An Insight into the Process, Tools and Techniques for Construction Risk Management

Investing in construction projects is not without risks. Risk management is considered an important aspect when making decisions in the construction industry—as it determines whether the construction project will be successful or will fail. Effective decisions are made based on certain predetermined criteria such as investigating the construction project in detail, generating good alternatives to manage risk, exploring the best options, etc., whereas, decisions can fail when the best suitable alternatives to manage risk are not made clear at the onset of a construction project, or logical assessment of project-specific criteria are not considered part of the process. As a result, risks can possibly have an adverse effect on the delivery of construction projects with respect to its objectives. Therefore, this chapter will present the numerous tools and techniques that are available to support the various phases of the risk management process in construction projects.


Introduction
Generally, construction projects around the world are developing at a rapid rate both in terms of technology and organisation.Apparently, the construction industry earns its reputation from its perceived performance in terms of the value it produces and also plays a key role in the economy of any nation, which is a vital contributor to the gross domestic product (GDP) growth and produces the built environment that supports other sectors of the economy in most part of the world [1].
However, an investment in construction projects is, of course, not without risks.Construction organisations constantly face issues such as poor management, poor resource management, information unavailability and lack of communication between parties involved in the construction project [1].These issues often give rise to delayed completion of construction project, exceeding budget, loss of productivity, third-party claims and abandonment or termination of contract for the project.The construction sector in most cases does not quickly respond to the needs of its clients or customers and they constantly fail to meet the target technical performance of the construction project [2].At the same time, distortions in prices and the shortage of materials and other inputs tend to cause allocative inefficiencies, which make the works in hand economically costlier than they should be [3].
Risk management is an important part of project management that if done effectively will result in construction projects been successful.It allows identifying risk variables, anticipating events that could adversely affect construction projects by determining likelihood of occurrence and to define actions that could reduce their impacts.Project managers in construction projects bear the main responsibility of dealing with risk or uncertainties that occur continuously during construction works.This role is particularly complex and inefficient if risk management has not been performed or supported adequately from the start of the project [4].For construction projects that are vital to the economy of any nation, a risk management system will have to be in place to ensure that the entire task on the project plan have been performed successfully and the project objectives have been achieved.
It is important that project managers do not only perceive the risk management process as only the creation of previously unknown information, but also need to share information and knowledge while also having basic administrative and technical competencies, business skills, customer relations skills, political skills and be results-oriented self-starters with a high tolerance for ambiguity [5].Shortcomings in any of these aspects can cause project failure.When risk management process is implemented effectively, it will result to the successful completion of construction projects, and thereby making the project more profitable and keep stakeholders satisfied.Consequently, an effective risk management process will have to be dynamic in nature than the identified risk; otherwise, there are chances it may not blend well into the culture of an organisation and other company practices [2].

Construction sector risk and uncertainty
According to Heerkens [6], risk and uncertainty are avoidable in construction project life cycle and it is dangerous to ignore or deny their impact.Uncertainty is described as the absence of information, knowledge, or understanding regarding a situation, condition, action, decision or event [6].Project managers constantly suffer from an absence of information, knowledge and understanding.A common view of risk is that it can be thought of in terms of variability or uncertainty.Risk can also be interpreted as referring to a lack of predictability about outcomes or consequences in a management decision situation.Risk is, therefore, related to the outcomes and the concepts of chance such as the probability of loss or probability of gain.Hence, Abujnah and Eaton [7] highlights that risk comprises three essential elements:

Risk Management Treatise for Engineering Practitioners
• the number of possible outcomes • the value (magnitude) of each outcome

• the probability of the occurrence of each outcome
Managing risk is to minimise, control and share risk and not merely passing them off unto another party Project in controlled environment [8] defines risk as the chance of exposure to the adverse consequences of future events.Consequently, Eaton [9] defines construction risk as a potential event, either internal or external to a project that, if it occurs, may cause the project to fail to meet one or more of its objectives.Odeyinka et al. [10] define construction risk as a variable in the process of construction whose occurrence results in uncertainty as to the final cost, duration and/or the quality of the project.Figure 1 provides a holistic view of project risk.

