Risk Management Flashcards

1
Q

Define risk.

A

A risk can be defined as an uncertain event or

a circumstance that, if it occurs, will affect the outcome of a programme/project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Does risk only refer to threats?

A

No, risk is widely accepted to define risks and opportunities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What guidance note does the RICS produce on risk?

A

RICS professional guidance, UK - Management of risk,
1st edition

Effective 25 September 2015

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an issue?

A

Issues are events that are happening now or imminently.

This differs from risks, which sit in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What can lead to an issue?

A

Unmediated disputes, unaddressed concerns, unresolved decision making or risks that have evolved into issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How should you manage risks and issues?

A
  • Response plans
  • Agreed action dates

Hold people accountable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a risk register?

A

A document that can be adopted during the early stages of the project, showing:

  • Where the responsibility lies
  • Likelihood of risk occuring
  • Impact of risk should it occur
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the different measures that can be taken to mitigate risks?

A
  • Risk avoidance (serious, unacceptable, designed out)
  • Risk reduction (unacceptable, reduce chance of risk or impact)
  • Risk transfer to contractor (building programme risk better controlled by contractor, comes at risk premium)
  • Risk sharing (often provisional quants employer risk and provisional rates contractor risk)
  • Risk retained (risk allowance included in cost plan)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the general risk categories?

A
  • Political and business risk
  • Benefit risk
  • Consequential risk
  • Project risk
  • Programme risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is political and business risk? Give an example.

A

A risk that has an adverse impact on the business as an ongoing concern.

This risk could come as a result of a benefit, consequential, programme or project risk.

For example, if there is a severe delay the share price for the business may fall due to lack of confidence in the organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a benefit risk? Give an example.

A

The risk of failing to deliver the project to the performance required, undermining the long term business case (no benefit of the project).

For example, planning may limit size of scheme, reducing revenues through reduced net lettable space.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a consequential risk? Give an example.

A

Risk occurs as a result from another risk.

They may occur within the project, and can affect operations inside or outside of the project.

An example would be the disruption of activities due to the interruption of power supplies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a project risk? Give an example.

A

A risk of something going wrong during the execution of the project. This may affect it’s successful delivery.

Generally described in terms of quality/time/cost, an example is a provisional sum for unknown excavation works below the ground.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a programme risk? Give an example.

A

Risks that affect the programme as a whole, rather than individual projects. These risks concern decisions that transform strategy into action.

Examples include funding, organisational/cultural issues, quality, business continuity.

When project risks exceed set criteria and affect programme objectives, then they
would be escalated to the programme level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What NRM document defines risk categories?

A

NRM1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the risk categories as defined in NRM1?

A
  • Design development risk
  • Construction risks
  • Employer change risks
  • Employer other risks

A risk allowance for each forms part of a cost estimate (if required)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are design development risks?

A

Risks associated with design development, changes in estimating data, third-party risks (e.g. planning, legal, environmental risks), statutory requirements, procurement methodology and delays in tendering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are construction risks?

A

The risks associated with site conditions (e.g. access restrictions/limitations, existing buildings, boundaries,
and existing occupants and users), ground conditions, existing services, and delays by statutory undertakers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are employer change risks?

A

The risks of employer-driven changes (e.g. changes in scope of works or brief, changes in quality and changes in time).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are employer other risks?

A
  • Early handover
  • Postponement
  • Acceleration
  • Availability of funds
  • Liquidated damages or premiums on other contracts due to late provision of accommodation
  • Unconventional tender action and special contract arrangements
21
Q

What general risks can the project team control?

A

Project risks and consequential risks, however t it

should be ensured that the client is informed of other risks to enable development of their contingency plans

22
Q

What is risk exposure?

A

The potential effect of a risk

23
Q

What are the objectives of the risk monitoring and control process?

A

• review (monthly) the current risk profile and identify
changes in risk probabilities and impacts

• monitor (monthly) the implementation of risk responses
and implement any necessary changes

• update (quarterly) the risk register with any new risks
and associated responses based on changes in
project scope, project progress and changing risk
generators

• review (quarterly) the level of project risk management
maturity of each project in the programme.

24
Q

Give an example of a major consequential event?

A

If there was a minor event that required the redecoration of a room, which had a knock-on effect of delaying PC and losing rental income for the client

25
Q

What is a procurement strategy?

A

The procurement strategy identifies the most effective
approaches in successfully delivering a construction
project.

The strategy entails measuring the risks, benefits and cost, time and quality constraints to conclude and establish the most suitable procurement route and what contractual factors should be considered.

26
Q

What is the difference between procurement strategy and procurement route?

A

The procurement strategy identifies what is required in terms of time/cost/quality/risk for a successful project delivery.

The procurement route will be chosen based on the procurement strategy.

