The risk assessment should be specific. What do we want to achieve with the assessment? To which (construction) phase or part of the management process does the assessment apply? From which perspective are the risks inventoried? Properly defining the scope of the assessment clearly indicates which elements to include or reject in the assessment. In the final phase, it will be necessary to check whether the assessment is complete and whether all points of view have been considered.
Once the risks and their causes have been identified, the consequences and control measures must be recorded in a way that can be measured. It is unacceptable to have to deal with assertions like:
Such notifications are not measurable. Therefore, it is difficult to evaluate them. It would be better to say: “construction delay of at least two weeks due to (…)”, or “two additional days needed to deploy equipment due to (…)”. By quantifying the information mentioned in the risk assessment, it is easier to estimate and assess the risks.
In the initial phase of the (construction) project or the operational phase it can be difficult to quantify the information. Therefore, we must try to make the information as definitive as possible. An observation such as: “underground obstacles” might suggest “the possible presence of old wooden foundation piles”. The description of the risk may be vague, but it is clear what the obstacles are.
Risk control measures must be submitted to parties in a comprehensive way. This means that the party responsible for both the risk and the related control measure has to be able to handle the risk and implement the control measure. For example, it is not acceptable for a building manager to be held responsible for risks related to changing tenants, or for a contractor to be responsible for design errors caused by the architect.
The control measures as defined in the risk assessment must be realistic. This means that the possible actions must be achievable and implementable. For example, a risk stated as: “locally insufficient load-bearing capacity of building site”. A possible cause might be: “insufficient surveys carried out by the construction engineer”. A control measure might be then to probe every square meter of the site. However, it is not realistic neither in a financial nor in a practical sense to implement such a control measure. The costs of the control measure are likely to outweigh the costs of the risk.
Creating a risk assessment is an ongoing process making it a good practice to schedule interim assessment sessions over time. During these consultations, the impact of the management decisions that have been taken can be reviewed and adjusted if necessary. Once the risk assessment is updated the cycle can begin again.