Review of Risk Assessment Models for Highway Construction Projects

Review of Risk Assessment Models for Highway Construction Projects

Rasheed A. Salawu; Fadhlin Abdullah

Department Of Quantity Surveying, Faculty Of Environmental Studies, Universiti Teknologi Malaysia,(Utm)

Johor Bahru, Malaysia

Abstract- Effective risk assessment procedure enhances performance on construction projects, thus this review is aimed at evaluating existing risk assessment models for construction projects. Various risk management standards, risk assessment models and risk management maturity models were identified and reviewed. Risk assessment models were classified into two: one dimensional risk assessment models and two dimensional risk assessment models to carefully extract the capabilities and limitations of the individual models. The study discovered that current one dimensional modelling approach assessed project risk consequence based on project risk events only, and do not estimate magnitude of individual risk factors. However, two dimensional models combined project risk events with different influencing factors to assess project risk consequence but attributes of organisational risk management considered are grossly inadequate. Their techniques are also unsystematic. Consequently, we concluded that further improvement on risk assessment modelling is required. We suggest the development of two dimensional risk modelling approach that would adopt RM3 method to integrate organisational risk management capability attributes with probability severity measures of project risk events. The approach will identify areas of weakness and strength of the stakeholders on projects and this will enhance decision on risk response planning.

Keywords Risk assessment models, risk management approach, one dimensional models, RM3

1. INTRODUCTION

   Construction industry is generally believed to be plagued with risk more than any other business [1, 2, and 3]. According to [3], this is due to involvement of many contracting parties including owners, designers, contractors, sub-contractor and suppliers. Other significant causes are: the uniqueness of construction projects, the involvement of temporary project team with different cultures and interest. All these are sources of uncertainties to construction projects. However, any of the uncertainty event or condition that, if occurs, would cause deviation in one or more of the predetermined project objectives is described as project risk [4, 5, 6, 7]. The deviation could be negative or positive which also means the upside opportunities and downside threats [6]

   , but many project risk studies considered risk in terms of possible unfavourable consequence or negative deviation [8, 9].

   Risk events have been identified as the major cause of poor performance on construction projects; they are numerous and vary at different stages of project life cycle depending on their complexity and dynamic nature [10, 11].

   Although they are diminishable, manageable, and transferable they are not ignorable [12]. To enhance successful performance on highway construction projects, risk events on the projects have to be properly managed. In lieu of the complex, unique and capital intensive nature of every highway project, effective risk assessment approach should be able to handle risk data based on expert judgements [13]. Expert judgements are human decisions that are based on experience and intuition, and according to [14], they are limited and characterised by either incompleteness, imprecise and inconsistency or all three. They are fuzzy and should be analysed using fuzzy set theory [15, 16]. Expert judgements can also be provided in the form of quantitative and qualitative data.

   In addition, researchers in risk modelling concluded that project risk assessment based on project risk events alone, using probability and impact parameters will provide inadequate and incomplete assessment of construction project risks. Thus, [17, 18, 19 and 20] proposed risk modelling approaches that incorporated influencing factors derived from organisational dimension of risk management.

   In lieu of the complex, unique and long-time duration of construction projects, this paper reviewed and evaluated existing risk assessment models for construction projects. The review is based on the following objectives: (i) Eliciting the core perspectives of effective risk management for construction projects(ii) identify the scope and limitations of the risk assessment models for construction projects and (iii) examine the risk management maturity models so as to deduce their potential for improving on the current risk assessment models.

2. METHODOLOGY

   Literatures on risk management studies and standards were extensively reviewed and content analysis of the literatures was done to illicit the essential perspectives of effective risk management for construction projects. Published risk assessment studies and models in journals and books as well as papers presented in conferences were carefully identified and reviewed. The risk assessment models were classified into one dimensional risk assessment models and two dimensional risk assessment models. Quantitative analysis methods and factors considered in one dimensional risk assessment models were examined to reveal their capability to handle vague, imprecise, qualitative and quantitative data when they are used to assess individual risk

   factors and projects risk level. Content analysis of the techniques and the influencing factors introduced in the existing two dimensional risk assessment models were undertaken to determine the extent to which organisational dimensions of risk management process are incorporated. Existing organisational risk management maturity models

   RM3were also reviewed and analysed to identify alternative techniques and attributes of organisational risk management capability that can be adapted into risk assessment modelling process.

3. FORMAL RISK MANAGEMENT

   Risk management is the organisational effort towards the accomplishment of project or business performance objectives by preventing negative results and providing guide to maximise positive results on project risk [ 21, 22]. The goals of risk management according to [23 ] are to prevent or reduce risk in a cost effective manner without compromising quality, ensure the approval of only genuinely worthwhile projects and avoid excessive overrun. To achieve these goals, risk management efforts have to be effective. According to [24, 25 ], effective risk management is critical to successful performance on the projects, it could be achieved through a comprehensive risk management process and with the support of the top management of organisation. To ensure effective risk management of construction projects, various professional associations, government agencies and researchers developed systematised formal risk management approaches. The approaches set up standards and guidelines for effective risk management. The standards and guides according to [30] include:

