Risk:

A risk is the chance of something happening as a result of a hazard or threat which will impact on
business activity or planned event. Risk arises out of uncertainty. It is measured in terms of the
likelihood of it happening and the consequences if it does happen

Cooper and Chapman define risk as: -
Exposure to the possibility of economic or financial loss or gain, physical damage or injury, or
delay, as a consequence of the uncertainty associated with pursuing a particular course of action.

ISO Guide 73:2009, Def. 1.1:
Risk is defined as effect of uncertainty on objectives

Risk is the likelihood of a specific effect within a specified period complex function of probability,
consequences and vulnerability
Risk = Probability of event x Magnitude of loss / gain

Project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on
one or more project objectives such as scope, schedule, cost, and quality.

Risk Management:

ISO Guide 73:2009, Def 2.1:
Coordinated activities to direct and control an organization with regard to risk

Risk management is a discipline that enables people and organizations to cope with uncertainty by
taking steps to protect its vital assets and resources.

Risk management is the process which is used to avoid, reduce or control risks. There should be a
balance between the cost of managing risk and the benefits expected from taking that risk.

Risk Management is a branch of applied economics with the primary objective to minimize the
costs of pure risks. (Combination of loss control (e.g. loss prevention) and loss financing (e.g.
insurance) activities.). And after the adequate identification of the risks, the application of risk
management techniques aims to provide risk treatment that would bring about the best
possibility of occurrence of minimal possible losses from the various risks.

Project Risk Management includes the processes of conducting:
Risk Management Planning
Identification,
Analysis,
Response planning, and
Controlling risk on a project.
The objectives of project risk management are to increase the likelihood and impact of positive
events, and decrease the likelihood and impact of negative events in the project.



Risk Management techniques tend to classify the various identified risks as discussed above
into either:

i) Speculative risks: which involves a chance of a Gain or a Loss all speculative risks
are made as conscious choices and are not just a result of uncontrollable
circumstances. Speculative risk is the opposite of pure risk.

These risks are covered by Hedging and Securitization.

Hedging is a process of entering into agreement with parties to have a cover-up for
derivatives agreed upon. Example: The purchased value (market value) of equities
keeps on changing and to have cover for these derivatives you do the hedging.

Securitization packaging and transferring insurance risk to capital market
through issuance of a financial security

eg: Market Risks (interest risk, foreign exchange risk, stock market); Reputational
Risk; PR Risk; Investment Risk; R&D Risk; Accounting Risk; Product Success Risk

ii) Pure risks: Pure risk involves the chance for Loss or no loss. There is no beneficial
result. Pure risks are related to event that are beyond risk takers control and
cannot consciously take on pure risk.

Pure risks are best covered by Insurance. Insurance is undertaken to make good
the loss or indemnify the loss.

Examples: Physical damage, Natural Calamities, Fire; Environmental Risk;
Operational Risk; Technical Obsolescence Risk

Two types of Pure Risk broadly speaking

a. Fundamental Risks or Systemic Pure Risk: These risk are external risk to the
project, and which if they materialize would do so on a general scale, both in
terms of Origin as well as consequence cannot be prevented. These risk are
associated with major natural, economic, political or social changes and
generate large scale loss.

Fundamental risks have in the past introduced a special way of addressing to
cover such risk. These can be any method from syndication to sharing. Risk is
shared by Re- insuring the property by the principal insurer with other
insurance companies.

b. Particular Pure Risks: These are Project specific risks and are identifiable with-
in the parameters of the Project and can be reasonably controlled by some
party participating in the implementation of the Project.

Ex: of Particular risks include those of i) quality of services being rendered, ii)
Sustained supply of material to project iii) Guaranteeing Key results in Service
oriented projects etc.

These risks if planned property can be covered suitably by imposing
Guarantees and warranties made by the OEMs or Principal suppliers. Hence
this can be addressed by suitable Risk transfer techniques. Insurance is an
important mitigation measure.
To manage risk we use the six risk management processes:
1. Risk Management Planning
2. Risk Identification
3. Qualitative Risk Analysis
4. Quantitative Risk Analysis
5. Risk Response Planning
6. Risk Monitoring and Control


Risk identification
is the first step in the proactive risk management process. It provides the opportunities, indicators,
and information that allows an organization to raise major risks before they adversely affect
operations and hence the business.
Identify Risks is the process of determining which risks may affect the project and documenting
their characteristics. The key benefit of this process is the documentation of existing risks and the
knowledge and ability it provides to the project team to anticipate events

