Ecpmi Ecpmms: 2019: Ethiopian Construction Project Management Manuals Series

© ECPMI 2019 – All rights reserved ECPMI ECPMMS:2019
MAY,2019
WM - 05
ECPMI ECPMMS : 2019

ETHIOPIAN CONSTRUCTION PROJECT MANAGEMENT
MANUALS SERIES:
CONSTRUCTION PROJECT RISK MANAGEMENT
WORKING MANUAL
© 2019 All Right Reserved

Ethiopian Construction Project Management Institute
ECPMI ECPMMS:2019
ii © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
Construction Project Management Manuals Preparation Working

Groups on
" Construction Project Risk Management"
Working Groups Chair

Asmerom Tadesse
Working Groups Coordinator

Abera Awgichew
Original Version Prepared By:

Tesfaye Yalew
Manual Quality Assurance and Validation Working Group Members
Wubishet Jekale Steering Committee Chair
Muluken Tilahun Project Coordinator
Denamo Addissie Technical Committee

Members
Asregidew Kassa
Tadesse Ayalew
Bekele Jebessa
Geremew Tarekegn
Release Version Prepared By:
Bekele Jebessa
© ECPMI 2019– All rights reserved iii

ECPMI ECPMMS:2019
iv © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
TABLE OF CONTENT
TABLE OF CONTENT................................................................................................................................ v
LIST OF FIGURES ..................................................................................................................................... vii
LIST OF TABLES....................................................................................................................................... vii
ABBREVIATIONS AND ACRONYMS .................................................................................................. viii
NATIONAL FOREWORD......................................................................................................................... xi
PREAMBLE ............................................................................................................................................... xv
SECTION 1: GENERAL ............................................................................................................................ 1
1.1. Introduction.......................................................................................................................................... 1
1.2. Document information ........................................................................................................................ 2
1.3. Scope and Application ......................................................................................................................... 3
1.4. Normative References.......................................................................................................................... 4
1.5. Purposes / Objectives .......................................................................................................................... 5
1.6. Policies, Principles and Considerations ............................................................................................. 6
1.7. Terms and Definitions ......................................................................................................................... 8
1.8. CPRMM Overview..............................................................................................................................10
1.9. CPRMM High Level Process Map .....................................................................................................13
SECTION 2: PROCESS GROUPS ...........................................................................................................14
2.1. Process group one: Plan Construction Project risk Management...................................................16
2.1.1. Plan construction Project risk management: Inputs ...................................................................20
2.1.2. Plan construction Project risk management: Mechanisms .........................................................20
2.1.3. Plan construction Project risk management: Constraints ...........................................................21
2.1.4. Plan construction Project risk management: Outputs ................................................................21
2.1.5. Risk Management Activities .........................................................................................................21
2.2. Process group Two: Identify CP Risk ...............................................................................................23
2.2.1. Identify CP Risk: Inputs ................................................................................................................24
2.2.2. Identify CP Risks: Mechanisms ....................................................................................................25
2.2.3. Identify CP Risk: Constraints .......................................................................................................27
2.2.4. Identify CP risk: Outputs ..............................................................................................................28
2.2.5. Activities of CP risk Identification ...............................................................................................28
2.3. Process Three: Qualitative Risk Analysis ..........................................................................................29
2.3.1. Perform CP Qualitative Risk Analysis: Inputs ............................................................................31
2.3.2. Perform CP Qualitative Risk Analysis: Mechanisms ..................................................................32
2.3.3. Perform CP Qualitative Risk Analysis: Constraints ...................................................................33
© ECPMI 2019– All rights reserved v

ECPMI ECPMMS:2019
2.3.4. Perform CP Qualitative Risk Analysis: Outputs .........................................................................33

2.3.5. Perform CP Qualitative Risk Analysis: Activities .......................................................................33
2.4. Process Four: Perform CP Qualitative Risk Analysis .......................................................................35
2.4.1. Perform CP Quantitative Risk Analysis: Inputs..........................................................................36
2.4.2. Perform CP Quantitative Risk Analysis: Mechanisms ...............................................................37
2.4.3. Perform CP Quantitative Risk Analysis: Mechanisms ...............................................................39
2.4.4. Perform CP Quantitative Risk Analysis: Outputs.......................................................................39
2.4.5. Perform Quantitative CP Risk Analysis: Activities ....................................................................40
2.5. Process Five: CP Risk response ..........................................................................................................42
2.5.1. CP Risk Response: Inputs .............................................................................................................43
2.5.2. CP Risk Response: Mechanisms ...................................................................................................43
2.5.3. CP Risk Response: Constraints .....................................................................................................47
2.5.4. CP Risk Response: Outputs ..........................................................................................................47
2.5.5. Perform CP Risk Response: Activities .........................................................................................49
2.6. Process group Six: CP Risk monitoring and Control .......................................................................50
2.6.1. CP Risk Monitoring and Control: Inputs .....................................................................................51
2.6.2. CP Risk Monitoring and Control: Mechanisms ..........................................................................51
2.6.3. CP Risk Monitoring and Control: Controls and Constraints .....................................................53
2.6.4. CP Risk Monitoring and Control: Outputs ..................................................................................53
2.6.5. Perform Monitoring and Control CP Risk: Activities .................................................................54
SECTION 3 : Manual Adjustment, Amendment and Revision ..........................................................55
3.1. Manual Adjustment ............................................................................................................................55
3.2. Manual Amendment...........................................................................................................................55
3.3. Manual Revision .................................................................................................................................55
ANNEXES...................................................................................................................................................56
Bibliography ...............................................................................................................................................57
vi © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
LIST OF FIGURES
Figure 1.1: Construction Project Risk Management Overview ......................................................... 11
Figure 1. 2:CPRM High Level Process Map ........................................................................................ 13
Figure 2.1: IMCO or Modified IDEFo Elements ................................................................................. 15
Figure 2.2: IMCO for plan CP Risk Management Process ................................................................. 19
Figure 2.3 : IMCO for Identify CP risk ................................................................................................ 23
Figure 2.4: Typical Risk breakdown structure (RBS).......................................................................... 24
Figure 2.5: IMCO for Perform CP Qualitative Risk Analysis Process ............................................... 31
Figure 2.6: IMCO for Perform CP Quantitative Risk Analysis Process ............................................ 36
Figure 2.7: Example cost risk Simulation Results [3] .......................................................................... 38
Figure 2.8 : Elements of quantitative risk analysis ............................................................................. 40
Figure 2.9 : IMCO for CP Risk Response Process ............................................................................... 43
Figure 2.10: IMCO for CP Risk Monitoring and Control ................................................................... 51
LIST OF TABLES
Table 1.1: CPRMM Policy Document .................................................................................................... 6
Table 1.2 : CPRM Principles ................................................................................................................... 7
Table 1.3: CPRM - PMPG relationships, their functions and outcomes............................................ 12
Table 2.1: Risk management sub processes............................................................................................. 17
Table 2.2: Relationship between Risk and Objectives ........................................................................ 18
Table 2.3: Typical Characteristics of CRA and CEVP ......................................................................... 19
Table 2.4: Types and Hierarchies of Qualitative risk analysis ........................................................... 30
Table 2. 5: Actions in response to construction risk ........................................................................... 42
Table 2. 6: Simple response matrix ...................................................................................................... 46
© ECPMI 2019– All rights reserved vii

ECPMI ECPMMS:2019
ABBREVIATIONS AND ACRONYMS

APM : Association of Project Management
CP : Construction Project
CPM : Critical Path Method
CPM : Construction Project Management
CPRM : Construction project Risk Management Manual
DB : Design Build
DBB : Design -BiD- Build
DT : Decision Tree
ECPMI : Ethiopian Construction Project Management Institute
ECPMM : Ethiopian Construction Project Management Manual
EMV : Expected Monetary Value
FAT : Fault Tree Analysis
FDRE : Federal Democratic Republic Of Ethiopia
ICMOs : Inputs, Constraints, Mechanisms and Outputs/Modified IDFOs
ISO : International Standards Organization
PMBOK : Project Management Body Of Knowledge
PMI : Project Management Institute
PMI : Project Management Institute
PMIS : Project Management Information System
PMO : Project Management Office
PMO : Project Management Office
PPP : Public Private Partnership
RBS : Risk Breakdown Structure
RFI : Request For Information
SADT : Structured Analysis and Design Technique
WBS : Work Breakdown Structure
viii © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
THIS PAGE LEFT BLANK INTENTIONALLY!
© ECPMI 2019– All rights reserved ix

ECPMI ECPMMS:2019
x © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
NATIONAL FOREWORD
The proclamation to define the powers and duties of the executive organs of the Federal
Democratic Republic of Ethiopia Proclamation No 1097/2018 empowers the Ministry of Urban
Development and Construction (MUDC) to prepare and issue Standards for design and
construction works, and follow up and supervise their implementation.
This document forms a part of the CPMM Package that enlists Nineteen Manuals of which
Sixteen of them are Construction Project Management Manuals, two of them are general guides
(CPMM Organization and Setup and User Guide), and one of them is operational (Construction
Project Design Services) Manual. The CPMM package was developed with a clear view of the
integration of both the Project Management processes and knowledge areas so as to manage the
project as a holistic single entity. It is thus believed that the package will be instrumental in
creating modern and unified construction project management system in Ethiopian Construction
Industry.
The Ethiopian Construction Project Management Institute (ECPMI) has initiated and led the
overall development of the CPMM Package. The Ministry of Urban Development and
Construction would like to extend its appreciation to Construction Solutions PLC (Consol), and
Ethiopian Institute of Architecture, Building Construction and City Development (EiABC) who
contractually worked with ECPMI in the preparation of the original version of CPMM Package,
while the latter has validated and assured the quality of the original ones and produced the
released version the CPMM Package.
As the CPMM Package constitutes working manuals that are technical documents which, by their
nature, require periodic updating; revised editions will be issued by the Ministry from time to
time as appropriate. MUDC will establish Manuals Preparation and Revision Standing
Committee which collects feedbacks during the manual's three years operation period and makes
the required amendments and revisions accordingly.
The Ministry of Urban Development and Construction as mandated acknowledges this document
as a national resource tool and can serve as an acceptable working manual which comprises a
front cover, an inside front cover, a title page, National Foreword, Preamble, Table of contents,
pages 1 to 57 and a back cover.
Eng. Aisha Mohammed

Minister, MUDC
June 2019, Addis Ababa - Ethiopia
© ECPMI 2019– All rights reserved xi

ECPMI ECPMMS:2019
xii © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
© ECPMI 2019– All rights reserved xiii

ECPMI ECPMMS:2019
xiv © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
PREAMBLE
Whereas; Ethiopia Construction Project Management Institute (ECPMI), to partially cater for the
deficiencies of Project Management practices in the Construction Industry; has envisioned the
development of Construction Project Management Manuals (CPMMs) which are Critically
Adapted, Practice Oriented, User Friendly and Responsive to Continuous Improvement that:
1. describe Specific, Supplemental and Standardized Knowledge and Practices that are
generally accepted as "good industry practices" on most construction projects most of the
time,
2. define the Conceptual, Applicable and Technological contents, processes and their What
and How elements sufficiently,
3. reflect the peculiar features of the Construction Industry in Ethiopia and can be
implemented by the resources in practice currently,
4. lay down the policies, principles, processes and procedures in order to effectively
discharge duties and responsibilities, and
5. can be applied to any project nationwide with minor and moderate modifications.
Whereas; ECPMI identifies and enlist Nineteen Manuals of which Sixteen of them are
Construction Project Management Manuals, two of them are general guides (CPMM
Organization and Setup and User Guide), and one of them is operational (Construction Project
Design Services) Manual.
Whereas; ECPMI as the mandated body, to foster the development of Proactive and System based
CPMMs policies and principles and application of modern Construction Project Management in
Ethiopia governed by fundamental and best practices, envisions to cause the applications of these
CPMMs in order to improve the performances of Construction Projects;
Whereas; CPMMs are one among the critical bases for Initiating, Planning, Implementation
including Changes Administration, Monitoring & Evaluation, and Closing of Construction
Projects along the Business ↔ Project ↔ Product Management linkages with respect to their (1)
General Requirements, (2) Process Groups, (3) High Level Process Map (4) Detail Processes, (5)
Procedures or Instructions, and (6) Auxiliary or Annex Documents;
ECPMI has therefore caused the development of one of these CPPMs; namely: “Construction
Project Risk Management Manual (CPRMM)” as a framework to guide and govern
Construction Projects Implementation or Operations in line with the expected level of
Construction Projects Performances Worldwide with respect to developing, authorizing,
directing, managing or validating, and controlling the CP Services and / or Works to ensure the
harmonization, consolidation, communication and interrelationship of the various CPM BoKs
through CPRMM to make choices with respect to Resources Allocations, Balancing or Prioritizing
Competing Demands, Tailoring for specific situations, and Managing the relationships and
interdependencies.
ETHIOPIAN CONSTRUCTION PROJECT MANAGEMENT INSTITUTE
© ECPMI 2019– All rights reserved xv