   1. Project Risk Analysis and Management Guide (PRAM-Guide) that was developed by Association for project management.

   2. Australia and New Zealand risk management standards, AS/NZS 4360 (2004).

   3. Project management body of knowledge (PMBOK), chapter 11 (PMI).

   4. Project risk management-application guidelines, issued by Treasury board of Canada, IEC62198 (2001).

   5. Integrated risk management framework and Management of risk (M_o_R) guideline, OGC, UK (2002).

   In addition,[26]described the risk analysis and management for projects (RAMP that was developed by the Institution of Civil Engineers, and the British standard guide to managing project risk (BS 6079-3) which was developed by the British Standard Institution. These standards define five- eights phases of formal risk management process. On the other hand systematic approach to risk management as described in [28, 29] has four phases of risk identification, analysis, evaluation and risk responses. Based on the contents and the overlapping phases of the highlighted risk management standards, formal risk management process has five core phases that include: risk management planning, risk identification, risk assessment, risk response planning and risk monitoring and control. In addition to the five core phases of formal risk management process, [30,6] suggested

   other influencing factors to ensure effective risk management practice, and these include: supportive culture, competent people and risk management structures put in place by the organisations for managing risk on projects. People competency means that the project sponsors, project managers, team members, and stakeholders must be properly trained on the application of the risk management process. Project management integration and project stakeholders are also identified as core perspectives of effective risk management practice to [31]. Consequently, essential requirements or the core perspective of effective risk management of construction projects are summarised as : the five phases of risk management process, organisational culture and awareness, people competency, risk management structures and project management integration.

   Risk assessment phase is very important among other phases of risk management process [32, 33]. Hence, AS/NZS 4360 2004 classified risk assessment activities into risk analysis and risk evaluation phases, and Project management body of knowledge (PMBOK), chapter 11 on risk management also classified risk assessment activities into two phases namely: qualitative and quantitative phases. Therefore, effective risk assessment approach should systematically involve analysis and evaluation of the risk events on projects, and consideration of the influence of risk management capability of the project stakeholders on the risk consequence.

4. REVIEW OF QUANTITATIVE RISK ASSESSMENT MODELS FOR CONSTRUCTION

PROJECTS

Project risk assessment is aimed at estimating the consequence of identified project risk events. The increasing complexity and uncertainty in construction projects led to the development of several qualitative and quantitative techniques for estimating the project risk consequence. Quantitative risk assessment studies and techniques are broadly classified into classical/ stochastic and conceptual risk assessment [34]. The classical models are based on several quantitative techniques which include: probabilistic analysis and Monte Carlo simulation while the conceptual models are based on fuzzy set theory and multi-criteria decision making tools. This paper classified the current quantitative risk assessment models into (i) one dimensional risk assessment model (ii) two dimensional risk assessment model. One dimensional risk assessment model refers to risk assessment approach that estimates project risk level by considering only the project dimension of risk management (identified project risk events) while two dimensional risk assessment models estimate project risk level by considering both the consequence of the project risk events and influence of organisational risk management capability and other factors from the organisation dimension of the risk management.

1. One Dimensional -Risk Assessment Models

   Classical risk assessment models are the earliest risk assessment models in one dimensional risk assessment approach and the models used various quantitative techniques

   which according to [35] include: Sensitivity Analysis, Probability Analysis and Simulation, Regression Analysis, Decision Tree Analysis, Stochastic Decision Tree Analysis, Bayesian Theory, Risk Adjustment Discount rate and Utility Theory. These quantitative techniques require specific, precise, detailed quantitative information, objective and subjective probability distribution of the possible outcomes in different state/conditions. However, these types of data are rarely available in real world construction projects [36].

   Probability- index risk assessment procedure presented in

   [37] adopted Monte Carlo methodology developed by the Washington State Department of Transport to aggregate probabilities of cost-related risk factors. The technique estimated project cost range based on possible range of outcomes and probability distributions, but did not consider the impact of any other factors from organisational dimension on the estimated cost range. Similarly, Monte Carlo simulation methodology was used to assess project cost and duration in [38] but models based on Monte Carlo simulation technique are incapable of handling qualitative and subjective data which are inevitable on construction projects, and it cannot handle the multi-dimensionality of risk assessment on construction projects. Multiple regression analysis (MRA) and relative important index (RII) were used in risk assessment technique proposed in [39]. The assessment technique rank risk events and relate cost overrun with project types and location. Project risk events are rated on P- S parameters and no influencing factors was included. Quantitative technique of relative important index is incapable of handling effectively the inaccurate and vague data that characterised experts opinion obtained via NGT on 231 DBB highway projects in Queensland.

   Conceptual models in the one dimensional risk assessment approach are classified into modified probability distribution models and probability-severity models. Modified probability distribution risk assessment models require precise, detailed quantitative information and probability distribution function of project risk factors to estimate project cost and time range. For example, [15] used Monte Carlo Simulation (MCS) to develop possibility to probability transformation model. The model inputs probability distributions of the variables outcome in the form of fuzzy sets, and determined the output value by representing fuzzy sets with the final infimum & supremum values of the -cuts on their histograms. Thus, it makes provisions for subjective data but the mean and variance of the Monte Carlo simulation outputs cannot be obtained and the inputs is based on the objective probability distribution of the possible outcome. Factors from organisational dimension that can influence consequence of the project risk events are not considered and the risk assessment approach is also incapable of handling qualitative data. Similarly, [41] proposed post processing hybrid MCS model using theory of evidence, but the risk assessment method does not directly handle the fuzziness or randomness on risk factors and impact of influencing factors on risk consequence are also not considered. To overcome the problem of vagueness and inaccurate data, [16] constructed and apply Fuzzy cumulative distribution function FCDF to represent both random and subjective variables. Monte Carlo simulation was used to

   combine the probability distributions. This assessment procedure was used to estimate cost range but it is incapable of assessing qualitative data and cannot deal with multidimensionality of project risk analysis.

