Risk register for building design and construction

Definitions

A risk is an uncertain event that, if it occurs, has a positive or negative effect on a project’s objectives or outcome. A risk is defined by having both an impact and a probability, and should not be confused with uncertainty.

Risk management is the process by which project managers address risk by, at its most simple level, considering an events probability and impact, and by combining these two considerations, gain an appreciation of its importance. Then, by understanding the importance of a risk, a project manager is able to prioritise time and resources to addressing those risks with the greatest potential for loss.

There are a range of risk management tools that allow project managers to explicitly undertake this process, with the risk register (also often called the risk log) being one of the more common tools adopted on construction projects.

There are a number of tasks to be followed in order to develop a risk register.

Risk identification

The first step in developing a risk register is to identify all possible project risks. This can be done from reports and project documents, but bringing all the project team together at a risk workshop is usually considered to be the best approach. Risk workshops are held to identify all the risks associated with a project that could have an impact on cost, time or performance of the project. In addition, where possible, information from the team should be obtained on the impact of the risk and the probability of its occurrence as this will be required later.

It is also worth remembering that risks, both in terms of impact and probability can change over the life of the project. Finally, it is worth considering whether there is any correlation between risks. This allows the first element in the risk register, a description of the risk, to be prepared.

Risk analysis

The risks that have been identified then need to be analysed for their probability and impact on the project (such as cost, time and resource).

There are two basic approaches, 'qualitative' and 'quantitative' risk analysis:

• In a qualitative analysis, descriptive terms are used such as 'low Impact' and 'high probability'.
• In a quantitative analysis, risks will have values attributed to them, such as 'an impact of £10m' or 'a probability of 65%'.

The approach adopted will be influenced by the information available. It is possible to mix qualitative and quantitative analysis, although care must be taken if doing this to ensure there is not an unintentional over focus on the quantitatively defined risks.

Finally, the analysis of probability and impact are combined into a single risk score. Again, this risk score can be presented quantitatively or qualitatively, with quantitative methods often using colours (green, amber and red) as well as words. Once again, this analysis is then entered into the risk register. Risks are often listed from highest to lowest score so as to more clearly highlight the priority risks.

Highlight warnings and identify risk resolutions

The next task initially requires the highlighting of warning signs for each risk. Often this focuses on the priority risks. It is then necessary to identify a plan of action to bring about risk resolution. While there is an inevitable tendency to focus on negative threats, thought should also be given to more positive opportunities.

Those with a high risk score value will need action plans that respond with utmost urgency while those with a low risk score can simply be monitored without having a detailed action plan identified.

Risk resolution can be achieved in a number of ways:

• Risk mitigation seeks to reduce the probability of occurrence or impact of a risk to below an acceptable threshold through a proactive parallel management action taken in advance of a negative impact arising.
• Risk transfer seeks to shift the impact of a threat to a third party, together with ownership of the response. However, care must be taken with this approach to ensure that there are no residual unaddressed risks left within the project from a retained correlated risk.
• Risk avoidance is achieved by making changes to the actual project, to either eliminate the risk or to protect the project objectives from its impact. Generally, risk avoidance involves relaxing the time, cost, scope, or quality objectives.
• Risk acceptance means there is no change to the project to deal with a risk, and is often a reflection that it has not been possible to identify an appropriate risk resolution strategy.

When developing risk resolution strategies, especially for the most critical risks, it is important to avoid reliance on a single control or counter measure.

As before, all the above information needs to be recorded within the risk register.

Allocating responsibility

The last step in developing a risk register is the allocation of an owner for each risk, and its associated monitoring and risk resolution plan.

While it is essential that all the above information is recorded in the risk register at the start of the project, it is equally important that the risk register is treated as a living document, being reviewed and updated on a regular basis.

Ensuring your risk register is of genuine value

Finally, while risk registers are an essential project management tool for large construction projects the following issues need to be kept in mind if they are to be of genuine value:

• Encourage openness and avoid blame to ensure all involved are open and honest about identifying and quantifying risks.
• If risks are incorrectly assessed and therefore prioritised, they can divert resources away from more profitably activities.
• If information is not presented logically and in an unbiased form it can unintentionally mislead.
• Unless it is regularly updated the risk register might create a false sense of security with important risks going unrecognised.

Finally, no matter how good your risk register is, do not make the mistake of believing you can totally cover every risk your project will face.

Building Safety Act

In the context of the UK Building Safety Act, a Risk Register is a structured document or database used to systematically identify, assess, and manage risks associated with the safety of buildings throughout their lifecycle. The Risk Register is a key tool for dutyholders, such as building owners, developers, and managers, to track and monitor risks and ensure that appropriate measures are in place to mitigate them effectively.

The Risk Register is a critical tool for building safety management under the Building Safety Act, helping dutyholders proactively identify, assess, and manage risks to ensure the safety and well-being of building occupants and the wider community.

Overall, the Risk Register is a critical tool for building safety management under the Building Safety Act, helping dutyholders proactively identify, assess, and manage risks to ensure the safety and well-being of building occupants and the wider community.

Related articles on Designing Buildings

• Building Safety Act.
• Design risk management.
• JCT Clause 6.5.1 Insurance.
• Risk assessment.
• Risk management.
• Risk.
• Stakeholder map.
• Stakeholders.
• Technical due diligence.
• Third party dependencies.
• Types of register.

Comments

A HAZARD is the potentially detrimental event that could occur, RISK is the probability and impact of that hazard occurring. Risk is frequently confused with hazard and this is what has happened on this page.