CONSTRUCTION RISK ASSESSMENT

As I reviewed past records of my previous “due diligence” assessments in construction projects, the first thing I always examined was the Risk Assessment, especially those prepared prior to project inception. I still observed numerous recurring errors that often led to excessive client complaints and even stop-work orders, resulting in costly consequences for contractors.

Depending on the project, these errors covered areas such as planning and scope, design and technical, human and management, quantification and evaluation, implementation and monitoring, environmental and social aspects, as well as documentation and compliance.

For example, under Planning and Scope, the most crucial part, among common mistakes included incomplete risk identification (e.g. ground conditions, utility conflicts, adjacent property issues), overreliance on generic templates, and failure to consider early uncertainties such as land acquisition delays or unclear design intent. I also found cases of vague scope definitions and poor coordination between architectural, structural, and M & E trades.

I advised contractors to align closely with client requirements, review contracts thoroughly, and conduct workshops at each phase (design, pre-construction, operation). They should also adopt online tools to maintain a live risk register, integrate risk management with cost control, scheduling, and procurement, and apply quantitative methods like Monte Carlo simulation and sensitivity analysis for key risks.

I’ll be conducting another similar assessment soon and frankly, the recurring nature of these issues remains concerning. Someone asked me just now, “I thought contractors don’t do Risk Assessments only HIRARC. Isn’t that the consultant’s or client’s job?” A good question indeed. I should have clarified that in Design and Build contracts, it’s quite common for the contractor to engage their own consultants to carry out a Risk Assessment, which is then reviewed and validated by the client or their authorized representative. On the other hand, HIRARC (Hazard Identification, Risk Assessment, and Risk Control) is typically conducted by the contractor’s Safety and Health Officer (SHO), together with site supervisors trained in HIRARC procedures. The two often get mixed up - Risk Assessment focuses on overall project and design risks, while HIRARC zeroes in on workplace safety and task-level hazards. It’s a subtle but important distinction. To further clarify on the question being asked : Risk Assessment vs HIRARC - 2 different scopes - Risk Assessment (in the broader project management sense) covers strategic, financial, design, technical, environmental, and contractual risks. It’s often done at project inception, design, or pre-construction stages. Responsibility may rest with the consultant, client’s representative, or in Design & Build (D&B) projects the contractor’s design team. The client or their representative then reviews and validates it. HIRARC on the other hand, is part of occupational safety and health (OSH). In Section 1.5 “General Requirement” of the same document, it states: “HIRARC shall be established by contractor and risk control measures shall be implemented before any new work commencement.” It’s done for site activities, work methods, and tasks, not for project-level risk. Conducted by the contractor’s Safety & Health Officer (SHO) or trained supervisors. (DOSH Malaysia’s Guidelines on HIRARC (2008). In the 2008 DOSH guideline (Guidelines for HIRARC), the purpose section (page 1 etc) states: “The purpose of this guideline is to provide a systematic and objective approach to assessing risks… It is intended for use in the construction sector among others" In CIS 25:2018 (CIDB), under Section 1.2 “Normative reference”, it cites Guidelines for Hazard Identification, Risk Assessment and Risk Control (HIRARC) (2008) by Department of Occupational Safety and Health Malaysia (DOSH) as foundational. In Design & Build (D & B) contracts, the contractor takes on both design and construction responsibilities. Therefore, they are legally and contractually required to manage design-related risks too. Many contractors have in-house design consultants or appoint external ones for this. Their risk assessments are submitted to the client’s consultant or Engineer’s Representative (ER) for validation. Many people confuse the two: 1) HIRARC = task-level safety assessment (hands-on, site-based). 2) Risk Assessment (Project/Design level) = strategic and technical risk management (design, cost, schedule, procurement, etc.). Contractors generally conduct HIRARC as part of OSH compliance, while Risk Assessment at the project level may be done by consultants except in Design & Build projects, where the contractor (with their design consultants) prepares it, and the client or authorized representative validates it. So, yes both are "risk assessments" in nature, but they serve different purposes and fall under different frameworks.