   To deal with the multi-dimensionality of project risk assessment, models that are based on multi-criteria decision analysis techniques were proposed. Analytic Hierarchy Process (AHP) is the most cited multi-criteria decision making tool used in these models, followed by the Technique of Ordering Preferences by Similarity to Ideal Solution (TOPSIS). AHP based one dimensional risk assessment models are capable of handling both quantitative and qualitative data to rate and rank alternative projects, but cannot handle effectively the vageness, inaccurate and imprecise characteristics of expert judgement. The combined AHP, decision tree and risk map risk management framework proposed in [42] included only risk factors on project dimension, and risk map was developed with likelihood and impact on X& Y axis. Importance of the factors and sub- factors were derived using AHP pair-wise comparison and the risk map, and the severity of the risk factors are measured in terms of likelihood and impact on the risk map. The approach is capable of handling both subjective and objective data to assess the importance of risk factors but cannot handle imprecise and vague data that would characterised the judgement of nine member focus group of experts selected from the1500km India oil pipeline project. This is similar to the subjective and objective risk assessment approach that was proposed in [43].

   Fuzziness of the ratings of the company professionals for pairwise comparison was also not considered in the AHP assessment model developed for the quantification of risk & opportunities on international projects [44]. But the AHP model provides decision support information to project managers for comparing attractiveness of projects options. Ten groups of project dimension risk factors were used but none of them relates to the impact of the risk management capability of the organisation on the consequence risk events on project performance. AHP probability- Impact model that quantified project risk level of international construction projects on a scale 0-100was also developed in [45] and the AHP risk-based go/no-go decision making model developed by [46] assessed risk on international projects using cross- impact analysis. R- index and AHP risk assessment model was developed in [47] to assess company and project risk events on highway projects. Effect scores were computed and used to rank risk at macro, micro and project levels of highway projects in China. The computed effect scores assumed absence of interdependence among the risk factors on the project. The scores were computed without considering impact of influencing factors from the organisational dimension of project risk management, inaccurate and vagueness of data that characterised expert judgement.

   Due to numerous conditions on construction projects, crisp data are inadequate and imprecise for modelling real life construction project risk management problems. Hence, the application of fuzzy reasoning to the assessment of risk on construction projects has proved to be a useful technique to handle ill-defined and complex problems associated with

   construction projects [49]. Therefore, several one dimensional risk assessment models that assessed risk based on the principle of fuzzy set theory and different multi- criteria decision analysis method were developed. Many of the models applied analytical hierarchy process method under fuzzy environment but the complicated fuzzy operation involved in Fuzzy AHP and the lack of proven techniques to address fuzzy consistency and fuzzy priority vector have under play the reliability and implementation of the assessment approach [50]. The modified fuzzy AHP model proposed in [51] provided the methodology to facilitate fuzzy AHP operation and cope with risks in complicated construction situations, this was done by introducing factor index to structure, evaluate and integrate the risk factors into decision making. Similarly, [52] developed a modified Fuzzy AHP model that was used to assess nine groups of risk factors based on ratings on probability of occurrence and impact parameters obtained from 15 Indian construction experts. The method is capable of handling objective and subjective data. Fuzzy AHP risk assessment model was adopted in [54] to assess the risky condition of the freeway JV project in China; the method was based on three level hierarchy structure for three risk groups: internal, project specific and external risk groups. Relative weight of the risk factors and the risk groups were obtained using AHP on one set of data and fuzzy arithmetic operator on another set of data on the same projects. Risk assessment based on AHP and fuzzy AHP are capable of ranking risk factors but cannot estimate the magnitude of individual risk factors and overall project risk level. The AHP models also ranked risk without considering the impact of risk management capability of the project stakeholders or any other factors in the organisation dimension of the risk management. Hence, all AHP based risk assessment models are incapable of providing complete decision support information for risk response planning. In addition, [54] asserted that elements at the same level of AHP hierarchical structure must be mutually independent (maximum independency among the elements). Hence, application of AHP and or Fuzzy AHP would be unsuitable for application when risk has to be classified into client related, contractor, consultant and uncontrollable related risk groups.

   Other one dimensional risk assessment models that are based on multi-criteria decision analysis and fuzzy set principles include: Fuzzy TOPSIS, fuzzy inference and fuzzy synthetic evaluation. Fuzzy TOPSIS based on alpha level was used to evaluate risk factors on the construction of bridge and for performance evaluation of Turkish firms [55, 56]. Though, fuzzy TOPSIS methodology is capable of raking risk factors; it cannot estimate the magnitude of individual risk factors and overall project risk level. Some of the limitations of the Fuzzy AHP and Fuzzy TOPSIS risk assessment models are overcome in the Fuzzy inference and fuzzy synthetic risk assessment techniques. Fuzzy inference and fuzzy synthetic risk assessment models are capable of handling the multidimensionality of construction project risk, qualitative, quantitative, vague, imprecise and incomplete risk data. Hence, [57] developed a Fuzzy inference (implication & composition) technique to assess the magnitude of risk for earthworks package of a major work. Factors in the risk

   breakdown structure for the earthworks package excluded the attributes for measuring organisational risk management capability or any other influencing factors from organisational dimension. Similarly, [58] developed risk allocation model that is based on fuzzy Implication & composition, Transaction cost economic (TCE)theory and resources based view (RBV).The model was applied on the allocation of risks on PPP infrastructural projects in Australia.

