Risk Management for Design and Construction E-Book

Table of Contents

Copyright

Dedication

Preface

Acknowledgments

Chapter 1: Why and what is Risk Management?

Introduction

What Is an Estimate?

What Is Uncertainty?

What Is Risk?

What Is Risk Management?

Why Risk Management?

The Limitations of Risk Management

Objective of This Book

Chapter 2: Project Cost and Schedule Estimates

Introduction

Cost Estimating Methodology

Cost Estimating Process

Cost Estimating Data

Cost Estimating and Project Development Level

Estimate Documentation

Basis of Estimate

Conclusion

Chapter 3: The Risk-Based Estimate

RBE—The Process

Risk-Based Estimate—How It Works

Base Cost and Schedule

Risks as Events

The Micro-Project

Eastside Corridor Program

RBE and Estimate Accuracy

Conclusions

Chapter 4: Risk Elicitation

Importance of Elicitation for Project Risk Management

Elicitation and Biases

Risk and Base Variability

Risk Conditionality

Summary

Chapter 5: Risk Management

Introduction

Risk Response Planning

Value Engineering and Risk Management

Risk Monitoring and Control

Summary

Chapter 6: Risk-Based Estimate Self-Modeling Spreadsheet

Overview

Model Accuracy

RBES—Cost and Schedule Data Input and Output

Risk Conditionality and RBES

Model Outputs

Risk Management

Critical Issues

Tutorials/Case Studies

Summary

Chapter 7: Risk-Based Estimate Workshop

Introduction

Preworkshop Activities

Conditioning Workshop Participants

Workshop Objectives

Risk Identification Process

Postworkshop Activities

Everyone Has Duties

Helpful Hints

Sample Questions to Ask

Index

This book is printed on acid-free paper.

Copyright © 2011 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978–750–8400, fax 978–646–8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201–748–6011, fax 201–748–6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800–762–2974, outside the United States at 317–572–3993 or fax 317–572–4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

For more information about Wiley products, visit our Web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data:

Cretu, Ovidiu.

Risk management for design and construction / Ovidiu Cretu, Robert Stewart, Terry Berends.

p. cm.

Includes bibliographical references and index.

ISBN 978-0-470-63538-4 (hardback); 978-1-118-02861-2 (ebk.); 978-1-118-02862-9 (ebk.); 978-1-118-02863-6 (ebk.)

1. Building—Safety measures. 2. Construction industry—Accidents—Prevention. 3. Construction industry—Risk management. I. Stewart, Robert, 1968- II. Berends, Terry. III. Title.

TH443.C74 2011

690′.22—dc22

2010047231

First and foremost, I'd like to thank my wife, Tamara, for enthusiastically supporting me in all my activities, and my children, Petru and Vlad, for being there and putting up with me.

—Ovidiu

I wish to dedicate this book to my loving wife Judi and to our children, Ty and Charli, for their support and love.

—Terry

Thanks to my girls, Vanessa and Daphne, for heightening my sensitivity to risk.

—Rob

For all of our colleagues in project management who share our passion to build better values.

—All

Preface

Risk management is perhaps the hottest topic of discussion for professionals within the design and construction industry who care about the fate of their endeavors, whatever they may be. Increasingly, professionals are engaged in risk management even before the project is assigned to them. It is difficult to imagine project management without formal or informal risk management. The next paragraph presents one more reason why risk management is needed for projects that we want to succeed.

The need to make strategic long-term investment decisions under short-term budget constraints continues to force states to consider risk as a criterion for judging a course of action. Because perceptions of risk vary, decisions incorporating risk management concepts depend to a large extent on the decision maker's tolerance for risk. It is this fact that makes implementing concepts incorporating risk more difficult because it requires decision makers to establish boundaries of acceptability based on political, economic, and engineering constraints, most of which are unknown. Having clear, well defined, risk analysis methods and procedures is a first step toward helping agency leaders begin to incorporate risk into their decision making process.