ECPMI ECPMMS:2019
xvi © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
1. SECTION 1: GENERAL
1.1. Introduction
The CPMMs are one among the focus areas and the cause for deficiencies in the expected
contributions of the Construction Industry in Ethiopia. ECPMI in collaboration with Construction
Solutions Plc. and the Construction Technology and Management Competence Unit of the EIABC
/ AAU identified and developed the following nineteen CPM manuals under three categories:
A. Construction Project Management Manuals

1. CP Integration Management Manual (CPCMMM);
2. CP Scope Management Manual (CPSMM);
3. CP Quality Management Manual (CPQMM);
4. CP Stakeholders Management Manual (CPSkMM);
5. CP Risk Management Manual (CPRMM); and
6. CP Procurement Management Manual (CPPMM),
7. CP Communication Management Manual (CPCmMM);
8. CP Time Management Manual (CPTMM);
9. CP HRs Management Manual (CPHRMM);
10. CP Materials Management Manual (CPMMM);
11. CP Heavy Equipment Management Manual (CPHEMM);
12. CP Cost Management Manual (CPCMM);
13. CP Financial Management Manual (CPFMM);
14. CP Safety Management Manual (CPSfMM);
15. CP Environment Management Manual (CPEnMM); and
16. CP Claim Management Manual (CPClMM).
B. General Guiding Manuals
17. CP Organization and Setup Manual (CPOSM); and
18. CPMM User Guide.
C. Operation or Implementation based CPMMs
19. Construction Project Design Management Manual (CPDMM).
This Manual is prepared in order to develop standardized CPRM manual that guides the
implementation framework for one among the necessary CPMMs and apply them as a basis to
plan and collect requirements; use CP risk as a tool in order to Develop and Authorize CPRM
Documents; Direct, Manage, CP Services and / or Works; and Monitor and Control CP
Performances to successfully complete CPs.
© ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
1.2. Document information
Document name : Construction Project Risk Management Manual
Document number : ECPMMS: WM - 05
Document availability : The hard copy of the document is available at Ethiopian

Construction Management Institute (ECPMI) and the
electronic copy / form is located on the following
Government websites
www.ecpmi.gov.et
Document owner : Ethiopian Construction Management Institute (ECPMI)
Document sponsor : Ethiopian Construction Management Institute (ECPMI)
2 © ECMPI 2019 – All rights reserved

ECPMI ECPMMS:2019
1.3. Scope and Application

This manual is intended to provide information to project managers, project teams, and staff
involved directly or indirectly with construction project risk management. The manual includes
the processes for risk management planning, risk identification, risk analysis, response planning,
monitoring and control with consistent data requirements, inputs and outputs. The manual offers
guidance on how to proactively respond to risks and the risk management role in overall project
management in construction.
Understanding project risks enables project managers and project teams to more effectively fulfil
the expectations. Assessing project risk and uncertainty informs decision making in construction
project development. These decisions contribute to public safety and clarify project expectations.
Informed project risk management in construction adds value on project process groups to every
project in construction industry.
This Construction Project Risk Management Manual (CPRMM) is part and parcel of the Ethiopian
Construction Project Management Manuals Series prepared for the construction industry of
Ethiopia, under the guidance of the Ethiopian Construction Project Management Institute
(ECPMI). The manual is prepared referring to appropriate international best practices.
The scope of this manual includes the process for developing a detailed risk management for
construction project decisions. This manual is applicable to all design and construction projects.
© ECPMI 2019– All rights reserved 3

ECPMI ECPMMS:2019
1.4. Normative References
Document Number Document Title
ISO 21500 Guidance on project management
PMBoK Construction Extension to the PMBoK® Guide Third edition,2017
PMBOK A guide to PMBOK Sixth Edition
APM Association of Project Management, 6th edition, 2012

ECPMI ECPMMS:2019
1.5. Purposes / Objectives

The purpose of this manual is to outline the procedures for undertaking risk management plan,
risk identification, risk analysis & assessment, prepare risk response strategy, updating and
monitoring of risks for the construction industry of Ethiopia.
The main objectives of this CPRM Manual are, therefore to:

a. Enable practitioners to adhere to the Generic PM and Specific CPM Process Groups,
CPRM High Level and Detail Processes, Procedures or Instructions; hence fulfilling
Experienced Professional and Organizational Obligations; that is Good Industry
Practices,
b. Enable practitioners to plan how construction projects can be managed; hence Plan
CP risk Management,
c. Encourage a shared vision and commitment to the project among key stakeholders;
d. Ensure all key stakeholders are well informed on the scope, impacts and benefits of
the project;
e. Ensure ongoing and positive cooperation with local government authorities in the
project area, as well as key community and industry representatives;
f. Raise community and industry awareness of the project including scope for input in
the planning and design stage;
g. Provide accurate and regular information to relevant communities, including
residents and businesses, throughout the planning and design processes;
h. Identify and address any stakeholder, community and industry concerns or
opposition to the project;
i. Address the specific concerns of communities close to the project and the
construction industry;
j. Promote the benefits of the project to local and regional communities; and
k. Monitor community perceptions through the media and through direct liaison with
the public.

ECPMI ECPMMS:2019
1.6. Policies, Principles and Considerations

1.6.1. CPRMM Policies
The following elements, namely the; (1) purpose, (2) scope, (3) responsible party, (4) policy
statements, (5) outcomes, and (6) goals constitute the CPRMM Policy document and are described
below. (Table 1-1)
Purpose: The main purpose of preparing this policy document is to create guidance
that should be followed during the use of CPRMM processes, procedures and
instructions in order to determine learning inputs for continuous improvement.
Scope: This policy will be applicable mainly on practitioners involved in:
1. Construction Project risk Management for: (a) Construction Management
Services, (b) Construction Design Services, (C) Construction Works, (d)
Construction Works Quality Assurance and Contract Administration Services,
(e) Construction Design Services and Works, and (f) Construction Design
Reviews, Quality Assurance and Contract Administration Services
2. Construction Industry Stakeholders (Mainly the Employer, the Consultants and
the Contractors), and
3. Construction Projects undertaken or to be undertaken based on the DBB or DB
delivery methods.
Responsible Bodies: The Responsible bodies for regulating and improving the CPRM
are:
1. ECPMI for Regulating the application of the CPRM
2. CoTM Competence Unit of the EIABC for monitoring the implementation
and continuously improving the CPRMM based on the forthcoming Contract
Policy Statements: This CPRMM policy document is to ensure achievements
regarding successful completion of the CP as a whole.
Table 1.1: CPRMM Policy Document

ECPMI ECPMMS:2019
1.6.2. CPRM Principles
The following principles constitute the CPRMM principles and are described below (Table
1.2).
Principles: The Main Principles of this CPRM Manual are:
1. Continuously Improving the CPRM System, Knowledge, Skill and Attitude

led Planning, Implementation, Monitoring & Evaluation
2. Monitoring & Evaluation mainly focus based on leading indicators,
preventive approaches and the developments of CPRM and CP Documents
that guide, integrate and optimize the subsequent BOKs management for
learning cycle
3. Business and Project Management Teams collaborative Partnership ensures
or will have higher likelihood to successfully align the Product - Project
requirements; hence the Business Case and the CPRM and / or CP
Documents.
4. Continuously develop the capability of CI human resource for CPRMM
including (availing) necessary facilities
5. Mutually explanatory with the other BoK manuals, guidelines & strategies
6. Learning then Accountability
Table 1.2 : CPRM Principles

ECPMI ECPMMS:2019
1.7. Terms and Definitions

For the purpose of this manual, the definitions given in below shall apply.
Assumptions log : Assumption Log is a document which the project manager and
team use to capture, document, and track assumptions throughout
a project’s lifecycle.
Bias During information gathering about risk, the source of information

exhibits a preference or an inclination that inhibits impartial
judgment.
Cause Events or circumstances which currently exist and which might

give rise to risks.
CPM : Critical Path Method which is a step-by-step project management

technique for process planning that defines critical and non-critical
tasks with the goal of preventing time-frame problems and
process bottlenecks.
Discernment : The quality of being able to grasp and comprehend what is

obscure; skill in discerning (insight and understanding); the
process of forming an opinion or evaluation by discerning and
comparing; an opinion or estimate so formed; the capacity for
judging; the exercise of this capacity.
Decision : (1) The act or process of deciding (2) A position arrived at after
consideration
Decision Tree A diagram that describes a decision under consideration and the
Analysis implications of choosing one or another of the available
alternatives. It is used when some future scenarios or outcomes of
actions are uncertain.
Guess To form an opinion from little or no evidence.
FTA : Fault Tree Analysis is a top down, deductive failure analysis in

which an undesired state of a system is analyzed. This analysis
method is mainly used in the fields of safety
engineering and reliability engineering to understand how
systems can fail, to identify the best ways to reduce risk or to
determine (or get a feeling for) event rates of a safety accident or a
particular system level (functional) failure.
Fallback plan : A fallback plan is implemented when the contingency plan fails or
is not fully effective. In other words, you can say that the fallback
plan is generally made for residual risks. It is a backup plan for the
contingency plan.
Fuzzy logic : Fuzzy logic is an approach to computing based on "degrees of

truth" rather than the usual "true or false" (1 or 0).

ECPMI ECPMMS:2019
IDEF0 : is part of the IDEF family of modelling languages in the field

of software engineering, and is built on the functional modelling
language Structured Analysis and Design Technique (SADT).
IMCO : In the designation for Inputs, Mechanisms, Controls/Constraints

and Outputs for processes
Judgment : (1) The process of forming an opinion or evaluation by discerning

and comparing; (2) An opinion or estimate so formed; a formal
utterance of an authoritative opinion; a position arrived at after
consideration; an idea that is believed to be true or valid without
positive knowledge; an opinion on the nature, character, or quality
of something.
Overall Project Risk : It represents the effects of uncertainty on the project as a whole.
PESTLE : Political, Economic, Social/Cultural, Technological, Legal,

Ecological based method used to identify and classify
stakeholders.
Risk : An uncertain event or condition that, if it occurs, has a positive or

negative effect on a project's objectives. However, it is often
helpful to separate uncertain events into those events that can have
a negative effect (risks) and those that can have a positive effect
(opportunities).
Risk Model A representation of the project including data about project

elements and risks that can be analyzed by quantitative risk
analysis.
Residual risks : the amount of risk left over after natural or inherent risks have
been reduced by risk controls. Residual risk = Inherent Risk –
Impact of Risk Controls.
Risk register: : a risk management tool used as a repository for all risks identified
and includes additional information about each risk, e.g. nature of
the risk, reference and owner, mitigation measures.
RBS : Risk Breakdown Structure represents a broad sampling of areas

where risks may arise to affect the project.
SWIT : Structured “What-if” Technique is a hazards analysis method that

uses structured brainstorming with guide words and prompts to
identify risks.
WBS : Work Breakdown Structure is a deliverable-oriented breakdown of

a project into smaller components

ECPMI ECPMMS:2019
1.8. CPRMM Overview

Project risk management in construction
A project risk in construction is an uncertain event or condition that, if it occurs, has a positive or
negative (an opportunity or a threat respectively) effect on one or more project objectives such as
scope, schedule, cost, and quality. A risk is an uncertainty that matters. A risk has a cause and, if
it occurs, a consequence (effect or impact).
Construction projects are exposed to several uncertain situations due to factors common to the
construction industry, such as:
 Duration / schedule challenges;

 Unforeseen situations / Changing environment;
 Complex technical processes;
 Construction locations are highly exposed to environmental factors;
 Availability and skill related challenges;
 Shortages in construction materials;
 Public needs and interest;
 Change in material prices; and
 Regulatory requirements.
Positive and negative risks
Positive risks are opportunities, with some chance of occurrence, to meet project objectives and
negative risks are threats against meeting the project objectives. Positive risks are exploited to
enhance value of the project while negative risks, beyond the limits of tolerance, are to be:
avoided; transferred; or mitigated.
The response to risks is influenced by attitudes towards risks. Respecting peculiarities in each
project, the approach to risks needs to be consistent. Proactively and promptly addressing risk
management is very essential for successful performance of a company.
Individual Risks and Overall Risk (Risks and Risk)
Risk may be looked into at two levels, individual risks and overall risk.
o Individual risks, the list of individual risks of a project dealt one by one during the risk
identification stage, are different from overall project risk.
o Overall project risk represents the effect of uncertainties on the project as a whole. It is
more than the sum of the individual risks within a project, as it includes all sources of
project uncertainty. It represents the exposure of stakeholders to the implications of
variations in project outcome, both positive and negative.
Organizations and stakeholders are willing to accept varying degrees of risk depending on their
risk attitude.

