A Risk Management System Using Skanska
Risk is inherent within the Construction industry. Any given project passing through the initiation phase carries with it substantial hazard ranging from resources, budget, time schedule right down to on-site work. Thus, it is imperative for organizations with activities within the construction industry to implement -and adhere to- necessary procedures in order to mitigate or even eliminate risks. The following report is a brief and concise simulation for a Risk Management System using SKANSKA, a high profile company with multi-national activities specialized in construction and project development as case study.
Competence policy in risk analysis
The construction sector is highly risky; in terms of accidents, we count around 300000 persons died each year in the world due to a work accident in a building construction brand. It is then clear that an efficient risk management system is required for a company as SKANSKA, large-scale brand in building construction.
The profitability of a company as SKANSKA depends on the success of its projects which can be achieved only with a good risk management. To be efficient, it has to be thought since the beginning of the process. The brand expresses its main targets and values in its “five zeros vision” which includes the risk management system at each point:
Zero loss-making projects. Loss makers destroy profitability and customer relationships;
Zero accidents, whereby the safety of our personnel as well as subcontractors, suppliers and general public is ensured at and around our projects;
Zero environmental incidents, by which our projects should be executed in a manner that minimizes environmental impact;
Zero ethical breaches, meaning that we take a zero tolerance approach to any form of bribery or corruption;
Zero defects, with the double aim of improving the bottom line and increasing customer satisfaction.
(Our targets, SKANSKA)
SKANSKA is working on huge projects. Each project is unique in terms of size, location, work, organization on sites, personnelâ€¦ Thus risks on the construction sites are always different and a risk analysis is required to avoid project losses. It has to be systematic and efficient in order to identity all potential sources and targets and take the needed measures at an early stage.
SKANSKA group uses its own risk management system and each implantation of the group uses the same methods named the SKANSKA Tender Approval Procedure (STAP) and the Operational Risk Assessment (ORA). This uniformity enables to improve communication between the different sites of SKANSKA in the world.
The STAP method presented below is used to evaluate “construction projects during tender preparation with regard to technical, legal and financial risks” without neglecting others types of risks as environmental, social and ethical risks (Risk management, SKANSKA Annual Report 2009).
(Risk management, SKANSKA Annual Report 2009)
The diagram above presented the risk management policy within the company while evaluating a new tender for a project. We can see that there are three main actors in this procedure who are the business unit, the Senior Executive Team (SET) and the board of directors.
The business unit is in charge of identifying and assessing risks before presenting solutions to limit risks’ probability or gravity or both of those parameters. Its results are then presented to the Senior Executive Team and, if approved, the tender can be submitted.
This procedure is not only implemented at the beginning of the process, but it is reviewed and updated during the executive part of the project as well, since risks can evolve or change radically from a step to another.
Responsibility and authority for the risk training system
A special unit for risk management was also created in 2009. It is called the senior executive team Risk Team (or SRT). This unit aims at “examines and analyzes conceivable tender proposals, investment or divestments before the Senior Executive Team (SET) makes a decision” (Risk management, SKANSKA Annual Report 2009). The SRT is “entrusted with strengthening the Group’s risk management, providing backup for risk assessment work and disseminating knowledge and experience between business units” (Risk management, SKANSKA Annual Report 2009).
SKANSKA’s risk management policy is also evolving; in the future, the SRT will be allocated with a new role which will consist in developing uniform processes to provide the business units with a new common basis system.
The company also uses its Heat Map matrix to choose the right project. This is the fundamental risk analysis which consists in comparing different parameters like product type, location, geography of the site or resources needed, that has proved in the past as being essential parameters for the success of a project. In this situation, SKANSKA uses its own experience to avoid previous mistakes. This approach proves that SKANSKA is improving its system continuously which is important in an efficient Risk Management System.
