Risk management is the order of the day, especially in large infrastructure projects with a significant share of underground structures, where the risks are generally high. If such a project is performed as a PPP model the demand for an efficient risk management system becomes even more important. For such projects, not only the classic hazards like changed ground conditions and time extensions can cause severe cost overruns but also other factors like lack of funds, increased cost of loans, political uncertainties etc can play their part. A comprehensive risk management system can help to identify the risks and minimize their consequences.
For the owners it is vital to know in advance the final cost as accurately as possible. To achieve this it is common to start with a basic cost estimate and then add a provision for risk – normally a percentage of the basic cost – plus other factors like price escalation etc. This method is only sufficient for simple projects. A single deterministic figure will probably indicate the expected cost, but does not reveal the minimal/maximal cost to be expected, nor does it provide any information on the probability of occurrence.
To cover this the authors propose to quantify risks using probabilistic methods and to consider the uncertainties related to the basic cost estimate by using the same approach. The result is a probabilistic distribution for the basic cost and a probabilistic distribution for the cost of risks. To support this process through all stages of a project the authors developed software called RIAAT Risk Administration and Analysis Tool. It supports the risk management process from identification and assessment of risks through modelling of distribution density to aggregation.
The basis for an application of the tool is the same as for any other method of risk management namely a comprehensive identification and assessment of all risks related to a project. This basic work and the process of updating the risk assessment and the process of risk mitigation and control – often summarized under the term risk management – are supported and organized by the tool. The use of probabilistic methods not only for the risk analysis but also for the basic cost estimate is maintained throughout the whole process. The advantage of a probabilistic approach lies in the fact that by using values lying within a bandwidth and modelled by a defined distribution density the reality can be modelled better than by using deterministic figures.
Cost estimate and risk assessment
Cost estimates are always afflicted with significant uncertainties because in the early project stages neither quantities nor prices are exactly known. Furthermore the bill of quantities normally contains only major items; most of the smaller items are missing respectively and are not considered at this stage.
Generally data is derived from completed projects to estimate the cost of a new project, and normally show a considerable spread. Interpreted properly this contains a lot of information like min/max cost of items and the value most likely to be expected. If, as it is often done, only the mean value or the median is used for the cost estimate, the information on other values, which are less likely to occur, is lost.
The way to transfer this information into the next steps and preserve it throughout the whole process of risk management is by modelling it through a function defining a distribution density and use probabilistic methods throughout all stages of the risk management.
The same applies for risk assessments. If risks are evaluated using deterministic figures instead of considering the bandwidth and distribution density of the probability of occurrence and the financial consequences, the information which is in these figures, is neglected. By incorporating bandwidth respectively distribution density more specific results will be achieved. Figures for a Value at Risk (percentage of the risk-potential), the minimum and maximum costs will become available. Figure 1
Modelling uncertainty
Commercial software for risk analysis provides a number of density distribution functions for modelling uncertainty. A number of them are even incorporated in MS-ExCel. Commercial risk management software like @risk, Crystal Ball[1] and others are offering additional features like, risk classifications, risk correlations and aggregation by various methods (e.g. Monte Carlo, Latin Hypercube) besides providing a wide choice of functions. The problem with most of them is that they are too sophisticated for the purpose of cost estimation and risk assessment in civil engineering and require input data and parameters, which are not available for the sort of projects we are looking at. What is missing in all of them are features for the administration and traceable documentation of risks over the various project phases.
Based on earlier works[2, 3] and experience from research[4] and encouraged by the positive feedback from pilot projects the authors choose an approach that is more appropriate to the engineering mind; using mainly rectangle and triangle distributions. The first one is utilised to model uniform distributions, the second one for modelling most other distributions. One of the advantages of the triangular function is that it requires only three input data: Expected (most likely) value, minimal and maximal value.