ECPMI ECPMMS:2019
Risk Attitudes
The risk attitudes of organizations and the stakeholders may be influenced by a number of
factors, which are broadly classified as follow.
 Risk appetite - the degree of uncertainty an organization is willing to assume risk. It is a

general and qualitative measure. Example: An organization may take high, medium, or low
risks.
 Risk tolerance - the volume of risk that an organization or individual withstands.
Example: An organization may take risk of up to Birr two million.
 Risk threshold - measures the level of uncertainty below which the organization will
accept the associated risk. Example: An organization may take risk of up to four million with
probability of 20 per cent.
Project risk management process
Risk Management Process is a prompt application of management policies, processes and

procedures to plan, identify, analyze, assess, response, and monitor. The objective is on
maximizing the positive events and reducing the consequences of negative events to project.
Construction Project Risk Management consists of six processes.
The Construction Project risk Management Manual (CPRMM) describes mainly the processes in
order to guide practitioners how to:
a. Plan CPRM
b. Identify CPR
c. CPRM Qualitative risk analysis
d. CPRM quantitative risk analysis for CP Services and / or Works
e. Response to CPRs
f. Control and Monitor risk finalizing or completing all activities of a Construction
Project, or a Construction Contract, or a Construction Project Phase.
The Five Generic Project Management Process Groups are (1) Initiating, (2) Planning, (3)
Executing, (4) Controlling, and (5) Closing Process Groups (PMBOK, 2016).
Figure 1.1: Construction Project Risk Management Overview

ECPMI ECPMMS:2019
The Five Generic Project Management Process Groups are (1) Initiating, (2) Planning, (3)
Executing, (4) Controlling, and (5) Closing Process Groups (PMBOK, 2016).
The CPRM Manual functions and outcomes along the Five Generic Project Management
Process Groups are as shown in Table 1.3 below.
Generic PM Generic PM process Groups Generic PM process

process functions Groups Outcomes
Initiating Organizing Project team for CPRM Team Established; CP

Process Success and Develop CP outcome document
Identify CPRM inputs ,and

Planning develop and Authorize CPM
Process Documents CPM baseline, Requirements
Executing Manage CP services and/or CP Communication
Process Works Document Validation
Controlling Monitor and Control CPRM Performance Management &
Process and CP Performances actions if any
Finalize or Complete Project, Communicate Cessation of
Closing Process evaluate for lesson Liabilities, learning Registers
Table 1.3: CPRM - PMPG relationships, their functions and outcomes

The Modified Five Construction Project Management Specific Process Groups under the
Business - Project - Product Management Chain or Linkage used in the development of
these ECPMMs' are:
1. Pre CP Design Services to ensure intended purpose (Business Case, Feasibility and
Design Brief) is clearly established;
2. During CP Design Services to realize the intended purpose on plan (Conceptual,
Preliminary and Final or Working Designs) ;
3. During CP Works or Executions (Sub Structure, Super Structure, Finishing,
Necessary Installations and Site Works) to efficiently realize the plan;
4. CP Completions to allow use of the product; and
5. Post CP Completion Services to ensure design life time is respected.

ECPMI ECPMMS:2019
1.9. CPRMM High Level Process Map

CPRMM high level process map mainly involves the development of the following six major
process groups; namely:
1. CPRM Authorized Plan,
2. Identify CP risk
3. Analyze CP risk qualitatively
4. Analyze CP risk quantitatively
5. respond to Analyzed CP risk
6. Monitor and Control CP risk.
Start
Plan CP Risk Management
Monitor and Control CP Risks

Identify CP Risks
Analyze CP risk qualitatively Analyze CP risk quantitatively
Respond to CP Risk
END
Figure 1. 2:CPRM High Level Process Map

The CPRM Manual is described in six process groups to support effective CP risk Management as
described hereunder.

ECPMI ECPMMS:2019
2. SECTION 2: PROCESS GROUPS

General
Risk Management Estimates
Construction Project Risk Management estimates should include the following two components:
 The base cost component: The base cost represents the cost that can reasonably be
expected if the project materializes as planned. The base cost does not include
contingencies; and
 The risk (or uncertainty) component: Once the base cost is established, a list of risks is
created of opportunities and threats, called a “risk register.” The risk assessment replaces
general and vaguely defined contingency with explicitly defined risk events. Risk events
are characterized in terms of probability of occurrence and the consequences of each
potential risk event.
Risk Management Competencies
The project manager and project team are required to have the expected skills and competency
levels to execute the risk management processes. The purpose of the competencies is to frame
expectation within project management professionals and help identify skills, development
opportunities and career paths. The two major competencies required from Risk Project
management professionals are Technical competence and Behavioural competence.
Technical Competence
Project management professionals involved in the preparation of risk management plan need to
have acquired knowledge on planning and appropriate analytical techniques, sufficient hands on
experience in preparation of risk management or related plans, and experience in projects of
similar nature. They also need to have the ability of strategic thinking, argument, structuring
information logically, and visualization.
Behavioural Competence
Behavioural competences expected from project manager include: good communication and
coordination capacity; listening; time management; team working, fairness; ability to motivate
colleagues, emotional strength, sharing values, and persuasiveness.
Project Development phases and Knowledge areas
Ethiopian Construction Project Management Institute manuals are divided into seventeen
knowledge areas and one additional subject (Organizational set-up) is added to supplement the
construction project management. The knowledge areas consist of processes applicable to
construction projects. The Procurement management processes are defined in terms of purpose,
description and primary inputs, mechanisms, control/constraints and outputs in section herein
below, and are interdependent.

ECPMI ECPMMS:2019
Risk management project development phases
The risk management knowledge area includes the processes required to identify and manage
threats and opportunities. Table 2.1 depicts interaction of risk management process with process
groups / project development phases.
Knowledge Process groups

areas
Initiating Planning Implementing Controlling Closing
Risk  Identify  Response /  Monitoring and

risks treat risks control risk
 Assess risks
Table 2.1: Relationship between risk knowledge areas and process groups
Depending on the project phase, specified CP risk management tasks need to be carried out.
Table 2.1 above presents the summary of the main CP risk management tasks, the project
manager should concentrate on during the project life cycle:
These processes interact with each other and with the processes in other knowledge areas. The
relationship between each process is mapped, employing IMCOs diagram technique, in Figure
2.5
Constraints
Processes /
Inputs Out puts
Functions
Mechanism
s
Figure 2.1: IMCO or Modified IDEFo Elements

ECPMI ECPMMS:2019
2.1. Process Group One: Plan Construction Project risk Management
Construction project risk management requires good planning. It is a good practice to begin with
established construction project management practices: review organizational policies and
guidance; initiate and align the project team; and follow the steps provided in this manual. Risk
management must commence early in project development and proceed as the project evolves
and project information increases in quantity and quality. Plan to:
 Identify, assess/analyze, and respond to major risks.

 Continually monitor project risks and response actions.
 Conduct an appropriate number and level of risk assessments to update the Risk
Management Plan and evolving risk profile for the project.
The plan project risk management process is the process of defining how to conduct risk
management activities for a project. The risk management plan is vital to communicate with and
obtain agreement and support from all stakeholders to ensure the risk management process is
supported and performed effectively over the project life cycle [3].
The risk management planning process should begin when a project is conceived and should be
completed early during project planning [3].
Risk management planning is performed during project planning. If the project experiences a
significant change (e.g., scope, personnel, schedule) then the risk planning process would be re-
visited concurrently with any overall project re-planning. Figure 2.2 shows the IDEF0 diagram for
Planning Risk Management.

ECPMI ECPMMS:2019
Planning risk management steps
Planning risk management is the process of defining how to conduct risk management activities
for construction project [3].
1 Risk Management Planning Risk management planning is the systematic process of

deciding how to approach, plan, and execute risk management
activities throughout the life of a project. It is intended to
maximize the beneficial outcome of the opportunities and
minimize or eliminate the consequences of adverse risk events.
2 Identify Risk Events Risk identification involves determining which risks might
affect the project and documenting their characteristics.
3 Qualitative Risk Analysis Qualitative risk analysis assesses the impact and likelihood of
the identified risks, and develops prioritized lists of these risks
for further analysis or direct mitigation. Project teams assess
each identified risk for its probability of occurrence and its
impact on project objectives. Teams may elicit assistance from
subject matter experts or functional units to assess the risks in
their respective fields.
4. Quantitative Risk Analysis Quantitative risk analysis is a way of numerically estimating

the probability that a project will meet its cost and time
objectives. Quantitative analysis is based on a simultaneous
evaluation of the impacts of all identified and quantified risks.
5 Risk Response Risk response is the process of developing options and

determining actions to enhance opportunities and reduce
threats to the project’s objectives. It identifies and assigns
parties to take responsibility for each risk response. This
process ensures each risk requiring a response has an
“owner.” The Project Manager and the project team identify
which strategy is best for each risk, and then select specific
actions to implement that strategy.
6 Risk Monitoring & Control Risk monitoring and control tracks identified risks, monitors
residual risks, and identifies new risks—ensuring the
execution of risk plans and evaluating their effectiveness in
reducing risk. Risk monitoring and control is an ongoing
process for the life of the project.
Table 2.1: Risk management sub processes

ECPMI ECPMMS:2019
Below Table 2.2 provides a supportive comparison between risk and objectives for various types
of risk management.
Type of Risk Description Sample Objectives

Management
Generic Risk: Any uncertainty that, if it occurs, would -

affect one or more objectives
Construction Construction Project Risk; Any uncertainty Time, cost, performance,

Project Risk that, if it occurs, would affect one or more quality, scope,
Management construction project objectives client/stakeholder’s
Table 2.2: Relationship between Risk and Objectives

The importance and influence of risk management is fully realized when a Project Manager team
takes action to respond to identified risks based on the risk analysis, with effort being directed
toward those risks that rank the highest in terms of significant impact to project objectives.
Risk management activities
The following are some of the risk management activities.
 Cost Risk Assessment (CRA),

 Cost Estimate Validation Process (CEVP),
 Value Engineering – Risk Assessment (VERA), or
 Meetings,
 Work plan
 Project schedule and budget.