Relation to the market
As stated earlier, SKANSKA’s company profile and business policy lies heavily within the construction industry. Thus, although it could be beneficial to acquire expertise outside the firm’s organization i.e. subcontracting certain parts of a project, the fields that can and should be given priority with respect to outsourcing and/or acquiring outside assistance in the form of consulting services in the fields of Security and IT. It has to be stated that the selected consultants/subcontractors should operate within the overall company policy spirit and perhaps share one or more operational objectives. In addition, Risk Management can and should be carried out for each project, taking into consideration and special needs, procedures and negotiations with the Client/End User.
4.1 Security Consultants
Crime related risk such as theft and vandalism are felt throughout the world in construction projects. Hence, it is imperative to secure company assets and personnel safety by means of acquiring the services of a Security contractor, preferably of the same caliber and international activity spread similar to SKANSKA. Moreover, certain considerations have to be taken into account and catered for in the process of appointing Security Consultants (SC) according to the country/region that the parent company has undertaken a project. Security needs vary greatly between a project in the Nordic countries, the US, Eastern Europe or company activities and project in Latin America. With respect to the latter, it would be advisable to consider close co-operation with local and regional government authorities to ensure minimal equipment loss and above all, personnel safety. It has to be stated that Security Consultants main responsibility and zone of control lay outside IT security risks as those are treated separately within the IT framework.
4.2 IT Consultants
Although the skills and expertise of SKANSKA personnel presumably possess some form of IT competencies and skills, it would be beneficial to acquire the services of a specialized IT consultant in order to achieve smoother run of operations, ensure high level performance, support and IT-related security. Undoubtedly, having dedicated IT support can and should free personnel from stressful and ad-hoc solutions of varying quality and performance. Moreover, the constant need for technical support with respect to software and perhaps hardware needs spread across the globe makes centralized IT department cumbersome to maintain and operate within reasonable efficiency. Thus, the preferred course of action would be to transfer IT risks to specialized consultants based in the same regions that company activity is present.
The management review
5.1 Risk Management Objectives of SKANSKA
Risk management is essential for SKANSKA’s operation and development; SKANSKA’s risk management approach does not imply avoidance of all risks, but instead aims at identifying, managing and pricing them, and to prevent them from harming the company and to limit the damage that may cause.
5.2 Identified risks and current risk management system
Through systematic and continuous risk assessment of SKANSKA’s activities, major risks that can affect the company’s operation are identified and categorized as strategic, operational, legal, financial, ethical, social and environmental risks.
Strategic risks include making wrong decisions, lack of governance, and etc.; the senior executive team of SKANSKA is responsible for managing the strategic risks; to minimize these risks, the management system shall be regularly reviewed both internally and by trusted third parties; all units of the company are involved in the strategic process.
Operational risks are more complex than the other risk categories; it combines together the market risk, construction risks, information risk, and supplier risks. SKANSKA’s ability to foresee and manage operational risks is crucial in achieving good earnings, current operational risks management solutions include: diversify market structure, perform Earned Value Management assessment on every project on a quarterly basis, continuously monitor and improve information security policy, maintain close contact with suppliers in order to spot warning signs at an early stage and be able to take actions.
Financial risks of SKANSKA are currently evaluated and controlled by the Senior Executive Team; risks related to credit risks, payment flows, subcontractors and joint venture partners are reviewed on quarterly basis by SKANSKA’s SET unit, the unit also conduct regular follow-up of financial risk assessments to monitor and develop solution for special risks such as foreign exchange risks, interest rate risks, and risks related to material prices.
SKANSKA’s long-term aim of Environmental risks management is “zero environmental impact”, to achieve this goal, all projects are strictly controlled to meet or surpass the standards of many national and international environmental labeling and management systems, such as EU Green Building, Leadership in Energy and Environmental Design (LEED), ISO14001 environmental Management System. Environmental risks are assessed by implying Building Research Establishment Environmental Assessment Method and Civil Engineering Environmental Quality Assessment Tool (CEEQUAL).
Major legal risks affect SKANSKA are agreement and contract risks, the Senior Executive Team governs all legal affairs and legal risk reporting system; legal risk are defined and assessed periodically by the SET unit and reported to the Board of Directors.