Construction risk management
Project management facilitates the use of clear procedures and techniques, which includes risk management in construction projects.The Project Management Institute [12] includes risk management as one of the 10 areas of project management (i.e.integration, scope, time, cost, quality, human resource, communications, risk, procurement and stakeholders).The Australian/New Zealand standard [13] describe risk management as the culture, processes and structures that are directed towards realising potential opportunities while managing Figure 1.A holistic view of project risk [11].
An Insight into the Process, Tools and Techniques for Construction Risk Management http://dx.doi.org/10.5772/intechopen.79459adverse effects, while Zou et al. [14] describe risk management in the construction project management context as a systematic way of identifying, analysing and dealing with risk as associated with a project with a goal to achieve the objectives of the project.Consequently, the British standard 31100 [15] reports that risk management is a procedure whereby decisions are made to accept a known or assessed risk and/or the implementation of actions to minimise the impact or likelihood of occurrence.An awareness of project risks facilitates strategic decisionmaking.As a result, Smith et al. [16] report that project organisations and clients have an overall risk management strategy and policy included in their strategic documents and quality management system.The effective management and implementation of these elements enhances the achievement of project goals and the successful delivery of construction projects.

The risk management process in construction projects
When managing risk in construction projects, a number of processes have been proposed [17,18].However, the process of risk management encompasses defining the risk management scope; uncovering risk and uncertainties; understanding the significance and prioritisation of risks and defining actions, which when implemented will result to construction project success [19].
Kendrick [20] highlights that the successful implementation of risk management facilitates effective communication, mitigates stakeholders' uncertainty, builds trust among parties involved in the project and facilitates informed decision-making so that future actions contribute to the success of organisations.
Mainstream risk management provides four basic or conceptual steps, namely; risk identification, risk assessment, risk response, and risk review and risk monitoring.However, these steps may vary depending on individual or organisational use.For example, the INSEAD team introduced their terminology-identify, classify, manage and embed-into the system [21].Meanwhile, Cooper et al. [22] adopted a different approach, dividing the process into three key elements for effective management of risks: the core process, which consisted of identifying, analysing, assessing, developing plans to manage them; the allocation of responsibility to risk owners, the party that can manage the risks well; and the assurance that the costs incurred to manage the risks were proportionate to the importance of the project.According to Jia et al. [23], Figure 2 illustrates six processes and their relationships.Among these processes, risk management planning is the first stage of the risk management process, where the scope and objectives of project risk management are defined.It is achieved through the production of a risk management plan, a tool specifying how risks will be managed in the context of the project throughout the lifecycle.As a result, it regulates and promotes four successive processes in the core risk management cycle.Risk management reporting is the final stage of the entire risk management process, where planned actions are actualised and also ensuring that if a risk emerges it will have minimum adverse effects on the achievement of the construction project objectives.
Figure 2 also agrees with the definitions of other construction institutions which includes but is not limited to the Association of Project Management [24], Institution of Civil Engineers [25], Construction Industry Research and Information Association [26], etc.These construction institutions recognise that the initiation, identification, assessment and response of risks are achieved through a structured and systematic risk management process which enables communication and invariable awareness throughout the construction project lifecycle.

Definition of risk management objectives
The first stage of the risk management process clearly defines the scope and objectives.
Within this phase of risk management, a feasibility study is carried out, in order to ensure that risks which may have adverse effect on key project deliverables are well-defined and assessed [27].According to the APM [24], a key output at this stage is the development of a risk management plan which gives details of how identified risk variables will be managed throughout the construction project lifecycle.The risk management plan provides a medium to communicate the existing risks to interested stakeholders.Consequently, at this phase, a general impression of the risk appetite is also established.The project manager must arrive at a consensus on defining risk in such a way it is tailored to the construction project.This exercise allows the project manager to measure the risk appetite of stakeholders, the project team and the construction project.The Project Manager has to ensure the risk management strategy employed by the project team is compatible with key stakeholders' appetite to receive it [24].

