Risk assessment: a quality perspective
Contents |
[edit] Introduction
There are many types of risk, e.g. financial, design, health & safety, environmental and quality. In this article, the author focuses on quality risks and separates them out from other types. For instance, risk assessment for both health & safety (to protect life) and environment (to prevent pollution) have a greater profile, not least because they help organisations comply with legal obligations under statute law. However, management of those risks is well-publicised, so this article aims to provide the reader with an understanding of what is considered to be the lesser-known area of quality risks and does not refer to other types.
Nevertheless, regarding legal compliance, it is recognised that quality risks do have a part in contractual law. For instance, being able to achieve on time delivery is vital in ensuring that the terms of an agreement between the organisation and its client are fulfilled.
In talking about the context of the organisation, ISO 9001:2015 – Quality management systems - Requirements [1] says relevant external and internal issues shall be determined, ones that affect the body’s ability to achieve the intended results of its quality management system. Furthermore, it says information about these external and internal issues must be monitored and reviewed. It is here that there is consistency with ISO 31000:2018 – Risk management - Guidelines [2] which talks about analysis of risk, evaluation of significance and review of actions arising. Both standards seek analysis of risks. How this can be done for quality risks is presented here in a construction context.
It should be noted that external and internal issues can bring opportunities as well as risks and these are discussed as well.
[edit] Types of quality risk
Management commitment to the risk assessment process is key. ISO 9001 [1] requires that Leaders show the characteristic of risk-based thinking.
ISO 31000 [2] defines risk as the effect of uncertainty on objectives. Therefore, it can be drawn from this that it is necessary to identify the potential constraints brought about by such uncertainty and go on to prevent them happening by either avoiding them or mitigating their severity and effect. (Notwithstanding this statement, risk can of course be accepted, and this is mentioned later.)
The grouping of similar types of quality risks enables more efficient mitigation measures to be identified. The following are some risk categories applicable to quality in construction:
- Technical
- Technology
- Resource
- Site supervision / Contract monitoring
- Knowledge and learning
These are discussed immediately below and represented in a quality risk assessment in section 3.
[edit] Technical risks
A quality risk assessment notably helps in upholding standards whether they be product or service ones. Risk can arise from a key requirement of a technical standard or Code of Practice not being implemented.
Being innovative on a scheme, e.g. where there is little or no previous experience of using a new construction technique is another example.
Uncertainty can arise when working with a new project partner, e.g. around collaboration.
[edit] Technology risks
An example would be, as the Knowledge Age develops, the complexity of Information Technology (IT) required to successfully deliver a project, e.g. for digitilisation of scheme records.
The use of drones for surveys requires landowner permission, de-confliction with other assets in the area and a trained operator. Operating outside the limitations of the drone’s performance parameters can also affects the results it reports. There is, of course, an overlap with safety risk here.
Availability of equipment necessary for the job should be considered, e.g. dependency on sophisticated, electronic plant could introduce a vulnerability if key components are scarce such as computer chips which were subject to worldwide shortage at the time of writing.
[edit] Resource risks
These can be people or materials resources. Risks with people resources can be about not having enough trained, skilled people with the necessary competencies and experience available,e.g. those holding industry accreditation such as CSCS for Operatives, Supervisors and Site Managers in the UK. Shortage of specialist skills can be due to a competitive labour market.
Supply chain risks relating to materials include not having building materials available, and/or sub-assemblies produced, at the time they are needed, to be able to achieve the construction programme, see Construction News article, ‘Construction materials shortage: 5 key items in short supply’ dated 17/05/2021 [3]. This problem can be the result of geopolitical changes, such as Brexit in the UK or Covid more globally, inhibiting imports. Another consequence here has been driver shortages that have impaired delivery by the logistics chain.
[edit] Knowledge and learning
This can relate to limitation of knowledge about a site and/or the reliability of the information available about the site such as documents, drawings and survey data. It can also include a lack of information required to complete the works satisfactorily, such as authorised issue of design drawings and specifications, Quality documents and project plans/schedules
It is, unfortunately, easy to make the same mistakes from previous projects on the latest one. A thought process being, ‘This is the way we do it’ regardless of its degree of effectiveness. The quality risk assessment is a useful tool for flagging up learning from previous projects and promoting original thinking.
