We live in a constantly changing world. Risk management is a set of steps used to define the process of understanding and managing the risks associated with some changed condition. Change can be wanted and expected, thereby creating a new opportunity. Change can also be unwanted and unexpected occurring as a problem or deviation from the plan. In this case, the change generally creates undesirable outcome since the uncertainty evolves into threat.
The treatment of these two types of change is vastly different. In the case of unwanted and unexpected change, a reaction is required to analyze the situation, solve the problem, and assess any damages that may have been incurred. Oftentimes a correction to the threat comes too late to prevent negative consequences such as budget overruns or schedule delays, thereby making a dispute inevitable.
There is often little or no time to prepare for this type of change unless certain “triggers” are set in place at the beginning of the process. Fortunately these triggers or early warning signals can be incorporated as an integral part of a risk management program. They can help identify variations and deviations from the baseline before they actually occur and either prevent of reduce the threat and negative outcome of the changed condition.
With wanted and planned change, thorough planning is necessary in order to optimize the potential opportunity. This is where the key benefits of a risk management program are realized. Without such a program, the uncertainty of the opportunity may quickly change into a threat. To prevent this from occurring the following steps are necessary:
Risk Assessment is the first step and includes the identification of risks or uncertainties that may affect a project. Risk Analysis comes next and includes the quantification of the effect of all uncertainty of the project. It is usually done by identifying risks and quantifying each risk’s probability of occurrence and the potential severity of the impact. This impact can either be expressed as a range of values, with a confidence level, or as a probability distribution.
Risk Mitigation is the third step of the process and involves developing a risk management plan. A risk management
plan is a list of action steps to do the following things:
- Eliminate or reduce the probability of a threat occurring
- Eliminate or reduce the impact of the threat if it does occur (mitigate the threat)
- Ensure or increase the probability of an opportunity occurring
- Increase the impact of an opportunity if it does occur.
Risk Control is the implementation of the risk management plan. This step includes the triggers referred to earlier. A key element of the implementation process is continual tracking and reporting of progress with special attention given to variances and deviations along the way. This means that all management systems and processes, such as a project controls system, must be in place with all personnel properly trained in their use before the project begins.
Admittedly, not all projects are afforded the luxury of either the time or money necessary to implement such a comprehensive risk management program as described here. More often than not something less rigorous and sometimes even nothing, is developed before a project or activity begins. While any potential threat will certainly be harder to see and any perceived deviations from the plan will be detected later rather than earlier, some mitigation still may be possible. The level of mitigation will depend on the severity of the threat, the timeliness of detection, and the willingness of all parties to seek immediate resolution.
In the event the threat cannot be prevented or mitigated and a claim is anticipated there are still some steps that can be taken as soon as the first signs of a threat appear:
Be thorough in your investigation of the probable causes: In most cases there are not only technical and engineering issues to be considered but also there are general business and contractual issues that are equally as important. For example, the claim may be for defective and non-confirming workmanship due to improper adherence to specifications but the owner also must be informed about impacts to the schedule and cost and of the likelihood for successfully completing the project according to plan.
Begin gathering and evaluating the supporting documentation: The better the documentation, the better the claim will be received. The best documentation is complete, accurate, contemporaneous, and easy to understand. One of the worst things that can happen is to be forced to recreate the documentation from memory at a later date.
There is no limit to the types of documents required, but the most claims usually include such items as: contract documents, change orders, subcontracts, purchase orders, schedules, cost reports, financial statements, invoices and pay applications, drawings and specifications, daily logs and meeting minutes.
Involve the right people and communicate the issues: It is important to assemble the right internal team and be prepared to
engage external support when the time is right. The internal team should include key individuals from finance, cost accounting, scheduling, project controls, contracts, purchasing, subcontract administration and
project management. They should all be informed of the impending claim and their expected role. They should also be instructed on how to conduct their operations from that point on with respect to maintaining the proper documentation and communicating important messages or events to management.
In conclusion, claims and disputes will inevitably occur even with the best of plans. A Risk Management Program will help mitigate the threat thereby reducing the chances of a claim. If such a program is not in place and threats occur, all is not lost, but some quick and decisive actions need to be taken as soon as practical.
David Norfleet has over twenty years experience in providing analytical business services to the construction, manufacturing, environmental, and government contracting industries. This experience encompasses all aspects of financial and business management disciplines, cost management, risk analysis and decision-making. David is a Certified Cost consultant with the Association for the Advancement of Cost Engineering (AACE International). David is with Professional Investigative Engineers, I-ENG-A Member Colorado [email protected]
The Investigative Engineers Association, Inc., consists of independent engineering firms across Canada, the United States and the Caribbean, who provide cost-effective, timely, accurate and honest evaluations of accidents, failures and/or damages that result in insurance claims. Our technical database and information sharing systems allow for cost-effective reporting and a diverse range of expertise from a local level. Visit http://www.ienga.net for more details.