Risk identification
It is almost certain in construction projects that some events will not be completed in line with their duration estimates and budgets.Some might exceed their estimates, while others could be finished early and cost less than expected [28].The risk management process is figuring out what you are up against.According to Tchankova [29], it should start with the basic question of: • How can the project resources be threatened?
• What adverse effect can prevent the project from achieving its goals?
• What favourable possibility can be revealed?
Figure 2. Risk management process for construction projects [23].
An Insight into the Process, Tools and Techniques for Construction Risk Management http://dx.doi.org/10.5772/intechopen.79459 Table 1 lists some of the most common areas of uncertainty that exist on many construction projects.These problems can develop from these sources of uncertainty and they need to be uncovered.
Risk identification develops the basis for the next steps of analysis, assessment and control.If this is done correctly, it ensures risk management effectiveness.Risk identification must be seen in a broader way, and not just be seen as what can be insured or mitigated [29].
During this stage, all potential risk affecting the estimates of future outcomes should be identified by considering the factors shown in Figure 3.
Risk identification occurs throughout the construction project lifecycle; however, most risks are documented in a risk register.The process of risk identification helps project managers to study activities and areas where the construction project is exposed to risk.
As reported by Tchankova [29], risk identification can be described based on the following elements: • Sources of the risk: these are variables which occur in a project environment that can result to positive or negative outcome.Numerous researchers have different definitions and classifications of risks used in a project environment.For instance, Tchankova [29] used a general risk breakdown structure to classify risk as physical, social and economic sources.However, a detailed investigation of risk identification may need classification that can cover all types of risk in more detail within a construction project environment [29].Table 2 lists some common problems encountered on projects.
• Hazard: these are conditions or circumstances that have the tendency of increasing the chances of losses in construction projects.

Outside factors
Actions or reactions of competitors, regulations in the industry.

Risk Management Treatise for Engineering Practitioners
• Peril: these are circumstances that cause loss and have negative, non-profitable results in construction projects.It is important to state that peril can happen at any time in a construction environment and cause unknown, predictable losses.
• Exposure to risk: this is a situation facing possible loss or gain in a construction project.The project will be affected if the risk occurs.
The problem of risk identification may need classification that can cover all types of risk in more detail [29].
The stage of risk identification is a non-stop process in the life cycle of a construction project.
The identification of risk is not a one-off activity [29].Practically, different risk identification techniques are used to thoroughly capture significant risks factors affecting construction projects.These techniques include but are not limited to: 1. Brainstorming: this is the commonly used technique in risk identification.Brainstorming involves the process of bringing together all relevant parties in the construction project to identify possible risk that might affect the construction project.The main purpose of this technique is to provide a free and open approach that encourages everyone on a project team to generate a large quantity of potential risks affecting the project.Consequently, this technique encourages risk identification concerns in a non-critical way and not attributing blame to the identified risk [31].In order to make the brainstorming session to be effective, the process must include individuals who have a vast knowledge, experience and expertise in risk management especially within construction project environment [32,33].

The Delphi technique:
this technique can be utilised by involving a panel of experts in risk management to identify risks or estimate the impact and probability of previously This information is redistributed in order to undertake the session again.The procedure will continue until a firm judgement is reached [31].This technique is time consuming and expensive when compared to the method of brainstorming [32].Another disadvantage to this technique is the lack of collaboration and communication, the respondents may encounter challenges in interpreting the questions and results.

3.
Interviews: this technique is mostly used to follow-up the brainstorming and Delphi techniques.Experts in risk management are interviewed to assess risk parameters, identify possible mitigation, contingency measures and to elicit information.This is a predecessor to any quantitative analysis that maybe required later [31].This technique is very time consuming.Due to the time limitations, the questions must be appropriately organised in order to successfully gather the required data.Ambiguous and unclear questions should be avoided so that the feedback gained from respondents is not confusing [34].Another downside of this technique is that the data acquired is based on the subjective judgement of risk management experts that may not be free from bias.

