A mug's game?

Since the first group of hardies started trying to make money building things, construction has been about nothing other than managing risk. But in recent years the term "risk management" has been separated out and given a corale of its own, as if it were a distinct discipline that a contractor might study and learn to do better. Consultancies have assembled risk management divisions, formal qualifications have emerged and software packages have hit the market.

Construction risk is big business. But isn't it like selling neck-stretching to giraffes? Can construction companies learn anything new about risk management?

David Simister, risk consultant and chair of the Association for Project Management's contracts and procurement special interest group, turns a slightly jaded eye on the surge of interest in his field. He compares it to the value management fad a decade ago, which in many cases just created a fancy label for cost cutting.

"There is a certain amount of wool-pulling going on," he says. "A lot of it is just good practice, what should be happening anyway."

Alan Harpham believes contractors can manage risk better. Now chair of the APM Group, a company that administers one of the few specific qualifications in risk management available in the UK, Harpham recalls his time with John Laing in the 1960s when directors would meet to discuss how a particular job should be priced.

"They'd spend 10 minutes on the estimators' base cost and whether to adjust it plus or minus 10%. Then they'd spend an hour talking about contingency risks to arrive at a notional price. Then they'd spend three hours deciding whether to mark up that price by 10% or 10.75%.

"They had it all the wrong way around," he says. (His point being that they were passing over where the risk really was.)

Using intuition

Risk management (RM) as it applies to construction is really just a systemised way of doing what contractors have always done intuitively - with some extra bits added on. If you were to break it down into steps it would go something like this: identifying the risks; assessing their potency in terms of probability and impact; making a plan to manage them; following that plan; and, finally, reviewing how it all went.

There is some technology involved because, amazing as the human brain is, it can use a little computational help in assessing the likelihood of a bad event happening, what its impact would be and, most importantly, what price to attach to it. This is where some of the more widgety bits of RM come in, such as Monte Carlo simulation, a technique that runs thousands of project scenarios per minute, allowing any number of "what if" analysis for both cost and schedule.

The human side is just as important. Trained facilitators - either brought in from outside or grown in-house - hold workshops with project stakeholders to work through this process, generating at the end a risk register and an action plan.

In the wider business world, RM has been studied as a discreet discipline since at least the 1950s but its formal application has only hit construction in the past 10 years. Michael Dallas, partner in Davis Langdon and author of the current standard text, Value and Risk Management, published on behalf of the CIOB, charts its meteoric rise: "Prior to 1997, Davis Langdon used risk management but in a fairly ad hoc way. Now we have repeatable, settled and well-tested processes. When I started, a formal approach to RM was seen as a differentiator. Now if your service doesn't include it you're out of step with established practice."

Kate Boothroyd is one of the few who has witnessed its application to construction from the beginning. AMEC's risk manager for internal audit, Boothroyd became the first quantity surveyor to obtain a Fellowship in the Institute for Risk Management in 1996. A year later, she joined AMEC to bring RM to the construction division and she now coordinates it at a group level.

She may have dedicated her career to the science but Boothroyd isn't blinded by it. "Risk management is risk management is risk management," she says. "You can do it anywhere, on anything."

AMEC may have been an early and systematic adopter but Boothroyd won't claim RM is hard wired inextricably into the organisation's culture yet. She knows it could degenerate into another pointless, bureaucratic overlay at any time. One way of guarding against that is to be clever about weaving it into normal project management practices.

"If you go over a 150-item risk register every project meeting you're going to bore people stupid," she says. "You need to concentrate on the things that should be keeping people awake at night and put it straight after safety on the agenda."

Less excitement

A formal approach to RM is fairly new at Skanska. Three years ago it started using an off-the-shelf risk computation tool, and last year 250 top managers did a risk management course developed in house, which was then cascaded down the seniority chain. Is it completely embedded in Skanska's culture? Skanska UK's CEO David Fison says no. "If it was, we wouldn't need to keep a constant focus on it. We're a long way down the path, though. It's one of the reasons we target complex jobs."

As an industry we love fire-fighting. It’s the approach we were trained in as young people. It’s a job moving people from ‘I’m a fire-fighter’ to ‘I’m someone who plans’

David Fison, Skanska

He says embedding a scientific approach to RM is never going to be easy in construction.

"As an industry we love fire-fighting. It's the approach we were trained in as young people. It's a job moving people from ‘I'm a fire-fighter' to ‘I'm someone who plans'."

That said, Fison believes a formal approach to RM has made an impact on the bottom line. He says that as little as five years ago, up to 1.5% of the company's profits fell victim to loss-making projects. But last year, apart from a few in specialist areas, Skanska delivered no loss-making projects.

Taylor Woodrow Construction's approach, which targets both risk and opportunities, crystallised in 2000.

"Identifying potential hazards and potential gains is all part of the same process," says commercial director Crispin Rowell.

Here, as in other companies, the RM process kicks in before tendering.

"This is the high-level cut," Rowell says. "Have we got the right supply chain to deal with this? Have we got the right competencies? That creates a risk and opportunity schedule that runs right through to the delivery stage."