Process of finding, recognizing and describing risks
Comprehensive list of risks based on those events that might create, enhance, prevent,
degrade, accelerate or delay the achievement of objectives.
Identify the risks associated with not pursuing an opportunity
A risk that is not identified at this stage will not be included in further analysis
Identification should include risks whether or not their source is under the control of the
organization
Tools and Techniques used to Identify Risks:
1. Documentation Reviews
2. Information Gathering Techniques:
a. Brainstorming
b. Delphi Technique
c. Interviewing
d. Root Cause Analysis
3. Checklist Analysis
4. Assumption Analysis
5. Diagramming Techniques
a. Cause and Effect Diagrams
b. System or process flow charts
c. Influence Diagrams
6. SWOT
7. Expert Judgment

There are 10 aspects to analyze while undertaking Risk Identification in any project:
1. Detailed Analysis of preliminary studies undertaken in the gestation period
2. Developing the risk matrix and understanding the risk profile and managing the risk
3. Identification of the contractors selected for the projects
4. Project contract & documentation; Negotiated and executed
5. Identification of investors for the projects
6. Potential Lenders for the project and debt-financing structure is to be finalized
7. Government support requirements to be listed out
8. All criteria for financial proceedings listed
9. Check Financial funding by equity interest are adequate
10.










Techniques of RISK MANAGEMENT for Infrastructure Projects:
The main techniques of Risk Management that have evolved and are generally applied to
infrastructure projects are
a) Risk avoidance
b) Loss Prevention
c) Risk retention
d) Risk transfer and distribution and
e) Insurance.

1) Risk avoidance signifies the giving up of an opportunity to invest as the possibility of
loss is too high as compared to the potential profit. In this the party will either
completely exit from the proposed project or restrict its role , rights and exposure to a
particular project.
2) Loss prevention techniques are directed towards formulating structures for reducing
the frequency of loss or the severity of the loss.

3) Risk retention techniques recognize that not all risks are capable of being avoided or
prevented or transferred and the party in this case agrees to absorb the exposure to the
risk and formulate suitable mitigation structure, such as creation of a distinct fund.


4) Risk Transfer is the technique that plays a far greater role in infrastructure
development projects and involves the complete or partial transfer of risks among the
various parties involved in the implementation of the project. This is achieved thro the
web of documents that is formulated during the course of implementation of the
infrastructure projects.
For ex. The construction risk would be typically transferred by the govt. to the private developers
under the concessional agreement. Developer transfers it to construction consortium under the
contract. This is further tranfered to various contractors.
5) Insurance risks is the mechanism that allows parties regulating a risk to bring down
their expectedexposure to any loss from the o ccurance of such risks. The cost of loss
due to specific risks are tranfered to insurers for a specific consideration in the nature
of the concerned insurance premium payments for the policy undertaken.
6) Allocation of risks:
The main principle of allocation of risks are
a) Which party can best control the events which leads to occurnce of risk
b) Which party can best control the risk
c) Can the risk be sustained by any party
d) Which party should carry risk if it cannot be controlled
What effect one party have on another when risks are transfereed.
Risk assessment and risk analysis of technical systems can be defined as a set of systematic
methods to:
Identify hazards
Quantify risks
Determine components, safety measures and/or human interventions important for
plant safety

Risk analysis is teamwork
Ideally risk analysis should be done by bringing together experts with different backgrounds:
chemicals
human error
process equipment
Risk assessment is a continuous process!



At all steps, risk reducing measures need to be considered

System definition
Hazard identification
Analysis of accident scenarios
Consequence analysis and modelling


Risk Analysis Main Steps







Preliminary hazard identification
Identification of safety relevant sections of the establishment, considering
raw materials and products
plant equipment and facility layout
operation environment
operational activities
interfaces among system components
Important to secure Completeness, Consistency and Correctness
Methods for hazard identification
What if
Checklists
HAZOP
Task analysis
Index (Dow, Mond)
Failure mode and effects analysis (FMEA)


