Project Risk Assessment Techniques

The Risk Register: Your Early Warning System in Construction Projects In construction, surprises are rarely good news. That's why PMI's Risk Register has become my go-to tool for turning uncertainty into manageable action plans. What is a Risk Register? It's a living document that captures identified risks, analyzes their potential impact, and tracks response strategies throughout your project lifecycle. Think of it as your project's immune system—constantly scanning for threats and opportunities. Real Construction Scenario: During a recent construction project, our Risk Register saved us from what could have been a major setback. Here's how we used it: Identified Risk: Concrete supplier capacity constraints during peak construction season Analysis: Probability: High (70%) Impact: Critical (could delay structural work by 3-4 weeks) Risk Score: High Priority Trigger: Supplier's schedule booking rate approaching 85% Response Strategy: Primary: Secured contracts with two backup suppliers at locked-in rates Secondary: Adjusted pour schedule to off-peak periods where possible Contingency: Identified alternative concrete mix designs pre-approved by engineers What Actually Happened: Six weeks into structural work, our primary supplier had equipment failures. Because we had our Risk Register actively monitored with clear triggers, we activated our backup supplier within 48 hours. Zero delay to the critical path. Other Construction Risks We Routinely Track: 🔹 Weather-related delays (especially for exterior work) 🔹 Underground utility conflicts 🔹 Material price escalations 🔹 Labor shortages in specialized trades 🔹 Permit approval delays 🔹 Soil conditions differing from geotechnical reports 🔹 Adjacent property owner complaints Key Success Factors: ✅ Weekly Reviews – Risks evolve; your register should too ✅ Assign Owners – Every risk needs someone monitoring triggers ✅ Quantify Impact – Use time and cost impacts, not just "high/medium/low" ✅ Track Opportunities – Not all risks are threats; some are positive (early material deliveries, favorable weather) Bottom Line: Reactive project management is expensive. Proactive risk management through a well-maintained Risk Register transforms how you handle uncertainty. You're not eliminating risks—you're preparing for them. The best project managers I know don't have fewer problems; they just see them coming from further away. How do you approach risk management in your projects? What's the most valuable risk you've identified early? #ConstructionManagement #RiskManagement #ProjectManagement #PMI #Construction #ProjectRisk #Leadership #PMP

Pricing Portfolio Risk: Credit Risk Transfer (CRT) / Significant Risk Transfer (SRT) allows a bank to transfer a first loss or mezzanine tranche of assets on balance sheet to a third-party investor, permitting capital relief vis-à-vis Basel regulations. Large, savvy banks in Europe have been doing this for 20+ years, transferring risk on nearly ~$200B of portfolios in 2023 alone, frequently in synthetic securitization form. In September 2023, the Federal Reserve Board released a statement providing much-needed clarity to U.S. banks on how they can issue SRTs in synthetic securitization form, while maintaining compliance with Regulation Q. With the implementation of Basel III Endgame set to start in 2025, U.S. banks have begun to engage in risk transfer exercises more vigorously. U.S. banks transferred risk on ~$35B of portfolios during 2023 – mostly in Q4 – however 2024 will prove to be an even more active year in the U.S.   SRT allows a bank to actively manage its credit risk while maintaining the relationships with their institutional banking clients by providing a full range of services (account management, term loans, credit facilities, cash management, FX, trade finance, investment banking, custody, payment solutions, etc.). The bank can take a pool of 300+ relationship loans and transfer the 0-6% or 0-12.5% first loss exposure to an investor via SRT, thus retaining the senior 94% or 87.5% slice, respectively. This exercise has been done most frequently with corporate loans; however, banks also use this tool to manage capital requirements for consumer loans (auto loans, credit cards), residential mortgage loans, infrastructure finance, CRE loans, and more.   SRT returns are determined by the actual credit performance of the underlying loans, along with important structural characteristics like detachment points and the length of revolving period to replace maturing loans. The Marathon Asset Management team, along with other investment managers, have been actively engaged in SRT, in both credit-linked note format and derivative format, the latter of which could be funded either upfront or in a margin structure. The banks we work with are well-managed, strong institutions with astute credit underwriting teams, allowing for a mutually rewarding partnership where we can earn a healthy return while the bank enjoys sustainable capital relief, which in turn improves return on equity for investors. SRTs are a complex exercise, and risk must be priced appropriately for it to remain an attractive investment segment within the structured finance world.   In the example below, the issuance of a 0-10% SRT tranche allows a bank to reduce its risk weighting from 65% on 100% of the loans to 15% on the retained 90% of the risk, resulting in a net 79% reduction of capital required.