Michael Smith

Federal Highway Administration

[email protected]

Whether we acknowledge it or not, risk management is part of our daily life. For the most part, we assess it on an unconscious level, usually out of habit. For example, consider the ubiquitous nature of the flu. We all know that when the flu strikes, suffering will follow. The fact that a person may or may not be infected by the flu is anyone's guess; however, based on historical data, we may say that there is about a 75 percent chance of being exposed to the flu. Once a person is exposed to the flu, if that person is vaccinated against the flu, he or she still has a 10 percent chance of getting sick, while a person who hasn't been vaccinated has a much higher chance (85 percent) of getting sick (the percentages are simple assumptions).

We know that people manage the risk of getting the flu differently. Spending a few dollars for a flu shot reduces the chance of being infected to 7.5 percent. Within the context of risk management, when a person gets immunized we call this action risk mitigation, because it reduces, but does not eliminate, the chance of getting infected. Another person may elect not to get a flu shot, and he/she is accepting the chance of 67.5 percent of getting sick. This inaction is referred to as risk acceptance, when a person elects to take action (medication) after being infected. A third person may elect to avoid leaving his or her house and remain completely isolated from other people. His or her chance of getting sick is close to zero. In this scenario, the decision to take extreme action to ensure that she/he is not going to be infected is called risk avoidance.

The flu example may be expanded further if we consider and compare the effect of the flu on vaccinated persons versus nonvaccinated ones. The concept of risk impact or consequence explains the second part of the flu story. The flu's impact on a person may be measured by how much that person is going to suffer and for how long. As a general rule, a vaccinated person will suffer less than a nonvaccinated person and will also recover in a shorter time period.

The “suffering” may be measured by the time lost from regular activities, the cost of medicine, infecting others, and so on, and can be expressed through a range. Now things are becoming more complicated so we will end the flu story here since we do not want to expose the book's secret just yet.

The decision of whether or not to get vaccinated is relatively simple; people usually consider all of the facts presented, but do not perform a formal risk analysis. Common sense dictates to each person how to manage the risk of getting the flu and, more often than not, their decision is right.

There is an abundance of sophisticated software available on the market today that allows risk to be quantified. Aside from being expensive, they require specialized training and experience in setting up the models. Further, as most of these are designed to address a wide range of risk modeling scenarios, they include additional features and layers of complexity that are not needed for construction applications. A good model should be as simple as it needs to be and no simpler. Finding this “sweet spot” is important in both building the model and understanding the output.

To paraphrase Alan Davis, author of Software Requirements—Analysis & Specification, a model simply provides us with a richer, higher level, and more semantically precise set of elements than the underlying wholesome guesstimate. Using such a model reduces ambiguity, makes it easier to check for incompleteness, and may at times improve understandability.

This book provides a practical framework for managing risk on construction projects, from their inception at the earliest stage of design through the end of construction. A central element in the presentation of this material is risk modeling software that will allow users a simple means of quantifying project risks in terms of their impacts to both time and cost. The software is driven by MS Excel, and does not require any prior knowledge of programming or risk modeling. The information provided in this book is sufficient for any Excel user to get started, run it, and understand and explain the model results.

The next paragraph presents one user's experience with the software described by the book:

I have used the software multiple times for small to medium size projects. It has been very reliable and provides the ability for the client to continue risk management and updating of the results as the project progresses.

Ken L. Smith, PE, CVS National Director Value Engineering

Vice President HDR ONE COMPANY | Many Solutions

[email protected]

While this book addresses risk in the context of transportation projects, the process and tools presented in it are applicable to any kind of project. The process presented in this book is one of the most versatile methods of estimating and risk assessment and analysis. It can be applied to projects of any size; any stage of development; and any level of complexity. It is just a matter of understanding the project and matching the level of effort to the objective.

Next we present the testimony of one professional who creatively and efficiently applied the process and the tool (Risk-Based Estimate Self-Modeling, RBES) presented in our book.

The Cathedral Hill Hospital Project, San Francisco, for Sutter Health and California Pacific Medical Center is a $1.7 billion program which includes about $1 billion in construction cost depending upon the final selection of scope. Construction is expected to start in 2011.