ECPMI ECPMMS:2019
Table 2.3: Typical Characteristics of CRA and CEVP

Details CRA CEVP
Typical length 1-2 days [define based on project 3-5 days [define based on project
nature] nature]
Subject Mater Experts Internal and local Internal and external
Timing Any time; typically updated It is best to start early in the process;
when design changes or other major projects are typically updated
changes to the project warrant an as needed.
updated CRA
General An assessment of risk with an An intense workshop that provides

evaluation and update of costs an external validation of cost and
and schedule estimates schedule estimates and assesses risks.
Note: The project manager based on project complexity define the level of risk assessment and
submits a workshop request and works with the project team (internal and external) to ascertain or
define the type of workshop required and the candidate participants
Constraints
 Enterprise Environmental Factors

 attitude of stakeholders towards risk
management
 Contract document and procurement
legislation
 Lack of experience in Risk management
 Lack of relevant input ideas
Inputs
Outputs
Plan CP Risk
 CP Management plan Management
 Project Charter
 Resources management plan  CP Risk management plan
 stakeholder register
 Organizational Process asset
Mechanisms
Tools, Techniques &

Competencies
Competencies
Figure 2.2: IMCO for plan CP Risk Management Process

ECPMI ECPMMS:2019
2.1.1. Plan construction Project risk management: Inputs

a). Project Management Plan
In planning risk management, all supplementary management plans should be taken into
consideration in order to make the risk management plan consistent with them. The risk
management plan is a component of the Project Management Plan. As Project Management Plan
touches every aspect of the Project, it enables to address the potential risks.
b). Project Charter

A project charter is a document which provides inputs such as high-level risks, high-level project
descriptions, and high-level requirements. It describes what a project is and how it is approached
and lists the names of all stakeholders. It's a critical component of the project management
initiation and planning phases. It is a document to be referred throughout the life of a project.
c). Stakeholder Register

The stakeholder register, which contains all details related to the project’s stakeholders, provides
list of stakeholders with overview of their roles specific to the project being dealt. Stakeholder
Register is important to determine handling of and attention to stakeholders depending on their
level of understanding and roles in the project.
d). Organizational Process Assets

The organizational process assets that can influence the process of planning risk management
include, but are not limited to [3]:
 Risk categories;
 Common definitions of concepts and terms;
 Risk statement formats;
 Standard templates;
 Roles and responsibilities; and
 Authority levels for decision making
.
2.1.2. Plan construction Project risk management: Mechanisms
Risk management plan describes how risk identification, qualitative and quantitative analysis,
response planning, monitoring, and control will be structured and performed during the project
life cycle. The risk management plan does not address responses to individual risks which would
be handled in the risk response plan.
a). Risk Profile Analysis
A stakeholder risk profile analysis may be performed by employing appropriate toolkits. Based
on such assessments, the project team can allocate appropriate resources and focus on the risk
management activities.

ECPMI ECPMMS:2019
PESTLE analysis (political, economic, social, technological, legal, and environmental analysis) is
a marketing tool that facilitates the tracking of the new project environment and by which these
factors are examined to determine specific risks associated with the project location [3/4].
PESTLE analysis and classification of stakeholder for simple project whilst for Medium and Large
projects it is advisable to carry out additional stakeholder analysis methods such as Project
Stakeholders Potential Matrix, Stakeholders Commitment Matrix, and Attitude Information Grid
… etc, as the success or failure of the project may depend on the way how the stakeholders are
handled.
b). Expert Judgment
To ensure a comprehensive establishment of the risk management plan, judgment, and expertise
should be considered from groups or experts, persons with specialized training or knowledge on
the subject area.
c). Meetings
Project teams hold meetings to develop the risk management plan. These meetings may include
the project manager, selected project team members and stakeholders, anyone in the organization
with responsibility to manage the risk planning and execution activities, and others, as needed.
2.1.3. Plan construction Project risk management: Constraints

Constraints are key items that can be utilized to ensure the outcomes or outputs of the risk
management plan achieve the required quality. The risk management plan is mainly controlled
by the requirements of the contract document or project charter. The organization process assets
and enterprise environmental factors also control the risk management plan.
Factors that constrain plan risk management process include: enterprise environmental factors;
attitude of stakeholders towards risk management; organizational process assets; the contract
document and procurement legislations; lack of experience in risk management; lack of relevant
input data. Other prevailing legislations may also be constraints in planning risk management.
2.1.4. Plan construction Project risk management: Outputs

a). Risk Management Plan
The plan risk management describes how risk identification, qualitative and quantitative analysis,
response planning, monitoring, and control will be structured and performed during the project
life cycle. Sample template for a Risk Management Plan is provided in Annex 2.
2.1.5. Risk Management Activities
The instructions below provide the activities that shall be carried out for risk management
planning:
a) Map the following social scope of risk management

ECPMI ECPMMS:2019
o what are your stakeholders facing;

o Identify objectives of stakeholders (do you want to ensure minimal financial
impact, programmatic impact, etc.);
o what resources are available to help mitigate the effects of the risks;
o What structures do we have in place to cope with the scenarios that could
present themselves?
b) Perform stakeholder risk profile analysis

c) Acquire or receive opinion from professionals concerning risk associated with similar
construction project.
d) Organize meetings with Project teams to develop the risk management plan.
e) Prepare risk management plan

ECPMI ECPMMS:2019
2.2. Process Group Two: Identify CP Risk

The process of identifying risks should involve the project team in order to develop and maintain
a sense of ownership and responsibility for the risks and associated risk response actions.
Risk identification occurs throughout each phase of project development:
 Planning
 Scoping
 Design/Plans, Specifications, and Estimate (Engineer’s Estimate)
 Construction
As projects evolve through project development, the risk profile (see Annex 2) evolves and
understanding grows. Therefore, previously identified risks may change and new risks may be
identified throughout the life of the project.
The inputs, tools and techniques, controls, constraints and the outputs for risk process are shown
in figure 2.3.
Constraints

management
legislation
Inputs
Outputs
CP risk management plan
CP cost management plan
CP risk register
Quality management plan
Identify CP risk
Human resource management plan
Scope baseline
Stakeholder register
Organizational process asset
Mechanisms
Tools, Techniques &

Competencies
Competencies
Figure 2.3 : IMCO for Identify CP risk

ECPMI ECPMMS:2019
2.2.1. Identify CP Risk: Inputs

The first and key input element is a defined project. This requires a mutual understanding of the
project under risk management. The project manager should focus on the risks and uncertainties
the project will face. The project manager must first define the project in terms of:
 context,
 scope,
 schedule, and
 Estimate, commensurate with the level of project development at the time of risk analysis.
With scope creep. (Source: Project Management Book of Knowledge)
Key elements of the risk management plan that contribute to Identification of the Risk process are
the roles and responsibilities, provision for risk management activities in the budget and
schedule, and categories of risk, which are sometimes expressed as a risk breakdown structure.
Figure 8 shows risk breakdown structure (RBS) and Annex 2 provides samples for risk
breakdown structure.
Const. Project
CP
Technical External Organizational
Management
Sub
Project
requirements Contractors estimating
dependancies
and suppliers
technology Regulatory Resources planning
Complexity
Market Fundings controlling
and interfaces
Performance Communicatio
Customer Prioritizatuion
and reliablity ns
Quality Weather
Figure 2.4: Typical Risk breakdown structure (RBS)

The key inputs for risk identification are discussed herein below.
a.) CP Cost Management Plan: The cost management plan provides processes and controls
that can be used to help identify risks across the project.
b.) CP Schedule Management Plan: The schedule management plan provides insight to
project time/schedule objectives and expectations which may be impacted by risks
(known and unknown).
c.) Quality Management Plan: The quality management plan provides a baseline of quality
measures and metrics for use in identifying risks.

ECPMI ECPMMS:2019
d.) CP Human Resource Management Plan: The human resource management plan provides
guidance on how project human resources should be defined, staffed, managed, and
eventually released. It can also contain roles and responsibilities, project organization
charts, and the staffing management plan, which form a key input to identify risk process.
e.) CP Scope Baseline: Project assumptions are found in the project scope statement.
Uncertainty in project assumptions should be evaluated as potential causes of project risk.
The work breakdown structure is a critical input to identifying risks as it facilitates an
understanding of the potential risks at both the micro and macro levels.
f.) Stakeholder Register: Information about the stakeholders is useful for soliciting inputs to
identify risks, as this will ensure that key stakeholders, especially the stakeholder,
sponsor, and customer are interviewed or otherwise participate during the Identify Risks
process.
g.) Organizational Process Assets: Of the organizational process assets, in the main, the
following influence risk identification process.
 Project files, including actual data,

 Organizational and project process controls, and
 Risk statement formats or templates..
2.2.2. Identify CP Risks: Mechanisms

The project manager and project team, in collaboration with cost risk experts and subject matter
experts, identify as many risks as possible that may affect project objectives.The project manager
is required:
 to state the assumptions for risk identification and analysis, and

 Define thresholds for risks.
The tools and techniques for risk identification are:
a.) Documentation Review
A structured review of the project documentation may be performed, including plans,

assumptions, previous project files, agreements, and other information. The quality of the plans,
as well as consistency between those plans and the project requirements and assumptions, may
be indicators of risk in the project.
b.) Information Gathering
Examples of information-gathering techniques used in risk identification include: brainstorming;

interviewing and focused group discussion; Work breakdown structure analysis and Scenario analysis.
 Brainstorming. Brainstorming involves a group of people working together to identify

potential risks, causes, failure modes, hazards and criteria for decisions and/or options
for treatment. Brainstorming should stimulate and encourage free-flowing conversation
amongst a group of knowledgeable people without criticizing or rewarding ideas. It is

ECPMI ECPMMS:2019
one of the best and most popular ways to identify both risks and key controls and is the
basis for most risk workshops [4].
 Interviewing and focused group discussion. Interviewing experienced project
participants, stakeholders, and subject matter experts and organizing a focused group
discussion help to identify risks [4].
 Work Breakdown Structure (WBS) Analysis. WBS analysis is used to pinpoint risk areas.
The deeper we go into work breakdown, the more detailed will be the risk areas.
 Scenario Analysis. A scenario is a short story or description of a situation of how a future
event or events might turn out or look like. For each scenario, participants reflect and
analyze the potential consequences and potential causes when analyzing risk [4].
Checklist
Checklists are lists of hazards, risks or control failures that have been developed usually from
experience, either as a result of a previous risk assessment or as a result of past failures or
incidents. Checklists for construction projects include:
 Type of contract
 Unfavourable clauses
 Site and area factors
 Weather
 Regulatory and labor factors
 Knowledge of client
 Construction equipment requirements
 Method or techniques
 Construction materials
A structured “What-if” Technique (SWIT)
This is a systematic, team based exercise, where the facilitator utilizes a set of ‘prompt’ words or
phrases to stimulate participants to identify risks [4].
Fault Tree Analysis (FTA)
This method is similar to a form of creative thinking called reverse brainstorming. This technique
is used for identifying and analyzing factors that can contribute to a specified undesired event
(called the “top event”). Causal factors are then identified and organized in a logical manner and
represented pictorially in a tree diagram [4].
Incident Analysis
Incidents are risks that have occurred. Recording incidents in a register, conducting root cause
analysis and periodically running some trend analysis reports to analyze incidents, can
potentially enable new risks to be identified. In addition, a high frequency of like incidents can be
a lead risk indicator to a potentially larger problem [4].
Diagramming Techniques

ECPMI ECPMMS:2019
Risk diagramming techniques may include:
 Cause and effect diagrams. These are also known as Ishikawa or fishbone diagrams and
are useful for identifying causes of risks.
 System or process flow charts. These show how various elements of a system interrelate
and the mechanism of causation.
 Influence diagrams. These are graphical representations of situations showing causal
influences, time ordering of events, and other relationships among variables and outcomes
3].
SWOT Analysis
This technique examines the project from the strengths, weaknesses, opportunities, and threats
(SWOT) perspectives to increase the breadth of identified risks by including internally generated
risks. The technique starts with identification of strengths and weaknesses of the organization
(strength and weakness are internal), focusing on either the project, organization, or the business
area in general. SWOT analysis then identifies any opportunities for the project that arise from
organizational strengths, and any threats arising from organizational weaknesses (opportunities
and threats are external). The analysis also examines the degree to which organizational strengths
offset threats, as well as identifying opportunities that may serve to overcome weaknesses [3].
c.) Expert Judgment
Significant knowledge of similar projects and project environment can be acquired from experts.
Interviewing local experienced project managers, industry professionals, construction managers,
and subject matter experts can help identify specific local risks. The project manager should
identify local experienced experts and invite them for interviewing.
2.2.3. Identify CP Risk: Constraints
a.) Enterprise Environmental Factors

Of the enterprise environmental factors, in the main, the following influence the Identify Risks
process.
 Published information, including commercial databases,

 Published checklists,
 Benchmarking,
 Industry studies, and
 Risk attitudes.
b.) Refer section 2.1.3 of risk management planning for control and contraints.

