RISK CLASSIFICATION
12. R ECOMMENDATIONS
12.1.9. T RIGGER QUESTIONS
In order to further aid the entire process, a set of trigger questions should be developed per subject. These trigger questions should be used for risk identification and promote objectivity in the process and prevent bias from entering the risk identification process even further. They can be used for preventing preferences from specific risk managers to leave too much of a mark on the entire process. Examples of trigger questions that should at least be used:
What risk identification method have I not used before?
This will make the risk manager think about the specific risk identification methods that are available and whether his/her standard method is applicable on the current project. Ideally the risk manager then uses this other method. The fact that he will think about his applied method is already gain.
What aspect of the project could I put into the tender bid in an opportunistic way? This will trigger the risk manager to think about any opportunistic possibilities on the project. Of course he then needs to take the decision not to do it, but the idea is to trigger him on the existing identified risks and whether they are actual risks or opportunistic assumptions.
Name another technical/financial/managerial/process risk.
This will trigger the risk manager to think of all aspects of the project, including the managerial and process risks, which as were seen are not always prevalent. Ask higher management to name a managerial/process risk (recommendation 3)
The same as above, but with the help of higher management. This will trigger higher management to actively think about their own managerial risks, which may be something they are not used to as the usual risks in the dossier are technical. Identify a risk that can be linked to another risk
This will trigger to think about conditional risks as well. If the system from recommendation 5 is implemented, this can be directly put into the categories. It will promote the actual use of the new possibility of creating these links, as the risk managers are currently not used to doing that.
These questions all relate to the actual recommendations and will trigger the risk manager to actively think about them. Further triggering could be in the form of mandatory fields that have to be filled in before the risk can enter the database. E.g. nature of the risk and actual costs when the risk receives the occurred status. These are not questions, but will also trigger the risk manager into action.
107 12.1.10. RISK IDENTIFICATION FLOW CHART
All the aforementioned recommendations can lead to the development of a risk identification flowchart, in which all these aspects are summarized. This is shown in Figure 12.1 and recommended to be used as guideline for the risk identification process. This process can be followed if the data is available that was recommended in the first recommendation and if the RISMAN method in VISE has more categories, namely the conditional probability as this is required for complete risk identification.
The flowchart consists of the steps previously explained, but these are shortly summarized below:
All available data has to be collected for a complete identification
Once all data is collected, the historic records can be checked for all relating risks. This can be done via the classification that is applied to risks if the first recommendation is followed.
Once all historic data is collected, the risk manager has to apply a combination of methods to prevent bias. During the interviews a feedback style of information gathering is required. During the group sessions the rules of conduct and the negative effect of group dynamics need to be kept in mind.
Then the identified risks have to be checked for opportunism, where necessary with the aid of the previously applied methods.
Conditional probabilities have to be checked if this feature has been added into VISE and the RISMAN categories.
Once all risks are identified, they can be assessed and the Monte-Carlo simulation can be run. That outcome can be compared with the estimated costs based on the historic rate of occurrence and the expected value to determine the final risk budget.
109
13.
LIMITATIONS AND FOLLOW-UP RESEARCH
This chapter will highlight the limitations of this research and give recommendations for follow-up research where necessary.
First of all, this research is based on a limited amount of data. As has become apparent by now, there is only one case where all data is available, namely SAAone. The other cases have all one or more of the parameters unavailable. Especially the actual costs of the risks was only available for the SAAone case. Therefore, when this data is recorded on future projects, then the data can be fully analyzed. Secondly, the number of cases themselves is quite limited, with only six cases in total. These six are representative of the work VolkerInfra has done so far, since it is a relatively young company. However, for improved supporting of all the findings and statistics, more cases is of course better. For these reasons it is recommended to update this research once more data from more cases becomes available and to develop a larger dataset. This research should also focus on a further development of the selected criteria and underlying categories, as well as a further development of the risk identification flowchart.
Follow-up research can focus on a number of things to further develop the risk management process of VolkerInfra:
Follow-up research could focus on the specific manner of applying different levels in the risks. This is necessary to obtain an overview of ‘container’ risks and their underlying risks.
The research could be expanded to also include maintenance risk. This was currently outside the scope of this research. VolkerInfra also executes maintenance projects and DBFM projects, which also include a maintenance phase, follow-up research could focus on that. The SAAone DBFM has not yet reached the maintenance phase however, so currently only the maintenance-only projects can be further researched. This could focus on the effect of the long-term scope of these projects on risks and risk management.
Further research should focus on the control measures themselves and assessing their effectiveness. This will allow VolkerInfra to improve these on future projects and reduce unnecessary costs due to failing control measures. The starting point could be the in this research given average number of control measures in combination with different other criteria. Furthermore, financial data of control measures is required for that purpose as well, which is currently not readily available.