Taking into account that the probability of occurrence for a typical tunnelling risk like a cave-in cannot be deducted from statistics, asking for an expert opinion is often the only way to assess the risk probability of occurrence and consequence. Most experts will be able to indicate the probability of occurrence within a bandwidth – e.g. between 10 and 40% with a value most likely to be expected at 20% – as well as the consequences in time and cost within certain limits, this time with a minimal and maximal value plus an estimate for the value most likely to be expected. In this case, as in other cases, where subjective probabilities have to be modelled the use of a triangle distribution will be the best solution (figure 2).
The triangle function is easy to determine and offers considerable flexibility in shape. The self explaining nature of its defining parameters and speed of use offers a perfect solution for many modelling tasks. An alternative way to keep it simple would be the use of PERT. This is a simplified version of the beta distribution, which does not require more input parameters than the triangle distribution. If putting more probability around the most likely value is advisable it is a good alternative to the triangle distribution[5, 6]. RIAAT was designed to allow the application of PERT as an alternative.
Another consideration in favour of the triangle function is the aspect that simple basics are essential if quantitative risk analysis using probabilistic methods shall find wider acceptance. It should also be kept in mind that in dealing with uncertainty, increasing accuracy of values does not necessarily lead to higher certainty. In the authors’ opinion it is more advisable to determine the accuracy of each value individually by setting the spread and weighting by a “simple” function for distribution densities than using sophisticated functions. Those would be only appropriate for risks which can be covered by classical insurance, where statistical methods prevail.
Aggregation of risks
As soon as the distribution densities for the identified risks are determined they can be aggregated using Monte-Carlo-Simulation or Latin Hypercube-Sampling. The result will be again a probability distribution, which displays the overall risk potential. With the figures and distribution curve available the owner can decide, which potential of the risk shall be included in the budget. If the aim is to cover 80% of the risk potential, a figure for Value at Risk 80 has to be determined. Figure 3 shows the determination of Value at Risk 80 using the probability function and the Lorenz curve. Both diagrams are showing the same results in a different exposition. In our example it will be necessary to reserve 3.507 Million Euro to cover 80% of the identified risk potential (figure 3).
Software support
In the preceding text three tasks risk management software should support were identified:
• Modelling of uncertainties in basic cost estimate
• Modelling of density distribution for individual risks
• Methods for aggregating cost items and cost of risks
In addition to these basic tasks good risk management software should provide methods and tools for the administration of the risks over all phases of the project. A number of guidelines and standards giving advice on how to implement an effective risk management and how to structure the risk management process exist. Some[7, 8] are of scientific and more theoretical nature, some more practice oriented[9, 10].
Following the general rules of the Austrian guideline and in close cooperation with the project organisation of ÖBB (Austrian Federal Railways) for the Koralm Tunnel the authors have developed their Risk Administration and Analysis Tool RIAAT. It was designed with the purpose of giving computerised support for the whole risk management process and was applied with great success for the risk analysis in the pre-tendering phase of this 38km long railway tunnel in south Austria.
Development and execution of any project is performed in steps or stages. According to[5, 6] cost estimates and risk analysis should be performed for each of the following phases: Conceptual design; preliminary design; tender design; final design; and project execution.
For each stage a new cycle of risk analysis will be performed. Except from the initial step, where risk catalogues and other basics have to be determined and the risk catalogue has to be set up and risks identified for the first time, the following cycles are mainly performed by updating. Only between the tender design/final design and project execution stage substantial modifications are required. The reason is that a number of risks, which were originally contained in the portfolio, are reduced or avoided by measures provided in the final design. Others are considered in the contract and thus transferred partly to the contractor (figure 4).
Setting-up the risk management process
In using RIAAT the risk management process starts with determining the basic parameters and structuring the project. Nominating members of the client organisation, design engineers, geologists etc, who shall con-tribute to the risk analysis and participate in the risk management process and determining the number of cycles and details of the reports, are the main tasks at this stage.