Risk models - What Are They? Risk models are "predicting" risk. This is probably not a good way to look at risk models. Firstly, one needs to know what are the risk events, and how does it affect the business. In banking, take credit risk and market risk. A big borrower may default on a big loan, or a big trade may turn sour with large loan credit losses or large trading losses. This are the risk events. How does it affect the business? Losses happen every other day, part of doing banking business. But large losses may threaten the survival of the company. Then the risk models do two things, risk being that the risk events haven't yet occurred but may happen some day: 1. Risk models come up with the expected losses, which is the cost of doing risk business. This cost is priced into transactions with clients (for capital market trades, this is the credit valuation adjustment CVA). 2. Risk models also come up with reserves and money cushions to withstand large losses, to ensure survival to some degree. This is the economic capital estimation, how much capital is required to survive a tail loss to a certain degree. To build risk models, then we ask what are drivers expected losses and unexpected losses. For expected losses, firstly the probability of an event is required, like default probability PD. And how much recovery can be expected on non-performing assets. Then for unexpected losses, this is describing the range of possible losses. And studying the big losses in the tail. Doing this, requires modeling the loss distribution. Especially under a stress scenario, how losses may look like. Where risk drivers is likely to be correlated. We see a few key themes: 1. Describing expected and unexpected losses, economic capital. And regulatory capital. 2. Modeling probability of an event occurring, and other risk drivers like recoveries. 3. Describe the full loss distribution and tail losses. PS: A little on operational risk, non-financial risks. Often the management of non-financial risk is through strict policies and compliance. Instead of expected loss and capital adequacy reserves. Also operational risk often lead to credit or market risk losses. Loose underwriting, or rogue trading for example.

Is Tracking Your Risks a Challenge? Learn how to develop and manage a risk register to take control of uncertainty. A risk register can help identify, assess, and manage risks. You can design it to manage organizational risks or for a specific project. It is a document or system that captures all identified risks, their status, and their management strategies. Developing and maintaining a risk register is an ongoing process that requires attention and updates. It helps organizations and project teams proactively manage risks and minimize their potential impact. During my corporate career, we diligently maintained a risk register. The risk we mitigated was worth the time and effort: 1- Consolidated all identified risks, their assessments, and mitigation 2- Provided a clear understanding of potential risks 3- Accountability for managing each risk 4- Helped identify risks early and minimize impact. 5- Regular updates ensured it remained relevant Here's how you can develop a risk register and manage risk: ✅ Components of a Risk Register • Risk ID • Risk Description • Risk Category • Likelihood • Impact • Risk Score • Risk Owner • Mitigation Strategies • Contingency Plans • Status • Date Identified • Last Updated ✅ 7 Steps to Developing it: - Identify Risks - Describe Risks - Assess Risks - Assign Risk Owners - Mitigation Strategies - Contingency Actions - Monitor and Update 📌 Tip: Create a risk register that is easy to maintain. How do you ensure your organization stays ahead of risks—do you rely on a risk register or other methods? #MAKAlpha ----------------------------- - Follow Abdul Khaliq + 🔔 - Sharing 20+ years of journey. - Providing Fractional CFO/Controller services to SMEs. - Download my work by visiting my profile.

If your financial model doesn’t tell you how sensitive your outcomes are, you’re only seeing half the picture. That’s where Sensitivity Analysis steps in. Whether you're modeling EBITDA, company valuation, or cash flow, testing the impact of changes in assumptions like growth rate, margin, or discount rate is crucial for informed decision-making. 📊 3 Powerful Tools in Excel for Sensitivity Analysis: 1️⃣ Data Tables Easily test the impact of one or two input variables on a key output. Perfect for: Valuation scenarios, breakeven analysis, IRR stress tests. 2️⃣ Scenario Manager Create and store multiple input sets and compare outputs. Perfect for: Best case / base case / worst case planning. 3️⃣ Manual What-Ifs with Named Ranges + Excel Formulas Use dynamic formulas, dropdowns, and structured inputs to test anything. Perfect for: Custom, presentation-ready models with clear audit trails. 💡 Pro Tip: Combine sensitivity analysis with clear data visualization (charts, conditional formatting, slicers) to drive your story home. 👇 How do you use sensitivity analysis in your day-to-day modeling? HERE IS A VIDEO P.S. If you like this content, join our Corporate Finance Hub and enjoy all courses [11 hours of video, 600 pages of tutorials, 70+ Excel models]. www.bojanfin.com See you on the platform.

