When it comes to Risk Management in Construction Quality Management, CQM Methodology uses the PMI, COSO, and Pialles recommended definitions and best practices. The most important aspect of Risk Management in CQM is that both opportunities and threats must be considered. In addition, it is important to realize that the focus of this section is Risk Management in Construction Projects and not Programs, Portfolios, and Enterprise levels. Therefore, most of the Risk Management Strategies and Tactics are developed at a higher level than the Project Management Office (PMO) and the CQM Manager is to manage and coordinate activities according to the instructions directed by the PMO as standard Risk Management Process and Procedures.
Definition of Risk in CQM
The purpose of this section is to describe the concepts and definitions associated with Risk Management within CQM Framework and highlight the essential components of Risk Management Practices for Integration with a Construction Project Quality Management in the CQM Methodology.
By applying CQM Principles to Project Risk Management, a CQM Manager strives to achieve Quality Excellence in the practice of Risk Management in CQM. This allows the Construction Project Management Professional team (CPMP) to increase the predictability of outcomes and better plan for the preparation needed to develop a Risk Management Plan for the Construction Project.
For Risk Management in CQM to be successful, processes and procedures must be dictated by the PMO after aligning its Risk Management Policy with the organizational Strategy and Governance dictated in the Risk Management of the Program, Portfolio, or even Enterprise level. Therefore, the effort to foster a culture that embraces Risk Management in CQM comes from Top Management by involving the CPMP team and propagate, recognize and encourage throughout the organization. A Quality Excellence Mindset approach to Risk Management encourages the identification of threats rather than ignoring them and identification of opportunities by cultivating a positive mindset within an organization to accept and harness positive changes impacting the various initiatives.
Risks are caused by both Internal and External events or conditions that have positive or negative effects on Project Objectives. It is imperative to understand that there are Known-knowns, known-Unknowns, and Unknown-Unknowns (Johari Window) where the last type of uncertainty is not in the scope of the CQM Methodology. The two CQM Risk Categories are:
Known-Knowns
- Schedule Delays
- Cost Overruns
- Poor Quality
- Insufficient Safety
- Environmental Compliance
- Customer Satisfaction
Known-Unknowns
- Supply Chain Management
- Subcontractor Default Insurance
- Value Engineering
- Political and Regulatory Changes
- Criminality and Vandalism
In either two categories, implementing a proper risk management plan would turn a negative event or condition into a positive one and helps the CPMP team to identify opportunities to take advantage of positive events and conditions in a timely fashion.
According to PMBoK when it comes to risk management, a project manager has the following choices:
- Avoid/Exploit
- Transfer/Share
- Reduce/Enhance
- Accept
However, CQM Methodology has an Integrated Project Delivery (IPD) approach that encourages Risk Management to be integrated in all aspects of the project as Quality Management is applied in a Total Quality Management approach. Therefore, a separate Risk Management Methodology must be discussed and adopted by the organization at the Enterprise level or dictated by the Sponsor of the project to the IPD Team. The purpose of this section is to show the interaction of Risk & Quality Management by referencing Thomas Pialles Dissertation Paper as a good resource for construction-related organizations to develop their own Risk Management Methodology.
Risk Management Process
The CQM Manager is not responsible to perform the Risk Management Process since the RM Process will be developed at the PMO level. However, to integrate Quality into the RM Process and vice versa, it is important for the CQM Manager to have a general understanding of the RM Process and where his role becomes important in the Risk and Quality Integration of the Construction Project.
The RM Process is as follows:
- Plan Risk Management
- Risk Identification
- Risk Qualitative Assessment
- Risk Prioritization and Selection
- Risk Quantitative Analysis
- Risk Response Planning & Execution
- Risk Monitoring & Control
- Risk Management Documentation
The RM Process Accountability for a Construction Project always falls on the Project Manager, however, the responsibility to perform the RM subprocesses might fall on different team members such as Superintendent, Project Engineer, and Quality Manager.
CQM Manager’s Role in RM Process
The CQM Manager can serve tremendously with the Known-Unkown Risk Categories as Quality Control and Assurance data is collected on Subcontractors and Suppliers. A Quality Scorecard that identifies issues or occurrence of a supply chain management risk could be used in the SCM selection and prequalification process. This is vital in projects where Subcontractor Default Insurance is persued to exploit opportunities to lower cost and litigation time.
If proper information is shared with the CQM Manager, he could also collect information needed for Business Intelligence on Cost of Quality to identify the following:
- Cost of Good Quality
- Preventive
- Variation Reduction
- Appraisal Costs
- Inspections and QA
- Tests and Calibrations
- Registration Fees and Costs
- Education / Training
- Cost of Poor Quality
- Downtime and Delays
- Rework & Scraps
- Retest & Validations
- Warranty Related
- Customer Retention
- Litigation & Legal Counsel
- Liquidated Damages Penalty & Fines
Therefore for PMO to help in the Organization’s Enterprise Risk Management, proper directions and procedures must be issued to the CQM Managers in each Project to understand the following:
- Risk Management Organization & Structure
- RM Strategies and Tactics
- RM Process and Performance Measures (KPA & KPIs)
- RM Communication language & channels
- RM and Quality Integration Requirements & Expectations
The above objectives will not be achieved without a Knowledge Sharing, Training, and Coaching system that is properly handled in the PMO level.
