regarding risks
Risk Analysis
Risk analysis stage of the process enables comprehensive understanding of each of the identified risks, including their underlying causes, possible consequences, likelihood of occurrence, and impact.
Through analysis of the likelihood and potential impact of risks, organisations prioritise risks in terms of risk response measures. The analysis serves as input for decision-makers to determine how the identified risks will to be treated.
Risk Treatment
Risk treatment enables organisations to minimise identified risks using various strategies and actions. Common elements of risk treatment include:
-
Risk mitigation involves reducing the likelihood of the risk occurring, and its potential impact on the project
-
Risk transfer involves delegating part or all of the identified risk to other parties to the project
-
Risk avoidance involves eliminating the risk by deciding not to start or continue with the activity that gives rise to the risk
-
Risk Acceptance is accounting for implications of the potential impact of the risk due to the cost of other risk treatment options outweighing the potential benefit
Recording & Reporting
-
Communication of risk management activities and outcomes across different levels and functions of the organisation
-
Promotion of transparency and share understanding of the current situation within the project and broader context
-
Provision of valuable information for decision-makers in order to ensure strategic cohesiveness
-
Facilitation of stakeholder engagement by providing factual and up-to-date information
-
Ensuring accountability and ownership by project management for risk management actions
Risk registers
Upon completion of the risk identification stage of the risk management process, the risks are classified into certain categories depending on their sources. All gathered information on the identified risks associated with the project is stored in arisk register or risk log. Risk register is a repository that contains the output of risk management process.
The information contained in the risk registers include persons responsible for responding to the occurrence of certain risks, the probability of occurrence of risks, the degree of severity and the corresponding risk assessment, the method of responding to the potential occurrence of risk and any other information that can contribute to improving the effectiveness of responding to identified risks in order to reduce their impact on the objectives of the project. New Zealand Government Procurement Risk Register Template is one of the examples of what information might be collected.
Knowledge bases
Knowledge bases are centralised repositories of information that can be used in risk management process. Availability of knowledge bases of risks encountered in previous projects by organisations enables project managers and stakeholders to make more informed decisions based on previous experiences and lessons learned.
Explicit knowledge available over the history of the projects and recorder in documents such as risk registers can used along with tacit knowledge stored in the minds of experts and professionals who worked in infrastructure projects.
The concept of «knowledge-driven risk management process» focused on practical information that can be transferred from previous projects can be beneficial to organisations the point of view of development of tools aimed at optimisation of project primary constraints including cost, schedule, and quality. Accumulation of historic knowledge of risk in an organisation is a challenging endeavour, however can lead to improvement of risk management performance in the long-term perspective.
Some of the benefits of knowledge-based approach to risk management include enhanced efficiency of decision-making, improved consistency and regulatory compliance, and continuous improvement of risk response strategies enhancing overall risk management capabilities.
Scope Establishment
Risk Registers
Risk Identification
Risk Analysis
Knowledge-based risk evaluation
Risk Evaluation
Risk Treatment
Risk Monitoring