Most “sensitivity analyses” aren’t sensitive at all. They’re just a few +/- tweaks in Excel. If you want to do it properly, here are 5 quick tips: 1. Pick the right drivers → Focus on the 3–5 variables that truly move the business (price, volume, churn, CAC). 2. Test extremes, not just margins → Push assumptions until the model breaks; that’s where you find the risks. 3. Use scenarios, not scatter → Structure downside, base, and upside cases with clear triggers. 4. Visualize impact → Tornado charts, spider plots, or even simple waterfall views make risks tangible for leaders. 5. Connect to decisions → End every sensitivity test with: “If X happens, here’s what we’ll do.” Sensitivity analysis isn’t about proving your model. It’s about showing leaders where it bends, and where it breaks. P.S. What’s the most surprising variable you’ve seen sink a “bulletproof” plan?

Construction's $1B risk allocation problem. That NOBODY wants to address: When clients provide site data with "use at your own risk" disclaimers, they're not eliminating risk - just creating a ticking time bomb. The Australian Constructors Association and Consult Australia have joined forces to tackle this issue through their "Partnership for Change" initiative: What reliance information includes: - Geotechnical reports - Concept/reference designs - Utilities data - As-built drawings - Contamination reports - Condition of existing assets The impossible position for tenderers: → Cannot verify during tight tender periods → Have no contractual relationship with the original advisors → Must accept "all risk" clauses or be disqualified → Receive zero relief when information proves inaccurate The partnership recommends 2 approaches: PREFERRED APPROACH: - Client secures third-party reliance from original advisors - Original consultants allow reliance for project delivery - No expectation of 100% accuracy, but a mechanism for collaboration when issues arise - Clear risk allocation based on ability to control FALLBACK POSITION: - Re-investigation of reliance information - Early Contractor Involvement (ECI) to assess data collaboratively - Provisional sums with extension of time provisions - Baseline reports that quantify specific risk thresholds Proof these approaches work: Level Crossing Removal Project's alliance model delivered dramatic improvements: - Competitive bid: 5% estimate omissions vs Alliance: 0.9% - Competitive bid: 6.6% cost overrun vs Alliance: 2.2% underrun - 88 weeks tender time reduced to 38 weeks Snowy 2.0 Pumped Storage Project implemented a geotechnical baseline report (GBR) that: - Set out clear risk allocation between client and tenderer - Created a principled sharing of complex geological risks - Prevented tenderers from assuming unknowable risks - Established reasonable expectations for all parties As the partnership paper states: "It is incorrect to assume that because a risk is deemed to have been transferred that it no longer exists." Risk transfer isn't risk management. It's risk multiplication. Has your organisation implemented any of these collaborative risk approaches? What were the results? 

How can you make your Board stand up and pay attention to risk? Today, I led a collaborative meeting with members of the Risk Leadership Network, where we shared practical insights on how to move from just 'presenting risks' to facilitating dynamic, strategic conversations that actually resonate with leadership. Here are some of my key takeaways from the discussion.... ➡️ Getting adequate time on the Board's agenda for strategic risk conversations is a challenge for Risk Leaders. ➡️ The Risk Professional should not only be a compliance reporter, but become the catalyst for conversations about risk. ➡️ The conversation is two-way. The Risk Professional should ask Board members, 'What should we be thinking and talking about that is not already on the Risk Register'. ➡️ Risk reporting should reflect the Board's input and ownership of the resultant approaches to risk. eg 'We have increased our focus on Risk X following members' comments at the last Board meeting'. ➡️ Safety (personal and corporate), security and cyber disruption are high among the list of issues which keep Board members awake at night, as are executive succession planning, securing and retaining talent. ➡️ Boards should scenario plan their responses to risks that are arising, and not just obsess about the optics. ➡️ The Board's risk oversight and mindset needs to be forward, not backward looking. 'What's the next big problem coming down the line for us?' ➡️ The Risk Leader should schedule periodic 15 minute conversations with the Chair to discuss what is really worrying them. Thanks to Michelle McConnell Christina McKeon Frutuoso and everyone at RLN for making this happen.