Ethical and Social risks are important to SKANSKA’s future success and good earnings, due to the diversity nature of this risk category, they are managed on each local unit, the local expertise of business unit monitors and updates these risks as the project progresses.
As we are currently in a difficult economic period, it is important to note that this risk gravity has been decreased at SKANSKA. Due to its large activity, the brand is working with companies of different markets that have not difficulties at the same time and this enables the company to protect its business.
5.3 Risk Analysis tools of SKANSKA
In order to improve the effectiveness of the risk management system and its processes, SKANSKA developed the SKANSKA Tender Approval Procedure (STAP), which has been explained in the Competence Policy section, and the Operational Risk Assessment (ORA), method to evaluate various risks associated with the day-to-day operation.
Operational Risk Assessment analyses a number of general “public exposure” issues from ethical, social and environmental aspects. During the project execution period, it monitors and updates these risks as the project progresses. The ORA can identify shortcomings in project organization; core competences can be mapped for each local unit.
Due to SKANSKA’s sheer size and broad geographical area of activity, the training program representative shall be a member of the management team according to country-specific company activities that in turn shall be held accountable by the corresponding Regional Manager, accountable in turn to Head Office top management team representative. Those responsible shall operate in close conjunction with the relevant Human Resource managers and divisional managers to ensure sufficient personnel competence. In short, the person(s) accountable for performing and ‘owning’ the training program are given in the figure below.
The company is active in regions with major differences in standards, codes of practice and accreditation institutes. For example in the European region, the “current EN standards are in place as of March 2010” while in the Americas, the ASCE standards are the norm. Thus, utilizing a uniform one-size-fits-all approach with respect to personnel competence leads to unsatisfactory results as well as increasing risks for any given project. Hence, regional Human Resource departments are tasked with gathering personnel competence according to their area of operations. Competences can be identified through interviews, observations, and group discussions with employees, supervisors and managers; expert’s opinions can also provide valuable information.
7.2 Contingency Skill Sets
It is highly advisable to broaden competence focus beyond the necessary accreditations but to include skills and interests seemingly irrelevant with staff positions and day-to-day operations. Henceforth, having an additional skill set within each region can allow implementation of said competencies in the following areas:
Ad-Hoc Project Teams
It is evident that by having an ‘extra skills layer’ within the organization it can yield positive results not only when considering Risk Management within SKANSKA, but also overall company performance. Repercussions of implementing such a system can be identified as follows:
Increase in personnel satisfaction
Enhance ‘esprit de corps’ within the organization
Reduce crisis response times
Cost reduction with respect to subcontracting/outsourcing/consulting services
7.3 Improving Competence
According to Spielberger et al, (2004) ”the penultimate goal of assessing competence is to improve competence”. Hence, it is imperative throughout the organization to actively promote skill enhancement not only with short-medium time scale but in tandem with long term objectives. Within this given framework in mind, SKANSKA’s competence improvement scheme will have to be focused on two distinct time-dependant objectives.
7.4 Short-Medium Term Competence Enhancement
In order to achieve goals and objectives on a given project, it is necessary not only to gather those professionals that have the necessary ‘typical’ competence skills but to seamlessly augment trainees/junior graduates and newly recruited personnel. Thus, a mentor scheme in the operational, regional and strategic level can be of great value not only aiming for project-oriented performance but also with continuous improvement of company standards in mind.
7.5 Long Term Competence Enhancement
With SKANSKA’s long term interests in mind as well as staff satisfaction, having members of staff attending college/university courses in order to improve their corresponding skills or even acquire new ones within the context of company policy could work wonders in terms of overall performance. The following flowchart can be implemented and be part of the Perpetual Associate Competence Enhancement (PACE) program. In other words, the organization’s competence improvement program can be characterized by the following figure:
Risk Analysis Methods Training Plan
This section describes a training plan which is designed by Blackjack Group for SKANSKA’s employees to utilize Quantitative and Qualitative Risk Analysis Methods in risk management activities. This lecture features introduction of Monte Carlo methods, Design of Experiment, Fault Tree Analysis, Hazard and operability studies, and SWOT analysis. The training will cover basic knowledge of each method, and how to use them to assess risks with live examples.
