Risk identification, pricing and management are inherent parts of the construction industry, yet there is often confusion on what risk is and then inconsistency on how risk is priced and managed.
Two of the most common approaches to pricing risk are on an activity-by-activity basis, or as an overall percentage or lump sum addition to the estimate. Pricing is usually governed by the estimating team’s perception of various project or activity risks, and then by management’s dual desires of avoiding a loss on a project and avoiding pricing themselves out of bid contention by adding too much risk contingency.
Too often, management changes the markup or contingencies within a proposal based on an intuition or a method that varies depending on the proposal process and the people involved. Further, this variation often overlooked during the bid turnover phase when the estimate team hands off the bid to the post-award team. The post-award team is left to put in place its own methods for mitigating risks that may not have been identified during the proposal stage.
Without a consistent method, traceability of the risk carried within an estimate can be misallocated during the conversion to a project budget. This failure to trace the risk from the estimate through the turnover and startup phase of a project can lead to confusion, and worse yet, a failure by the project team to mitigate a risk identified at the estimate stage.
Risk Assessment
A consistent risk management process begins with a risk assessment. Many contractors consider how risky a project is before expending the resources to estimate and price it. In this scenario, many contractors perform a formal stage-gate process. Factors that can be considered include the client’s reputation, the resources available to both estimate the work and perform the work, as well as the size and location of the project.
Once a contractor has decided that the risk profile is acceptable for bidding, a detailed risk assessment can be performed. This risk assessment is often contained in a risk register, which is created early in the project estimate stage and is shared with project stakeholders. It also serves as a document that can be transmitted to the project management team.
It is helpful to have a pre- determined set of criteria to help manage the risks identified. The information in a risk register also includes severity of the risk, possible mitigations and a quantification of the risk. Possible categories in a risk register include:
- client/owner issues;
- contract terms;
- insurance;
- bid documents;
- geotechnical;
- environmental;
- performance;
- schedule impact;
- labor;
- quantities;
- major materials;
- engineered equipment;
- subcontractor performance; and
- general project risk.
Not all these risks will apply, and contractors should select the appropriate categories based on the work to be performed. It is ideal to build a risk register in a spreadsheet format in order to easily convey the information to project stakeholders.
Analysis of Risks Identified
When analyzing an identified risk, consider the potential impact, how likely it is to occur and possible mitigations. The potential impact should quantify in time and money what the extent of the risk is.
For example, an estimator has identified a material order valued at $1 million that cannot be released early and is subject to price volatility or escalation. That escalation can be as much as 3% ($30,000) over the life of the project. The possible escalation would be identified as a delta to the estimate for that item, and then quantified as a potential impact.
Then the estimator would assess how likely that is to occur. It is ideal to have a scale that ranks the likeliness of the risk occurring as low, medium or high (or a similar numeric scale).
Risk Mitigation Plan
After identifying the risk, quantifying the impact and assessing the likelihood of it occurring, a mitigation plan can be developed. Typically, mitigation plans fall into at least one of the following three categories: add money to the estimate, qualify the bid or manage at execution.
The possible mitigation and the detail for it should be contained within the risk register for communication and traceability.
The risk register should be reviewed with management at the bid review stage, and an agreed-to amount to be carried within the bid should be identified. It is possible to either embed the risk within the estimate cost of the actual estimate activity, or treat it as a contingency item. However, it is important to identify the risk in the register, as well as the location of any monies allocated to cover that risk to avoid possible duplication in both the estimate activity and in the contingency.
The risk exposure of $30,000 is carried over from the potential impact. In this example, the estimator has chosen not to carry any money in the base estimate and to allocate half of the exposure in a contingency bucket. The estimator chose to carry only half of the exposure as it likely can be mitigated by managing it at execution, and then carrying a smaller amount in contingency for the project. Therefore, the total risk exposure is $30,000, and half of that is uncovered.
Identifying uncovered risk is vital from a pricing perspective. If there is too much uncovered risk, then the profitability of a project is at risk (and in a doomsday scenario could become a losing project). However, if all risk is covered (no uncovered risk), then the project could be bid too high.
Review and Monitor Risk
The project risk register should be continually reviewed during the life of the project and updated by the project team. Risk is about uncertainty. By putting a structure around the uncertainty, risks can be effectively managed and project goals can be reached.
Further, as the risks occur, the risk register provides an agreed-upon thought process and plan. This eliminates guesswork—minimizing risks and providing opportunities to capture additional profit.