ECPMI ECPMMS:2019
2.2.4. Identify CP risk: Outputs

The output or expected deliverable from risk identification process includes a preliminary “risk
register,” which documents the following information:
Identification # for each risk identified – Assign a unique number to each risk for tracking
purposes. If available, do this by utilizing an established Risk Breakdown Structure (refer Figure
2.4 for typical RBS);
Date and phase of project development when risk was identified – Document the date the risk
was identified and in which project development phase (initiating, planning,
execution/implementing, monitoring & control, close).
Name of risk (does the risk pose a threat or present an opportunity?) – Ensure each identified risk
has an appropriate name; for example, “ROW Delay” or “Unforeseen site condition”.
Detailed description of risk event – The detailed description of the identified risk must provide
information that is Specific, Measurable, Attributable (a cause is indicated), Relevant, and Time-
bound (SMART). Ensure the description is clear enough and thorough enough so that others
reading about the description of the risk will understand what it means
Risk trigger – Each identified risk must include the risk trigger(s). Risks rarely just suddenly
occur; usually there is some warning of imminent threat or opportunity. Clearly describe and
document these warning signs and information about the risk. For example, “ROW or Possession
of site Date” may be considered a risk trigger on a project that has a risk of a legal challenge.
Risk type – Does the identified risk affect project schedule, cost, or both?
Potential responses to identified risk – Document, if known, possible response actions to the
identified risk—can the identified threat be avoided, transferred, or mitigated, or is it to be
accepted? Can the identified opportunity be exploited, shared, or enhanced?
Comments about risk identification – Risk management are an iterative process, so regularly
review project risks. As new risks identified, document and assess them. Consider the resulting
risk register preliminary only until the completion of additional and appropriate activities.
2.2.5. Activities of CP risk Identification
The steps / instructions below provide the activities that shall be carried out for risk
identification:
a) Step 1: Determine risk thresholds for the project—establish a minimum estimate and time
duration considered significant for the project under evaluation.
b) Step 2: Focus on identifying large significant risks that affect project objectives.
c) Step 3: Carefully document and describe risks in a risk register.
d) Step 4. Characterize risks in terms of impact and probability. Note: High-impact risks
with low probabilities should be of particular interest to the Project Risk Manager.

ECPMI ECPMMS:2019
2.3. Process Group Three: Qualitative Risk Analysis
General
The next process after risk identification is risk analysis. The processes present the two types of
risk analysis: qualitative and quantitative. This section deals with the qualitative risk analysis.
Risk analysis is a systematic use of available information to determine how often specified events
may occur and the magnitude of their consequences. Performing Qualitative Risk Analysis is the
process of prioritizing risks for further analysis or action by assessing and combining their
probability of occurrence and impact.
Overall risk = probability x impact
The key benefit of this process is that it enables project managers to focus on high-priority risks
and keep an eye on low-priority risks recoded under watch list.
Qualitative Risk Analysis assesses the impact and likelihood of the identified risks and develops
prioritized lists of these risks for further analysis or direct mitigation.
The project manager and the project team assess each identified risk for its probability of occurrence
and its impact on project objectives.
Qualitative risk analysis shall be used by project manager and project teams:
 As an initial screening or review of project risks.

 When a quick assessment is anticipated.
 As the preferred approach for simpler and smaller projects (refer Table for project size
definition) where robust and/or lengthy quantitative analysis is not necessary.
Performing qualitative risk analysis is usually a rapid and cost-effective means of establishing
priorities for planning risk responses and lays the foundation to perform quantitative risk analysis,
if required. The process of qualitative risk analysis is performed regularly throughout the project
life cycle/development phase, as defined in the project’s risk management plan. Qualitative risk

ECPMI ECPMMS:2019
analysis may assume four levels. The levels, the characteristics of each level, and the additional
values of one over the other/s are depicted in Table 2.4.
No Type of Analysis How is it done? Main features
1 Probability – Impact Identified risks are prioritized by It is easy to apply and effective for
Matrix placing the risk in to cells of a small projects and initial level
probability - impact matrix. Each assessment of all small medium and
identified risk is labelled by its large projects.
chance of occurrence and impact
on the project objectives. Prioritizing of risk using this method
may be challenged if the labelling made
by the team members is highly
scattered among the cells of the matrix
2 Risk significance index The qualitative evaluations (for The process is same as probability
both likelihood and impact) of impact matrix. It overcomes the
each respondent are converted to shortcomings of Probability – Impact
empirical (numerical) values and Matrix by attaching a significance index
the average of the products yields to each identified risk based on the
the risk significance index. The ranking points from members.
identified risks are then
prioritized as per their index.
3 Fuzzy DEMATEL The identified risks are prioritized The above two methods prioritize the
method (threshold based on the impact of one risk on identified risks based on their impact
determined by decision the others. only on the project objectives. This
makers) method considers the impact of one
risk on the others
4 Fuzzy DEMATEL The threshold value is picked by

method (threshold employing maximum mean de entropy
determined by maximum method
mean de entropy)
Table 2.4: Types and Hierarchies of Qualitative risk analysis

The Fuzzy method is included in Table 2.8 as information for high level analsysis and the
qualitative analysis in this mannual basically deals with the first two types of analysis.
The inputs, Tools and Techniques, controls, constraints and the outputs for qualitative risk
analysis process are shown in Figure 2.5.

ECPMI ECPMMS:2019
Constraints
management
legislation
Inputs
Outputs
CP Scope baseline Perform CP
Organizational process asset Qualitative risk CP Document updates
CP Risk register updates
Assumption log updates
Mechanisms
Tools, Techniques &

Competencies
Competencies
Figure 2.5: IMCO for Perform CP Qualitative Risk Analysis Process
2.3.1. Perform CP Qualitative Risk Analysis: Inputs

a.) Risk Management Plan
Key elements of the risk management plan used to perform qualitative risk analysis process
include roles and responsibilities for conducting risk management, budgets, schedule activities for risk
management, risk categories, definitions of probability and impact, the probability and impact matrix, and
revised stakeholders’ risk tolerances. These inputs are usually tailored to the project during the
planning process of risk management. The project manager may develop these inputs during
performing qualitative risk analysis process [3].
b.) Scope Baseline
Projects of a common or recurrent type tend to have more well-understood risks. Projects using
state-of-the-art or first-of-its-kind technology, and highly complex projects, tend to have more
uncertainty. This can be evaluated by examining the scope baseline.
c.) Risk Register
The risk register contains the information that will be used to assess and prioritize risks.

ECPMI ECPMMS:2019
d.) Organizational Process Assets
The organizational process assets that can influence the qualitative risk analysis process include
information on prior, similar completed projects.
2.3.2. Perform CP Qualitative Risk Analysis: Mechanisms

Once a risk is identified, including a thorough description of the risk and risk triggers, it can be
characterized in terms of probability of occurrence and the consequence if it does occur. The
following tools and techniques are used to perform qualitative risk analysis.
a.) Probability - Impact Matrix
Probability and Impact Matrix is a tool for the project team to aid in prioritizing risks. There may
be several risks in any project. Depending on the size and complexity of the project in hand, the
risks may vary in number and significance. Addressing all the identified risks is practically
impossible. So, it is necessary to find a way to identify those critical risks which needs prior
attention from the project team.
Overall risk = probability x impact
Probability and Impact Matrix uses the combination of probability and impact scores of
individual risks and ranks/ prioritizes them for easy handling of the risks. In other words, the
probability and impact matrix assist to determine which risks need detailed risk response plans. It
is vital to understand the priority for each risk as it allows the project team to appreciate the
relative importance of each risk.
b.) Risk Significance Index [5]
The Probability Impact Matrix addresses the issue purely through qualitative feedbacks from
experienced team members. If there is no consensus among the team members as to where
(which cell) a potential risk should fall in the probability impact matrix, same potential risk may
fall under different cells by different evaluator. In such a case, it may be difficult to prioritize the
risks due to scattering of the potential risks into different cells. Risk Significance Score is more
robust when such a situation occurs. Annex 2 provides sample template for risk significant index.
c.) A Fuzzy Systematic Approach to Construction Risk Analysis [6]
In construction projects, risk factors arise from varying areas, such as political, economic, social,
technological and geographical environments, as well as from the project implementation. In
projects, risks, in addition to directly impacting the project objectives, indirectly impact the
project objectives through the influences among themselves.
If the interrelationships of risk are envisaged to be significant, and the analysis to be made is so
sensitive, there will be a need for a systematic integrated approach to risk assessment. This leads
us to the use of systematic group decision making methods, which produce systematic structures
of risks and their interrelationships.

ECPMI ECPMMS:2019
Because of the fuzzy logic of the human way of thinking, which is to trade-off between
significance and precision, values presented in the procedure of risk assessment, by risk
management team members, are not absolute. Due to the recent discussion, fuzzy logic is
accepted as a governing theory over the systematic structure.
2.3.3. Perform CP Qualitative Risk Analysis: Constraints

Enterprise environmental factors may provide insight and context to the risk assessment, such as:
 Industry studies of similar projects by risk specialists, and

 Risk databases that may be available from industry or proprietary sources
 Refer to section 2.1.3 for control and contraints for qualitative risk analysis process.
2.3.4. Perform CP Qualitative Risk Analysis: Outputs

The following deliverables / documents provide guidance on how to organize the outputs for
qualitative risk analysis:
a.) Risk register updates. As new information becomes available through the qualitative risk
assessment, the risk register is updated. Updates to the risk register may include
assessments of probability and impacts for each risk, risk ranking or scores, risk urgency
information or risk categorization, and a watch list for low probability risks or risks
requiring further analysis.
b.) Assumptions log updates. As new information becomes available through the qualitative
risk assessment, assumptions could change. The assumptions log needs to be revisited to
accommodate this new information. Assumptions may be incorporated into the project
scope statement or in a separate assumptions log.
2.3.5. Perform CP Qualitative Risk Analysis: Activities
Once a risk is identified, including a thorough description of the risk and risk triggers, it can be
characterized in terms of probability of occurrence and the consequence if it does occur. The
steps/instructions below provide the activities that shall be carried out for qualitative risk
analysis:
a) Step 1. Gather the project team and appropriate persons to discuss project risk. Establish
which of the qualitative risk matrices you intend to use, and define the terms you plan to
use (Very High, High, Medium, Low, etc.).
b) Step 2. Review the risk information from the risk identification step.
c) Step 3. Discuss the risk with the group.
d) Step 4. Evaluate the likelihood of the risk occurring by asking the group, “How likely is it
that this risk will occur?” Record the result that the group agrees on.

ECPMI ECPMMS:2019
e) Step 5. Evaluate the consequences if the risk does occur by asking the group, “What will
be the impacts if this risk does occur?” Record the result that the group agrees on.
f) Step 6. Prioritize the risks based on the results of the qualitative analysis. If it is desirable,
the risks can also be grouped by category (e.g., Environmental, Structures/
Geotechniques) and ranked within each category.
Steps for filling Probability-Impact Matrix (qualitative risk analysis)
Step 1: Form expertise group with experience on Project Management
Step 2: Brainstorm on (and prepare long list of) the potential Risks of the Project under
consideration
Step 3: Allow the expert group to rate each of the identified risks as per the ranking code
provided under Annex 2-14 or similar. The rating is made by consensus
Step 4: Place each identified risk in the cells of Figure (see Annex 2-16) according to the
consensus obtained under the third point (above).
The risks that fall in the red zone are top priorities and the risks that fall in the green zone are
least priorities.