Sutter chose to use Integrated Lean Project Delivery™ which unites architects, engineers, and contractors in a collaborative partnership of shared risk and reward. The method and relationships within this arrangement are creating new parameters for risk and its mitigation. Insurance underwriters are studying the potential adjustments to reflect the reduction in risk.

To better tell the risk story from an insider's view, a team led by John Koga at HerreroBoldt assembled a Risk Assessment Report listing about 700 standard perils along with their potential cost and schedule impacts under this new form of project delivery. They divided the perils into nine Groups and seventy-four Categories.

Borrowing a current version of the RBES Workbook developed by Dr. Ovidiu Cretu and Terry Berends as a template, they ran Monte Carlo simulations to look at the perils within each category. Selecting perils across the Groups, they built combinations of perils to further understand their exposure. The RBES Workbook gave Koga the ability to adjust the settings associated with ranges of probability and risk outcomes.

RBES also provided the ability to choose adjustments for Escalation and Market Conditions. It provided excellent graphic output that would not be available from a standard spreadsheet without additional effort. Furthermore, RBES allows the risk management effort to occur throughout the life of the project, retiring risks as soon as possible and recalculating exposure. The client especially appreciates that the perils have been made more visible and preventive action or mitigating strategies can be developed.

John Koga CVS-Life, CDT, LEED AP

Member AIA, CSI, USGBC, SAVE International Manager, Value and Lean Process

HerreroBoldt

The primary audience for this book is those involved in the development and delivery of projects and programs. This includes project and program managers, designers, engineers, architects, cost estimators, schedulers, and risk managers, as well as those seated within upper management who have an interest in developing fluency with risk management. Consultants will find this book particularly well-suited to their needs. Students will also find this book useful as it is written in plain English and does not demand any prerequisite skills or experience.

This book comprises seven chapters united by the concept of risk management. Chapter 1 presents a short introduction on risk management and Chapter 2 presents a concise overview of cost and schedule estimating. These two chapters lay the ground for the next five chapters and they should not be seen as in-depth analyses. For example, Chapter 2 presents the basic concepts and definitions related to cost and schedule estimates but we do not expect this book to be viewed as an estimating manual.

The general expectation is that all participants involved in the processes presented in this book are experts in their fields. The estimators are sagacious ones; the schedulers are experienced and understand the difference between critical and noncritical activities; and the subject matter experts (SMEs) are recognized for their expertise and accomplishments.

Recognizing that a professional may have different roles at different stages of the process, this book often assigns different names to the same professional. For example, the risk lead (the person who is responsible for managing risk tasks) may be called the risk elicitor when he/she conducts risk elicitation activities, or modeler when he/she produces the simulation model, or risk analyst when he/she analyzes the assessment results and the model outcomes. In other words, we are recognizing that a person may wear different hats at different stages of the process.

Chapter 3 presents the process of cost and schedule risk assessment and analysis which we call the Risk-Based Estimate (RBE). Chapter 3 describes the process of RBE and the main advantages and disadvantages of it. It introduces and defines the concepts of “base uncertainty, risks, and Monte Carlo statistical analysis” as applied to the RBE. This chapter presents lessons learned from our practices and observations of hundreds of projects.

Chapter 3 also presents a new concept of doing risk assessment and risk analysis based on the old saying “Keep It Simple Stupid” with a little twist at its end: “Keep It Simple Smarty” (KISS). The concept “Professional Sophistication” is presented with its pitfalls and dangers. The chapter presents how to apply the RBE on two projects: (1) a simple one and (2) a complex one, in order to demonstrate the process flexibility and applicability.

Joe O'Carroll, an experienced project manager with Parsons Brinckerhoff (PB), familiar with the RBE process, described in this chapter says:

A fundamental maxim of modern project management is: “If you don't know it, you can't measure it; if you can't measure it, you can't control it.” Therefore, controlling cost and schedule overruns has to start with knowing the risks—that is, identifying them early, measuring them or quantifying them by the most appropriate methods, and then managing them. We cannot manage risk that we don't see and won't see if we don't look.