Experiential knowledge:
this technique involves individuals obtaining information through past experiences in the construction industry [35].It is vital to state that in this technique, knowledge-based information attained must be appropriate and applicable to the current construction project.Table 2. Checklist of specific potential problems [30].
Risk Management Treatise for Engineering Practitioners

5.
Outputs from risk-oriented analysis: as reported by Clear Risk report [35], there are numerous kinds of risk-oriented analysis.For example, fault tree analysis and event tree analysis.These top down analysis approach identifies the event, conditions or faults that will lead to an undesirable or unacceptable event.These events may be associated to a risk in a construction project.

6.
Risk register: the risk register contains a standard format which is used to document risk information, and actions to manage the risk.It logs in several information for individual risk factors, including a description, potential causes, ownership, probability, impacts, mitigation and fall-back plans and status [31].In a more detailed format, it includes an identification of secondary risks, contingency plans and quantitative parameters [31].Nonetheless, it is not advisable to use checklists to initiate the risk identification process as it may constrain the identification of new risks [25].

Controllable and uncontrollable risk
Controllable risks are those risks which the decision maker voluntarily undertakes and the outcome is within their direct control.This contrasts with uncontrollable risks, which the decision maker cannot influence.
For example, the outcome of a construction workers' performance is controlled by exercising the personnel skill of the project manager or decision maker.By contrast, weather conditions which can be categorised as risk that is uncontrollable and as a result, is completely beyond the control of the decision maker or project manager.Nevertheless, the adverse effect of this risk factor can be integrated into the project plan and taking necessary actions in scheduling and in the project sites of the organisation.There is a wide difference between controllable and uncontrollable risk in a construction project environment and it is important to take note of this.For example, in the aspect of controllable risk, a project manager or decision maker can voluntarily accept the risks that are associated with modern technologies in construction.These risks might be performance risks, where the technical capability of the technology is uncertain, or financial risks, resulting from uncertain installation or support costs.However, these risk factors can be tolerated if favourable benefits like prestige, accumulation of expertise or favourable financial outcomes have the likelihood of occurring.Through careful planning and exploiting available expertise, a project manager or decision maker can control the eventual outcome of the project.On the other hand, uncontrollable risks usually originate from factors such as the external environment, social, political or economic scope.As a result, the project manager cannot influence risk factors associated with them.However, the degree of exposure can be minimised.For example, in a case where there is an increase in gas prizes, this risk factor can be minimised by designing more efficient gas plants.

Dependent and independent risk
When undertaking any risk evaluation, the question of dependence, or otherwise, between the risks has to be considered and assumptions have to be made.

Qualitative risk assessment
In the risk management process, qualitative risk assessment is regarded as the most useful part of the process [33].At this stage, qualitative risk assessment allows for risk comparison and prioritisation.Hence, attention has to be focused on the most significant risks in order to reduce their negative impact of the objectives of the construction project.At this stage, two considerations are made on risk; the anticipated impact on the project and the likelihood if it occurs.Using these measures as a common set of criteria allows for the comparison and prioritisation of risks.Qualitative risk assessment techniques includes: 1. Probability-impact (P-I) grids or RAG report: the probability-impact (p-i) grids or the RAG (red, amber and green) status are tabular format for assessing and ranking risks.The 'RAG status' is used to indicate confidence, stability or quality of a process in a construction project.For example, green indicates that the project objectives are proceeding as planned and no issues or problems are foreseen; amber/yellow indicates there are issues that could potentially affect the construction project and requires caution and management intervention, while red indicates that there are known issues which are impacting the construction project and as a result, management intervention is required to remedy the issues.On the other hand, probability-impact (p-i) grids has two attributes of the likelihood of the risk occurring and the impact on the construction project.These attributes form the rows and columns of the grid as seen in Table 3.One of the benefits of using the P-I grids is its simplicity.It allows risk to be conveniently assessed without precisely specifying their impacts and probabilities of occurrence [36].For any identified risk factor on the construction project, their estimates of likelihood on the project and the impacts can be assigned qualitatively, for example: high, medium, and low, as shown in Table 3.The score for each cell in the P-I grid can be determined as the result of the multiplication of likelihood and impact scale values or an arbitrary value [36].Subsequently, it is essential to achieve a consistent quantification of risk likelihood and impact by using a common language in describing them as been suggested by Tah and Carr [37].

