Quality Risk Assessment & Mitigation:
Bringing the Construction Quality and Risk Worlds Together
by
CQEC Risk Assessment and Mitigation Subcommittee Contributors
Thomas E. (Ted) Boyce, Mike Stajduhar, Paul Stewart, Dennis McCown, and Stephen Terni
Overview
A high-performing quality program will ensure client satisfaction and enhance the company’s reputation while minimizing rework, warranty callbacks, and potential litigation. Assessing and managing risk is an essential part of the quality equation that benefits all project stakeholders and involves a process for identifying, tracking, and mitigating behaviors and procedures that have the potential for creating deficiencies.
A successful approach to assessing and managing risk begins early in the project lifecycle and includes all key project stakeholders. It is also important to note that managing risk is a long-term process. It is not completed in one meeting or a short series of interactions but is instead a process that must be continued for the entire life cycle of the trade performing a specific scope of work and the project itself. When this is done properly, organizations learn from their results, keep doing what worked well, adjust what did not, and ultimately help stakeholders avoid similar mistakes in future projects.
The first and most crucial step in assessing and managing risk is identifying:
These factors will be influenced by a project’s size and complexity and the relationship between project stakeholders.
In their simplest form, risk items should be tracked using tools that organize and prioritize risk items. Essential information includes:
Moreover, the risk item description should be specific enough, so it identifies the actual problem trying to be solved. Once this is established, teams can then provide the proper oversight, pre-planning approach, and resources to mitigate the risk item.
The purpose of this document is to provide a standard that enables repeatable results, which have been curated through the sharing of lessons learned and industry best practices. This standardized and quantifiable approach to evaluating quality risk will raise awareness of those work activities and project characteristics most likely to impact project safety, quality, schedule, and cost.
A high-performing quality program will ensure client satisfaction and enhance the company’s reputation while minimizing rework, warranty callbacks, and potential litigation. Assessing and managing risk is an essential part of the quality equation that benefits all project stakeholders and involves a process for identifying, tracking, and mitigating behaviors and procedures that have the potential for creating deficiencies.
A successful approach to assessing and managing risk begins early in the project lifecycle and includes all key project stakeholders. It is also important to note that managing risk is a long-term process. It is not completed in one meeting or a short series of interactions but is instead a process that must be continued for the entire life cycle of the trade performing a specific scope of work and the project itself. When this is done properly, organizations learn from their results, keep doing what worked well, adjust what did not, and ultimately help stakeholders avoid similar mistakes in future projects.
The first and most crucial step in assessing and managing risk is identifying:
- the scope
- intended outcomes of the process
- and the specific needs of all project stakeholders.
These factors will be influenced by a project’s size and complexity and the relationship between project stakeholders.
In their simplest form, risk items should be tracked using tools that organize and prioritize risk items. Essential information includes:
- a clear definition of the risk item
- potential outcomes
- level of severity
- and potential for occurrence or reoccurrence.
Moreover, the risk item description should be specific enough, so it identifies the actual problem trying to be solved. Once this is established, teams can then provide the proper oversight, pre-planning approach, and resources to mitigate the risk item.
The purpose of this document is to provide a standard that enables repeatable results, which have been curated through the sharing of lessons learned and industry best practices. This standardized and quantifiable approach to evaluating quality risk will raise awareness of those work activities and project characteristics most likely to impact project safety, quality, schedule, and cost.
Defining Risk
The main intention of tracking project risk is to mitigate that risk, not to transfer risk within the project or organization. Given this, actions taken should be analyzed holistically and individuals should feel empowered to address both task-specific and collective risks.
When evaluating the risk of work activities to construction quality, the following should be considered:
- Numerous or highly repetitive activities
- New or unique materials, equipment, subcontractors, suppliers (or extensive overseas suppliers)
- New or unique inspection methods or acceptance standards
- Activities that have been historically or recently problematic or trending negatively
- Extensive or unique government regulations/oversight of quality
- New or difficult design
Work activities may be assigned a quality risk level based on the potential impact to product quality (low, medium, high) as follows:
- Quality Level 1 - Low Risk: Work activity has minimal impact to the quality of the finished product and would not materially affect safety, schedule, cost and/or reputation. Typically, Level 1 Risks signal a remote chance that requirements will not be met along with a high chance of detection through inspection if there is an issue.
