NEHNUTEĽNOSTI a BÝVANIE II. ročník / 2.

číslo
Vedecký časopis
Ivana Burcar Dunovic1
Mladen Radujkovic2
Mladen Vukomanovic3

RISK REGISTER SYSTEM FOR CONSTRUCTION PROJECT MANAGEMENT

Abstract
Based on overall research results and the current situation in practice, it is clear that risk
management practice in the construction industry is at quite a low level. In order to
improve it, a risk register needs to be implemented in regular construction company
business. The research started with data gathering and analysis on current usage of risik
register in risk management and its characteristics. As a result, model of a Risk register
system was developed to serve as platform for risk management process and knowledge
base to improve performance of construction firms. Its data structure supports the whole
risk management process and its modular implementation to accommodate every level of
risk management practice.

INTRODUCTION

Poor knowledge and practice of risk management in Croatia’s field of construction

initiated research into the topic at the University of Zagreb, Faculty of Civil Engineering in 1996.
It was conducted under two research projects financed by Ministry of Science and Technologya.
Initially the research was focused on the overrun occurrence. We tried to find out data
about qualitative position of construction industry in transition economies regarding the problem
of planned budget and time overrun. The research included key project participants who provided
initial perspective of the most frequent overrun sources resulting in risk breakdown structure
(RBS). [1]
Later, the research was oriented towards linking RBS logic and risk drivers. We were
investigating which event, issue, or other driver, turned on the risk from the passive to active
position, and how the potentially successful project became less successful.
The last research period comprised construction project risks through several research
topics; risk management model for construction equipment in motorway projects [2], calculation
procedure in construction project information system [3], planning for sustainable construction
time [4] and S-curve modelling in early project phase [5].
Today, risk management in construction is acknowledged as a very important part of
project management and a very interesting subject to write about as well. It is frequently
discussed, but the practice is still at an inadequate level. Reasons vary from case to case, from the
lack of knowledge to implementation of risk management, or the lack of resources. However, the
reasons are mostly related to a poor knowledge of risks per se.
Just as humans learn and gain experience from their mistakes and the mistakes of others,
so must companies be capable to do so by the use of a "permanent brain" of the company. Among
1
Ivana Burcar Dunovic, M.Sc.C.E., University of Zagreb, Faculty of Construction Engineering, Department for
Construction Management, 10 000 Zagreb, Kaciceva 26, Croatia, [email protected]
2
Prof. Mladen Radujkovic, PhD, University of Zagreb, Faculty of Construction Engineering, Department for
Construction Management, 10 000 Zagreb, Kaciceva 26, Croatia, [email protected]
3
Mladen Vukomanovic, M.Sc.C.E., University of Zagreb, Faculty of Construction Engineering, Department for
Construction Management, 10 000 Zagreb, Kaciceva 26, Croatia, [email protected]

12 12
NEHNUTEĽNOSTI a BÝVANIE II. ročník / 2. číslo
Vedecký časopis
other things, the risk register is considered as a repository of knowledge on risks, therefore our
aim is to come up with directions for a risk register structure design to be used in construction
companies.

1. WHAT IS A RISK REGISTER?

Although the risk register frequently emerges in works on risk management and often
appears in risk management methodologies, there are few writings about its construction and
development. However, many organisations do store their risks in undisclosed forms of paper or
computer-based risk registers [6], which was confirmed by a research conducted by the Design
Information Group at Bristol University [7]. Moreover, there are limited information on their
structure.
A review of available literature resulted in different definitions for risk register and views
on its role in project risk management. Therefore, only some of them will be presented in this
paper.
Williams [8] points out that project risk register should play a key role in risk
management process and emphasize its two main purposes. "The first is that of a repository of a
corpus of knowledge"…which has bigger importance for large firms and project teams where all
members do not have good project overview. "The second role of the risk register is to initiate the
analysis and plans that flow from it." This is a more substantive role as a foundation for the
analysis and management that flows from knowledge of the risk.
Barry defines the risk register as a comprehensive risk assessment system, used as a
formal method of identifying, quantifying and categorising risks and providing the means of
developing a cost-effective method of controlling them. [6]
Godfrey at al. [9] proposed ten steps to risk control placing the risk register in the centre
of the process. It is considered as the outcome of risk assessment and the means of recording and
controlling the risk management process. Risk register development is presented through
spreadsheets used for prioritizing risks, creating mitigation plans and assigning responsibilities,
and most important, for monitoring risks to assess mitigation strategies effect. The purpose of the
risk register is formulated as the means for recording and controlling risk management process,
but it does not replace decision making.
Smith [10] takes the risk register or risk log role to help formulate risk management
strategy providing total project risk exposure overview, based on budget and program sensitivity
to identify risks and their impact in terms of budget overrun, delay and impact on the project
performance. The aim is to determine the most effective strategy of risk avoidance, mitigation
and/or transfer, provide an audit trail and risk management tool to prompt risk owners to take
action.
Patterson and Neailey [6] define risk register as a tool for recording and documenting
information generated through risk management process, and to enable consciously evaluate and
manage the risks as the part of the decision making process. It also provides a platform for
mitigation actions and future decisions while enabling better understanding and acceptance of the
visible risks, and documenting project reduction and mitigation plans.
Becker [11] writes about risk database as a tool for monitoring and reporting on risk
management process describing it as a relatively simple matrix. Such matrix encompasses all data
related to risk event (risk description, likelihood, consequences, response strategy and plan,
driver event, closing date,…) grouped according to risk management phase through which data
are generated.