2.
Qualitative cause and effect (Fishbone): the Ishikawa fishbone diagrams are used to evaluate failures or project performances.When using it in a construction project environment, it starts by identifying possible causes of risks in the construction project, and then assesses their probable effects on the project [28].

Probability
Table 3. Example of a P-I table [17].
Risk Management Treatise for Engineering Practitioners

3.
Failure mode and effect analysis (FMEA): FMEA is an analytical technique that supports decision-making and quality planning in different planning and management phases of a construction project [38].The FMEA is helpful to project managers because it starts by considering possible risk events (failure modes) and then proceeds to predict all their possible effects.Table 4 shows a simple FMEA chart.

Risk exposure
As reported by Fraser and Simkins [39], risk exposures are the degree to which a project is exposed to risk (or a portfolio of risks).It is the estimates of the likelihood of occurrence and the potential impact on the construction project.As a result, these risk factors can have an adverse effect on the objectives of the construction project [39].In addition, if there are more than two events occurring, risk exposure is used to quantify, compare and decide how to manage to them.
Lock [28] demonstrates the use of four main quadrants for risk exposure which are: • High likelihood-High impact • High likelihood-Low impact • Low likelihood-High impact • Low likelihood-Low impact Low likelihood-low impact is the least important type of risk while high likelihood-high impact is the most important type of risk.Also, when determining the probability of risks occurring and its impact on the project qualitatively, Hillson [40] reports that the P-I Matrix is useful because it involves rotating the opportunity half as shown in Figure 4.It allows significant threats and opportunities to be envisaged by concentrating on the so-called 'Arrow of Attention'.The size of this wedge can be increased if the project organisation is risk-adverse.
When using the probability-impact matrix as shown in Figure 4, each identified risk factor is assessed against defined scales, and plotted on a two-dimensional grid.The positions on the P-I matrix signifies the relative importance of the risk factor.As a result, indicators such as high/medium/low may be well-defined, allowing risks to be ranked.

Risk acceptability
Risk acceptability is about the decisions a project manager can make in accepting risk.In other words, it is the residual risk that a project organisation is willing to take.For example, identified risk factors in a construction project can be classified as unacceptable (intolerable must be eliminated or transferred), undesirable (To be avoided if reasonably practical, detailed investigation of cost justification is required, top level approval is needed, monitoring is essential), acceptable (can be accepted provided that the risk is managed) and negligible (no consideration needed) as suggested by Godfrey [41].Risk acceptance depends on Risk Criteria.

Quantitative risk analysis
Quantitative risk analysis requires that sufficient information is made available regarding the construction project.As reported by Rossi [42], if the project information is available, the benefits of its application are; the determination of the probability of accomplishing a construction project objective; determining risks that require the most attention by quantifying their comparative influence on construction project risk; recognising realistic and viable costs, schedule, or scope targets and then risk responses are then implemented.This process is made easier with the creation of a model.When creating the model, it is modified to quantify the impacts of risk on the construction project using qualitative techniques [31].General, uncertainty on the construction project is also explained in the quantitative risk analysis [31].Quantitative risk models can be developed based on a spread sheet, diagrammatic tool or activity network.All elements such as task, cost, duration, etc., which are relevant to the quantitative risk analysis must be included in any modelling methods used [7].Against these elements, uncertainty variables can be entered instead of deterministic variables, in order to reflect areas of critical uncertainty [7].The following techniques are used to evaluate risk quantitatively.They include, but is not limited to, 1. Decision trees: a decision tree is represented graphically when modelling risk in a construction project.Within the model it shows the possible effects of identified risks factors that require project decisions and immediate-planned courses of action to the overall outcome [7].Each of the outcomes is assigned a likelihood of occurrence allowing the most probable outcome to be determined.Also, alternative actions are explored within the model to identify the most beneficial outcome of the construction project or activity [31].