The participants are expected after the lecture to be able to:
Understand the concept of Monte Carlo methods, Design of Experiment, Fault Tree Analysis, Hazard and operability studies, and SWOT analysis.
Develop skill at building practical probabilistic models for risk analysis
Understand how to analyze quantitative data and select defensible distributions
Able to conduct Fault Tree Analysis and Hazard and operability studies to assess risk
Able to Interpret the Risk Analysis results
8.2 Agenda of training seminar
First section: Quantitative Risk Analysis Methods
Introduction of Monte Carlo Simulation (Monte Carlo Methods, usage, benefits)
Introduction of Design of Experiment method
Second section: Qualitative Risk Analysis Methods
Introduction of Fault Tree Analysis
Introduction of Hazard and operability studies
Introduction of SWOT analysis
Monte Carlo Methods
Monte Carlo simulation was coined by Metropolis and Ulam during the Manhattan Project of World War II, because of the similarity of statistical simulation to games of chance. (Andrieu et al 2001, P.1-3; Wittwer 2004) It has been introduced in the mid-40’s to predict random events, such as the distance that neutrons had to travel in a substance before colliding with an atomic nucleus (Wikipedia). By definition, “Monte Carlo simulation” is a method of analysis based on artificially recreating a random process (usually with a computer), running it many times, and directly observing the results. (BARRETO & HOWLAND 2006, p.216)
In project management, Monte Carlo analysis can help the project team to determine multiple possible outcomes of projects and tasks as part of your project management work, assist in prioritizing risks and identifying risk strategies; it is also useful for planning and control, risk analysis, budgeting; as a real-time tool, it can provide help for resource planning and control.(Mochal 2002)
In general, Monte Carlo Simulation can offer significant improvements in the fields of risk assessment, project management, and portfolio management, pricing derivatives, strategic planning, project planning, product development and other fields. (Iordanova 2010)
Schuyler mentioned that Monte Carlo Simulation depends upon two essential elements:
A model that projects project outcome and outcome value.
A technique that repeatedly generates scenarios, driven by randomly sampling input probability distributions. (Schuyler, 2001, p.83)
And, the Simulation is usually preferred in the following situations:
Having many significant uncertainties and contingencies.
Involving a portfolio (e.g., strategic decisions involving a portfolio of projects).
Where outcome probability distributions are desired, providing additional insights and for comparing risk-versus-value profiles.
Involving complex decision policy (i.e., one not maximizing EV).” (Schuyler, 2001, p.96)
Design of Experiments (DOE)
Design of Experiments is an approach to identify the variability of a design or a process and how the input variables affect the response. It is often used as a tool to optimize product design and the reliability of the product by identifying the critical design parameters that affect the reliability of the design. ( Safie, 2000)
“DOE can also be used to find answers in situations such as “what is the main contributing factor to a problem?”, “how well does the system/process perform in the presence of noise?”, “what is the best configuration of factor values to minimize variation in a response?” ” (Quality portal)
According to The Engineering Statistics Handbook of National Institute of Standards and Technology (NIST) of the U.S. to conduct DOE involves these seven steps (NIST):
“1. Set objectives, the objectives for an experiment are best determined by a team discussion.
