Risk Management Process
Researchers, to a great extent, have agreed on the risk management process. However, some difficulties still exist on the terminology and steps’ categorization. The five-step process introduced by Baker et al (1999) seems to have gained popularity because of its simplicity. The five-step process is captured in Figure 1.
Risk identification includes selection and classification of potential risks associated with a construction project. The primary basis for identifying risks is historical data, expert judgment, and adequate insight. Once identified, risks can be classified using a Hierarchical Risk Breakdown Structure (HRBS). Figure 2 shows an HRBS presented by Tah and Carr (2000) that allows risks to be separated into those that are related to internal sources and those that are prevalent in the external environment.
Figure 2: Hierarchical risk breakdown structure (after Tah and Carr, 2000)
Risk estimation or quantification is concerned with assessing the consequences of a certain risk. Risk estimating could include either quantitative or qualitative techniques.
Risk evaluation deals with the impact of risks. Evaluating the impact is based on the assessed consequences and the probability of occurrence of that risk. Kerzner (1998) introduced the following equation showing this concept:
Impact of risk = (likelihood of risk) x (consequence of risk) (1)
Risk response handles taking the appropriate actions to minimize or avoid the impact of risks. The risk response actions include the following: 1) risk avoidance; 2) risk sharing; 3) risk reduction;
4) risk transfer; 5) risk acceptance with contingency; and 6) risk acceptance without contingency.
Finally, risk monitoring aims to monitor the status of identified risks and ensure the proper implementation of planned responses and review their effectiveness.