[edit] Quality risk assessment
Quality risk assessment consists of the identification of uncertainty and the analysis and evaluation of risks associated with it.
A quality risk assessment should have an owner nominated to carry out the risk assessment with the assistance of technical support from people with knowledge in the relevant subjects, where necessary. They must also oversee the risk review process.
The quality risk assessment can be based on the principles for risk identification, analysis and evaluation in ISO 31000 [2]. These can be represented in a risk management process as follows.
A risk management process
These five process steps can be used as the template for the quality risk assessment:
[edit] Identify risk
Having current information relating to the area under consideration is important when identifying risks to ensure the accuracy of the risk assessment. It is useful to consider the direction from which risk may be introduced which in turn will allow a list of risks to be compiled together with their impacts.
There are techniques available to identify risks starting from the simplicity of the SWOT Analysis (Strengths, Weaknesses, Opportunities, Threats) which is also used by marketing professionals.
Risk is best identified early in the project where there is greater scope to make a difference to the course of the scheme.
[edit] Analyse
Risk analysis considers many factors including complexity and inter-connection of risks. It is proposed here that the two most common items that can be used for systematic review are:
- Likelihood of the risk occurring (the chance of something happening);
- Severity of the consequence of that risk (impact).
Often a value is given to these events, e.g. likelihood can be a risk level of ‘Very Low’, ‘Low’, ‘Medium’ or ‘High’ whereas the severity is often given a numerical value, e.g. ‘1 = Loss (economic or physical) is unlikely‘, ‘2 = Loss is likely’ and ‘3 = Loss is certain or near certain to occur’. A combination of the two gives an estimate of the degree of risk.
Another technique is the use of Red Amber Green (RAG) designation in the risk assessment to indicate the resultant severity which is considered to arise after an action would be implemented. (RAG is also known as the traffic light system.) Red designation would indicate the most severe risk with green representing lesser or no risk. Organisations may have their own templates describing the level of severity each colour represents.
Furthermore, where there is complexity, the control required for an activity can be decided and recorded in the risk assessment. This may include the introduction of Control Points as gateways through which approval from certain leadership must be obtained for progress to be made.
[edit] Evaluate significance
The approach here is to review and understand the differences between outputs from risk analysis when set against what would be the acceptable criteria.
The idea is to provide a bedrock of information on which decisions can be taken regarding the best actions needed to treat the risks. These decisions vary and can include avoiding the risk altogether, eliminating its source, investigating further options or carrying on with existing measures.
ISO 9001 [1] says actions to address risks and opportunities must be proportionate to the potential impact on the conformity of products and services. Proportionality can include making a calculation of cost vs risk. A judgement of how much risk is to be borne can then be made. This is known as risk appetite.
Financial investment may need to be considered, e.g. in obtaining additional resources necessary to address risk. Also, it may be that competition for limited resources such as building materials or skilled labour (including drivers) can push up prices which could impact profit margins.
[edit] Treat risk (take action)
This is the ‘Optioneering’ stage where potential actions are considered for their intended effectiveness in addressing the risk. Each potential action is studied for attributes such as its cost, ease of implementation and any side-effects it has which could include the introduction of a new risk or conflict with another action.
Risks can be avoided, accepted or shared (e.g. the latter by purchasing insurance). The actions identified can then be used to remove or mitigate the effects of the risk remaining.
Where there is complexity a risk treatment plan may be necessary, e.g. to set out procedural steps and the resources required. This can take the form of a method statement and may be combined with Health & Safety requirements, e.g. in a Risk Assessment Method Statement (RAMS) commonly used in the construction industry.
[edit] Review effectiveness and act
Monitoring and review of a risk assessment should be carried out regularly during the life of the product or process to which it relates. The monitoring requirement can be set out as Control Points in the method statement. The data and information resulting must be recorded to provide base data as to the current situation.
The effectiveness of the mitigation actions for each risk must be reviewed and then the resultant information followed-up on with further actions if required. There is a feedback loop here to begin the risk assessment process for that risk again to identify new actions if the original actions have not been entirely successful first time.