2. Select process variables, process variables include both inputs and outputs – i.e., factors and responses.
3. Select an experimental design.
4. Execute the design.
5. Check that the data are consistent with the experimental assumptions.
6. Analyze and interpret the results.
7. Use/present the results.” (NIST)
Second section: Qualitative Methods
Fault Tree Analysis (FTA)
“A FTA is a deductive (top-down) approach that graphically and logically represents events at a lower level which can lead to a top undesirable event. It is a tool used to answer the question of what can go wrong by identifying relevant failure scenarios.”(Safie, 2000)
The Fault Tree Analysis is a concept used in many different industries to make risks assessment applications. It is a useful tool for analyzing, visually displaying and evaluating failure paths. The fundamental notion behind the structure of a Fault Tree is the realization of a system’s failure behavior and then interpreting the failure in a visualized diagram decomposing the system failure into system’s relationships and root cause fault paths (Ericson). This failure-based approach starts with the top undesired event and making logical steps defines the individual causes of the failure and their interrelationships.
Qualitative Fault Tree Analysis provides a visual description of system functions that lead to undesired outcomes. It can identify failure potentials which may otherwise be overlooked, and determine where to place emphasis for further testing and analysis. Because FTA addresses only one undesirable condition or event at a time, many FTAs might be needed for a particular system.
Example of how FTA works:
FTA analysis involves five steps (Wikipedia):
1. Define the undesired event to study
A person with a wide knowledge of the design of the system can help define and number the undesired events. Undesired events are used then to make the FTA, one event for one FTA; no two events will be used to make one FTA.
2. Obtain an understanding of the system
Once the undesired event is selected, all causes with probabilities of affecting the undesired event of 0 or more are studied and analyzed. For the selected event all causes are then numbered and sequenced in the order of occurrence and then are used for the next step which is drawing or constructing the fault tree.
3. Construct the fault tree
After selecting the undesired event and having analyzed the system we can construct the fault tree. Fault tree is based on AND and OR gates which define the major characteristics of the fault tree.
4. Evaluate the fault tree
After the fault tree has been assembled for a specific undesired event, it is evaluated and analyzed for any possible improvement or in other words study the risk management and find ways for system improvement.
5. Control the hazards identified
This step is very specific and differs largely from one system to another, but the main point will always be that after identifying the hazards all possible methods are pursued to decrease the probability of occurrence.
Hazard and operability studies
A hazard and operability study is used when planning in order to identify hazards and weaknesses and is performance by a team. We can describe it as a systematic analysis that will show up the deviation from what were the main objective or request and the risk potential. Usually the results will be interpreted or guided for the words “no/ not, as well as, part ofâ€¦ etc.”
For use this method as a tool all the team members as the leaders should have some background and experience to be able to use it and to actually get relevant and reliable information, the method consist in to expose the problem and the root of it as the consequences as the possible recommendations. The worksheets to be use are also considered as FMEA forms.
The advantage is that you will have a well visualization of the problems and actually to have an answer for the “what about If â€¦ happen”. Also causes and possible solutions will be shown in this analysis to diminish the risk impacts but a disadvantage is that this method is time consuming so maybe the shareholders, because the urgency of the project, don’t want to use it.
This method is currently use in chemicals or oil companies. Let’s says that the oil fluid goes through the pipelines and the final destination are tanks where all the oil will be hold till there’s a certain quantity to start to process the fluid to convert into gasoline or so. Then the contractor might considered the risk If one of those pipeline are block or has to be due to high pressures or high volumes of gas or water coming from the wheels, so then the team has this scenario where there’s the problem is that will be a blocked pipeline but they know the cause, so one question to consider could be “If this event happened (relevance/probability)What are the consequences?” and so on , so by using this method the contractor will have a greater idea about the possible problems, consequences and cost of the path that they will decide to take as a decision when they have to cope that risk and then to be prepare avoiding higher impacts. Then the response to the previous question will be that to block a pipeline might seem too costly but at the end is cheaper and safety to avoid any explosion or to keep an oil flow when actually is water and the production cost per hour will be a lost due to have more water than oil.
A SWOT analysis is a method used in management to settle strategic approaches for the organization. SWOT stands for Strengths, Weaknesses, Opportunities and Threats; the analysis consists in evaluating those four factors given that strengths and weaknesses are internal factors depending on the company and that opportunities and threats are external factors which depend on the environment of the company and can influence its success.
