Risk & contingencies – a brief introduction

One of the hot topics frequently discussed in the creation of the budget for big projects is the appropriate contingency level and how to estimate it.

My colleague Giuseppe had found an interesting paper online that has been the starting point for this post.

So, what are contingencies?

Some far reaching definitions consider different typologies of contingencies:

  1. Money in the budget
  2. Float in the schedule
  3. Tolerance in the technical specifications
  4. Tolerance in the quality
  5. Tolerance in the scope of work

Possibly this is a very broad approach, so I will focus only on the first point.

Monetary contingencies are added to the estimate “to allow for items and events for which the state, occurrence or effect is uncertain” (the definition is proposed by the Association for the Advancement of Cost Engineering).

Several concepts are usually excluded from the contingency budget:

  • Major changes in scope
  • Extraordinary events (such as the one indicated in the Force Majeure clauses)
  • Currency exchange risk (this is usually hedged or it is included in a different section of the budget)

Basically in the definition of contingencies the focus is on the “negative risks” that can create a loss if they materialize (“positive risks” is a fancy way to call the opportunities).

Identified vs unidentified risks

A key distinction should be made between identified risks and unidentified risks.

Identified risks are “known unknowns” – that is, risks you are aware of (a classic example would be the geotechnical risk.

Unidentified risks are more similar to “unknown unknowns” – risks that come from situations that are so unexpected and difficult to foreseen even to subject matter experts that they would not be considered.

On top of this type of risk, there are also risk that emerge later in time – as a result of our actions and decisions or as a result of actions and decisions of external agents.

For this reason risk management processes include periodical risk reviews: you do your best to identify all risk at the beginning of the project but the situation can evolve in unexpected ways.

Identified risks can (and should) be managed: they should be included in a risk register, with a quantification, a predefined plan if the risk materialize, an owner, etc.

Strategies for identified risks

Additionally, several strategies are possible for identified risk: they can be

Avoided (if a subcontractor has a poor financial status it can be removed from the bidders list)

Transferred (if the failure of the main transformer can put at risk the viability of the investment, a business continuity insurance can be purchased)

Shared (if a project is very big, possibly a Joint Venture could be a good choice)

Mitigated (if a construction technology is very complex it could be a poor choice in an emerging country, where an easier solution could be a less risky choice)

Accepted (in this case, usually a monetary reserve is created for the accepted risks).

What about unidentified risks?

Unidentified (“unknown”) risks are conceptually different. Even if a great effort has been made to identify all possible risks the experience show that when the project is finally built several unforeseen events will happen, impacting the budget.

The quantification of the contingency for these unknown risk is a complex topic and a never ending source of discussions when budgeting a project.

I have found an interesting chapter on the subject on a book on Project Risk Management (by C. Chapman and S. Ward, ISBN 978-0470853559).

They consider that the residual uncertainty has three sources:

  • Explicit assumptions (known unknowns)
  • Implicit assumptions (unknown unknowns)
  • Bias (systematic estimation errors)

They suggest to use three different “scaling factors” to consider these sources of uncertainty, Fk, Fu and Fb, The product of the three factors is designated F3:

F3 = Fk x Fu x Fb

The authors suggest that even if estimating these factors is highly subjective not doing so lead to an even worst scenario, a “Conspiracy of Optimism”.

The logic is that would be seriously irrational to believe that such factors do not apply to your project unless you have solid grounds to prove that.

Even if different stakeholders could have a different view on the value of these factors the debate itself inside the organization should prove to be beneficial: refusing to acknowledge and discuss the issue will not make it disappear.

I believe that the same logic should apply when a risk register is created.

The meaning of a qualitative analysis of a risk (“There is a high probability of a small impact on budget”) should be made explicit.

Is an high probability 80% or 99%? How small is a small impact? And so on.

Leave a Reply

Your email address will not be published. Required fields are marked *