The HAZOP Method
HAZOP analysis is a systematic technique for identifying hazards and operability problems
throughout an entire facility. It is particularly useful to identify unwanted hazards designed
into facilities due to lack of information, or introduced into existing facilities due to changes
in process conditions or operating procedures.
The objectives of a HAZOP study are to detect any predictable deviation (undesirable
event) in a process or a system. This purpose is achieved by a systematic study of the
operations in each process phase.
The system is divided into functional blocks
Every part of the process is examined for possible deviations from the design intention
Can the deviations cause any hazard or inconvenience?
Every phase of the process
Each system and person
Questions formulated around guide words
Each deviation is considered to decide how it could be caused and what the consequences
would be
For the hazards preventive/remedying actions are defined

HAZOP Study Consequence
1. Definition of the objectives and scope of the study, e.g. hazards having only off-site impact
or only on-site impact, areas of the plant to be considered, etc.
2. Assembly of a HAZOP study team.
3. Collection of the required documentation, drawings and process description.
4. Analysis of each major item of equipment, and all supporting equipment, piping and
instrumentation
5. Documentation of the consequences of any deviation from normal and highlights of those
which are considered hazardous and credible.

HAZOP studies are normally carried out by multi-disciplinary teams. There are two types of team
members, namely those who will make a technical contribution and those play a supporting and
structuring role

Example of HAZOP Matrix


HAZOP Criticality analysis
Criticality - combination of severity of an effect and the probability or expected frequency of
occurrence.
The objective of a criticality analysis is to quantify the relative importance of each failure
effect, so that priorities to reduce the probability or to mitigate the severity can be taken.

Example formula for Criticality:

Cr = P B S

Cr: criticality number
P: probability of occurrence in an year
B: conditional probability that the severest consequence will occur
S: severity of the severest consequence

The criticality number
- used to rank the identified deviations in a HAZOP or FMEA study
- cannot be used as a risk measure
- product of three rough estimates

Before a criticality analysis can be performed guidelines have to be developed on how to determine
P, B and S. There are no generally accepted criteria for criticality applicable to a system.

Example values for P, B and S

Interpretation of the values
Probability (P)
very rare - less than once in 100 years
rare - between once in 10 y. and once in 100 y.
likely - between once a year and once in 10 years
frequent - more frequent than once a year
Conditional probability (B)
very low - less than once every 1000 occurrences of the cause
low - less than once every 100 occurrences of the cause
significant - less than once every 10 occurrences of the cause
high - more than once every 10 occurrences of the cause
Severity (S)
low - no or minor economical loss/small, transient environmental damage
significant - considerable economic losses/considerable transient environmental damage/slight
non-permanent injury
high - major economic loss/considerable release of hazardous material/serious temporary
injury
very high - major release of hazardous material/permanent injury or fatality

Decision making

The values X and Y have to be determined by a decision-maker. It might be necessary to formulate
some additional criteria, for instance: every deviation for which the severity is classified as very
high severity shall be evaluated to investigate the possibilities of reducing the undesired
consequences.


Fault Tree Analysis
Graphical representation of the logical structure displaying the relationship between an
undesired potential event (top event) and all its probable causes
top-down approach to failure analysis
starting with a potential undesirable event - top event
determining all the ways in which it can occur
mitigation measures can be developed to minimize the probability of the undesired
event
Fault Tree can help to:
Quantifying probability of top event occurrence
Evaluating proposed system architecture attributes
Assessing design modifications and identify areas requiring attention
Complying with qualitative and quantitative safety/reliability objectives
Qualitatively illustrate failure condition classification of a top-level event
Establishing maintenance tasks and intervals from safety/reliability assessments


AND gate
The AND-gate is used to show that the output event occurs only if
all the input events occur
OR gate
The OR-gate is used to show that the output event occurs only if
one or more of the input events occur
Basic event
A basic event requires no further development because the
appropriate limit of resolution has been reached
Intermediate event
A fault tree event occurs because of one or more antecedent
causes acting through logic gates have occurred
Transfer
A triangle indicates that the tree is developed further at the
occurrence of the corresponding transfer symbol
Undeveloped event
A diamond is used to define an event which is not further
developed either because it is of insufficient consequence or
because information is unavailable
Example



Event Tree Analysis
graphical representation of a logic model
identifies and quantifies the possible outcomes following an initiating event
provides an inductive approach to reliability assessment as they are constructed
using forward logic.
Procedure:
Step 1: Identification of the initiating event
Step 2: Identification of safety function
Step 3: Construction of the event tree
Step 4: Classification of outcomes
Step 5: Estimation of the conditional probability of each branch
Step 6: Quantification of outcomes
Step 7: Evaluation





Qualitative analysis results: risk matrix