- Quality Level 2 - Medium Risk: Work activity has a moderate impact to the quality of the finished product and will have a modest effect on schedule, cost and/or reputation. Improper installation or inspection will reduce the safety, or overall functionality, of the product. Level 2 Risks signal a moderate chance that the requirements will not be met, and an increased possibility of quality issues going undetected through inspection.
- Quality Level 3 - High Risk: Work activity has a significant impact to the quality of the finished product and will significantly impact safety, schedule, cost and/or reputation. Incorrect installation will cause loss of the primary and/or safety function or catastrophic failure could cause loss of life. Level 3 risks require an elevated level of planning and attention to detail to meet the requirement and will be difficult to detect by inspection if requirements are not met (i.e., buried pipe, cable, or foundation).
Examples of these levels for Concrete construction may include:
|
LEVEL 1 - LOW
|
LEVEL 2 - MEDIUM
|
LEVEL 3 - HIGH
|
Primary Risk: Assessing, Prioritizing, and Managing Quality Risk
It is impossible to prescribe for every organization what low vs. medium vs. high impact would be. So, we suggest every organization create cut-offs loosely based on financial, time, and client relationship measures that are significant to them. Once this has been done, for each work activity, we will first assign a baseline Primary Risk score for the risk of a quality incident based on two classifications:
• Probability: the likelihood of the risk happening resulting in rework or failure.
• Impact or Severity: the consequence or effect the risk will have on the project.
When the probability is multiplied by the impact, the Primary Risk is determined. An example Risk Matrix to determine Primary Risk appears below.
It is impossible to prescribe for every organization what low vs. medium vs. high impact would be. So, we suggest every organization create cut-offs loosely based on financial, time, and client relationship measures that are significant to them. Once this has been done, for each work activity, we will first assign a baseline Primary Risk score for the risk of a quality incident based on two classifications:
• Probability: the likelihood of the risk happening resulting in rework or failure.
• Impact or Severity: the consequence or effect the risk will have on the project.
When the probability is multiplied by the impact, the Primary Risk is determined. An example Risk Matrix to determine Primary Risk appears below.
|
Each of the 9 boxes is assigned a score based on the product of the impact x the probability. We would recommend Low Probability / Low Impact items (lower left) be assigned a 1 and High Probability / High Impact items (upper right) be assigned a 9. Medium Probability / Medium Impact item (center box) would be assigned a 4. Your initial analysis will be used to score the work activity as having low, medium, or high primary levels of risk.
|
|
This initial evaluation of quality risk associated with work activities is considered the Primary Risk. This level of risk analysis may be sufficient for your project. If so, proceed to the section on Assignment of Responsibility below.
Secondary Risk
However, you may find value in considering additional variables that may impact the overall success of particular activities. These additional variables are possible during all phases of construction and they may either increase or reduce Primary Risk. We call this Secondary Risk. Secondary Risk factors include:
However, you may find value in considering additional variables that may impact the overall success of particular activities. These additional variables are possible during all phases of construction and they may either increase or reduce Primary Risk. We call this Secondary Risk. Secondary Risk factors include:
|
|
|
The measure used to account for Secondary Risk will be a weighted score calculated by applying what we will call the Secondary Risk Factor (SRF). Used as a “multiplier”, the SRFs will inform the selection of specific mitigation strategies used to manage the risk of each Definable Feature of Work (DFOW).
We calculate the SRF by assigning 0.1 points for each item in the bulleted list above present for the scope of work being evaluated. For example, we would assign .4 points if the scope is:
Two additional points (.2) would be added if:
Thus, in the hypothetical scenario above, the Primary Risk of the activity would be multiplied by an SRF of 1.6 to arrive at a measure we will call Actual Risk.
We calculate the SRF by assigning 0.1 points for each item in the bulleted list above present for the scope of work being evaluated. For example, we would assign .4 points if the scope is:
- repetitive and in high quantity
- the client is new
- new project type
- environmental conditions unfavorable
Two additional points (.2) would be added if:
- supply chain or subcontractor uncertainties are present
- the scope has been historically problematic
Thus, in the hypothetical scenario above, the Primary Risk of the activity would be multiplied by an SRF of 1.6 to arrive at a measure we will call Actual Risk.