ECPMI ECPMMS:2019
2.4. Process Group Four: Perform CP Qualitative Risk Analysis
General
Quantitative Risk Analysis numerically estimates the probability that a project will meet its cost
and time objectives. Quantitative analysis is based on a simultaneous evaluation of the impacts of
all identified and quantified risks.
This process highlights and offers several tools for quantitative analysis of risk.
Quantitative techniques, such as Monte Carlo simulation, can be a powerful tool for analysis of
project risk and uncertainty. This technique provides project forecasts with an overall outcome
variance for estimated project cost and schedule. Probability theory allows us to look into the
future and predict possible outcomes.
Performing Quantitative Risk Analysis is the process of quantitatively analyzing the effect of
identified potential risks on overall construction project objectives. The key benefit of this process
is that it produces figurative risk information to support decision making in order to reduce project
uncertainty.
Quantitative Risk Analysis is performed on risks that have been prioritized by employing
Qualitative Risk Analysis process as potentially and substantially impacting the project’s
competing demands. Performing Quantitative Risk Analysis process analyzes the effect of those
risks on project objectives. It is used mostly to evaluate the aggregate effect of all risks potentially
affecting the project. When the risks drive the quantitative analysis, the process may be used to
assign a numerical priority rating to those risks individually.
The project manager should exercise expert judgment to determine the need for and the viability of
quantitative risk analysis. The availability of time and budget, and the need for qualitative or
quantitative statements about risk and impacts, will determine which method(s) to use on any
particular project. [3].
The inputs, Tools and Techniques, controls, constraints and the outputs for quantitative risk
analysis process are shown in Figure 2.6.

ECPMI ECPMMS:2019
Constraints
management
legislation
Inputs Outputs

CP Scope baseline Perform CP
CP Document updates
Organizational process asset Quantitative risk Probabilistic analysis
CP Schedule Management plan Probability of achieving CP
objectives
Prioritized list of risks
Trends in CP quantitative risk
Mechanisms analysis
Tools, Techniques &

Competencies
Competencies
Figure 2.6: IMCO for Perform CP Quantitative Risk Analysis Process
2.4.1. Perform CP Quantitative Risk Analysis: Inputs
The risk management plan provides guidelines, methods, and tools to be used in quantitative risk
analysis.
b.) Cost Management Plan
The cost management plan provides guidelines on establishing and managing risk reserves.
c.) Schedule Management Plan
The schedule management plan provides guidelines on establishing and managing risk reserves.
d.) Risk Register
The risk register is used as a reference point for performing quantitative risk analysis
e.) Organizational Process Assets
The organizational process assets that can influence the Perform Quantitative Risk Analysis
process include information from prior, similar completed projects.

ECPMI ECPMMS:2019
2.4.2. Perform CP Quantitative Risk Analysis: Mechanisms

The identified risks have been screened through qualitative analysis, now risks can be analyzed
quantitatively. Refer to risk identification process, section 2.2, which includes a thorough
description of the risk and risk triggers. With quantitative analysis, the probability of occurrence
and consequence if the risk event occurs must also be documented.
The project team in order to fully understand the project, the team must determine what project
team know and what the team do not know about a project. In construction industry, Civil
Engineering, available resources to clearly explain what are known of a project such as:
 aerial photography,
 surveying,
 site investigations,
 bid histories,
 real estate services,
 right of way, utilities,
 access management,
 environmental, hydraulics, structures, geotechnical, railroad, tribal, security, planning and
programming, ad/bid/award, construction, tolling, economic, programming, external
resource agencies and stakeholders, public interest groups, and others.
Gather and Represent Data
 Quantitative analysis is generally led by a cost risk expert from the Strategic Analysis and
Estimating Office, sometimes augmented by consultant staff and in collaboration with the
Project Manager.
 Interviews: Can be formal or informal settings, such as smaller group meetings or larger
formal workshops.
 Subject matter expert input: Participate collaboratively with the project team and cost-risk
team; you can also participate in interviews or contribute opinions in other ways such as
surveys (questionnaires).
 Data: Represent data in terms of probability and impact; you can represent impacts using
discrete distributions or continuous distributions.
Quantitative Risk Analysis and Modelling
 Modelling and Simulation. A project simulation uses a model that translates the specified
detailed uncertainties of the project into their potential impact on project objectives.
Simulations are typically performed using the Monte Carlo technique. In a simulation, the
project model is computed many times (iterated), with the input values (e.g., cost estimates
or activity durations) chosen at random for each iteration from the probability distributions
of these variables. A histogram (e.g., total cost or completion date) is calculated from the
iterations. For a cost risk analysis, a simulation uses cost estimates. For a schedule risk
analysis, the schedule network diagram and duration estimates are used. The output from
a cost risk simulation using the three-element model and risk ranges is shown in Annex 3.

ECPMI ECPMMS:2019
It illustrates the respective probability of achieving specific cost targets. Similar curves can
be developed for other project objectives.
Figure 2.7: Example cost risk Simulation Results [3]
 Risk management must be partnered with a well-organized and properly documented

project base cost estimate. Risk management introduces reality into our construction
project management process by recognizing that every project has a risk of cost overrun.
This does not mean cost overrun is inevitable, it means it is possible. Quantitative
analysis is a natural activity that fits into a standard construction project management
process.
 Sensitivity Analysis. Sensitivity analysis helps to determine which risks have the most
potential impact on the project.
 Expected Monetary Value Analysis. Expected monetary value (EMV) analysis is a

statistical concept that calculates the average outcome when the future includes scenarios
that may or may not happen (i.e., analysis under uncertainty). The EMV of opportunities
are generally expressed as positive values, while those of threats are expressed as negative
values. EMV for a project is calculated by multiplying the value of each possible outcome
by its probability of occurrence and adding the products together. Formula
Risk=probability x impact / consequence.
a.) Expert Judgment
Expert judgment (ideally using experts with relevant, recent experience) is required to identify
potential cost and schedule impacts, to evaluate probability, and to define inputs such as
probability distributions into the tools. Expert judgment also comes into play in the interpretation
of the data. Experts should be able to identify the weaknesses of the tools as well as their
strengths. Experts may determine when a specific tool may or may not be more appropriate.

ECPMI ECPMMS:2019
b.) Project Cost Risk Assessment

Similar steps could be employed to make an assessment of the overall project risk. Monte Carlo or
other similar simulation methods may be used to make assessment of the overall project risk.
2.4.3. Perform CP Quantitative Risk Analysis: Mechanisms

Enterprise environmental factors may provide insight and context to the risk analysis, such as:
 Industry studies of similar projects by risk specialists; and

 Risk databases that may be available from industry or proprietary sources.
 Refer to section 2.1.3 for controls and contraints for qualitative risk analysis process.
2.4.4. Perform CP Quantitative Risk Analysis: Outputs

The deliverables or output documents for quantitative risk analysis are project document
updates. Project documents are updated with information resulting from quantitative risk
analysis.
The risk register updates include:
 Probabilistic analysis of the project. Estimates are made of potential project schedule and
cost outcomes listing the possible completion dates and costs with their associated
confidence levels. This output, often expressed as a cumulative frequency distribution, is
used with stakeholder risk tolerances to permit quantification of the cost and time
contingency reserves. Such contingency reserves are needed to bring the risk of
overrunning stated project objectives to a level acceptable to the organization.
 Probability of achieving cost and time objectives. With the risks facing the project, the
probability of achieving project objectives under the current plan can be estimated using
quantitative risk analysis results.
 Prioritized list of quantified risks. This list includes those risks that pose the greatest
threat or present the greatest opportunity to the project. These include the risks that may
have the greatest effect on cost contingency and those that are most likely to influence the
critical path. These risks may be evaluated, in some cases, through a tornado diagram
generated as a result of the simulation analysis.
 Trends in quantitative risk analysis results. As the analysis is repeated, a trend may
become apparent that leads to conclusions affecting risk responses. Organizational
historical information on project schedule, cost, quality, and performance should reflect
new insights gained through the Perform Quantitative Risk Analysis process. Such history

ECPMI ECPMMS:2019
may take the form of a quantitative risk analysis report. This report may be separate from,
or linked to, the risk register.
2.4.5. Perform Quantitative CP Risk Analysis: Activities
Below Figure illustrates and depicts the elements of the quantitative risk analysis.
Figure 2.8 : Elements of quantitative risk analysis
The Perform Quantitative Risk Analysis seeks to determine the overall risks to project objectives
when all risks potentially operate simultaneously on the project.
Quantitative Risk Analysis provides answers to several questions regarding the project. The key
elements are as follows:
 How likely is the project to complete on the scheduled date or earlier?

 How likely is the project actual cost to be the budgeted cost and less?
 How reliable will the product of the construction project be that the project produces?
 What is the best decision to make in the face of uncertain results?
 How much contingency in time and cost is needed to provide the organization with its
desired degree of confidence in the results?
 How should the design of the construction project (product) be changed most
economically to increase its reliability/functionality?
 What are the individual risks that seem to be the most important in determining the
overall project risk?

ECPMI ECPMMS:2019
The instructions below provide the activities that shall be carried out for quantitative risk
analysis:
a) Steps to run Monte Carlo Analysis
Step 1: Identify the key project risk variables.
Step 2: Identify the range limits for these project variables.
Step 3: Specify probability weights for this range of values.
Step 4: Establish the relationships for the correlated variables.
Step 5: Perform simulation runs based on the identified variables and the correlations.
Step 6: Statistically analyze the results of the simulation run.
b) Schedule Risk Analysis

Step 1: create the CPM schedule for the project
Step 2: estimate the uncertainty in the activity durations
Step 3: perform a risk analysis of the schedule
c) Cost Risk Analysis

Step 1: Identify work items subject to cost or budget overrun
Step 2: Define work items to be excluded from contingency
Step 3: Define work items and events to be included as part of contingency
Step 4: Select the appropriate method for cost risk analysis
Step 5: Establish risk register
Step 6: Define the key cost drivers
Step 7: Define the probability or likelihood of occurrences and the cost impact of the risk
event as minimum, most likely and maximum cost impact
Step 8: Define for all identified risks the pre-mitigation scenario and their impact
Step 9: Perform risk analysis (simulation analysis).
Step 10: Present analysis resulted in three main outputs

ECPMI ECPMMS:2019
2.5. Process Five: CP Risk response
General
Planning risk responses is the process of developing options and actions to enhance opportunities
and to reduce threats to project objectives. The key benefit of this process is that it addresses the
risks by their priority, inserting resources and activities into the budget, schedule and project
management plan as needed.
Each risk response requires an understanding of the mechanism by which it will address the risk.
This is the mechanism used to analyze if the risk response plan is having the desired effect. It
includes the identification and assignment of one person (an owner for risk response) to take
responsibility for each agreed-to and funded risk response. Risk responses should be appropriate
for the significance of the risk, cost-effective in meeting the challenge, realistic within the project
context, agreed upon by all parties involved, and owned by a responsible person. Selecting the
optimum risk response from several options is often required. The process of planning risk
responses presents commonly used approaches to planning responses to the risks. Risks include
threats and opportunities that can affect project success, and responses are discussed for each.
Risk response requires effort to develop and implement response actions; the project manager
must plan for expending this effort following the results of the risk analysis. To this end, the
project manager has a number of tools readily available; including the Risk Management
Planning spreadsheet the Project Risk Manager should pay special attention to high impact, low-
probability risks. Team awareness and conscious monitoring of these risks can be accomplished
through team meetings, informing upper management, and seeking counsel from appropriate
experts.
The following actions can be considered in response to risks:
Threats Opportunities
1-Avoid 1-Exploit
2-Transfer 2-Share
3-Mitigate 3-Enhance
4-Accept 4-Accept
Table 2. 5: Actions in response to construction risk

ECPMI ECPMMS:2019
The inputs, Tools and Techniques, controls, constraints and the outputs for risk response process
are shown in Figure 2.9.
Constraints
management
legislation
Inputs Outputs
CP management plan
CP risk register CP risk response
CP Document updates
CP management plan updates
Mechanisms
Tools, Techniques &

Competencies
Competencies
Figure 2.9 : IMCO for CP Risk Response Process
2.5.1. CP Risk Response: Inputs

Important components of the risk management plan include roles and responsibilities, risk
analysis definitions, timing for reviews (and for eliminating risks from review), and risk
thresholds for low, moderate, and high risks. Risks thresholds help identify those risks for which
specific responses are needed.
b.) Risk Register
The risk register refers to identified risks, root causes of risks, lists of potential responses, risk
owners, symptoms and warning signs, the relative rating or priority list of project risks, risks
requiring responses in the near term, risks for additional analysis and response, trends in
qualitative analysis results, and a watch list, which is a list of low priority risks within the risk
register.
2.5.2. CP Risk Response: Mechanisms

Several risk response strategies are available. The strategy or mix of strategies most likely to be
effective should be selected for each risk. Risk analysis tools, such as decision tree analysis, can be