(Rationale of SWOT analysis, EuropAid evaluation,p1)
The SWOT analysis consists in listing in an objective manner the strengths and weaknesses of the organization and to combine those results with the external factors. By this way, it becomes possible to define a solid strategy where strengths and opportunities will be used as much as possible to make up weaknesses and threats of the environment.
This analysis has to follow those different steps:
Definition of the participants: this includes answering the main questions: who will carry out the study? (Usually the team is composed of persons from different knowledge and departments to have different viewpoints) how many analysis should be made to reach a good analysis?
Definition of the border of the study: in an agency, in a country, others.
Preparation of the analysis session: interviews with key actors and documentary analysis.
SWOT analysis: list and combine the four factors to define the strategy approach.
The figure below presents the questions that have to be raised in order to carry out the SWOT analysis.
(Connection between SWOT’s components, EuropAid evaluation,p6)
To conclude, this method is used as a tool in management and mainly for evaluation and decision-making. It could be useful as an input to management review in order to decide future actions.
8.4 Evaluation of Training results
Training evaluation is very important for the development of trainees, in order to adapt with a complex and rapid change work environment, or to improve quality of work, develop new skills; the trainer has to evaluate periodically the training results and response.
The evaluation can be conducted by trainers following the procedure below:
1. The trainer shall prepare a check list according to the training objectives.
2. The trainer shall interview the trainees and their supervisors to check if the training objectives are fulfilled and any further needs are requested.
3. The interview results shall be documented responded accordingly by the trainer.
Audit of the competence system and controlling actions
Auditing aims to check and diagnose the system pertinence in order to put in light the main strengths and weaknesses of the organization. The idea is to provide enough knowledge to the managers of the company so that they can define news strategies and improve its performance.
Two types of audits can be carried out as internal audits, i.e. within the company by workers, or external ones, by an independent auditing company. Generally, a company uses both of those audits to be able to have a continuously improvement system.
The graph presented on the following page details the overall steps required to carry out an efficient audit. It is extracted from the ISO 19011 standard which deals with quality and environmental management auditing; those are closely linked with risk management system.
(Overview of typical audit activities, ISO19011, p10)
The last step of the process “conduction audit follow up” is carried out during the management review of the organization when results of the audit are used as an input to it and aim at evaluate the performance of the management system. Results of audit can also be used for the qualitative risk analysis since audit purpose is to reveal weaknesses and those can be sources of risks.
Concerning SKANSKA, the company uses those two types of audits:
The first one, the internal audit, is conducted by the “Group Staff Unit Internal Audit and Compliance”, a group unit formed in 2006 in order to “provide backup to the business units related to such fields as human resource matters, information technology, project financing, purchasing and risk management” (Board and management, SKANSKA).
The second one is a means to evaluate each year the overall performance of the management system (risk management system included) from an external viewpoint. This one is carried out by the external Swedish auditing company KPMG AB for a four year period (Auditing, SKANSKA). Results of this audit are reporting directly during the Board’s meeting.
During the meeting, when results are reporting, participants have to improve their management system and, to do so, have to define a corrective and preventive action plan.
The corrective actions are used to correct a current failure. In case of a risk management system, a failure could be a discrepancy between the risk manual and its application in the everyday life of the company.
Preventive actions differ from corrective actions since their purpose is to avoid the failure recurrence. By providing preventive actions, the management system is continuously improving.
Those both actions have to be efficient and correctly followed. The aim of the following audit will also be to verify this and how previous failures are monitored.
In this document, we analyzed the risk management system of SKANSKA Group through reviewing its current competence policy and management review; possible competences in the organization were analyzed by conducting a competence analysis, suggestion of filling the competence gaps were addressed. We also developed a training plan to introduce qualitative and quantitative risk analysis methods to the SKANSKA’s employees; procedures for evaluating the training results were given, too. Finally, we reviewed the current risk audit system of SKANSKA, and the methods of how to improve or secure competence needs.Order Now