   Fuzzy synthetic evaluation model was proposed in [59], the model was used to assess critical risk groups and overall risk level associated with PPP projects in China by computing the overall risk index & critical risk group (CRG) index. The evaluation approach was also applied in the risk allocation model developed in [60] for the allocation of risk factors on PPP projects in China. Factors used to assess the risk indices did not include any of the attributes and dimensions for measuring risk management maturity of the stakeholders on the PPP projects. Therefore, one dimensional risk assessment models do not consider impact of influencing factors on the consequence of project risk events and the quantitative evaluation techniques employed are unable to meet all the essential requirements of effective risk assessment modelling. Hence, the models are considered incomplete risk assessment approach [20] and so two dimensional approaches were introduced.

2. Two Dimensional -Risk Assessment Models

The two dimensional risk assessment models assess risk factors by considering the probability and severity ratings for the consequences of risk events along with other influencing factors from organisational dimensions of risk management. A web- based decision support system was also presented in

[61] to produce rating score related to a specific risk path, source- event or project scenario. It considers the probability, impact and risk significance to obtain scores. Significance in the model is perceived in terms of the experts intuitive feeling and general rcognition for risk, problems in implementing management skills and effect of attitudes towards risk on project profit. The mechanism for assessing project risk level is not mentioned and significance as perceived in the model would not provide comprehensive assessment of organisational risk management risk management capability. The three criteria risk assessment model proposed in [62] assessed risk major activities on construction projects from ratings on the probability, risk severity and personnel/ property exposure to all hazards. Software for generating risk scores/ratings for each major work activity was also developed but methodology for aggregating risk ratings of the major work packages are excluded. The exposures to all hazards introduced into risk assessment modelling cannot measure adequately the impact of organisational risk management capability on the consequence of risk events. Factor index (FI) was integrated with risk likelihood RL and risk severity RS in the fuzzy AHP risk assessment model developed in [51]. The Factor index FI was computed from the aggregated relative weights of project risk factors and groups, using FI hierarchy and the FI, RL & RS were subjected to fuzzy inference to obtain the risk magnitude of the project. The use of AHP and Fuzzy inference make this model adequate to handle

qualitative, vague and imprecise data but factor index is not a measure of organisational risk management attributes and dimensions. Therefore rejecting projects based on this assessment approach will be an unjustified decision if the risk management capability of organisations involved is high.

Similarly, multi criteria decision making (MCDM) model that was used to quantify and prioritize high risks in Iran BOT power plant project was developed in [63]. The model used Fuzzy decision matrix that was from experts ratings on probability and impact (P-I) of BOT project risk factors, quickness of reaction, event measure quantity and event capability criterion. Fuzzy TOSIS was used to calculate the distance of alternatives from ideal solution. The model is capable of handling vague and imprecise data and it is suitable for ranking alternatives but cannot estimate the magnitude of individual risk factors and project risk level, the number of influencing factors introduced is also inadequate.

Focusing on the risk event-consequence link only represents a half risk analysis. Hence, [53] proposed the incorporation of project vulnerability analysis into project risk analysis to have a complete project risk analysis and management. Project vulnerability is defined as the extent or the capacity of the system to respond or cope with a risk event. The study concluded that organisation activities: policies, decisions and behaviour can influence project exposure, but the technique of incorporating the project vulnerability analysis into risk analysis process is not described. It was also observed in [17] that a risk factor that is within reasonable control of a company or transferable to other parties through contract conditions would be rated low. Thus the study developed influence diagrams based on the country and project risk factors, influence of company experience on the country risk factors and favourability of contract clauses. Expert ratings on the country/ project risks influence of company experience and favourability of contract clauses were used to compute the risk score. Fuzzy IF…THEN rules was employed to aggregate the risk scores and to rate the cost overrun of a dam & hydro-electric power plant in Turkey. Hence, the model is capable of handling uncertainties and subjectivities the projects but company experience, and favourability of the contract clauses are inadequate to measure the capability of the organisation to cope and respond to the country and project risk factors.

In the two dimensional risk assessment approach, proposed in [19], organisational risk management capability was integrated into risk assessment modelling by comparing the relative local weights of the risk factors with the risk management capability. Matrix of the global weights of risk level and risk management capability were computed and used to form two fuzzy sets. The model applied fuzzy intersection and fuzzy union operators to the two fuzzy sets to make decisions on either to accept or reject the project. However, technique used in this model to estimate local weights of the organisations risk management capability is very subjective and unsystematic. Maturity levels of the organisation on the attributes of risk management capability on the IT project are also not determined. Techniques and factors considered in the existing two dimensional models cannot represent and measure adequately the maturity levels

of organisations on different attributes of risk management capability as the existing risk management maturity models (RM3) can do. Hence, the identified limitations of the two classes of risk assessment as observed in this review constitute GAP for further improvement in risk assessment modelling.