Risk Management in CQM
In CQM Methodology, Risk Management and Quality Management serve the same primary purpose, which is to meet Scope Requirements using allocated resources in the allotted time and budget while achieving Quality Excellence. This primary purpose would not be achieved without proper Risk Management to remove all barriers and improve responses to unforeseen conditions and events. While CQM Methodology focuses on needs satisfaction and resolving Quality Issues, this goal would not be achieved without deviation reduction and solving uncertainty problems through an RM Process. Therefore a Quality and Risk Cycle introduced by Thomas Pialles is adapted by the CQM Methodology:
However, since a CQM Manager job is not to perform Risk Management, the PMO needs to identify expectations and required reporting following a proper Risk Assessment Process through a strategic-aligned Assessment Criteria that has assessed the Risk Interactions with the specific Construction Project and Prioritized Risks based on the organization’s Risk Appetite and Thresholds.
Similar to the Quality-Time-Cost triangle where pushing one side will exert pressure on the others, Excessive Risk-Taking will drive the Expected Enterprise Value down, therefore a “Sweet Spot” of Optimal Risk-Taking level must be achieved considering all organization’s capabilities and strategic management plan. (COSO Integrated Framework 2004)
Therefore, per PMBoK Risk Management recommendation and COSO Best Practice the Impact and Likelihood of Risk factors are identified based on safety, financial, reputational, litigation exposure, customer dissatisfaction, shareholder perspective, and employee morale causing turnover are categorized and prioritized in a weighted scale against frequency and probability of the risk happening. Depending on the organization and its Enterprise Risk Management, a frequency rating and probability scale as such could be developed:
Frequency Rating:
- Frequent: Once in every project or a specified period
- Likely: Once in the past 5 projects or 5 years
- Possible: Once in the past 25 projects or 25 years
- Unlikely: Not in the past 50 projects or 50 years
- Rare: Not in the past 100 projects or 100 years
Probability Scale:
- Almost Certain: 90% or greater in every project or a specified period
- Likely: 70 to 90% chance of occurrence in the specified range
- Possible: 40 to 70% chance of occurrence in the specified range
- Unlikely: 10 to 40% chance of occurrence in the specified range
- Rare: Less than 10% chance of occurrence in the specified range
Based on the above weighting system a Risk Index is calculated for every Risk Factor where Risk Prioritization will be documented in the Risk Registry for proper Risk Management.
A mindmap of the Trigger Event, Conditions and possible outcomes could be generated for high priority risk factors to identify possible consequences and select the reaction that best suits the project and the organization in a Decision Tree.
Risk Management Tools & Techniques available to CQM Manager
The outputs of a Risk-Based Quality Management CQM are based on the role, project structure, organizational chart position, job description, and RACI Matrix developed by the Top Management and the CPMP. The broader the role of a CQM Manager is assigned, the more tools and techniques are available to him to select from. At a minimum, the CQM Manager role in an RM-Based-CQM is to collect documentation, data, information, reports, logs, reports, meeting minutes, photos, and track evidence of the progress, changes, RFIs, submittal comments, testing and Inspection reports, QIR & Quality Non-Conformance Reports in a powerful PMIS System.
Considering the Key Performance Areas and Indicators (KPA & KPI) an organization needs to monitor its Business Intelligence, the Risk Management policies within the customized CQM Methodology will include appropriate tools and techniques and outputs requirement from the Apply CQM process. Considering a list of key success areas of KPIs will determine the organization’s Risk Management Strategy.
Successful Risk-based-CQM
A successful Risk Management in CQM approach will improve the following:
- Clarifies risk management efforts expected from the CQM Manager and improves effective Construction Project Management
- Remove Communication Barriers and Noise for higher transparency and better decision-making in problem-solving
- Systematic identification of Quality Issues through an enhance Risk Identification to reduce mistakes and errors
- Lowers exposures to unforeseen situations with a proactive approach to mitigate risks and enhance opportunities
- Confirms compliance with Standards and Regulations for enhanced organization reputation
- Optimize the use of Project Resources for better Project Outputs
- Collects documentation needed to prevent litigations
- Reduce complexity in handling new initiatives through better communication among Stakeholders
- Increase Return on Investment on identified opportunities for better Business outcomes
- Improve overall performance and business results
Construction Risk Factors related to CQM
As discussed, the Risk-Quality Interrelation in a Risk-Based-CQM is very deep and there might be an infinite number of Risk Factors that would be related to Quality and therefore impact the Apply CQM Process. However, to provide a sample list of risks to consider when brainstorming for project-specific risk management planning, the following Sample Construction Risk Checklist is provided from Risk-Based Management Reference Guide by Texas Department of Transporation:
| Context | Risk Description |
| Cost | Unexpected Geotechnical or groundwater issues |
| Cost | Unplanned work or Scope Change |
| Cost | Estimating Errors in Cost or Scheduling |
| Cost | Force Majeure Events such as natural or criminal |
| Scope | Design Changes require additional Investigation |
| Scope | Unexpected 3rd party requirement during construction |
| Scope | Deferring site conditions and incomplete investigation |
| Financial | Lack of Funding or Changes there of |
| Financial | Labor Shortage or Strike |
| Legal | Unforeseen Agreements Required |
| Legal | Dispute on Terms of Agreements or Technical Provisions |
| Operational | Readiness and Availability of Deliverables |
| Operational | Unanticipated Project Management Workload |
| Public | Priorities change and local agency impacts |
