Community
Classroom
Calendar
Members
Map
Leaderboards
About
15d • General discussion
Understanding Construction Risk Management
Construction companies are like insurance companies.
We take a fixed fee and deliver a scope — regardless of whether it rains, suppliers go bankrupt, or we hit ground conditions nobody expected. We carry the risk. We guarantee the result.
The difference is how insurers survive it. They pool thousands of similar policies, so any single bad payout is absorbed by the spread. The law of large numbers does the work.
We don't get that. Every project is one-off. There's no spread to hide in — each job is a single bet. It's the opposite of manufacturing, where you run the same process over and over until it's perfect. We can't perfect what we've never built before.
So uncertainty is unavoidable. We manage it one project at a time.
Risk management is how we deal with the uncertainty that matters.
What risk management actually is
A project plan tells you what should happen. It's built on assumptions. Risk management prepares you for what might happen when those assumptions break — the storm, the supplier that folds, the ground that isn't what the report said it was.
That's the whole job: take uncertainty and turn it into manageable action. Done well, it protects your margin, keeps the programme honest, heads off disputes, and keeps people safe.
A few concepts worth getting right
Risk vs. uncertainty.
Uncertainty is everywhere. A risk is the uncertainty that matters — the kind that hits cost, time, quality, or safety. Don't drown the register in things that don't move the project.
Threats and opportunities.
Risk isn't only bad. A threat has a negative impact; an opportunity has a positive one (i.e. an unusually dry spell that lets you finish early and pull cost out). The goal is to kill threats and chase opportunities — most people only do the first half.
Cause, event, consequence.
A risk worth recording has all three: the condition that triggers it (cause), the uncertain thing that happens (event), and what it does to the project (consequence). "Bad weather" isn't a risk. "Heavy rain in Q2 (cause) floods the excavation (event) and pushes the programme two weeks (consequence)" is.
Types of risk.
Some are discrete events — a subcontractor goes broke. Others are variability — your trenching crew produces at a different rate than you assumed. They span technical, commercial, health and safety, environmental, and external categories.
The four-step process
Risk management is a loop, not a one-off. You run it for the life of the project.
  1. Identify. Find the sources of uncertainty — brainstorming, lessons learned from past jobs, checklists, expert input. Everything goes in the risk register: the live log and single source of truth.
  2. Assess. Score each risk on likelihood and impact. Qualitatively (low/medium/high on a matrix) or quantitatively (use historical data to put a number on the cost or time hit). This tells you what to deal with first.
  3. Plan the response. Decide what you're going to do. For threats: avoid, mitigate, transfer, or accept. For opportunities: exploit, enhance, share, or accept. Then treat the response like any other task — give it an owner, a budget, a deadline, and a definition of done. A response with no owner is a wish, not a plan.
  4. Monitor and review. Meet regularly. Walk the register. Check whether your treatments are working and catch the new risks the project throws up as it moves.
Safety is different
Cost and schedule risk decide whether a project makes money. Health, safety, and environmental risk is a different thing entirely — an ethical and legal duty.
The rule is simple: if a job can't be done safely, it doesn't get done.
To control a hazard, work down the hierarchy of controls — most effective first:
  • Elimination — remove the hazard entirely.
  • Substitution — swap it for something safer (i.e. vacuum excavation instead of a machine bucket near services).
  • Isolation — put a physical barrier between people and the hazard (i.e. concrete barriers).
  • Engineering controls — design the risk out (i.e. scaffold for work at height).
  • Administrative controls and PPE — rules and protective gear.
PPE and a rule on a sign aren't enough on their own.
To call an activity safe, you need at least an engineering control in place. Tools like Safe Work Method Statements (SWMS) and Safety in Design workshops exist to find and remove hazards as early as possible — the cheapest and safest place to deal with a hazard is on paper, before anyone's on site.
The bottom line
You can't predict what a project will throw at you. You can be ready for it. Keep the register live, assign an owner to every response, and actually follow through. That's how you deliver despite the uncertainty the industry runs on.
10
11 comments
Tim Fairley
6
Understanding Construction Risk Management
Construction Contractors Hub
skool.com/construction-contractors
For construction contractors and project managers.
Estimating, scheduling, contracts, AI and practical systems to grow a contracting business.
Estimating & Take-off Software
Want to Work Together?
AI workflows for contractors
Leaderboard (30-day)
1
Sam Ferguson
+47
2
Harper Faith
+24
3
Yogev Lifchin
+22
4
Anish Jain
+19
5
Chris Kroneberger
+14
Powered by