2.
Influence diagrams: in earlier times of its development, the influence diagram was used to formulate problems prior to decision-making [31].Modelling using the influence diagrams graphically represents relationship between risk factors and they affect the construction project goal or objectives.Influence diagram models expose key influences and allow the effect of uncertainty to be determined.These models are sometimes very complex and can lead to the need for effective graphical presentation as well as mathematical and computational efficiency [24].
3. Probabilistic analysis: this is a statistical method, which calculates the impact of every single risk factor, or the impacts of all risk factors on the project [43].In this technique, Optimistic, Most Probable, and Pessimistic time and cost estimates are given for each activity, or for the project as whole [7].

4.
Sensitivity analysis: sensitivity analysis or what-if analysis as it is sometimes called is a technique that seeks to determine which task variable in a project (for example, cost, time, quality etc.) has the greatest impact on project parameters [31].In construction projects, project managers seek to determine how uncertainties and risks on specific task correlate with variance in the construction project.For example, sensitivity analysis allows a project manager to identify which activity schedule risk has the strongest correlation with the completion time of the construction project.Sensitivity analysis answers specific question like, which project task inputs have the greatest impact on the key project goals.This in turn helps the project manager in decision-making.

5.
Monte Carlo simulation: this technique involves examining the impact of identified risk factors by running simulations to identify a range of possible effects on a number of construction project scenarios [31].In using this technique, a random sampling is undertaken using uncertain risk factors to generate a wide range of possible outcomes.This is usually done by creating a mathematical model and then running simulations on the model to determine the impacts of identified risks on a construction project.The Monte Carlo techniques aid project managers in forecasting the likely outcome of a risk event and informs on decision making.

6.
Simple assessment: the simple assessment technique is a mathematical method that examines important risks separately by determining their probable effect on total construction project cost and schedule [43].

7.
Failure mode effect and criticality analysis (FMECA): the FMEA (see Section 3.3), when used in a prioritisation of failure modes, is referred to as the Failure Mode Effect and Criticality Analysis (FMECA).The FMECA is a technique much like a product or process analysis.It identifies potential failures in a construction project that could affect the client expectations and/or the project goals.The tool is useful in preventing adverse conditions on construction projects.Some of the benefits of using the FMECA tool includes; it assists in communication between project managers and suppliers who work closely during the concept and design stages of the construction project; it improves the knowledge and understanding of the behaviours of the construction project; if it is done appropriately, it will ensure that the construction project is delivered on time and all the deliverables of the project are achieved; and finally, it provides proof to the extent of care that has been taken to ensure that the construction project meets the clients expectations.It is important to state that when using the FMECA, a Risk Priority Number (RPN) for ranking the failure modes is used which can be seen in Table 5.
The Risk Priority Number is generally calculated as the product of occurrence (O), severity (S) and non-detection (D) of the failure modes.O is represented as the frequency of occurrence of the failure mode, S is represented as the level of damage the particular failure mode having occurrence O can do on the construction project and D represents the probability of not detecting the failure mode with frequency of occurrence O, and severity S [44].
Table 5 shows an example of the possibility and potential seriousness of building collapse as illustrated by Lock [28].Within Lock's scenario, a building is developed as part of a project, and the collapse in question might happen during the installation of heavy machinery or office equipment on upper level floors.If the floors have been incorrectly designed, they might not be sufficiently strong to carry the weight of the machinery or equipment.The assessors clearly think this is unlikely to happen because they have ranked 'Chance' at the bottom end of the 1-5 scale.There is no doubt, however, that if this event did occur it would be extremely serious, so severity is ranked as 5. Detection difficulty means perceived difficulty of noticing the cause of the risk in time to prevent the risk event.Here, there is a considerable element of judgement, but the assessor thinks that although the chance of a design error is very low, the difficulty of spotting a mistake if it did occur would be higher (3 on the scale of 1-5).The product of the three parameters, 1 × 5 × 3 gives a total ranking number of 15.
Limitations of using the FMECA range from; different evaluation of occurrence, severity and non-detection can lead to identical RPN values even if their risk implications are totally different; conversion of the scores is different for the three risk factors; the three risk factors are difficult to be precisely evaluated, etc. Table 5.Part of a failure, mode effect and criticality analysis matrix (FMECA) [28].