ECPMI ECPMMS:2019
used to choose the most appropriate responses. Specific actions are developed to implement that
strategy, including primary and backup strategies, as necessary.
A fallback plan can be developed for implementation if the selected strategy turns out not to be
fully effective or if an accepted risk occurs. Secondary risks should also be reviewed. Secondary
risks are risks that arise as a direct result of implementing a risk response. A contingency reserve
is often allocated for time or cost. If developed, it may include identification of the conditions that
trigger its use.
Strategies for Negative Risks or Threats
Three strategies, which typically deal with threats or risks that may have negative impacts on
project objectives if they occur, are: avoid, transfer, and mitigate. The fourth strategy, accept, can be
used for negative risks or threats as well as positive risks or opportunities. Each of these risk
response strategies have varied and unique influence on the risk condition. These strategies
should be chosen to match the risk’s probability and impact on the project’s overall objectives.
Avoidance and mitigation strategies are usually good strategies for critical risks with high impact,
while transference and acceptance are usually good strategies for threats that are less critical and
with low overall impact. The four strategies for dealing with negative risks or threats are further
described as follows.
 Avoid. Risk avoidance is a risk response strategy whereby the project team acts to
eliminate the threat or protect the project from its impact. It usually involves changing
the project management plan to eliminate the threat entirely. The project manager may
also isolate the project objectives from the risk’s impact or change the objective that is in
jeopardy. Examples of this include extending the schedule, changing the strategy, or
reducing scope. Some risks that arise early in the project can be avoided by clarifying
requirements, obtaining information, improving communication, or acquiring expertise.
 Transfer. Risk transference is a risk response strategy whereby the project team shifts the
impact of a threat to a third party, together with ownership of the response. Transferring
the risk simply gives another party responsibility for its management—it does not
eliminate it. Transferring does not mean disowning the risk by transferring it to a later
project or another person without its knowledge or agreement. Risk transference nearly
always involves payment of a risk premium to the party taking on the risk. Transferring
liability for risk is most effective in dealing with financial risk exposure. Transference
tools can be quite diverse and include, but are not limited to, the use of insurance,
performance bonds, warranties, guarantees, etc. Contracts or agreements may be used to
transfer liability for specified risks to another party. For example, when a buyer has
capabilities that the seller does not possess, it may be prudent to transfer some work and
its concurrent risk contractually back to the buyer. In many cases, use of a cost-plus
contract may transfer the cost risk to the buyer, while a fixed-price contract may transfer
risk to the seller.

ECPMI ECPMMS:2019
 Mitigate. Risk mitigation is a risk response strategy whereby the project team acts to
reduce the probability of occurrence or impact of a risk. It implies a reduction in the
probability and/or impact of an adverse risk to be within acceptable threshold limits.
Taking early action to reduce the probability and/or impact of a risk occurring on the
project is often more effective than trying to repair the damage after the risk has
occurred. Adopting less complex processes, conducting more tests, or choosing a more
stable supplier are examples of mitigation actions.
 Accept. Risk acceptance is a risk response strategy whereby the project team decides to
acknowledge the risk and not take any action unless the risk occurs. This strategy is
adopted where it is not possible or cost-effective to address a specific risk in any other
way. This strategy indicates that the project team has decided not to change the project
management plan to deal with a risk, or is unable to identify any other suitable response
strategy. This strategy can be either passive or active. Passive acceptance requires no
action except to document the strategy, leaving the project team to deal with the risks as
they occur, and to periodically review the threat to ensure that it does not change
significantly. The most common active acceptance strategy is to establish a contingency
reserve, including amounts of time, money, or resources to handle the risks.
Strategies for Positive Risks or Opportunities
Three of the four responses are suggested to deal with risks with potentially positive impacts on
project objectives, namely: exploit, enhance, and share. The fourth strategy, accept; can be used for
negative risks or threats as well as positive risks or opportunities. These strategies, described
below, are to exploit, share, enhance, and accept.
 Exploit. The exploit strategy may be selected for risks with positive impacts where the
organization wishes to ensure that the opportunity is realized. This strategy seeks to
eliminate the uncertainty associated with a particular upside risk by ensuring the
opportunity definitely happens. Examples of directly exploiting responses include
assigning an organization’s most talented resources to the project to reduce the time to
completion or using new technologies or technology upgrades to reduce cost and duration
required to realize project objectives.
 Enhance. The enhance strategy is used to increase the probability and/or the positive
impacts of an opportunity. Identifying and maximizing key drivers of these positive-
impact risks may increase the probability of their occurrence. Examples of enhancing
opportunities include adding more resources to an activity to finish early.
 Share. Sharing a positive risk involves allocating some or all of the ownership of the
opportunity to a third party who is best able to capture the opportunity for the benefit of
the project. Examples of sharing actions include forming risk-sharing partnerships, teams,

ECPMI ECPMMS:2019
special-purpose companies, or joint ventures, which can be established with the express
purpose of taking advantage of the opportunity so that all parties gain from their actions.
 Accept. Accepting an opportunity is being willing to take advantage of the opportunity if
it arises, but not actively pursuing it.
Contingent Response Strategies
Some responses are designed for use only if certain events occur. For some risks, it is appropriate
for the project team to make a response plan that will only be executed under certain predefined
conditions, if it is believed that there will be sufficient warning to implement the plan. Events that
trigger the contingency response, such as missing intermediate milestones or gaining higher
priority with a supplier, should be defined and tracked. Risk responses identified using this
technique are often called contingency plans or fallback plans and include identified triggering
events that set the plans in effect.
Documentation of Risk Response Actions
Document the response action by describing the action, which work activities it will affect, and
the cost of the response action. Identify the person(s) responsible for successful implementation of
the response action. Also, consider the time impacts of the response action and how the risk
response may affect the overall project and/or other risks.
Planning Risk Response Actions
Select a response action – The project manager determines how to respond to each risk. The
action selected is influenced by the level of the risk. Table 9 provides simple response matrix and
Annex 2 offers examples.
High impacts demand attention. If risk has a

high impact and high probability, it is
intuitively that it deserves a response. Also, transfer avoid
High
high-impact risks with low probability require

attention. Note: Give due attention to low- (share) (exploit)
probability risks with high impacts to avoid
Probability
unexpected consequences
mitigate
Low
accept (enhance)
Impact
Table 2. 6: Simple response matrix

ECPMI ECPMMS:2019
Expert Judgment
Expert judgment is input from knowledgeable parties pertaining to the actions to be taken on a
specific and defined risk. Expertise may be provided by any group or person with specialized
education, knowledge, skill, experience, or training in establishing risk responses.
2.5.3. CP Risk Response: Constraints
 Refer to section 2.1.3 and 2.2.3 for controls and contraints for qualitative risk analysis
process.
2.5.4. CP Risk Response: Outputs

Elements of the project management plan that may be updated as a result of carrying out this risk
response process include, but are not limited to:
 Schedule management plan. The schedule management plan is updated to reflect changes in
process and practice driven by the risk responses. This may include changes in tolerance or
behaviour related to resource loading and levelling, as well as updates to the schedule
strategy.
 Cost management plan. The cost management plan is updated to reflect changes in process
and practice driven by the risk responses. This may include changes in tolerance or
behaviour related to cost accounting, tracking, and reports, as well as updates to the budget
strategy and how contingency reserves are consumed.
 Quality management plan. The quality management plan is updated to reflect changes in
process and practice driven by the risk responses. This may include changes in tolerance or
behaviour related to requirements, quality assurance, or quality control, as well as updates
to the requirements documentation.
 Procurement management plan. The procurement management plan may be updated to

reflect changes in strategy, such as alterations in the make-or-buy decision or contract
type(s) driven by the risk responses.
 Human resource management plan. The staffing management plan, part of the human
resource management plan, is updated to reflect changes in project organizational structure
and resource applications driven by the risk responses. This may include changes in
tolerance or behaviour related to staff allocation, as well as updates to the resource loading.
 Scope baseline. Because of new work generated (modified or omitted) by the risk
responses, the scope baseline may be updated to reflect those changes.
 Schedule baseline. Because of new work generated (or omitted) by the risk responses, the
schedule baseline may be updated to reflect those changes.

ECPMI ECPMMS:2019
 Cost baseline. Because of new work generated (or omitted) by the risk responses, the cost
baseline may be updated to reflect those changes.
a.) Project Documents Updates
In the process of planning risk responses, several project documents are updated as needed. For
example, when appropriate risk responses are chosen and agreed upon, they are included in the
risk register. The risk register should be written to a level of detail that corresponds with the
priority ranking and the planned response. Often, the high and moderate risks are addressed in
detail. Risks judged to be of low priority are included in a watch list for periodic monitoring.
Updates to the risk register can include, but are not limited to:
 Risk owners and assigned responsibilities;

 Agreed-upon response strategies;
 Specific actions to implement the chosen response strategy;
 Trigger conditions, symptoms, and warning signs of a risk occurrence;
 Budget and schedule activities required to implement the chosen responses;
 Contingency plans and triggers that call for their execution;
 Fallback plans for use as a reaction to a risk that has occurred and the primary response
proves to be inadequate;
 Residual risks that are expected to remain after planned responses have been taken, as well
as those that have been deliberately accepted;
 Secondary risks that arise as a direct outcome of implementing a risk response; and
 Contingency reserves that are calculated based on the quantitative risk analysis of the
project and the organization’s risk thresholds.
Other project documents updated could include:
 Assumptions log updates. As new information becomes available through the application
of risk responses, assumptions could change. The assumptions log needs to be revisited to
accommodate this new information.
 Technical documentation updates. As new information becomes available through the

application of risk responses, technical approaches and physical deliverables may change.
Any supporting documentation needs to be revisited to accommodate this new information.
 Change requests. Planning for possible risk responses can often result in recommendations
for changes to the resources, activities, cost estimates, and other items identified during the
planning processes. When such recommendations are identified, change requests are
generated and processed through the Perform Integrated Change Control process.

ECPMI ECPMMS:2019
2.5.5. Perform CP Risk Response: Activities
The instructions below provide the activities that shall be carried out for risk response:
a) Identify risks and prioritize

b) Differentiate threats and opportunities
c) Evaluate your company’s situation to handle the risks
d) Select one of the responses strategies

ECPMI ECPMMS:2019
2.6. Process Group Six: CP Risk monitoring and Control
General
The Project manager may have little or no control over the external environment, but the project
team do have control over how we interact with the situation. The Project manager and the team
have control over our state of readiness; the team can look ahead and improvise and adapt. The
team can actively monitor significant project risks, including high-impact, low-probability risks,
and control the robustness of our response to identified risk events and the quality of our
documentation. Very importantly, the project manager has control over how earnestly we integrate
risk management into Construction Project Management Plans.
Monitoring and Control Risk is the process of implementing risk response plans, tracking
identified risks, monitoring residual risks, identifying new risks, and evaluating risk process
effectiveness throughout the project. The key benefit of this process is that it improves efficiency
of the risk approach throughout the project life cycle to continuously optimize risk responses.
Planned risk responses that are included in the risk register are executed during the life cycle of
the project, but the project work should be continuously monitored for new, changing, and
outdated risks. The Monitoring and Control Risk process applies techniques, such as variance and
trend analysis, which require the use of performance information generated during project
execution. Other purposes of the Monitoring and Control Risk process are to determine if:
 Project assumptions are still valid,

 Analysis shows an assessed risk has changed or can be retired,
 Risk management policies and procedures are being followed, and
 Contingency reserves for cost or schedule should be modified in alignment with the
current risk assessment.
Monitoring and Control Risk can involve choosing alternative strategies, executing a contingency
or fallback plan, taking corrective action, and modifying the project management plan. The risk
response owner reports periodically to the project manager on: the effectiveness of the plan; any
unanticipated effects; and any correction needed to handle the risk appropriately. Monitoring and
Control Risk also includes updating the organizational process assets, including project lessons
learned databases and risk management templates, for the benefit of future projects.

