J.H.M. Tah1 - Towards A Framework For Project Risk Knowledge Management In The Construction Supply Chain.doc

Advances in Engineering Software 32 (2001) 835±846 www.elsevier.com/locate/advengsoft

Towards a framework for project risk knowledge management in the construction supply chain

J.H.M. Tah1,*, V. Carr1

Project Systems Engineering Research Unit, School of Construction, South Bank University, Wandsworth Road, London SW82JZ, UK

Received 8 October 1999; accepted 22 February 2001

Abstract

The shortcomings of current project risk management processes, tools and techniques, are identi®ed and the case for the application of knowledge management philosophies and techniques to project risk management is made. A common language for describing risks based on a hierarchical-risk breakdown structure has been developed and it provides the basis for developing a sharable knowledge-driven approach to risk management. This de®nes generic risk and remedial action descriptive terms, which can then be stored in catalogues. These have been implemented in a database management system to act as a knowledge repository. A prototype system being developed to support the risk management framework is brie¯y discussed. q 2001 Civil-Comp Ltd and Elsevier Science Ltd. All rights reserved.

Keywords: IDEF0; Object modelling; Project risk analysis and management; Qualitative risk assessment; UML

1. Introduction

The construction industry still suffers from poor project performance due to risks, despite attracting a lot of attention in the literature [1±3]. With the increasingly complex and dynamic nature of projects coupled with new procurement methods, the tendency today is to use risk quanti®cation and modelling more as vehicles to promote communication, team work, and risk response planning amongst multi­disciplinary project team members. However, communi­cation of construction project risks is poor, incomplete, and inconsistent throughout the construction supply chain. Project team members adopt different terminology for describing risks, use different methods and techniques for dealing with risk analysis and management, producing different and con¯icting results. Where risks have been identi®ed, assessed and remedial measures agreed, these are not generally effectively communicated throughout the supply chain. Consequently, project members do not have a shared understanding of issues facing the project, are not able to implement effective early warning systems and contingency plans to adequately deal with problems result­ing from decisions taken elsewhere in the chain. Further­more, the proliferation of techniques and software packages

* Corresponding author. Tel.: 144-171-815-7226; fax: 144-171-815-

7199. E-mail address: tahjh@sbu.ac.uk (J.H.M. Tah). http://www.pse.sbu.ac.uk/

purporting to provide project risk management facilities, have failed to meet the needs of project managers. These systems are primarily founded on principles and method­ologies derived from operational research developed in the 50s. The focus is on quantitative risk analysis based on estimating probabilities and probability distributions for time and cost risk analysis. These techniques do not encourage project participants to develop in-depth under­standing of the underlying elements and structures which constitute project risk systems and render explicit latent concepts and assumptions which are implicit in current risk assessments. Furthermore, they do not allow the risks, problems, remedial measures, and lessons learned from previous projects to be captured and re-used when develop­ing new projects, thus facilitating organisational continuous learning and improvement.

The work presented in this paper is part of a larger project aimed at developing a comprehensive and continuous risk management framework capable of enhancing the proba­bility of project success, and to lead the industry to estab­lish practices that are self-sustaining and continuously improving, grounded in effective continuous knowledge capture, re-use and learning. The objectives are: to develop a common language for describing risks throughout the construction supply chain and covering the complete construction project lifecycle; to develop a risk management paradigm involving identi®cation, classi®cation, assess­ment, analyses, action planning, tracking, control, and communication of risks on a continuous and proactive

0965-9978/01/$ -see front matter q 2001 Civil-Comp Ltd and Elsevier Science Ltd. All rights reserved. PII: S 0965-997 8(01)00035-7

J.H.M. Tah, V. Carr / Advances in Engineering Software 32 (2001) 835±846

basis using the common language; and to develop tools using knowledge-based systems techniques to support the framework. In this paper, the shortcomings of current project risk management processes, tools and techniques, are identi®ed and the case for the application of knowledge management philosophies and techniques to project risk management is made. A common language for describing risks based on a hierarchical-risk breakdown structure has been developed and it provides the basis for developing a sharable knowledge-driven approach to risk management. These have been implemented in a database management system to act as a knowledge repository. A prototype system, developed to support the risk management frame­work is brie¯y discussed. It is hoped that the approach will facilitate effective risk handling, whilst allowing all project participants to develop a shared understanding of project risks resulting in improved performance.

2. The case for project risk knowledge management

In this section, we examine current project risk manage­ment processes, tools and techniques, identifying several shortcomings which can be addressed using intelligent and knowledge-based systems techniques. An extensive litera­ture review was undertaken to achieve this and the results are presented under the following key areas: identi®cation and communication; measurement and quanti®cation; and organisation.