Let us apply the SRF to an Primary Risk example. Specifically, based on the matrix above, if the probability of a quality incident was determined to be “medium” and the consequence of that incident “medium”, it would be placed at the center of our matrix above and receive an Primary Risk score of 4. Accounting then for the 6 project characteristics outlined immediately above; we would multiply the 4 by 1.6 resulting in a score of 6.4.
The SRF in this instance would push the “actual” risk into the high range. In contrast, if the Primary Risk were low probability and low impact = 1 (lower left of our matrix) the same precipitating factors (1 X 1.6 = 1.6) would keep the actual risk in the low range. What’s important to note is that in the first example, we would need to consider adjusting our mitigation strategies to account for the high level of actual risk, in the second we would be more secure in proceeding as originally planned.
Once the Actual Risk is determined, one of several strategies to manage that risk would be selected.
The most common strategies are:
• Mitigate: reduce (or eliminate) the impact, probability, or both, of the risk to some acceptable level by incorporating appropriate procedures
• Avoid: eliminate the event leading to the risk
• Transfer: allocate the risk to another party, one that is better able to deal with it
• Accept: acknowledge that some risks are not feasible to mitigate, cannot be avoided, and cannot be transferred.
The SRF in this instance would push the “actual” risk into the high range. In contrast, if the Primary Risk were low probability and low impact = 1 (lower left of our matrix) the same precipitating factors (1 X 1.6 = 1.6) would keep the actual risk in the low range. What’s important to note is that in the first example, we would need to consider adjusting our mitigation strategies to account for the high level of actual risk, in the second we would be more secure in proceeding as originally planned.
Once the Actual Risk is determined, one of several strategies to manage that risk would be selected.
The most common strategies are:
• Mitigate: reduce (or eliminate) the impact, probability, or both, of the risk to some acceptable level by incorporating appropriate procedures
• Avoid: eliminate the event leading to the risk
• Transfer: allocate the risk to another party, one that is better able to deal with it
• Accept: acknowledge that some risks are not feasible to mitigate, cannot be avoided, and cannot be transferred.
Assignment of Responsibility
For any process to be successful, it must be properly executed. Below is a responsibility matrix we believe can be useful in organizing your project team to successfully assess and mitigate construction quality risk.
For any process to be successful, it must be properly executed. Below is a responsibility matrix we believe can be useful in organizing your project team to successfully assess and mitigate construction quality risk.
The purpose of the matrix is to identify who is ultimately accountable for a particular task, who is responsible for executing it, who should be consulted because they have expert knowledge that can assist with execution, and who should be informed. Our experience is that delineating such responsibilities will enhance communication about critical issues, will ensure that relevant information obtained previously will be shared and that expectations are more likely to be met. After all, Quality Assurance requires that we have the right conversations with the right people at the right time.
Concluding Comments
This paper presented a particular approach to identifying and assessing Construction Quality Risk. The risk matrix and concepts of Primary and Secondary Risk were borrowed from the safety field and applied to quality. Accounting for project characteristics that can alter the probability and impact of Primary Risk as a way of measuring actual risk is an innovation introduced here. It is our mission to encourage those responsible for Quality Assurance / Quality Control to recognize factors beyond specifications that could impact job quality. If such items are identified and managed proactively, proper mitigations can be used to lower actual risk and perhaps even mitigate the Primary Risk. We hope this paper provides a foundation for conversations that will lead to further innovations at your organization and in the design/build world.
Concluding Comments
This paper presented a particular approach to identifying and assessing Construction Quality Risk. The risk matrix and concepts of Primary and Secondary Risk were borrowed from the safety field and applied to quality. Accounting for project characteristics that can alter the probability and impact of Primary Risk as a way of measuring actual risk is an innovation introduced here. It is our mission to encourage those responsible for Quality Assurance / Quality Control to recognize factors beyond specifications that could impact job quality. If such items are identified and managed proactively, proper mitigations can be used to lower actual risk and perhaps even mitigate the Primary Risk. We hope this paper provides a foundation for conversations that will lead to further innovations at your organization and in the design/build world.