Rowell says risk awareness at Taylor Woodrow goes right to the group board. Each project has monthly meetings where a divisional director challenges the project leaders on how they are managing the risks and opportunities flagged up. Moving up a rung, each division has a quarterly risk and opportunity review, which feeds into a regular group-level review.

Rowell admits that Taylor Woodrow has plenty of room for improvement. Asked to rate his company according to the Office of Government Commerce's Project Management Maturity Model (see box, page 29), he says: "A strong 3, with a bit of 4 and 5 thrown in."

He says the risk and opportunity schedules are fed into two streams, one operational and one for financial forecasting. He believes that on the operational side they could be doing more to exploit opportunities.

"I'm pretty satisfied with what we're doing but it could be better," he says. "For me it's one of the most important areas for making a difference."

Premiums plummet

RM is not just the preserve of the big boys. Pushed by exorbitant insurance costs and pressure from clients, the £33m turnover family firm Beard, with offices in Swindon and Oxford, underwent a radial risk

re-tooling exercise that finished 18 months ago. Facilitated by former Construction Best Practice Programme chief Brian Moone, and with considerable input from its insurance broker, Beard looked at everything from its head office going up in flames to site-specific issues like defective subcontractor work. Although it was developed largely in-house, Beard's RM process has all the hallmarks of a standard approach, though it is kept remarkably simple. They don't use any commercial software packages, the method document runs to 11 pages and it takes two hours to train staff in the process.

Managing director Mark Beard is pleased. In February 2005 Beard became the first construction company to win a risk management award from insurer Royal Sun Alliance. More to the point, Beard says its insurance premiums have come down by as much as 18% in real terms since the exercise finished.

"It's better to be up front about risk rather than pretend building is a risk-free business," he says.

What about commercial RM software packages? The consensus seems to be that they are not essential but can be helpful. Taylor Woodrow does not use one, nor does Beard, while Skanska does.

Identifying potential hazards and potential gains is all part of the same process

Crispin Rowell, Taylor woodrow

Davis Langdon partner Harpy Lally warns against software packages that put too much emphasis on computing precise risk quantification. As the old adage goes, garbage in, garbage out. Or worse, garbage in, gospel out. "It's like crystal ball gazing," he says. "Putting a number on it gives you a false sense of security. If your management response is sound you don't need to run a Monte Carlo Simulation.

"Some packages claim to do the whole bit. We don't have much faith in those. It removes all personal understanding. All off-the-shelf programs are generic. They do a lot of things. But most purchasers use 5% of what they buy. If anyone tells us they have a system that applies to any project or client, we'd be worried."

His colleague Michael Dallas says real RM is less about whiz-bang computing and more about culture and behaviour: "We stress management over quantification. Is it meaningful to put a number against a specific risk? It's useful for concentrating the mind but it gets treated with too much certainty. It's better to concentrate more on accurately identifying the risks, gauging how the risks interact with each other, and assessing their severity so that they can be managed.

"You can focus too much on numbers or methods. I call this handle-cranking."

Don't pass the buck

Everyone agrees that RM shines most in collaborative types of contracts. In more traditional scenarios contractors can use their RM tools to price risks safely but too often a safe price for a risk is not a competitive one.

"Under JCT a contractor's ability to manage the risk is limited," says consultant David Simister. "In key factors like ground conditions and design, the opportunity to assist the client is rarely there. Here contractors are tail-end charlies. The risk is just pushed on them."

In this context Skanska's David Fison says that clients are really the biggest risk and many need an RM crash course. The golden rule is that risk is best managed together. "You can never get rid of a risk by passing it down the line. If we pass it to a subcontractor, it will come back when that subcontractor gets into difficulty. The same holds for clients. Once a client gets his brain around that it's a win-win situation."

So is risk management a fad? Yes, as a stand-alone discipline, says Graham Winch. A long-time project management professor, he has not, for instance, included a specific RM module in the Manchester Business School's new MBA for Construction Executives, of which he is programme director. While he is glad that UK construction is getting better at understanding risk and dealing with it, he maintains that a mature approach doesn't remove risk but weaves it into the mix.

"Any fool can bring a project in to cost and time if the allowance for each is high enough," he says. "Unless some of your projects run over, you're not setting stretching targets. What good developers or contractors will do is look across the whole portfolio and move risk around. Some will systematically under price risk and that's where they go wrong."

The case for RM arose in the shadow of large public projects polluted by a wild optimism bias, where benefits were hyped and costs minimised. The best antidote to that is just good project management.

"Any project is uncertain. It's about the future, so it's central to the job of the project manager."

AMEC's Kate Boothroyd agrees but feels there is a place for specific RM expertise. AMEC requires all its staff to have a basic awareness of RM methodology, and on bigger jobs project managers must be able to assess whether or not a Monte Carlo simulation would be helpful. But sometimes, the project manager is the wrong person to lead the RM intervention.

"Project managers quite often can facilitate their own processes," she says, "but sometimes you need someone to come in from outside because the project manager can be too close to get the objective view. They may think they know too much."

The idea behind RM is that the formal application of a method turns those precious synapses encased in a project manager's skull into lessons the whole organisation can use.

"Without some structured format, we feel we'd be missing things," Boothroyd says.