𝗗𝗶𝗱 𝘆𝗼𝘂 𝗽𝗹𝗮𝗰𝗲 𝗮 "𝗖𝗮𝗻𝗮𝗿𝘆" 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗣𝗿𝗼𝗰𝗲𝘀𝘀 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻? The sort of early warning detection system which monitors your automated processes and sings when irregularities occur? Why a 🐤 𝗰𝗮𝗻𝗮𝗿𝘆 you ask? Around 1911, miners started to take canary birds into the coal mines to detect the accumulation of toxic gases. These birds, would even sense the smallest traces and emissions, starting to erratically chirp and with that giving miners early warnings to immediately evacuate the mine. Just as the canaries once did in the mines, 𝗮 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 "𝗰𝗮𝗻𝗮𝗿𝘆" can play a vital role in monitoring the health of your automated workflows signalling potential issues before they escalate and perhaps, cause scaled harm. But how do you implement a digital canary into your workflows in your process automation? 𝗜𝗻𝗰𝗼𝗿𝗽𝗼𝗿𝗮𝘁𝗲 𝗶𝘁 𝗳𝗿𝗼𝗺 𝘀𝘁𝗮𝗿𝘁: into your design by using code, reconciliation reports, and validation rules to establish effective in-process control checks and monitoring mechanisms and visual dashboards to analyse red flags. Find here 5 examples how to get early alerts in your process automation, even if your automation bots don't know how to sing: ▪️𝗣𝗿𝗼𝗰𝗲𝘀𝘀𝗶𝗻𝗴 𝗖𝗵𝗲𝗰𝗸𝘀: Implement automated checks at various stages of the process to ensure accuracy and completeness and volume variations. ▪️𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻 𝗘𝗿𝗿𝗼𝗿 𝗩𝗮𝗹𝗶𝗱𝗮𝘁𝗶𝗼𝗻: Monitor integration and break points like API's for errors or failures to maintain seamless data flow across systems. ▪️𝗗𝗮𝘁𝗮 𝗜𝗻𝘁𝗲𝗴𝗿𝗶𝘁𝘆 𝗦𝗰𝗮𝗻𝘀: Validate for duplicate records or inconsistencies to maintain data integrity and remove manual overrides or corrections. ▪️𝗨𝘀𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗙𝗲𝗲𝗱𝗯𝗮𝗰𝗸𝘀: Analyse insights from user feedbacks to check on usability issues, frequent issues and detect sentiment drops with NLP / AI. ▪️𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗖𝗼𝗰𝗸𝗽𝗶𝘁: Create a centralised dashboard to monitor compliance metrics to detect red flags and and detect deviations from policies. By integrating digital canaries into your process automation strategy, you are not only enhance your ability to detect and respond to issues rapidly but also promote a culture of self-monitoring and continuous improvement. So, did you already place a digital "canary" into your process design and automations? If not, maybe it's time to reconsider adding this early warning system to your automation approach ensuring the health and resilience of your tasks, data & process performance. What early warning systems have worked for you best? #processautomation #intelligentautomation #rpa #processexcellence

Tail risk refers to the likelihood and impact of rare, extreme moves in investment returns typically those beyond three standard deviations from the mean events that standard normal-based models fail to capture Real-world return distributions exhibit excess kurtosis meaning extreme outcomes (both losses and gains) occur more often than a normal distribution would predict Practical Techniques to Model Tail Risk 1. Value at Risk (VaR) & Expected Shortfall (ES / CVaR) VaR computes the maximum expected loss at a given confidence level (e.g., 95% or 99%) over a certain horizon. It's simple but doesn't capture the magnitude of losses beyond that threshold Expected Shortfall (ES), aka Conditional VaR (CVaR) or Tail VaR, measures the average loss in the worst-case tail beyond the VaR threshold—offering a more comprehensive view of tail behavior ES is coherent and subadditive (unlike VaR), making it more suitable for portfolio risk management In practice, ES can be computed using closed-form formulas for certain distributions or via simulation (e.g., Monte Carlo) 2. Extreme Value Theory (EVT) / Peaks-Over-Threshold (POT) Focuses on modeling the tail distribution directly, rather than the entire return distribution. The POT method fits a Generalized Pareto Distribution (GPD) to the values that exceed a high threshold sidestepping parametric assumptions over the full range EVT approaches are highly practical in risk management used for forecasting VaR and ES more accurately, especially when data exhibit heavy tails Academic work shows combining GARCH filtering for volatility clustering with EVT on residuals improves tail risk estimates 3. GARCH and Time-Series Models Return volatility clusters over time. GARCH (and its variants) models this conditional heteroskedasticity: ARCH/GARCH models estimate time-varying volatility, improving tail risk estimates by accounting for changing market regimes These models are often paired with EVT for enhanced tail modeling: filter returns via GARCH, then apply EVT (like POT) to the standardized residuals 4. Stochastic‐Volatility and Jump Models (SVJ) These models capture both volatility dynamics and discontinuous jumps: SVJ models (e.g. Bates, Duffie–Pan–Singleton) blend stochastic volatility with jump components, enabling fat tails, skewness, volatility clustering, and large jumps all in one model They’re particularly useful for tail risk modeling in derivatives pricing and hedging applications thanks to their market realism 5. Copulas for Multivariate Tail Risk To model joint tail dependencies across assets: Copulas enable constructing joint distributions from individual marginals, capturing dependence structures including during extreme events Useful for portfolio-level tail risk, systemic risk, or stress testing scenarios where multiple assets may suffer extreme losses simultaneously