13 13
NEHNUTEĽNOSTI a BÝVANIE II. ročník / 2. číslo
Vedecký časopis
In the questionnaire on risk register conducted in Croatian construction companies
respondents were asked to choose two statements defining risk registers (taken from different
authors). Three different statements by Williams, Barry, Patterson and Neailey, cited above, were
the most frequently selected ones. The questionnaire also resulted in giving the most important
possibilities that the risk register has to enable:
a. documenting risk source, response and its classification
b. saving information on all risks identified at the beginning and through the project life
cycle
c. prioritizing risks regarding likelihood of occurrence and impact
d. systematic data storing to establish repository of knowledge for future projects

2. RISK REGISTER FOR CONSTRUCTION PROJECT MANAGEMENT

2.1. Risk Register Characteristics

Risk register as a tool for comprehensive risk assessment, risk identification,

quantification and categorisation should make possible recording qualitative and quantitative
data, data needed for categorisation, prioritization and assessment. For a conscious risk
evaluation and management it should provide information based on filtering and combining
summary data, as well as cost-benefit analysis using data costs and their changes through all
phases.
Data entry and structure should follow risk management process to meet the demand for
data record and documentation generated throughout the whole risk management process, which
means recording and documentation of needed input and output data from each phase.
An important role as a repository of knowledge, i.e. source of data and information on
risks, will be accomplished through risk register application as a platform for construction project
risk management on every project and conscious, systematic storage of generated data.
To support integration of information of risk in project communication risk register must
be able to support creating various reports.

2.2. Model of the Risk Register System

The model of the Risk Register System (RRS) consists of two parts, Project Risk Register
(PRR) and Central Risk Register (CRR) (Figure 2). Project Risk Register enables recording risk
data throughout the whole risk management process in order to collect data for each construction
project. Furthermore, this part has the role of a platform and tool for project risk management and
communication. Providing continuous risk tracking it can become a medium for communication
between project stakeholders.
Risk data from all projects are stored in the Central Risk Register. This part of RRS has a
function of "repository of knowledge" and a tool for project risk identification, and during long
term utilisation it becomes a source for quantitative and qualitative risk data. As a source of data
on risk response, tracking and controlling, it enables particular response efficiency evaluation as
well as undertaking a consequence-based action. For the CRR to fulfil all its functions it is
necessary that the planned and actual data should be compared and summarized in relation to risk
"behaviour and reaction". If any data on changes causing modification of a risk component or
characteristic exist, more reliable information and conclusion on sources and drivers can be

14 14
NEHNUTEĽNOSTI a BÝVANIE II. ročník / 2. číslo
Vedecký časopis
obtained. A comparison of initial response plans and actual actions and consequences will enable
risk management quality assessment and improvement.

Figure 2: Model of Risk Register System

2.3. Data Structure in RRS

Data and structure of PRR (Figure) arise from the model of RRS and risk management
process; therefore, they need to involve all risk components and characteristics through all the
stages of risk management process. From recording and structuring aspect there are two major
groups of data:

 project level data describing project characteristics directly or indirectly related to risks,
and
 risk level data describing risk characteristics and components necessary for generating
information and needed for risk management process

All risks identified for each project are grouped according to their sources into three level
risk source RBS (risk breakdown structure).

Considering phases through which they are generated, risk data are grouped into three
columns:
 planned (initial) data,

15 15
NEHNUTEĽNOSTI a BÝVANIE II. ročník / 2. číslo
Vedecký časopis
 monitoring data, and
 actual (final) data.

Planned data for risk level data are a result of initial risk identification, assessment and
response, while for the project level data these are planned data on project duration and budget.
Monitoring data for both levels are logs on planned data during risk monitoring stage,
while actual (final) data are the data on actual project outcomes at the project close-out including
risk closing data.

Figure 3: Risk Register data structure

There is one more group of data on the project level not subjected to changes during the
project, but describing project characteristics, introducing stakeholders and setting out success
factors.
All data at the project level are required, whereas data on the risk level are depending on
the risk register application level which differs related to the level of defining risk and application
of risk management.

16 16
NEHNUTEĽNOSTI a BÝVANIE II. ročník / 2. číslo
Vedecký časopis

3. APPLICATION OF RISK REGISTER SYSTEM

The application of the risk register can be performed in 3 stages which differ according to
the extensiveness level of risk data and analysis application in risk management.
Risk data are grouped into 3 groups:
 Required data – are including general data necessary for database functioning, basic,
mostly qualitative data on risk components and response and all project level data;
 Additional data – are determining closely risk components and their characteristics;
 Advanced data – are including quantitative data for assessment and prioritizing risks, cost
benefit analysis of responses and connection with monitoring data.