Risk Management Treatise for Engineering Practitioners
According to Sodhi and Tang [45], in the quantitative risk analysis phase, risk models are used to define construction project expectations and outcomes of identified risk.Consequently, other benefits of the quantitative risk model includes but is not limited to the following: • It can aid and support project managers to understand the nature of threats and ways to manage them.
• It can support risk measures for informing their stakeholders, • It can help project managers to focus on specific risk areas and • Support allocation of risk management efforts and budget to different risk mitigations such as to answer the question of who should make such an investment (contractors, subcontractors or its clients) in construction industries.
Any quantitative risk management model adopted should be able to provide the outcomes which can fulfil the defined purposes of the construction risk analysis [46].

Risk response and monitoring
After the identification and assessment of risk, they are not left unattended in the development phase of a construction projects.Risk responses are implemented.Apparently, the planning of responses to construction risk can happen at all phases of the project; however, it is predominantly done in the development phase of the project.This is because the development phase of a construction project is where a project manager can practically implement the most effective and beneficial response to an identified risk factor as result, ensure the successful delivery of the construction project.As reported by the APM [24], the response plan includes strategies such as avoid, transfer, mitigate, exploit, share and enhance.In other words, appropriate responses must be applied for identified risk factors in the construction project which can vary from avoidance, transferring the risk elsewhere, reduction through mitigating threats and realising the opportunities and acceptance the risk.
Some project organisations cope with risk by applying different strategies and this can affect the performance of a construction project.For instance, this can happen if planning and implementation of responses are not being effective due to unclear lines of communication between the risk manager and the project team.If the responses are ineffectively managed, actions after assessment of the identified risks factors may not be fully captured and communicated which will therefore, result to ineffective mitigation and in turn impact on the performance of the construction project.
Vose [17] has clearly explained mitigating actions that can be applied even in a construction project especially in terms of implementing different risk mitigation strategies as seen in Figure 5.
The responses for threats in construction project are: 1. Risk avoidance: in applying this strategy in a construction project, the project manager aims to prevent an adverse effect from impacting or occurring in the project.For example, it may involve the project manager changing the project design so that the circumstance under which a particular risk factor might occur cannot arise, or so that the risk factor will have little impact on the construction project if it does happen.

2.
Risk transfer: in applying this strategy, the project manager seeks to shift the responsibility for risk to a third-party.This is done in order to eliminate the threats to the construction project.What this implies is that the project manager is passing the risk to another party who is better equipped to manage the risk, resulting in the construction project successfully achieving its objectives.In risk transfer, common strategies used are contract, insurance, warranties, outsourcing, etc.

3.
Risk reduction: this strategy involves the use of one or more reinforcing actions by a project manager designed to reduce a threat to a construction project by mitigating the probability of occurrence and/or the impact before the risk is realised.The goal of applying this strategy by the project manager is to ensure that a risk factor does not occur in the construction project or if it does the impact can be contained in a low level.

4.
Risk reserve/flexibility: this approach allows for more time, money or human resource on a construction project.When undertaken estimates for a construction project, a risk reserve is included in order to ensure the successful delivery of the construction project.For example, if a WBS (work breakdown structure) has been developed for a construction project and resources has been budgeted; then in applying this strategy, a reserve is then established to prevent future problems from arising.As a result, this reserve can then be used by the project manager to manage risk that may arise in the life cycle of the construction project.

