Risk 4 - Managing Risk in an Architectural Firm

Updated Feb 2017This is the fourth of six articles giving an overview as follows:

1. The Basics of Risk Management
2. Identifying Risk within the firm
3. Identifying Risk external to the firm
4. Assessing and Quantifying Risk
5. Allocating, Transferring and Mitigating Risk
6. Risk Management Checklist (interactive tool)

Assessing Risk

Once a firm has identified as many risk factors involved in the project as possible, it must assess their impact on the firm's ability to provide services in a professional and profitable way. Risk assessment is the link between the potential for risks and the actions required to manage them.In order to manage risks, there needs to be an understanding of how they arise, the likelihood of them arising, the potential effects if they arise, and the options for minimising adverse outcomes.When those options are identified, the firm can consider the effects on their delivery of services and on the financial health of the firm. This may involve a consideration of some or all of the following:

• the firm’s ability to manage the risks (may be project-specific and/or dependent on the firm’s resources).
• professional duties generally, and in respect of the project-specific contractual obligations.
• the characteristics of others involved in the project (principal, consultants and contractors)
• the importance of the principal and/or the project to the firm’s commercial objectives
• the prospect of “unknown unknowns”, and the degree of certainty about the risk assessments
• both an objective and subjective assessment of the circumstances

Quantifying Risk Can risk be quantified? Why bother?The short answers are: “No” and “Better knowledge reduces the threat.”The long answers have consumed vast intellectual resources and quantities of printing ink, and, as in many academic pursuits, seem to recede into the distance in direct proportion to the amount of new data! Some risk events are random, but the consequences of the others can be mitigated by learning as much as we can about them.This article assumes that the risks – or at least some of them – have been identified. Described below is a method to establish their significance, and to explore options for dealing with them.Step 1: SetupSet up a landscape spreadsheet with 9 columns. (format word-wrap in columns 1,2,3,4,8,9; format non-decimal number for columns 5,6,7)Step 2: RisksIn column 2: Considering the project on a stage by stage basis, list the potential risks, one per row.Step 3: Project componentsIn column 1: (optional) Group the potential risks by task (or component/stage of the project).Step 4: Factors In column 3: Against each risk, note the factors (people, events, conditions etc) which contribute to the severity, probability, and frequency of the risk.Step 5: ConsequencesIn column 4: Against each risk, note the consequences if the risk eventuates, by description.Step 6: Consequence ratingIn column 5: Rate the consequences from 1 = minor hassle to 5 = catastrophe. The consequences should be related to the circumstances of the project, and not necessarily to dollar figures.Step 7: Probability ratingIn column 6: Rate the probability of the risk arising, from 1 = most unlikely, to 5 = almost certainly.Step 8: Numerical risk profileIn column 7: Add the two last columns, and add 2 if there is the potential for re-occurrence of the risk. This is your risk profile: the higher the number, the higher the risk.Step 9: Proposed actionIn column 8: Note what you are going to do to reduce each risk profileStep 10: OutcomesIn column 9: Note what action was taken, and/or what happened.In order to generate the information required, the following questions might be explored:

• what are the sources of risk?
• what is the likelihood of the risks presenting itself?
• what is the frequency of that likelihood?
• what are the factors which will affect that frequency?
• to what extent can those factors be controlled?
• what controls are in place to address those factors?
• what are the consequences of that risk presenting itself?
• can the severity of those consequences be established?
• do those consequences alter the impact of those risks?
• to what extent can those consequences be controlled?
• who could and should implement and execute that control?
• what steps can be taken to minimise those consequences?
• what interdependencies exist between each of these parameters?
• what conditions or variables affect these assessments?
• what reliance can be placed on the assessments of this information?

If all this looks overkill, then at least categorise the potential problems into “hiccup/hassle/ horror”!!Jones Kitchen ExtensionTasksWhat ifElementsConsequencesConProbRisk ProfileTo doActionedDrainage alterationsExist. drains defectiveExisting drainsCost overrun325Allow in Contingency Sum; warn clientSpecified 12/8/09Benchtop FinishesSelection not availableClientTime overrun213Advise client of constraints1/05/09Completion dateTime overrunContractor, ClientBaby due!527Careful contractor selection, fixed dates in contract docs, firm eye on progressDiscussed with prospective tenderers 13/8/09