2.1. Identi®cation and communication

The literature indicates that much focus has been on quantitative risk analysis based on estimating probabilities and probability distributions for time and cost risk analysis. With the increasingly complex and dynamic nature of projects coupled with new procurement methods, the tendency today is to use risk quanti®cation and modelling more as vehicles to promote communication, team work, and risk response planning amongst multi-disciplinary project team members. However, communication of construction project risks is poor, incomplete, and incon­sistent throughout the construction supply chain. Risk management tends to be conducted on an ad hoc basis and is dependent on the experience and risk orientation of indi­vidual key project participants within the industry supply chain. The individual parties involved in a project adopt different terminology for describing risks, use different methods and techniques for dealing with risk analysis and management, producing different and con¯icting results. Where risks have been identi®ed, assessed and remedial measures agreed, they are not generally effectively com­municated throughout the supply chain. Consequently, project participants do not have a shared understanding of issues facing the project, are not able to implement effective early warning systems and contingency plans to adequately deal with problems resulting from decisions taken else­where in the chain. This is due to a lack of a common language for identi®cation, assessment, quantifying, and pricing of risks. Clearly, the success of projects is very much dependent on the extent to which the risks involved can be measured, understood, reported, communicated and allocated to the appropriate parties. It is argued that the development of a common language for describing project risks will lead to consistencies in communicating risks allowing all project team members to develop a shared understanding of risks and interdependencies within risk chains. The inter-dependencies may be better-represented and understood through risk cause-effect mapping using a visual modelling language. This should lead team members to develop and share a common explicit understanding of the behaviour of the underlying risk structures in¯uencing project outcomes.

Project communication systems must be built upon common terminology, standard descriptions, de®ned metrics for measurement and consistent knowledge of processes and procedures. Current applications, which claim to improve communication efforts, do not de®ne the framework in which managers and their teams should develop, sequence, co-ordinate or route project information. What is needed is a means of standardising and organising project management efforts through a framework that gives individual managers, project managers and their teams the methodology and structure required to support project management.

2.2. Measurement and quanti®cation

Risk analysis and management has attracted a lot of atten­tion in the literature with more coverage on quantitative methods of analysis. A recent survey of the risk analysis packages currently used in industry in the United Kingdom showed that most of these packages use probabilistic methods to quantify uncertainty [4]. The case of risk assess­ment and uncertainty has attracted a lot of consideration in risk analysis literature. Views range from those who consider uncertainty as not being exogenous to risk [5], and imply, therefore, that projects for which there is enough experience can be considered as not being risky at all, to the prevailing view that considers uncertainty as being neces­sarily fraught with risk [6±11]. If it is accepted that uncer­tainty leads to risk, then this poses two issues: ®rst, how to incorporate the uncertainty about initial predictions in the risk model and second, how to cater for the inherent subjec­tivity that comes with the predictions. The ®rst issue appears to be addressed by using probability distributions to express the uncertainty in predictions and it is far from certain that this works satisfactorily, but how does one address the second issue Ð the handling of subjective information?

Evidence from the literature suggests that current soft­ware packages do not handle the inherent subjectivity in risk assessment effectively. The assessment of what is or what is not a risk is highly subjective and the decisions

J.H.M. Tah, V. Carr / Advances in Engineering Software 32 (2001) 835±846

taken are in¯uenced by management's view of the future, and their desire to avoid poor performance, based on knowledge from past experiences. The decisions are based on a large number of factors. Many of these factors are not well de®ned and are not easy to quantify even though judg­mental and heuristic rules can be used to combine these factors. Thus, the assessment of the level of risk is a complex subject shrouded in uncertainty and vagueness. For example, it is well known or logical in project risk assessment for management to make the assertion that if the project de®nition is poor then the project risk is high. The words `poor' and `high' in this assertion are vague and imprecise and are dif®cult to express using conventional techniques. Although fuzzy sets and fuzzy logic techniques have been demonstrated to be able to address the problems associated with the quanti®cation of vague linguistic terms [12], they have not been suf®ciently developed and used in practice and could bene®t from further research and development. The recent advances in information tech­nology and the internet has led to project managers being inundated with escalating amounts of project information. The rise and rise of IT within the construction workplace has mirrored that of many other industries, and acceptance of new and innovative computing techniques is becoming less problematic. Information technology and the competitive advantages it brings are becoming more obvious to construction professionals. The bene®ts of applying intelli­gent and knowledge-based systems techniques to sieve through these huge amounts of information to support decision making in complex and dynamic project circum­stances should become increasingly clear to practitioners, hopefully leading to the further development and use of knowledge-based systems techniques.