V RISK MANAGEMENT MATURITY MODELS RM3

According to [24], successful performance on construction projects requires effective and comprehensive risk management process. It was also observed in [26] that property development companies could not achieve optimal performance on their objectives unless a comprehensive and formal risk management process is given adequate consideration. However, effectiveness of risk management in an organisation depends on its sophistication on the attributes of risk management; the sophistication varies from on organisation to another and depends on different factors which may not include the size of a company. as shown in

[64] that large size company does not necessarily adopt state of art risk management approach. High quality risk information is also emphasised in [65] as an essential requirement for effective risk management, this according to

[24] requires the contractual parties to adopt a continuous learning approach from the past projects. It is also important that the risk information learnt from past projects is properly documented so that it can be easily assessed. Hence, [66] asserted that knowledge management approach could be used to improve on the deficiencies of project risk management process. Consequently, it is important to have good understanding of the risk management capability of the projects stakeholders to ensure effective risk management of construction projects.

To assist project stakeholders for a comprehensive assessment of their level of sophistication on risk management methodology, several organisations and researchers have developed various risk management maturity models (RM3). The existing RM3 assessed the organisational risk management capability with four- six attributes and various dimensions of organisational risk management capability as described in [67, 68, 69, 31]. Studies reported in [68] also observed that many organisations operated at different maturity levels for different risk factors and risk groups; this implies that the maturity level of an organisation on risk management practice may be lower but high on risk management resources and systems. According to [31], maturity levels of organisations on different RMC attributes could be comprehensively assessed by employing RM3 approach, and knowledge of the maturity level would help to identify areas of strength and weakness of the organisations.

Attributes of risk management capability adopted in the existingRM3 are identified and summarised as shown in Table 1. The attributes are assessed on four- five maturity levels as shown in Table 2. A few of the current two dimensional risk assessment models integrated Probability Severity Parameters with some influencing factors that relate with attributes and dimensions of organisation risk management capability. The influencing factors adopted are insufficient for detailed and accurate assessment of

organisational risk management capability when cmpared with comprehensive technique, attributes and dimensions adopted in RM3. Adapting and integrating the technique, attributes and dimensions in RM3 with probability and severity parameters would result into a more comprehensive and accurate risk assessment procedure but no risk assessment models has adapted the RM3technique into risk assessment modelling.

TABLE 1. Attributes of Risk Management Capability Adopted by Different Authors

Model authors	Attributes of risk management capability adopted
	Culture & awareness	Experience	management process	Application & practice	Projects Stakeholders	Knowledge & project management
[40]	Attitude, Leadership Culture & Commitment	–	Identification Analysis. Mitigation.	–	Stakeholders Relationship	Knowledge management
[69]	Culture	People and leadership	Identification Analysis.	Application & practice	–	–
[31]	Culture	–	Identification Analysis. Responses.	–	Project stakeholders	Project management
[27]	Attitude & Culture	–	Identification Analysis. Response.	Application & practice,	–	–
[53]	-Definition -Culture	Experience	Process	Application	–	–
[48]	Culture	Experience	Process	Application	–	–

RMRDPC =Risk Management Research and Development Program Collaboration, IACCM-BRM3= International Association of Contract and Commercial Management-Business risk management maturity model

TABLE 2. Comparison of maturity levels used in different risk management maturity models

Model authors	Maturity levels
	1	2	3	4	5
[67]	Naïve	Novice	normalised	Natural
[40]	Initial	Repeatable	Defined	Managed	Optimised
[69]	Initial & ad hoc	Repeatable	Managed	Optimised
[31]	Naïve	Novice	normalised	Natural
[27]	Naïve	Novice	managed	Optimised
[53]	Ad hoc	Initial	repeatable	Managed
[48]	Naïve	Novice	normalized	Optimised

1. SUMMARY OF FINDINGS AND DISCUSSIONS In lieu of the objectives of this paper, findings from the

   review are summarised as follows:

   Core perspectives of effective risk management were found not to be limited to the phases of risk management process. Effectiveness of risk management process put in place depends upon the degree of support and commitment of the top management of organisations to risk management policy and process, and the belief in the value of risk management. The extent of the people competence for risk management process, level of project management integration and adequacy of risk management practice and application are other core perspectives of effective risk

   management. Effective communication within the organisation and among the supply chain, continuous learning approach and comprehensive documentations of learnt risk information are also essential.

   Multi-dimensionality of risk in construction projects is an important issue that has to be properly considered in risk assessment; this cannot be handled properly by classical one dimensional risk assessment models. Though, classical models are capable of estimating cost and time range of construction projects, the estimated cost and time range are derived without considering the vagueness and imprecision that characterised expert judgments. Similarly the models are incapable of estimating the quantity of individual risk factors

   and overall project level risk hence; classical models do not support adequate risk response planning on construction projects. Existing one dimensional risk assessment models that are based on multi-dimensional decision evaluation method are pre-dominated by Fuzzy AHP and Fuzzy TOPSIS evaluation methods. These models are capable of ranking the various risk factors on construction projects using vague, imprecise, descriptive and numeric data. They cannot estimate the magnitude of individual risk factors and overall project level risk, hence the risk assessment approaches fall short of providing complete risk information required to achieve the aim of risk assessment. The approaches are unsuitable for providing decision support information for effective risk planning and monitoring. In addition, the use of AHP, Fuzzy AHP and Fuzzy TOPSIS cannot facilitate proper understanding of the contributions of project stakeholders to the overall project risk level. Fuzzy synthetic evaluation and Fuzzy inference models are another form of multi-criteria one dimension risk assessment models that are existing. The models are capable of handling objective, vague and imprecise data to rate and ranks project alternatives and could estimate the magnitude of individual risk factors and overall project risk level. However, they estimated the magnitude of individual risk factors and overall project risk level without considering the influencing impact of organisational risk management culture, people competence, project management integration and risk management structures on the consequence of risk event on project performance. Therefore researchers considered all groups of one dimension risk assessment models to be incomplete and inadequate risk assessment modelling approach.

