Construction procurement: project initiation and business cases handbook

One of three handbooks that comprise the Client Guide to Construction Projects, The Project Initiation and Business Cases Handbook provides guidance to assist contracting authorities to successfully deliver construction projects and achieve value for money.


Chapter 7: Risk

1. Introduction

2. Overview

3. Guidance

4. Summary

Introduction

1.1. The Scottish Government Risk Management Guide defines risk as:

"anything that can impede or enhance our ability to meet our current or future objectives ...."

1.2. All projects contain risks that may affect their cost and quality and the time taken to complete them. Risk is present through the whole life of an asset from inception through to deconstruction and must be actively and effectively managed throughout. Analysis allows us to identify risks and opportunities and use both to ensure project success and maximise the potential of the asset.

Overview

2.1. Risk stages. Risk management is the process of identification and assessment of risk and opportunity followed by the production, and implementation, of an action plan to manage it. The Scottish Government Risk Management Guide sets out five key steps to effective risk management:

  • Identify risks
  • Assess risks
  • Address risks
  • Review and report risks
  • Communicating and learning.

2.2. Risk Assessment. Risk is assessed on a combination of consequences (impact) and probability (likelihood). The following tables provide an indication of the criteria and scores which can be applied against both.

Impact

Criteria

50 Very High

Destructive and unacceptable impact on objectives that would result in a major change to overall approach.

Potentially large resource consequences that outweigh current operational circumstances.

25 High

Significant and unacceptable impact on objectives that would require a material change to critical approach/procedure/process. Resource implications would be challenging to absorb within current operational circumstances.

10 Medium

Moderate impact on objectives that may require multiple changes in approach/procedure/process. Acceptable level of resource consequences.

5 Low

Minor impact on objectives, requires little overall change in approach. Few resource consequences.

1 Negligible

No real impact on achieving objectives.

Likelihood

Criteria

5 Very High

>75% chance of occurring – almost certain to occur

4 High

51 – 75% chance of occurring – more likely to occur than not

3 Medium

26 – 50% chance of occurring – fairly likely to occur

2 Low

6 – 25% chance of occurring – unlikely to occur

1 Rare

1 – 5% chance of occurring – extremely unlikely to occur

2.3. To calculate the overall risk, multiply the impact by the likelihood.

Impact

Risk Profile

Very High

50

100

150

200

25

High

25

50

75

100

125

Medium

10

20

30

40

50

Low

5

10

15

20

25

Negligible

1

2

3

4

5

Likelihood

Rare

Low

Medium

High

Very High

2.4. Risk levels are described in the following table.

Risk Level

Score

Risk Level Description

Very High

100 - 250

Rating: Unacceptable level of risk exposure that requires immediate mitigating action.

Reporting: A decision should be taken whether to report the risk to Accountable Officer/Audit Committee level or Programme Board or for possible reporting to the Executive Team and Corporate Board.

High

40 - 75

Rating: Unacceptable level of risk which requires controls to be put in place to reduce exposure.

Reporting: A decision should be taken as to whether risks recorded as high should be escalated. Scores between 40 and 50 would not usually be escalated where scores of 75 should be given careful consideration.

Medium

10 - 30

Rating: Acceptable level of risk exposure subject to regular active monitoring.

Reporting: At next line of management level.

Low

1 - 5

Rating: Acceptable level of risk subject to regular passive monitoring.

Reporting: At next line of management. Consideration should be given as to

whether risks recorded as low are still extant.

2.5. Risk appetite. It is important to understand the risk appetite, that is the levels of risk the organisation is prepared to accept or not accept in delivering its objectives. As stated in the Scottish Public Finance Manual, the concept may be looked at in different ways depending on whether the risk being considered is a threat or an opportunity:

  • When considering threats, the concept of risk appetite embraces the level of exposure which is considered tolerable and justifiable should it be realised. In this sense it is about comparing the cost (financial or otherwise) of constraining the risk with the cost of the exposure should the exposure become a reality and finding an acceptable balance;
  • When considering opportunities, the concept embraces consideration of how much one is prepared to actively put at risk in order to obtain the benefits of the opportunity. In this sense it is about comparing the value (financial or otherwise) of potential benefits with the losses which might be incurred (some losses may be incurred with or without realising the benefits).

Quick Guide 4 of the Scottish Government Risk Management Guide provides further guidance on assessing risk appetite.

2.6. Lifecycle stages. The phases of a built asset, which are set out in Chapter 1, are: Planning – Development – Implementation – Operation – Decommissioning. Operation and Decommissioning, although not normally part of the project period, should still be included for the purposes of the project risk assessment and management. All risks must be identified and managed at the earliest possible point and this will usually mean doing so at the very start of the project period including for the operations and decommissioning phases. Each phase should be assessed and managed for risk individually and as part of the overall lifecycle; this will be an ongoing process throughout the project life and beyond.

2.7. Risk factors. PESTLES (Political, Economic, Social, Technological, Legal, Environmental and Security) provides a useful breakdown of risk areas for assessment.

2.8. Stakeholders. All stakeholders are different and risks will have different impacts on each. For example, a specific factor is likely to impact differently on a political stakeholder than it would on a contractor even though the phase and the circumstances which cause the risk are the same. Similarly, consideration of the political heading for a political stakeholder, for example, will be likely to result in different risks being identified during each of the lifecycle phases.

2.9. Whilst risk can be managed, minimised, shared or accepted, it cannot and must not be ignored. It is unrealistic to expect that systematic risk management will remove all uncertainties, but pro-active risk management which is fully integrated into the day–to day management of the project and the asset can reduce the impact of uncertainties and improve the likelihood of a successful project outcome and asset life cycle management. It must though, be actively managed and reviewed regularly to ensure that the plan remains valid.

Guidance

3.1. As noted above, the Scottish Government Risk Management Guide provides guidance on managing risk generically across any situation, whether in the project setting or in core operations. This guidance is, however, only accessible through Scottish Government intranet pages. For contracting authorities that would benefit from an introduction to the range of considerations which apply in risk management, the HM Treasury Orange Book Management of Risk – Principles and Concepts may be a useful source of guidance.

Summary

4.1. Effective and proactive risk management is essential to the successful delivery of projects, it informs the conduct of all outputs, outcomes and phases of the planning, delivery and operation and must be afforded appropriate resource and priority.

Contact

Email: ConstructionPolicy@gov.scot

Back to top