The proliferation of risk management software packages which use sophisticated probabilistic methods to quantify uncertainty, do not encourage the development of a deep understanding of the underlying structure which constitute the inter-dependencies between risk sources, risks, and the effects on the performance measures of project activities. They do not allow the risks, problems, remedial measures, and lessons learned from previous projects to be captured and re-used when developing new projects [13]. It is argued that new generation of tools should exploit knowledge-based systems techniques within integrated systems for project and risk management. Experience from previous research on the application of knowledge-based systems indicates that the ®rst generation of KBS techniques based on rule-bases have failed to make an impact in the industry due to the problems of knowledge acquisition and the reduction of knowledge into a rigid set of rules. Recent experiences with the second generation KBS based on case-based reasoning techniques have been more promising [13]. These allow experiences from previous projects to be captured and used in new situations. The development and dissemination of standard `Best Practices' through the reuse of project lifecycle information can therefore be facilitated.

The current use of Project Risks Registers in practice is an important ®rst step in this direction. Project Risk Registers (PRR) can be seen as a repository of a corpus of knowledge or organisational memories where experiences about risks and responses are continuously recorded. However, the PRR fails to capture the inter-relationships between risks and the systemic structure within the risks [14]. This makes it an inadequate tool for the capture and representation of risks, and the basis for analysis and decision-making. Further work needs to build on the limited demonstrations of possi­bilities in the literature on the use of knowledge-based systems techniques. The development of a theoretical basis for the representation of risks and related concepts leading to the establishment of appropriate knowledge representation schemes should lead to the development of more robust and scalable knowledge-based systems. The appropriate synergistic combination of a hybrid of tech­niques drawn from both knowledge-based, soft, and conven­tional hard systems should be investigated to provide the basis for the quanti®cation of risks and determining appro­priate risk allowances and tolerances whilst embracing the notion that risk is subjective and allowing for human judgement.

2.3. Organisation

Managers need to ensure delivery of projects to cost, schedule and performance requirements. To achieve this involves identifying and managing the risks to the project at all project stages from the initial assessment of strategic options through the procurement, fabrication, construction and commissioning stages, whilst taking due account of subsequent operation and maintenance (and decommission­ing and disposal). Risks to be considered include not just ®nancial, commercial and management risks, but also quality, performance, health and safety and company image. Today, projects are undertaken in an arena of immense dynamism, rapid change, and global competition. The resultant uncertainty and complexity has emphasised the need for effective risk management strategies. Work is needed on methods of developing con®gurable risk manage­ment processes and skills needed to integrate risk fully into business strategy. The strategy should give recognition that balancing the ratio of risk and reward in a business is a key role for senior management. More holistic integrated comprehensive, inclusive and pro-active approaches to monitoring and management need to be developed to support the processes. For the approach to be compre­hensive, it must cover ®ve key aspects of business organi­sation: strategy, processes, products, technology, and people. It must be inclusive, involving all levels of the organisation. It must be pro-active, aiming to anticipate risks in advance. It is clear that, tools and techniques must be developed to support managers at a strategic level to play a leading role in setting a clear risk framework. Appropriate ways of embedding risk management in organisational

J.H.M. Tah, V. Carr / Advances in Engineering Software 32 (2001) 835±846

Fig. 1. The hierarchical risk breakdown structure.

culture and behaviours need to be developed for risk management techniques to be fully appreciated and applied.

3. A common language for describing risks

Risk management tends to be performed on an ad hoc basis, and is dependent on individual key players within the industry supply chain. These individuals adopt different terminology and techniques for describing and dealing with risks, which inevitably produce varying results. A common language of describing risks is necessary so as to facilitate consistent assessment and quanti®cation of impacts. The hierarchical risk breakdown structure (HRBS) provides the basis for strati®ed classi®cation of risks and developing a nomenclature for describing project risks. A common language for describing risks has been developed and is described in the ensuing section.

3.1. Classi®cation of risks

Risk classi®cation is an important step in the risk assess­ment process, as it attempts to structure the diverse risks that may affect a project. Many approaches have been suggested in the literature for classifying risks. Perry and Hayes [15] give an extensive list of factors assembled from several sources, and classi®ed in terms of risks retainable by contractors, consultants, and clients. Cooper and Chapman

[8] classify risks according to their nature and magnitude, grouping risks into the two major groupings of primary and secondary risks. Tah et al. [10]use a risk-breakdown struc­ture to classify risks according to their origin and to the location of their impact in the project. Wirba et al. [11] adopt a synergistic combination of the approach of Tah et al. and that of Cooper and Chapman, where the former is used to exhaustively classify all risks and the later is used to segregate risks into primary and secondary risks. In this paper, risks are classi®ed using the hierarchical risk-break-down structure of Tah et al. with minor modi®cations to the structure to provide a more enriched content. A major addi­tion is the inclusion of a dynamic causal network that facil­itates the identi®cation and representation of risks into the categories of risk factor and risk. The causal network is necessarily dynamic as the inter-dependencies between risk factors are non-deterministic, depending on the parti­cular scenarios experienced through a project's life. Thus, the risk factors at the leaf nodes of the risk-breakdown structure hierarchy form a temporal causal network of risks and risk factors.