A quality risk assessment using the 5-step risk management process
Identify risk | Analyse | Evaluate significance | Treat risk (take action) | Review effectiveness/act |
Technical | ||||
Requirement(s) of a particular standard or code of practice not implemented | Potential for defective production, i.e. that does not meet specification. | Mitigate by identifying key points of the standard in question that are suitable for monitoring. |
1) Monitoring procedure set, e.g. in method statement. 2) Significance of key points of standard briefed to team. 3) Departures from standards procedure briefed to team. 4) Checking procedure by Supervisor. 5) Quality audit(s) scheduled. |
Specify date(s) for risk review. |
Being innovative, e.g. where there is little or no previous experience of using a new construction technique. | Potential for incomplete production and need to revert to traditional, more costly |
Uncertainty needs mitigation. Identify stages where lack of experience gives vulnerability. |
1) Method statement with Control Points. 2) Monitoring by Supervisor. 2) Additional project reviews. 3) Nominate Reviewers with related experience. |
Plan Control Points (dates). |
Technology | ||||
Use of drone for site survey. | Risk of interference with operation of cranes or masts or where the site is near an airport. | Likely to cause distraction (crane) or Electro Magnetic Interference (masts) or enter an aircraft (engine). |
1) Obtain landowner permission. 2) Use trained drone operator. 3) ‘Permit to fly’ authorisation required near obstructions or facilities. |
After first use of drone (planned date). |
Non-availability of specialist plant or equipment due to component shortage. | Worldwide shortage of computer chips known to be impacting automotive industry production. | Understand potential impact on maintenance cycles for plant and equipment. |
1) Procure stock of components thought to be affected. 2) Identify alternative sources of hire equipment in case there is an impact. |
Monthly reporting by Procurement and Maintenance teams on component and equipment availability. |
Identify risk | Analyse | Evaluate significance | Treat risk (take action) | Review effectiveness/act |
Resource – People | ||||
Lack of skilled people with the necessary competencies available. |
1) Shortage of experienced labour in UK, e.g. from Europe post-Brexit. 2) Competition for people from other companies. 3) ‘Victim of own success’ in winning more projects requiring similar specialist skills. |
1) Negative impact on construction programme if insufficient specialist resource. 2) Demand for certain roles may mean pay and terms & conditions need to be reviewed to attract people, increasing costs. |
1) Set up training programmes to assist ‘generalists’ in obtaining qualifications in specialist roles that are in demand. 2) Managers to identify suitable candidates for this training. |
1) Monthly reporting on people availability by Recruitment team. 2) Monthly reporting on training availability and completion by Training team. 3) Monthly management review of labour and training costs. |
Resource - Materials | ||||
Building materials not available and/or sub-assemblies not produced. | In UK, supply chain problems post-Brexit (geopolitical issues) are inhibiting imports. | Non-availability of certain materials could delay the construction programme, possibly incurring penalties under the contract. |
1) Purchase materials earlier (extend lead times). 2) Procurement team to widen supplier network and geographical area from which they source. 3) Source locally where possible to overcome transport delays. |
1) Monthly reporting by Procurement team on availability of materials resources. 2) Monthly management review of materials ‘pipeline’. |
Knowledge and learning | ||||
Limited knowledge about the site on which construction is to take place. | Documents, drawings and survey data are old and incomplete. |
1) Geotechnical issues where the type of ground is not known. 2) Can give rise to safety risks such as accidental ‘Cable Strike’, where the asset is not identified. |
1) Compare with experience of our people on similar sites. 2) Commission further land surveys. 3) Introduce Control Points in methods statements to review scheme during its progress. |
Plan Control Points (dates). |
Note 1: Space precludes here but, where possible, action owners should be identified so that responsibility for addressing each risk is clear. Priority can also be assigned to each action.
Note 2: This table can be expanded to include dedicated columns recording likelihood and severity of the risk occurring (see para 3b above).
Note 3: The risk assessment in this table is generic and would need to be made specific to a scheme.
[edit] Construction supervision
As explained in the introduction only quality risks are discussed in this article.
Construction supervision is an important activity for gathering the information necessary to assess the effectiveness of actions identified in the risk assessment, and thereby inform further actions if needed.
Communication with construction supervision is particularly relevant for technical risks such as when using new technology to carry out a construction activity more effectively for the benefit of the scheme (see paras 2a) and 5).
Records of monitoring of risk actions can be kept in Daily Logs as part of the inspection reporting procedure.
Note: Technical construction risks can continue into the maintenance phase.