ECPMI ECPMMS:2019
Constraints
management
legislation
Inputs Outputs
CP management plan
CP risk management plan CP risk Monitoring
CP work performance
CP risk register and Control Information
CP management plan updates
Organizational process asset
updates
Mechanisms
Tools, Techniques &

Competencies
Competencies
Figure 2.10: IMCO for CP Risk Monitoring and Control
2.6.1. CP Risk Monitoring and Control: Inputs

a.) Project Management Plan
The project management plan, which includes the risk management plan, provides guidance for
risk monitoring and controlling.
b.) Risk Management Plan
The risk management plan has key inputs that include identified risks and response directions to
the identified risks.
c.) Risk Response Plan
The risk response plan contains the identified risks and the associated response which are vital
for controlling risk.
2.6.2. CP Risk Monitoring and Control: Mechanisms
a.) Risk Reassessment
Monitoring and Control Risk often results in identification of new risks, reassessment of current
risks, and the closing of risks that are outdated. Project risk reassessments should be regularly

ECPMI ECPMMS:2019
scheduled. The amount and detail of repetition that are appropriate depends on how the project
progresses relative to its objectives.
b.) Risk Audits
Risk audits examine and document the effectiveness of risk responses in dealing with identified
risks and their root causes, as well as the effectiveness of the risk management process. The
project manager is responsible for ensuring that risk audits are performed at an appropriate
frequency, as defined in the project’s risk management plan. Risk audits may be included during
routine project review meetings, or the team may choose to hold separate risk audit meetings.
The format for the audit and its objectives should be clearly defined before the audit is conducted.
Example is included in Annex 2.
c.) Technical Performance Measurement
Technical performance measurement compares technical accomplishments during project

execution to the schedule of technical achievement. It requires the definition of objective,
quantifiable measures of technical performance, which can be used to compare actual results
against targets. Such technical performance measures may include weight, transaction times,
number of delivered defects, storage capacity, etc. Deviation, such as demonstrating more or less
functionality than planned at a milestone, can help to forecast the degree of success in achieving
the project’s scope.
d.) Variance and Trend Analysis
Many Monitoring and Control Risk processes employ variance analysis to compare the planned
results to the actual results. For the purposes of controlling risks, trends in the project’s execution
should be reviewed using performance information. Earned value analysis and other methods of
project variance and trend analysis may be used for monitoring overall project performance.
Outcomes from these analyses may forecast potential deviation of the project at completion from
cost and schedule targets. Deviation from the baseline plan may indicate the potential impact of
threats or opportunities.
e.) Reserve Analysis
Throughout execution of the project, some risks may occur with positive or negative impacts on
budget or schedule contingency reserves. Reserve analysis compares the amount of the
contingency reserves remaining to the amount of risk remaining at any time in the project in
order to determine if the remaining reserve is adequate.
f.) Status Meetings
Project risk management should be an agenda item at periodic status meetings. The amount of
time required for that item will vary, depending upon the risks that have been identified, their
priority, and difficulty of response. The more often risk management is practiced, the easier it

ECPMI ECPMMS:2019
becomes. Frequent discussions about risk make it more likely that people will identify risks and
opportunities.
g.) Risk Management Planning (RMP) Spreadsheet
The RMP spreadsheet can be used and it provides an effective way to summarize project risk
management activities for projects that have conducted a quantitative risk analysis. The sample
spreadsheet is typically used for the most significant risks as determined through the quantitative
risk analysis.
2.6.3. CP Risk Monitoring and Control: Controls and Constraints

Refer to section 2.1.3 for controls and contraints for qualitative risk analysis process.
2.6.4. CP Risk Monitoring and Control: Outputs

a.) Work Performance Information
Work performance information, as a Control Risks output, provides a mechanism to
communicate and support project decision making.
b.) Change Requests
Implementing contingency plans or workarounds sometimes results in a change request. Change

requests can include recommended corrective and preventive actions as well.
 Recommended corrective actions. These are activities that realign the performance of the
project work with the project management plan. They include contingency plans and
workarounds. The latter are responses that were not initially planned, but are required to
deal with emerging risks that were previously unidentified or accepted passively.
 Recommended preventive actions. These activities ensure that future performance of the
project work is aligned with the project management plan.
c.) Project Management Plan Updates
If the approved change requests have an effect on the risk management processes, the
corresponding component documents of the project management plan are revised and reissued to
reflect the approved changes. The elements of the project management plan that may be updated
are the same as those in the process of planning risk responses.
d.) Project Documents Updates
Project documents that may be updated as a result of the Control Risk process include, but are
not limited to the risk register. Risk register updates may include:
 Outcomes of risk reassessments, risk audits, and periodic risk reviews. These
outcomes may include identification of new risks, updates to probability, impact,

ECPMI ECPMMS:2019
priority, response plans, ownership, and other elements of the risk register. Outcomes
can also include closing risks that are no longer applicable and releasing their associated
reserves.
 Actual outcomes of the project’s risks and of the risk responses. This information can
help project managers to plan for risk throughout their organizations, as well as on
future projects.
e.) Organizational Process Assets Updates
The risk management processes produce information that may be used for future projects, and
should be captured in the organizational process assets. The organizational process assets that
may be updated include, but are not limited to:
 Templates for the risk management plan, including the probability and impact matrix and
risk register,
 Risk breakdown structure, and
 Lessons learned from the project risk management activities.
These documents should be updated as needed and at project closure. Final versions of the risk
register and the risk management plan templates, checklists, and risk breakdown structure are
also included.
2.6.5. Perform Monitoring and Control CP Risk: Activities

The instructions below provide the activities that shall be carried out for monitoring and control
risk:
a) Review project progress report

b) Review performance reports including non-compliances
c) Update the documents and assumptions
d) Document lessons learned from the project risk management activities

ECPMI ECPMMS:2019
3. SECTION 3 : Manual Adjustment, Amendment and Revision
3.1.Manual Adjustment
This CPRMM Manual shall be adjusted to confirm to specific requirements of projects in line with
their contractual obligations
3.2.Manual Amendment
The CPRM Manual may be amended for errata and similar circumstances as and when
recognized.
The correction/improvement of this CPRM Manual shall be initiated by Manuals Preparation and
Revision Standing Committee based on the feedbacks collected during the manual's three years
operation period and decision made by the ECPMI.
3.3.Manual Revision
This CPRM Manual shall be revised every three years unless otherwise required due to special
circumstances.
The revision of this CPRM Manual shall be initiated by Manuals Preparation and Revision
Standing Committee based on the feedbacks collected during the manual's three years operation
period and decision made by the ECPMI.

ECPMI ECPMMS:2019
ANNEXES

ECPMI ECPMMS:2019
Bibliography
[1.] Design – Build Institute of America (2015), choosing a project delivery method, A Design –
Build Institute of America Publication
[2.] Institute of Risk Management Registered in England and Wales Reg. No. 2009507
[3.] Project Management Institute (PMI).(2013). A Guide to the Project Management Body of
Knowledge (PMBOK) (5th edition). Newtown Square, PA, USA: Project Management
Institute(PMI)
[4.] Office of Systems Integration “SERVING CALIFORNIA”
[5.] Patrick. X.W. Zou, Guomin Zhang and Jia-Yuan Wang (2013) Identifying Key Risks in
Construction Projects: Life Cycle and Stakeholder Perspectives
[6.] Babak A. Samani, Fazad Shahbodaglou (2012), A Fuzzy Systematic Approach to
Construction Risk Analysis, Journal of Risk Analysis and Crisis Response, Vol. 2, N0. 4
(December 2012), 275-284
[7.] Li Chung-Wei, Tzeng Gwo-Hshiung, Identification of Threshold Value for the DEMATEL
method: Using the Maximum Mean De-Entropy Algorithm, Y. Shi et al. (Eds.): MCDM
2009, CCIS 35, pp. 789-796, 2009©Springer-Verlag Berlin Heidelberg 2009
[8.] ISO / IEC 31010:2009 Risk management – Risk assessment techniques
[9.] David T. Hulett Practical Schedule Risk Analysis (978-0-5660-8790-5) Example
[10.] Amin Vafadarnikjoo, Mahammadsadegh Mobin, Seyyed Mohammad Ali Khatami
Firouzabadi (2016) An Intiutionistic Fuzzy-Based DEMATEL to Rank Risks of
Construction Projects (Proceedings of the 2016 International conference on Industrial
Engineering and Operations management, Michigan, USA
[11.] Chris Chapman and Stephen Ward, (2002) Project Risk Management: Processes;
Techniques; and Insights, 2nd edition, John Wiley & Sons Ltd, School of Management,
University of Southampton, The Artium, Southern Gate, Chichester, England, UK.
[12.] Dale F. Cooper, Stephen Grey, Geoffrey Raymonf and Phil Walker (2005) Project Risk
Management Guideline: Managing Risk in Large Projects and Complex Procurements.
John Wiley & Sons Ltd, The Artium, Southern Gate, Chichester, England.
[13.] International Project Management Association (2015). Individual Competence Baseline for
Project, Program, and Portfolio Management. 4th version, International Project
Management Association.
[14.] Journal of the Applied Mathematics, Statistics and Informatics (JAMSI), 1 (2005), No. 1 1
[15.] Proceedings of the 2016 International Conference on Industrial Engineering and
Operations management, Detroit, Michigan, USA, September 23-25, 2016)

Ecpmi Ecpmms: 2019: Ethiopian Construction Project Management Manuals Series

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ecpmi Ecpmms: 2019: Ethiopian Construction Project Management Manuals Series

Uploaded by

Copyright:

Available Formats

© ECPMI 2019 – All rights reserved ECPMI ECPMMS:2019

ECPMI ECPMMS : 2019

© 2019 All Right Reserved

ii © ECMPI 2019 – All rights reserved

Construction Project Management Manuals Preparation Working

Working Groups Chair

Working Groups Coordinator

Original Version Prepared By:

Manual Quality Assurance and Validation Working Group Members

Wubishet Jekale Steering Committee Chair

Muluken Tilahun Project Coordinator

Denamo Addissie Technical Committee

Release Version Prepared By:

© ECPMI 2019– All rights reserved iii

iv © ECMPI 2019 – All rights reserved

© ECPMI 2019– All rights reserved v

2.3.4. Perform CP Qualitative Risk Analysis: Outputs .........................................................................33

vi © ECMPI 2019 – All rights reserved

© ECPMI 2019– All rights reserved vii

ABBREVIATIONS AND ACRONYMS

viii © ECMPI 2019 – All rights reserved

THIS PAGE LEFT BLANK INTENTIONALLY!

© ECPMI 2019– All rights reserved ix

x © ECMPI 2019 – All rights reserved

Eng. Aisha Mohammed

© ECPMI 2019– All rights reserved xi

xii © ECMPI 2019 – All rights reserved

THIS PAGE LEFT BLANK INTENTIONALLY!

© ECPMI 2019– All rights reserved xiii

xiv © ECMPI 2019 – All rights reserved

ETHIOPIAN CONSTRUCTION PROJECT MANAGEMENT INSTITUTE

© ECPMI 2019– All rights reserved xv

THIS PAGE LEFT BLANK INTENTIONALLY!

xvi © ECMPI 2019 – All rights reserved

A. Construction Project Management Manuals

© ECMPI 2019 – All rights reserved

1.2. Document information

Document name : Construction Project Risk Management Manual

Document number : ECPMMS: WM - 05

Document availability : The hard copy of the document is available at Ethiopian

Document owner : Ethiopian Construction Management Institute (ECPMI)

Document sponsor : Ethiopian Construction Management Institute (ECPMI)

2 © ECMPI 2019 – All rights reserved

1.3. Scope and Application

© ECPMI 2019– All rights reserved 3

1.4. Normative References

Document Number Document Title

ISO 21500 Guidance on project management

PMBoK Construction Extension to the PMBoK® Guide Third edition,2017

PMBOK A guide to PMBOK Sixth Edition

APM Association of Project Management, 6th edition, 2012

4 © ECMPI 2019 – All rights reserved

1.5. Purposes / Objectives

The main objectives of this CPRM Manual are, therefore to:

© ECPMI 2019– All rights reserved 5

1.6. Policies, Principles and Considerations

Table 1.1: CPRMM Policy Document

6 © ECMPI 2019 – All rights reserved

1.6.2. CPRM Principles

Principles: The Main Principles of this CPRM Manual are:

1. Continuously Improving the CPRM System, Knowledge, Skill and Attitude

Table 1.2 : CPRM Principles

© ECPMI 2019– All rights reserved 7