3.2. Hierarchical risk breakdown structure

The HRBS shown in Fig. 1 provides the basis for classi­fying risks within a project. The HRBS allows risks to be separated into those that are related to the management of internal resources and those that are prevalent in the external environment. External risks are those, which are relatively uncontrollable, and include such things as in¯ation, currency exchange rate ¯uctuations, and major accidents or disasters. Due to their uncontrollable nature there is a need for the continual scanning and forecasting of these risks and a company strategy for managing the effects of external forces. Internal factors are relatively more control­lable and vary between projects. Example internal risk factors include the level of resources available, experience in the type of work being done, the location of the project, and the conditions of contract. Some of these risk factors are

J.H.M. Tah, V. Carr / Advances in Engineering Software 32 (2001) 835±846

Table 1 Standard terms for quantifying likelihood

local to individual work packages or categories within a project, whilst the others are global to an individual project and cannot be associated with any particular work package. No two-work packages have the same level of risk and should be treated separately. A risk breakdown structure or categorisation should, therefore, re¯ect these differences. In the HRBS shown in Fig. 1, the overall risk is broken down into internal and external risks. The internal risks are further broken down into local and global risks. The local risks cover uncertainties due to labour, plant, material, and sub-contractor resources. These are considered for each work package or section of work. Global risks by their very nature cannot be allocated to individual work packages and are assessed on the project as a whole. This hierarchical representation will be used to develop a formal model for risk assessment.

3.3. Characterisation of risks and risk factors

Risk factors do not affect project activities directly but do so through risks. The distinction made here between risks and risk factors allows us to make the assumption that risks are triggered by risk factors. The characteristics of risks and risk factors are important for assessment and analysis purposes. The classi®cation above allows us to view the existence of risks as dependent on the presence of one or more risk factors. The risk due to labour productivity is in¯uenced by factors such as weather, worker moral, trade interference, complexity of work, etc. The risk assessment process requires the assessment of the probability or likelihood of the risk and the impact. In thinking about the likelihood of a risk, it is easier to think about the likelihood of the presence of the individual in¯uencing factors. This is because the risk factors are more concrete abstractions of

Table 2 Standard terms for quantifying severity

the risk and de®ne situations that can be individually assessed with a limited amount of vague information or facts. The key attributes of risks and risk factors are like­lihood and severity. Risks are also categorised by the risk centre to which they belong.

3.4. Risk likelihood and severity

The assessment of what is or what is not a risk is highly subjective and the decisions taken are in¯uenced by management's view of the future, and their desire to avoid poor performance, based on knowledge from past experiences. The decisions are based on a number of factors as indicated in Fig. 1. Many of these factors are not well de®ned and are not easy to quantify even though judgmental and heuristic rules can be used to combine these factors. The assessment of the level of risk is a complex subject shrouded in uncertainty and vagueness. This complexity arises from the subjective opinion and imprecise non-numeric quanti®-cation of the likelihood and degree of exposure of various aspects of the project to risks. For example, it is well known or logical in project risk assessment for management to make the assertion that if the project de®nition is poor then the project risk is high. The words poor and high in this assertion are vague and imprecise and are dif®cult to express using conventional techniques. The vague terms are unavoidable, since such a rule would be taken from a project manager [10]. Therefore, a common language for describing risks likelihood and severity is necessary so as to achieve consistent quanti®cation. The terms for quantifying likeli­hood may be de®ned as shown in Table 1.

Risk severity should be considered in terms that are as close as possible to the corporate objectives at the time of assessment. The impacts should be expressed in terms of performance measures. There are a number of performance measures which may be used: the most common are cost and time, but others include quality, safety, and performance. The measures chosen for the current work are shown in Table 2. The values shown are only indicative, and the actual values should be determined by the corporate objec­tives at the time of assessment, due to the dynamic nature of project environments. Thus, the terms shown in Table 2 represent a given example and the true values will be deter­mined by an organisation, and are likely to be modi®ed for each project in which they are involved. Fuzzy sets can be used to quantify the linguistic variables for likelihood, severity, and risk premiums.