[edit] Opportunities
Interestingly the risk assessment process can also reveal potential opportunities. For instance, actions identified to mitigate risk can themselves bring about opportunities for the project, such as cost benefits. Effective planning is required to maximise such opportunities.
An example would be the risk in using new technology, properly mitigated, might give the opportunity to carry out a construction activity more effectively for the benefit of the scheme.
Resource risk could create the opportunity to bring forward the programme by advancing construction activities, e.g. where building materials may be purchased earlier and in greater bulk in response to extended lead times brought about by resource shortages. This could be achieved where any additional labour resource required is available to carry out construction.
A technical risk may present an opportunity to add value, e.g. by providing an interface with another asset that lies outside the original scheme. In a transport scenario, this could bring connectivity benefits such as in multi-modal services offered to the public (joining up different means of travel) or in utilities provision by upgrading or extending to new areas, e.g. Broadband connectivity or power supply improvement.
Cost Benefit Analysis is an accounting tool used by project controls and value management professionals to arrive at commercial decisions on projects. It compares completed and potential courses of action, e.g. to establish the most cost-effective and/or best value option for an action. It is widely used in the state and construction sectors.
[edit] Summary
Although not as widely publicised as health & safety or environmental risk assessment, the quality version discussed in this article is a valuable tool in managing business and process risks.
Some quality-related risk categories include technical, technology, resource and knowledge and learning. Examples of risks within these types are given.
These risks are presented in a risk assessment format where the five process steps for assessment are based on the principals of ISO 31000 [2].
Construction supervision is an important activity for gathering the information necessary to assess the effectiveness of actions identified in the risk assessment, and thereby inform further actions if needed.
Finally, opportunities found during the quality risk assessment process can bring benefits to the project, e.g. using a Cost Benefit Analysis approach to decide the value of options for action. Examples of how these opportunities may arise are given.
[edit] Reference sources:
- [1] ISO 9001:2015 – Quality management systems – Requirements
- [2] ISO 31000:2018 – Risk management – Guidelines
- [3] Construction News article, ‘Construction materials shortage: 5 key items in short supply’ dated 17/05/2021
The original article was written by Kevin Rogers & reviewed by Giorgio Mannelli, Peter East and Keith Hamlyn on behalf of the Construction Special Interest (ConSIG) Competency Working Group (CWG). Article peer-reviewed by the CWG and accepted for publication by the ConSIG Steering Committee on 14/09/2022.
[edit] Related articles on Designing Buildings
Featured articles and news
Local leaders gain new powers to support local high streets
High Street Rental Auctions to be introduced from December.
Infrastructure sector posts second gain for October
With a boost for housebuilder and commercial developer contract awards.
Sustainable construction design teams survey
Shaping the Future of Sustainable Design: Your Voice Matters.
COP29; impacts of construction and updates
Amid criticism, open letters and calls for reform.
The properties of conservation rooflights
Things to consider when choosing the right product.
Adapting to meet changing needs.
London Build: A festival of construction
Co-located with the London Build Fire & Security Expo.
Tasked with locating groups of 10,000 homes with opportunity.
Delivering radical reform in the UK energy market
What are the benefits, barriers and underlying principles.
Information Management Initiative IMI
Building sector-transforming capabilities in emerging technologies.
Recent study of UK households reveals chilling home truths
Poor insulation, EPC knowledge and lack of understanding as to what retrofit might offer.
Embodied Carbon in the Built Environment
Overview, regulations, detail calculations and much more.
Why the construction sector must embrace workplace mental health support
Let’s talk; more importantly now, than ever.
Ensuring the trustworthiness of AI systems
A key growth area, including impacts for construction.
Foundations for the Future: A new model for social housing
To create a social housing pipeline, that reduces the need for continuous government funding.
Mutual Investment Models or MIMs
PPP or PFI, enhanced for public interest by the Welsh Government.
Key points and relevance to construction of meeting, due to reconvene.
Comments
[edit] To make a comment about this article, click 'Add a comment' above. Separate your comments from any existing comments by inserting a horizontal line.
That's a really helpful article, full of detail. Thanks to the Construction Special Interest Group, Competency Working Group (ConSIG CWG) of the Chartered Quality Institute (CQI). They are a great source of knowledge.
You can see their other articles here: https://www.designingbuildings.co.uk/wiki/User:ConSIG_CWG