Definition of the Role

Risk Management (RM) is a discipline that focuses on uncertainty and its effects on objectives, whether the objectives relate to projects or ongoing operations of assets produced by projects.  The international definition of risk is “effect of uncertainty on objectives”, which indicates that risks can be positive (“opportunities”) or negative (“threats”).

Whereas other Cost Engineering roles are concerned with planned events, RM is concerned with events that may or may not happen, with uncertain impacts; along with uncertainties which are certain to occur but the extent of their impacts on project or operational objectives is unknown.

RM monitors and manages risks that have been identified and aims to identify all material risks to project or operational objectives and to reduce the threat level to project and operational objectives.

RM can be technical in nature, focusing on uncertainty in safety or technical or design matters.  In Cost Engineering, RM is usually primarily focused on cost and schedule impacts, even if that requires evaluation of technical risks to determine secondary cost and schedule probabilistic impacts.

Description of Role & Typical Responsibilities

A major part of the responsibilities of a RM practitioner is the RM Process, which includes risk identification, analysis, evaluation and treatment, as set out in the international RM standard, ISO 31000 (see accompanying process flow diagram).

One of the attractions of the role of a RM practitioner is that it brings together different disciplines, such as Planning & Scheduling, Estimating, Cost Control and, as applicable, Construction Management, to consider risks and treat those that pose the greatest threats to the project’s or organisation’s objectives.

Enhancing the value of risks that are opportunities is a less common RM role that overlaps with Value Engineering, but which benefits from a similar multi-disciplinary approach.

For projects in differing sectors such as Information and Communications Technology, where deliverables are less tangible, the same inter-disciplinary principles apply to release the RM benefits.

And with the rise of different project methodologies such as Agile, RM remains just as important, if not more so.  As schedule uncertainty gives way to quality or scope uncertainty in Agile methodology, RM is required to find new ways to express and manage threats and opportunities.

RM methodology splits into Qualitative Risk Analysis (QlRA) and Quantitative Risk Analysis (QnRA):

  • QlRA is concerned with the assessment and management of individual risks. This enables organisations to monitor, review, treat and manage risks throughout the risk life-cycle and, as applicable, throughout the project life cycle.
  • QnRA is used in projects to assess how risky the project is, by modelling the entire project including all material risks. Such modelling forecasts the probabilistic durations and costs of the project, enabling organisations to quantify time and cost contingency and develop strategies for prioritising treatment of risks to reduce project uncertainty.  QnRA usually involves Monte Carlo Simulation (MCS) to assess all likely combinations of complex combinations of variables and as far as practicable, all possible combinations.  The modelling for schedule uncertainty is usually based on Critical Path Method models.  Examples are Schedule Risk Analysis (SRA) and CPM-based Integrated Cost & Schedule Risk Analysis (ICSRA).  See AACE Recommended Practice 57R-09 “Integrated Cost and Schedule Risk Analysis Using Monte Carlo Simulation of a CPM Model”
    Examples of outputs from such models are shown below.
  • However, a top-down, Parametric Model methodology combined with Expected Value modelling for Risk Events, known as the Hybrid Method Risk Analysis (HRA) can also provide ICSRA outputs for time and cost contingencies. See AACE Recommended Practice 42R-08 “Risk Analysis and Contingency Determination using Parametric Estimating” and RP 44R-08 “Risk Analysis and Contingency Determination Using Expected Value”.

How to become a Practitioner

Risk Management practitioners usually begin their careers in other disciplines.  They find themselves drawn to the multi-faceted attractions and challenges of uncertainty, psychology and quantification of likelihoods and consequences.

Increasingly, employers look for evidence of knowledge and capabilities in risk management.  This can be obtained through certifications such as AACE International’s Decision & Risk Management Professional (DRMP, see  Eligibility to apply for this depends on a four year industry related university degree plus 8 years industry experience of which 4 years must be directly related to the field of decision and risk management.   Recommended study materials are listed.  Candidates sit an examination for a maximum of 5 hours described at the above link.  Note that this is the most rigorous certification available, being pitched beyond Professional level to an Expertise level.

Other professional organisations offer certifications, including:

ACES, as a Technical Society of Engineers Australia is able to facilitate Chartered Engineer status based on career expertise in project controls, including Risk Management.  See Chartered Engineer page of this site for more information.