27
Q

List some factors that will affect a procurement strategy

A
  • client type
  • risk allocation
  • time available
  • cost certainty
  • design development
  • design responsibility
  • specialist input
  • BIM
  • complexity of project
  • change accommodation and
  • contract administration.
28
Q

Why might you want to quantify risk?

A

• to build a risk allowance that could be part of a
project contingency
• where clients need to report upwards in their organisation or to a third party
• where the project forms part of a larger programme of
projects
• to motivate people into following through management
actions
• where clients insist on it as part of their procedures or
have capped funds
• where it is desirable to link risk to contingency
• where it is required or provides comfort to funders or
other third parties

29
Q

What is a probability tree?

A

A probability tree is a technique for determining the overall risk associated with a series of related risks.

30
Q

What is the central limit theorum?

A

This is a mathematical technique used to provide a 90%

confidence level for a project contingency fund

31
Q

What is the monte carlo simulation?

A

This is a computer-generated simulation used to model

outcomes

32
Q

What is a fault tree analysis?

A

A deductive approach to determining the causes contributing to a designated negative outcome, beginning with the definition of a top (undesired) event, and branching backwards through intermediate events until the top event is defined in terms of basic events

33
Q

What is an event tree analysis?

A

Finding possible outcomes from an initial event, and in this way is the opposite of a fault tree analysis

34
Q

What is percentage addition?

A

Percentage addition is based on a percentage of the cost plan and should only be used for preparing rough and initial order cost estimates.

35
Q

What is the “simple method” of assessing risk?

A
  • Basic quantitative method of calculating risk allowances
  • Cost is assigned to each risk
  • Probability of risk occuring (%age, often subjective) assigned to each risk
  • Cost is multiplied by likelihood, giving an “expected value”
  • Total of all expected values gives risk allowance
36
Q

What is the “probabilistic method” of risk assessment?

A
  • More detailed than simple method
  • Often called 3-point estimating
  • Cost assigned to each risk
  • Probability of risk occuring assigned to each risk into 3 categories, usually “best/likely/worst” case (total = 100%)
  • Expected value against each assumption produced
  • Total of all expected values gives risk allowance
37
Q

What is a sensitivity analysis?

A

A practical method of investigating risks on a building
project by varying the values of key factors and measuring the outcome. This does not give a mathematical result but highlights the key factors that may affect the project outturn, should they be varied

38
Q

When should risk management be implemented?

A

Throughout the project lifecycle, from inception to use

39
Q

What should a risk management strategy cover?

A
  • details of the client’s risk appetite
  • a definition of who is responsible for risk management

• a description of how risks will be identified, analysed
(qualitatively/quantitatively), managed and reviewed

  • the frequency of risk review meetings
  • the software tools and techniques that will be used
  • reporting forms and structures

• if required, identification and reporting of trends,
providing appropriate mitigation actions and advising
on the decisions.

40
Q

What considerations would you make in developing a risk management strategy?

A

• an understanding of the link between corporate and
project requirements

• the identification of current maturity level and any gaps

• a development of the risk approach that may include
training and specific tools

• the implementation of the risk-management process

• how to improve the process and monitor its
effectiveness.

41
Q

What does a Risk Breakdown Structure (RBS) identify as project risk potential risk generators?

A
  • natural
  • economic
  • government
  • societal
  • client
  • construction and
  • project.
42
Q

List some risk identification methods

A
• brainstorming
• cause and effect diagrams
• checklists
• delphi technique (anonymous polling)
• force-field analysis
• historical information
• industry knowledge base
• influence
• interviews
• lessons learned
• list of assumptions and constraints
• project document review
• questionnaire
• root-cause analysis
• strengths, weaknesses, opportunities and threats
analysis
• team workshops
• value improvement processes.
43
Q

Risk events identified in the risk identification

process are allocated into 5 risk categories. What are they?

A
  • external – uncontrollable
  • external – influenceable
  • internal – client operations (controllable)
  • internal – user requirements (controllable)
  • internal – project processes (controllable).
44
Q

What response would be suitable for an “external - uncontrollable” risk?

A

Provide contingencies to cater for the impact of the event should it occur

45
Q

What response would be suitable for an “External –

influenceable” risk?

A
  • Plan actions to influence the probability of the event
    occurring.
  • Provide contingencies to cater for the residual impact of the event should it occur
46
Q

What response would be suitable for an “Internal – client

operations” risk?

A
  • Project team draws the client’s attention to the
    ramifications of planned or implemented actions
  • Project team should act to reduce impact of event
  • Define contingencies to cater for the residual impact of the event should it occur
47
Q

What response would be suitable for an “Internal – user requirements” risk?

A
  • Plan actions for the client and project team to implement that reduce the probability of the
    event occurring and its impact
  • Provide contingencies

[This risk can come from client of project team]

48
Q

What response would be suitable for an “Internal – project processes” risk?

A
  • Plan actions for the project team to implement that reduce the probability of the event occurring and its impact
  • Provide contingencies

[This risk can come from only project team]