Mapping risk impacts against cost structure, design and construction schedules and against expected project performance exposes risk impacts that have the greatest effect on project budgets, schedules and operational goals. Quantifying risks appropriately can be used to develop targeted contingency funds. This needs to be followed by creation of a project risk and contingency management plan whereby the drawdown of contingency at key project milestones can be carefully monitored and controlled.

Joe O'Carroll, Risk Manager Parsons Brinckerhoff

[email protected]

In other words, risk management is to know it, measure it, and control it. This book focuses on fulfilling all three of these imperatives as they are fundamental to good project management practices.

Chapter 4 focuses on risk elicitation and risk conditionality (dependency and correlation) and discusses the primary means of collecting risk information for the RBE process. It presents the main biases that can alter the value of risks elicited and identifies techniques on how to detect, assuage, or avoid the most detrimental ones.

The next paragraph presents how the program risk manager for the Alaskan Way Viaduct (AWV) project (over US$1 billion) applied techniques to reduce bias during the risk elicitation phase.

An example of the changes that were made included having at least two of every type of subject matter expert (SME) in the workshop. Previously, in every other workshop I had attended in the past, only one or two independent SMEs were invited to attend risk workshops, and WSDOT employees were invited to be SMEs; this scenario created the potential for (or the perception of) the introduction of unnecessary bias. With multiple independent SMEs in each subject area, we felt that a significant amount of bias towards risk identification and assessment would be avoided.

Steve Warhoe

Past President of the Association for the Advancement of Cost Engineering (AACE)

[email protected]

This is indeed an effective strategy, if the project can afford to engage multiple SMEs on a critical area. In our opinion, this is money well spent—prevention is always less costly than the cure in the long run.

Chapter 4 continues with a discussion of the elicitation of risk probability of occurrence and impact. The chapter presents and illustrates how risk conditionality affects the results of risk analysis. It begins with risk dependency where the term risk mesh is introduced and continues with risk correlation and the combined effect of dependency and correlation. The chapter recognizes the full array of challenges to the risk elicitation process as Susan Adibi wisely states:

“Elicitation of the project risks and opportunities is arguably one of the most difficult parts of the risk lead role. The risk elicitor needs to have a combination of personable social skills as well as understanding the group psychology and dynamics in order to fully capture the relevant risks.”

Susan Adibi, Risk Analyst Parsons Brinckerhoff

[email protected]

Chapter 5 presents an overview of the second pier of risk management (risk response, risk monitoring, and control) by avoiding repetitions of what other books are presenting. A short synopsis of prospect theory and risk tolerance is provided and is tied to the needs of risk response planning, monitoring, and control. The chapter completes the project risk management process and stresses the importance of paying attention to all phases of the risk management process since if one of these phases is weak the process may break down. As Joe O'Carroll stated, we cannot afford to be doing a superficial job when we manage a project.

Under-managed project risk costs the Engineering and Construction Industry $3–$4 billion annually in profits. It is estimated that, industry wide, $200–$270 billion in additional revenue would be needed to make up for this lost profit' (Datamonitor, Factset; ENR and industry expert estimates of project failure rates). A U.S. Department of Transportation study of 10 rail transport projects found that their capital cost overrun ranged from minus 10% to plus 106%, averaging plus 61%. In a study of 258 projects carried out by Aalborg University, Denmark, it was found that the costs of 9 out of 10 transport infrastructure projects are underestimated, resulting in cost overruns. Furthermore, the study concluded that the cost underestimations and overruns have not decreased over the past seventy years. Only when our industry adopts a total risk management philosophy from concept through closeout of a project do we stand a chance of reversing the tide and consistently managing our mega-projects to a predictable budget and schedule.

Joe O'Carroll, Risk Manager Parsons Brinckerhoff

[email protected]

The chapter continues with presenting the integration of Value Engineering (VE) and risk response planning and presents the concept of disaster contingency planning.

Chapter 6 presents the Risk-Based Estimate Self-Modeling (RBES) Spreadsheet which is an MS Excel®–based tool that facilitates the RBE process by employing the Monte Carlo Method for statistical analysis of the data collected through the RBE process. The simplified version of RBES may be downloaded at: www.Cretugroup.com for free, or for a fee the full copy of RBES is available.