   The review observed improvement in construction risk modelling with various two-dimensional risk assessment models that are developed. The models introduced organisational risk management capability and other influencing factors to estimate risk consequence on project performance. The factors introduced are: company experience, and favourability of the contract clauses [17], organisational risk management capability [19], project vulnerability analysis [20] (Zhang, 2007), Quickness of reaction towards risk, event measure quantity and event capability criterion [63], factor index (FI) [51],significance

   [61] and personnel/ property exposure to all hazards [62]. The influencing factors and techniques introduced in the two dimensional risk assessment models are insufficient and inadequate when compared with the comprehensive approaches used to assess organisational risk management capability in the existing risk management maturity models (RM3). The current two dimensional risk assessment models do not consider the impact of the risk management process, supportive culture, people competence and other resources, project management integration, and risk management practice on the consequence of risk events on construction projects. Hence, an accurate and reliable estimate of the magnitude of individual risk and ovrall project risk level would not be obtained with the current two dimensional risk modelling approaches. In addition the methods used to assess the overall risk management capability of the organisations that are studied are subjective and unsystematic; hence

   maturity levels of the organisations on individual attributes of organisational risk management capability are not assessed.

   However, existing risk management maturity models provide a systematic and comprehensive approach to assess organisational risk management capability. The models are capable of assessing the overall risk management maturity level of organisations and their maturity levels on different risk management capability attributes. These could be used to identify the areas of weakness and strengths of organisations at the planning stage of construction projects. Knowledge of the risk management maturity level could provide additional decision support information if RM3 technique is adapted and integrated into risk assessment modelling approach. No research effort has adapted and integrated the techniques and attributes in RM3into a risk assessment modelling approach. But impact of the organisational risk management capability on project risk consequence would be better determined withRM3 and integration of techniques and attributes in the RM3 into risk modelling approach would produce a complete and reliable risk assessment result.

2. CONCLUSIONS AND SUGGESTIONS Consequent upon the findings in this review, this study

concluded that further improvement on risk modelling is necessary and this could be achieved by developing a risk modelling approach that will adapt and integrate two dimensional risk assessment modelling process with technique and attributes of risk management maturity model (RM3) The proposed approach would integrate probability- severity risk assessment modelling process with technique and attributes of risk management maturity model RM3. The suggested approach will (i) estimate risk magnitude from the combination of probability-severity measures of the risk events and risk management maturity indices of the project stakeholders. (ii) assess the organisational risk management capability in a systematic approach developed in the existing RM3, this will lead to a comprehensive risk assessment result

(iii) reveal areas of weakness and strength of the organisations for risk management at the planning stage on construction projects. Knowledge of the areas of weakness and strength of construction organisations would provide additional information that will assist client on risk response planning and on the selection of contractor for a project. It will also guide the construction organisations on bid-no bid decision.

REFERENCES

1. P. Thompson and J. Perry, Engineering construction risks: a guide to project risk analysis and risk management, London: Thomas Telford Ltd., 1992.

2. R. Flanagan and Norman, G. Norman, Risk Management and Construction, Oxford: Blackwell, 1993.

3. S. M. El- Seyegh, Risk assessment and allocation in the UAE construction industry, International Journal of Project Management, vol.26, pp.431-438, 2008

4. C. Chapman and S. Ward, Project Risk Management Processes,

   Techniques and Insights, Chchester: John Wiley and Sons, 1997

5. J. Raftery, Risk analysis in project management, London : E & FN Spon, 1994.

6. D. Hillson and P. Simon, Practical Project Risk Management, The Atom Methodology , : Vienna,Virginia: Management Concepts, 2007

7. Project Management Institute, A guide to project management body of knowledge:(PMBOK) (3rd editn).Newton Square, PA: Project Management Institute.2004

8. D. A. Hillson, Extending the risk process analysis and its application, International Journal of Project Management,vol. 20, pp.235-240,2002

9. S. Ward and C. Chapman, Transforming project risk management into project uncertainty management, International Journal of Project Management, vol.21 (2), pp.97-105, 2003.

10. Z. Y. Zhao, Q. L. Lv, J. Zuo, and G. Zillante, Prediction system for change management in construction project, Journal of Construction Engineering and Management, vol.136, pp.659-669, 2010.

11. M.M Rahman and M.M. Kumaraswamy, Risk management trends in the construction industry: moving towards joint risk management, Engineering Construction and Architectural Management, vol. 9(2), pp.131-151, 2002.

12. K.C., Lam, D. Wang, T.K. P. L, Lee, and Y.T. Tsang, Modelling Risk Allocation decision in Construction Contracts, International Journal of Project Management, vol. 25, pp.485-493,2007.

13. G.M. Winch, Managing Construction Projects: Information Processing approach, Oxford, UK : Blackwell Publishing,2003.

14. H. Jantan, A. Hamdan, and Z. A. Othman, Intelligent Techniques for Decision Support System in Human Resources Management, Decision Support Systems Advance in, Ger Devlin(Ed.), Shanghai,

    China: In Tech, 2010

15. D. Guyonnet, B. Bourgigne, D. Dubois, H. Fargier, B. Come, and J. Chiles, Hybrid approach for addressing uncertainty in risk assessments, Journal of Environmental Engineering, vol.129 (1)

    ,pp.68-83, 2003.