Risk identification – is the first step of the actual risk management process. For this purpose brain storming and check lists etc, can be used. RIAAT provides catalogues for this purpose, which is structured in three or more levels depending on the complexity of the project. This approach allows for assessing and aggregating the risks form bottom up. It further allows determining groups of risk of a similar nature – e.g. unforeseen ground conditions, environmental and political problems etc. – which shall be separately analysed and aggregated. At the same time the tree-structure makes it possible to track each risk back to its origin. A clear structure like the tree structure is also helpful in avoiding redundancies while defining the risks.
Risk analysis
The screen shot in figure 5 shows the input mask for the quantitative risk assessment in RIAAT. The example deals with deformations of drilled piles. The risk is characterised through the probability of occurrence and the financial consequences.
In defining the probability of occurrence the user has the choice between a button for risks occurring only once (single occurring risks) and a button for risks occurring several times in one section (multiple occurring risks). It is advisable to describe risks occurring only once by using a deterministic figure indicating the percentage of probability. Multiple occurring risks are characteristic for infrastructure projects like highways, railway lines and tunnel. In these types of projects risks of a similar nature in one section can occur several times at different locations. Examples for tunnelling are falling-ins or the replacement of defective segments of the lining or the correction of surface imperfections in road construction. Such incidents are best described through a figure for the average occurrence. In this case the financial consequences are calculated for each event and summed up to determine the overall risk potential.
The financial consequences for the risk shown in Figure 5 are detailed in four elements: material (anchors), labour cost, running costs of site and planning costs. Each element consists of two factors – quantity and price/cost – each of them can be modelled individually through a distribution density.
In RIAAT modelling the distribution densities of factors is normally done by triangle functions or in case of uniform distribution by rectangle functions. As mentioned before PERT is available as an alternative. Additional flexibility in modelling distribution densities is provided by a module called BUILD. This module allows modelling distribution densities for special cases.
If incidents with a statistical probability like floods or traffic accidents shall be considered, standard functions used in statistics like Normal, Beta, Lognormal could be added to the inventory. The software also foresees the possibility to determine a correlation factor between items/elements and factors. It is also possible to indicate measures to avoid or minimise risks and aggregate these figures together with the cost of risks.
If RIAAT is used for cost finding most procedures are very similar to those described above. There is only one big difference: the probability in cost estimates will always be 100%. The reason is very simple: costs always occur.
Risk aggregation and administration
After having analysed and evaluated all identified risks the aggregation will be the final step of each cycle. The result will be a probability distribution and Lorenz-curve as shown in figure 1 and figure 3 respectively.
RIAAT provides the means for a comprehensive documentation, which allows for tracking individual risks and the total risk potential over all phases of the project execution. The standard report contains elements like the risk catalogue, diagrams visualising and comparing individual risks by using popular analysing methods and the final aggregation. It includes the costs of risk avoidance or mitigation and a detailed description of the financial consequences. If required a statistical overview of the change in risk potential over the project phases is also available.
Conclusion
Risk analysis and risk management for large infrastructure projects using probabilistic methods offer great advantages for clients and owners. The software developed by the authors, combines tools for risk analysis with methods for comprehensive administration and documentation of changes and updates of risks over the various stages from project development to project execution. The most valuable information it provides is the value at risk at any level and stage. Combined with a cost estimate considering uncertainties related to quantities and costs, it provides the owner with a solid basis for budgeting, risk management and cost control.
The actual version of RIAAT (Risk Administration and Analysis Tool) contains basic elements to assess the time extension related with risks. Efforts will be made to develop this into an additional module/plug-in linked with RIAAT. T&T
Top: Fig 1 – Sample of an aggregated risk potential; Middle and Bottom: Fig 2a and 2b – Triangle and Rectangle (Uniform) Distribution Top: Fig 3a – Probability Distribution for aggregated risks displaying the same result; Middle: Fig 3b – Lorenz Curve for aggregated risks displaying the same result; Bottom: Fig 4 – Steps of the risk management process supported by RIAAT Fig 5 – Quantitative risk assessment with RIAAT