The strengths of RBES lie within its versatility and user friendliness that enables users with minimal training to run risk analysis.

The RBES has the ability to provide results immediately after the scope and risks have been entered. The ability to show real time results is a necessity when a Cost Risk Assessment (CRA) is combined with a Value Engineering (VE) Study. This ability allows the VE Team to target the major risks of any project and speculate on ways to respond to them in a pro-active way. Because the RBES can capture, analyze, and display the results of both “pre-response” and “post-response” scenarios on the same graph a VE Team can immediately see the impacts that the response strategies and VE recommendations will have.

Ken L. Smith, PE, CVS National Director Value Engineering

Vice President

HDR ONE COMPANY | Many Solutions

[email protected]

The final chapter of this book is dedicated to explaining how a typical RBE process can be implemented. It presents in a systematic way the workshop logistics; identifies the participants and their roles and responsibilities; and identifies the end products of the entire effort of cost and schedule risk estimating and analysis.

The entire process, once understood and practiced, is appreciated for its down-to-earth development, for its transparency and clarity of data entered, and results provided. Following is a testimony from one experienced estimator and risk manager:

I believe that the RBE process is one of the best risk assessment processes there is; it is an excellent management tool. The process, when followed correctly, creates consistency for project managers, executive management, and other stakeholders in the development of project risk profiles and range forecasts for final cost and completion dates.

Steve Warhoe

Past President of the Association for the Advancement of Cost Engineering (AACE)

[email protected]

The entire book was designed to provide help to professionals who may want to engage in the practical application of risk assessment, analysis, response planning, monitoring, and control. The book seeks to demystify the notion of the “model” and efforts were made to provide transparency and clarity of the model. The authors believe that when people understand the process they will embrace it and apply it in an appropriate manner.

Acknowledgments

The authors express their gratitude to the leadership at the Washington State Department of Transportation for supporting and nourishing an innovative and creative culture. We would like to recognize the Secretary of Transportation, Paula Hammond; the Chief Operating Officer, David Dye; and the Chief Engineer, Jerry Lenzy, for their continuous commitment toward enhancing the role of risk management across the organization.

We are grateful to Pasco Bakotich, the State Design Engineer, and his team; Mark Gabel and his group; Laura Peterson, Glenn Wagemann, Amity Trowbridge, Jeff Minnick, Mitch Reister, and Dawn McIntosh for their dedication toward enhancing the practice of risk management and estimating.

We would like to acknowledge Doug MacDonald, Jennifer Brown, John White, Julie Meredith, Ronald Paananen, John Reilly, Mike McBride, Stu Anderson, Keith Molenaar, Dwight Sangrey, Williams Roberts, Travis McGrath, Cliff Mansfield and all others for their contribution to developing a risk awareness culture in the State of Washington and across the nation.

Further, the authors would like to express their gratitude to David Supensky for his inspiring cartoons, Vlad Cretu for his contribution on writing Chapters 3 and 4, Michael Smith for his insights on reviewing Chapter 3, and many others who indirectly shaped the content of this book.

Finally, we want to express our deepest gratitude to our wives Tamara, Judi, and Vanessa, who bravely provided support and encouragement throughout this work.

Chapter 1

Why and What is Risk Management?

The pessimist sees difficulty in every opportunity. The optimist sees the opportunity in every difficulty.

—Winston Churchill

Introduction

Risk is something that we deal with in our daily lives. For the most part, we assess it on an unconscious level, usually out of habit. Will I get hit by a car if I cross the street? Will I burn my hand if I take a pan out of the oven without a hot pad? Will I get sunburned today if I don't put on lotion? If you are reading this paragraph now, it is probably safe to assume that you are pretty good at dealing with these mundane risks. Most of us are. This type of risk analysis is intuitive and is built upon years of experience, intuition, and instinct. Generally speaking, the decision making involved is pretty straightforward and seldom do we devote much time to our analysis. It seems that when we face risks personally, they are generally easier to deal with and we arrive at answers rather quickly.