16. N. Sadeghi, A. R. Fayek, and W. Pedrycz, Fuzzy Monte Carlo simulation and risk assessment in construction, Computer-Aided Civil and Infrastructure Engineering, vol. 25 (2010) pp.238-252.

17. I. Dikmen, M.T. Birgonul, and S. Han, Using fuzzy risk assessment to rate cost overrun risk in international construction projects,

    International Journal of Project management, 25,pp.494-505,2007

18. P. L. Bannerman, Risk and risk management in software projects: A reassessment, Journal of Systems and Software, vol.81(12), pp.2118- 2133, 2008

19. F. Mafakheri, M. Breton and S. Chauhan, Project- to- organization matching: An Integrated risk assessment approach, International Journal of Information Technology Project Management, vol.3(3), pp.45-59, 2012.

20. H. Zhang, A redefinition of the project risk process: Using vulnerability to open up the event- consequence link, International Journal of Project Management, vol. 25, pp. 694-701, 2007.

21. S. Ghosh and J. iintanapakanont, Identifying and assessing the critical risk factors in an underground rail project in Thailand: a factor analysis approach, International Journal of Project Management, vol.22,pp.633-643, 2004

22. E. Monetti,S. A. Rosa da Silva, and R. M. Rocha, The practice of project risk management in government projects: A case study of in Sao Paulo City,Construction in Developing Economics: New issues and challenges, pp.18-20,2006

23. N. Smith, Risk management in J. Kelly, R . Morledge and S. Wilkinson (Ed.), Best value in construction (100-128), Osney Mead, Oxford

    :Blackwell Science Ltd, 2002.

24. B.A.K.S. Perera,R. Rameezdeen, N. Chileshe, and M.R. Hosseini,Enhancing the effectiveness of risk management practice in Sri Lankan road construction projects: A Delphi approach, International journal of Construction Management, vol. 14(1), pp.1-19, 2014.

25. . M. Tadayan, M. Jaafar, and E. Nasri, An assessment of risk identification in large construction projects in Iran, Journal of Construction in Developing Countries, vol. 17, pp.57-69, 2012.

26. A.O. Windapo and O.O. Martins, Relationship between risk management practices and project performance in Nigeria property development companies, The Professional Builder, pp.34-39, 2006

27. S. Mu, H. Chen, Chen, M. Chohr, and W. Peng, Assessing risk management capability of contractors in subway projects in mainland China, International Journal of Project Management http//dx.doi.org/10.1016/j.ijproman.2013.08.0072013

28. S.Q. Wang, M.F. Dulaimi, and M.Y. Aguira,Risk management framework for construction projects in developing countries, Construction Management and Eonomics, vol. 22, pp.237-252, 2004.

29. O Okmen and A. Oztas (2008 Construction project network evaluation with correlated schedule risk analysis model, Journal of Engineering Management, vol.134(1), pp.49-63,2008.

30. D. Cooper, S. Grey, G. Raymond, and P. Walker, Project Management Guidelines: Managing Risk in Large Projects and Complex Procurement. England: John Wiley & Sons, Ltd., 2005

31. M.M. Hopkinson,The Project Risk Maturity Model: Measuring and Improving Risk Management Capability, England: Gower Publishing Ltd, England, 2011.

32. D. Baloi and A. D. F. Price, Modelling global risk factors affecting construction cost performance, International Journal of Project Management, vol. 21, pp.261269, 2003

33. R. Kangari, L.S. Riggs, Construction risk assessment by linguistic, IEEE Transactions on Engineering Management 36 (2) (1989) 126-131.

34. N. J. Smith, T. Merna and P. Jobling, Managing risk in construction projects ,2nd edition, Oxford, UK: Blackwell Publishing, 2006

35. H. A. Odeyinka and R. I. Iyagba,Risk management in construction to avoid cost Overrun,The Quantity Surveyor, vol. 31(2), April/June pp.14-21, 2000.

36. A. Taroun, J. B. Yang, and D. Lowe, Construction risk modelling and assessment: Insights from literature review, The Built & Human Environment Review, vol. 4(1), pp.87-97, 2011

37. K. R. Molenaar, Programmatic cost risk analysis for highway megaproject, Journal of Construction Engineering Management, vol.131, pp.343-353, 2005

38. A. Oztas and O. Okmen, Risk analysis in fixed- price design- build construction projects, Building and Environment,vol. 39,pp. 229-237, 2004.

39. G. D., Creedy, M. Skitmore, and J. K. W. Wong , Evaluation of risk factors leading to cost overrun in delivery of highway construction projects, Journal of Construction Engineering and Management, ASCE/May, pp.528-537,2010.

40. Y.T. Ren and K.T. Yeo, Risk management capability maturity model for complex product system (CoPS) projects. International Engineering Management Conference 2004, pp.807-811, 2004.

41. C. Baudrit, D. Guyonnet, and D. Dubois, Post processing the hybrid method of addressing uncertainty in risk assessments, Journal of Environmental Engineering, vol.131(12), pp.1750-1754, 2005

42. P. K. Dey, Managing risk using combined Analytic Hierarchy Process and Risk Map, Applied Soft Computing, vol.10 (2010), pp.990-1000, 2010,990-1000

43. M. A. Mustafa and J. F. Al- Bahar, Project assessment using the analytic Hierarchy Process, IEEE Transactions on Engineering Management, vol. 38(1), pp.46-52,1991.