5.
Risk acceptance: this strategy involves using a range of passive and active responses.To passively accept a risk is to recognise the risk exists but choose to do nothing about it other than monitor the status of the risk in the construction project.This approach is appropriate if the risk threat is low and the risk source is external to the construction project.On the other hand, the threat may be real to the construction project, however there is not much that can be done about the threat until it materialises in the construction project.As a result of this case, contingencies can be established to manage the event when or if it occurs.
Examples of contingencies that can be implemented includes; provision of extra funds, a detailed action plan that can be implemented when the issue arises.
And the responses for opportunities are: 1. Exploit: in applying this strategy, the project manager ensures that opportunities are realised.Opportunities can arise in completing an ongoing construction project on time in order to bid for a similar project.This strategy is the opposite of risk avoidance.

2.
Enhance: this is an approach where the project manager seeks to increase the chances of risk happening in a construction project in order to realise the benefits of the risks.

3.
Reject: this is when a project manager takes a deliberate decision not to exploit or enhance an opportunity.

4.
Share: this strategy is used when project organisations are unable to realise opportunities by themselves; as result, they team up with another project organisation and work together to realise the opportunity.For example, if a project organisation lacks some certain technical capabilities in bidding for a construction project, team up with another project organisation that is capable of doing the task and jointly bid for the construction project.
In practice, risk response strategies are effective in providing possible options that can be considered by a project manager to managing threats that are associated with a construction project [17].Consequently, knowledge creation is useful in reducing the likelihood and impact of risk effectively [47].
Through a careful study and adoption of the results of other researches such as those of Seo and Choi [48], Aloini et al. [49] and Karim [50], a summary of the risk management processes, including the clear purposes and activities within each step is developed and shown in Figure 6 [51][52][53][54].The summary is intended to assist construction professionals to better undertake each process.

Conclusion
The construction risk management process starts by defining the risk management objectives before proceeding to identifying risks.This will increase the understanding of the scope, responsibilities, environment, and the project objectives.The assessment and analysis stages are interpreted and implemented differently across various standards and guidelines.
However, with this theoretical construction risk management process presented in Figure 6, each step is a stand-alone; the activities to be conducted are clearly specified.The next steps are response and monitor/review.Peter Campbell in Hillson [55] criticised risk management as being talked about more than implemented, whereby people are overly optimistic about the future event, lacking clear understanding and philosophy behind each of the steps in the risk management process.The focus is towards identifying more pros than cons; more benefits over costs; and being optimist that risk will be managed successfully.People are biased towards the optimism that risk could be managed simply by allocating financial contingencies to account for the eventuality of something that could go wrong.Such biases can be overcome through the use of a structured and well explained framework for risk management.This summarised framework presented in Figure 6 can therefore address this problem and provide a better understanding of how risk can be managed.
Tools and techniques are used to assist the construction risk management process.Tools are commonly known as generic software products used to carry out the techniques efficiently, while techniques are methods of carrying out particular elements of the process.Besides considering the costs of the tools and techniques, their selection must also be appropriate to the particular stages, as some of them may only be suitable during the earlier stages, others may be used later.However, understanding of the process is more vital than over reliance on tools, models or systems.

Physical•
Supplies of defective materials • Low productivity of equipment • Fluctuation of material prices Environmental • Environmental factors (e.g.flood) • Rain effect on construction activities • Hot weather effect on construction activities Design • Defective design • Inaccurate quantities • Uncoordinated design (Structural, mechanical, electrical, etc.) • Awarding design to unqualified designers Logistics • Low productivity of labour • Delay in equipment delivery • Undefined scope of working Financial • Delayed payment in contracts • Unmanaged cash flow • Inflation and sudden changes in price • Financial failure of the contractor Legal • Delayed dispute resolution • Legal disputes during construction phase among the parties of the contract • Frequent changes and modification in law Construction • Unsuitable leadership style • Improper construction methods • Improper quality, health and safety management Political • Lack of transparency • New governmental acts or legislation • Political orientation • Instability in project governance.Management • Poor resource management • Poor site management and supervision • Poor communication between involved parties

Figure 5 .
Figure 5. Mapping risk mitigation with level of probability and consequence [17].

Figure 6 .
Figure 6.Summary of the conceptual processes of managing construction risks (developed by the researcher).