Risk Register application starts with Required data, and is continuing by including
Additional and Advanced data. An Application level from the lower level, which includes only
Required data, can rise through two possible options, by including Additional or Advanced data,
while the highest level includes all 3 groups of data (Figure 4).

II. LEVEL
1. option
Required data
III. LEVEL
I. LEVEL +
Additional data Required data
Required +
data Additional data
II. LEVEL +
2. option Advanced data
Required data
+
Advanced data

Figure 4: Application levels of RRS

To establish a useful CRR of a high quality in any construction firm it is necessary to

create PRR for every project which can be accomplished through systematic risk management
and an additional effort of project managers and firm management. Therefore, to ensure its
implementation decisions at the management level are needed for this undertaking, along with
organisational measures.

17 17
NEHNUTEĽNOSTI a BÝVANIE II. ročník / 2. číslo
Vedecký časopis
COMPANY (FIRM)
Management
PROJECT

Project Project Risk Initial

manager Register reports

Central
Regular

Risk Register
reports

Final
reports

Figure 5: Risk register in business system

The idea is that no additional resources are needed as each project manager would be
responsible both for PRR in his project and for storing data in CRR, which should be his regular
responsibility during and after each project management phase, especially after project close-out.
To make this achievable, Risk Register System utilisation should not be made complicated,
should not require unnecessary extra time and effort, and should not be totally automated, which
means that conscious action should be undertaken to ensure data quality in CRR. Data are stored
in CRR after having undergone management review and approval and any alterations would be
possible only with management approval based on special explanation (Figure 5).

4. CONCLUSION

One of primary requests on RRS is the quality of collected data; therefore risk register has
to accommodate risk management level applied in the company. Proposed Risk Register System
has major advantage because of its flexible structure which enables its application regardless of
risk management level. It can be used in firms with advanced as well as in those with lower risk
management practice and knowledge, supporting and directing progress in risk management
practice towards complete application.
Even the application of RRS with PRR only at the I. level would make a difference in
improving the risk management and project management in construction projects. Improving
project communication with regular reports on risks it gives enhanced perspective on project for
all stakeholders.
An extension of application to CRR will result in creating a database of good and bad
practice which will definitely contribute to the improvement of project management practice in
construction.
The application of the risk register is essential for many reasons: learning from the past,
collecting best practice, and providing a supportive tool. The application of an adequately

18 18
NEHNUTEĽNOSTI a BÝVANIE II. ročník / 2. číslo
Vedecký časopis
structured and designed risk register can significantly contribute to the success not only at the
project level, but also at the company level.

REFERENCES
[1] Radujković, M. (1997). Risk Sources and Drivers in Construction Projects. In International
Symposium PRM’97 - International Project Management Association IPMA, Helsinki, pp. 275 –
284, E&FN SPON, London.
[2] Inal, F. (2005). Risk Management Model for Construction Equipment in Motorway Projects.
Doctoral thesis, Faculty of Construction Engineering, University of Zagreb, Zagreb.
[3] Bevanda, L. (2004). Calculation procedure in construction project information system,
Master thesis, Faculty of Construction Engineering, University of Zagreb, Zagreb.
[4] Car-Pušić, D. (2004). Methodology for planning sustainable construction time. Doctoral
thesis, Faculty of Construction Engineering, University of Zagreb, Zagreb.
[5] Ostojić Škomrlj, N. (2004). Modelling S-curve for project cost in conceptual phase of
construction project, Doctoral thesis, Faculty of Construction Engineering, University of Zagreb,
Zagreb.
[6] Patterson F.D., Neailey, K. (2002). A Risk Register Database System to aid the management
of project risk, International Journal of Project Management, 19, 139-145.
[7] Crossland R, McMhahon, CA, Simms Williams JH. (1998). Survey of current practices in
managing design risk, Design Information Group, University of Bristol.
[8] Williams, T.M. (1994). Using a Risk Register to Integrate Risk Management in Project
Definition. International Journal of Project Management, 12, 17-22.
[9] Godfrey, P.S., Sir Halcrow, W. and Partners Ltd. (1996) Control Of Risk – A Guide to the
Systematic Management of Risk from Construction, CIRIA.
[10] Smith, N.J. (1999). Managing Risk in Construction Project. Blackwell Science Ltd.
[11] Becker, G.M. (2004). A Practical Risk Management Approach. PMI Global Congress
Proceedings- Anaheim, California, pp. 1-7.

a
Research project no. 082005 "Resource and Risk Management in Construction Projects" financed by Minstry of
Science and Technology (1996-2000)
Research project no. 082208 "Resource and Risk Management in Construction Projects" financed by Minstry of
Science and Technology (2003-2006)

19 19