44. I. Dikmen and Birgonu, M. T. Birgonu, An analytical hierarchical process based model for risk and opportunity assessment of international construction projects, Canadian Journal of Civil Engineering, vol.33: pp.58-68, 2006

45. M. Hastak, and A. Shaked, ICRAM-I : model for international construction assessment, Journal of Management and Engineering, ASCE 16(1), pp.59-69, 2000.

46. . D. X. M. Zheng and T. S. Ng,Stochastic time- cost optimization model incorporating Fuzzy set theory and non-replaceable front, Journal of construction Engineering and Management, vol.131(2), pp.176-186, 2005.

47. T. Zayed, M. Amer, and J. Pan, Assessing risk and uncertainty inherent in Chinese Highway projects using AHP, International Journal of Project Management, vol. 26, pp. 408-419, 2008.

48. International Association of Contract and Commercial Management (IACCM). (2003). Organisational maturity in business risk management. The IACCM Business risk management maturity model (BRM3) http://www.risk-doctor.com/pdf-files/brm1202.pdf ( October 08, 2014).

49. M. An and C. Baker, A fuzzy logic based approach to qualitative risk modelling in the construction process, World journal of Engineering, vol. 2 (1), pp. 1-12, 2005.

50. . K. J. Zhu, Y. Jing, and D.Y. Chang, Theory and methodology: a discussion on extent analysis method and application of fuzzy AHP, European Journal of Operation Research, vol.116, pp.450-460, 1999.

51. J. Zeng, M. An and N. J. Smith, Application of a fuzzy based decision making methodology to construction project risk

    assessment, International Journal of Project Management,vol. 25,pp.589-600,2007

52. H. Subramanyan, P. H. Sawani, and V. Bhatt, Construction project risk assessment: Development of model based on investigation of opinion of construction project experts from India, Journal of Construction Engineering and Management, ASCE March, vol.138:pp. 409-421, 2012, 409-421

53. Risk Management Research and Development Program Collaboration (RMRDPC)(2002). Risk management maturity level development. http://www.pmi-switzerland.ch/fall05/riskmm.pdf (October 08, 2014).

54. G. Zhang and P. X. W. Zou, Fuzzy analytical hierarchy process risk assessment approach for joint venture construction projects in China, Journal of Construction Engineering and Management,ASCE/October, pp.771-779, 2007

55. Y.M. Wang and T. M. S. Elhaag, Fuzzy TOPSIS method based on alpha level sets with an application to bridge assessment, Expert System with Applications, vol. 31, pp.309-319. 2006.

56. I. Ertugrul and N. Karakasoglu, Performance evaluation of Turkisk cement firms with fuzzy analytical hierarchical process and TOPSIS methods, Expert Systems with Applications, vol. 36,(1), pp. 702-715, 2009,.

57. C. V. Carr and J. H. M. Tah,A fuzzy approach to construction project risk assessment and analysis: construction project risk management system,Advances in Engineering Software, vol. 32 (2001) pp.847-857, 2001.

58. . X. Jin and H. Doloi, Modelling risk allocation in private financed infrastructural project using Fuzzy Logic, Computer Aided Civil and Infrastructure,vol. (24), pp.509-524, 2009.

59. Y. Xu , J. F.Y. Yeung, A. P.C. Chan ,D. W. M. Chan, S. Q. Wang, and

    Y. Ke, Developing a risk assessment model for PPP projects in China A fuzzy synthetic evaluation approach, Automation in Construction, pp. 929- 943, 2010.

60. Y. Xu, A. P.C. Chan, and J. F.Y. Yeung, Developing a Fuzzy allocation model for PPP projects in China, Journal of Construction Engineering and Management, 136, pp.894-903 2010

61. S. H. Han, D. Y. Kim, H. Kim, and W. Jang, A web-based integrated system for international project risk management, Automation in Construction, vol.17, pp.342-356, 2008.

62. O. S. Jannadi, and S. Almishari, Risk assessment in Construction,Journal of Construction Engineering and Management, vol.129,pp.492-500, 2003.

63. S. Ebrahimnejad, S. M. Mousavi, and H. Seyrafianpour, Risk identification and assessment for built-operate-transfer projects: A fuzzy multi attribute decision making Model,Expert System with Applications, vol.37 (2010),pp.575-586, 2010.

64. R. V. Wyk, P. Bowen, and A. Akintoye, Project risk management: The case of a South African utility company, International Journal of Project Management, vol.26 (2008), pp.149-163, 2008

65. M. Schieg, Risk management in construction project management, Journal of Business Economics and Management, VII(2), pp.77-83, 2006.

66. A.F. Serpella, X. Ferrada, R. Howard, and L. Rubio, Risk management in construction projects: a knowledge- based approach. Procedia-Social and Behavioral Sciences, 119 (2014) 653-662, 2014.

67. D.A. Hillson, Towards a risk maturity model, International Journal of project and Business Risk Management, vol.1(1),pp.35-45,1997.

68. M. Loosemore, J. Raftery, C. Reilly, and D. Higgon, Risk Management in Projects, 2nd edition . New York :Taylor and Francis, 2006.

69. .P.X Zou, Y. Chen and T. Chan, Understanding and improving your risk management capability: Assessment model for construction organisations, Journal of Construction Engineering and Mnagement, ASCE/August, pp.854-863, 2010