Submit manuscript...
eISSN: 2572-8520

Civil Engineering

Research Article Volume 4 Issue 1

Risk management in construction projects: are small companies prepared?

Ana Violante, Caroline Dominguez, Anabela Paiva

Department of Engineering, University of Tr

Correspondence: Ana Violante, University of Tras-os-Montes and Alto Douro, Department of Engineering, Quinta dos Prados, Apartado 1013, 5000-801 Vila Real, Portugal

Received: November 18, 2017 | Published: January 12, 2018

Citation: Violante A, Dominguez C, Paiva A. Risk management in construction projects: are small companies prepared? MOJ Civil Eng. 2018;4(1):1-7. DOI: 10.15406/mojce.2018.04.00090

Download PDF


Project management has been more commonly accepted and implemented by companies, but risk events, as well as specific requirements on companies, in general has been turning into a greater concern in the implementation of management practices. Over the years, different recognized methods have been developed by various associations allowing project managers to easily access to the best management practices. Considered the project management’s basis of knowledge, the prestigious Project Management Institute (PMI) documents sets of processes, methodologies and practices through the Project Management Body of Knowledge (PMBOK) Guide, where risk management is included. Through a case study of a small Portuguese construction company, this paper seeks to highlight what are the difficulties for small construction companies to deal with risk management and to characterize how they manage risks and which aspects can be improved.

Keywords: construction industry, risk management, project risk management, PMBOK, companies


PMI, project management institute; PMBOK, project management body of knowledge


Risk management has always impacts in one or more project targets.1,2 Although many projects are similar, each one is unique and has always specific risks associated with to. In fact, for a company to be successful, it must accomplish a proactive and consistent approach to risk management, during the project life-cycle, to be effective at all organizational levels.1 Economic downturn experienced in the last 25 years provided a contribution to project management acceptance by companies. Companies started to recognize the need to compete, not just on a project cost basis, but also on quality and, later, on decreasing the schedule of projects and maximizing resources.3 In the construction industry worldwide, there are several failures related to project management, from overrun and over-budget, to a high level of serious and mortal work accidents, low productivity or weak quality.4,5 The application of risk management techniques influence performance improvement (of quality, costs, schedule or workers safety) of the project.1,2 Those factors put the project at risk, affecting directly the productivity. Major projects suffer sporadic deviations during the life cycle, which increases the risk level and the need of risk management processes.4–6 In bigger and more complex projects, this occurrence is much more frequent. The construction sector is composed by complex and dynamic environments, because of manual work dependency in the processes.7 According to the same authors, the construction process can be considered a big exercise of risk management, because for many years there have been deviations in relation to the initial planning. The construction industry is under more risks than others since projects support their own risks, due to the fact that they involve different people or uncontrollable external factors.8,9 Drawing on the literature review and particularly on the conclusions of a previous work in Portugal of Martins,10 this article intends to present the results of an investigation which aimed at checking the way companies, in particular small ones, apply risk management processes steps, as well as at analysing which are the most common detected restraints, evaluating the existent constraints and implemented techniques, and the reasons behind the non-application of some methodologies by the companies.

Materials and methods

Risk and risk management in construction companies

A risk can be characterized by the risk event, its probability of occurrence and the amount of potential loss or gain.8 Risk is present in all projects and its occurrence depends of its risk’s nature.3 All factors which comprise a risk should be identified, analysed and evaluated, in such a way that, the answer to the risk can be preceded immediately. That answer is a formulation of a management strategy process which leads to the identification of risk management and to the Risk Management Plan.10 In the construction field risks are defined and grouped into internal (Table 1) and external risks.11–13 Internal risks are under project team control, while external risks are beyond its control, because they are associated to the market and natural environment.14 In turn, risks are rated from low or moderate importance according to their influence in the project goal(s).12


Al-sabah, Menassa e Hanna


Internal risk

Internal risk


Internal risk

Construction and execution risks

Construction risks


Construction risks

Planning/project risks

Design risks


Initial project phase risks

Administrative and financial risks

Financial risks


Financial risks

Safety risks

Management risks


Occupational hazards and human risks

Technical quality risks

Maintenance risks



Environmental risks




Table 1 Internal risks settings by various authors
Source: Based on Al-sabah, Menassa e Hanna;12 Fortunato;11 Martins.13

Risk management processes in the project management processes

Project management processes are grouped into five categories known as Project Management Process Groups. In Figure 1 is illustrated the group of processes and procedures included in a project life cycle.1 Project management life cycle entails 10 knowledge areas in which risk management has been more recently added. From the mid-1990s methodologies and risk management techniques started to integrate project management.3 In Table 2 an overview of the Project Risk Management decomposition of processes and its contribution in the various stages is presented.

Figure 1 Groups of project management processes (Source: PMBOK (2013)).




Monitoring and controlling


Risk Management Plan

Monitoring and Risks Controlling

Risks identification

Perform Qualitative Risk Analysis

Perform Quantitative Risk Analyses


Risk Responses Plan


Table 2 Groups of processes and procedures and knowledge area of Risk Management according to PMBOK (Source: Adapted from PMBOK quoted by Sotille15

Risk management plan

Following the risk management procedures, what comes first is to Plan Risk Management. It should start when the project is designed and it should finish in the initial phase of the project planning. The scope of the Risk Management Plan is to describe how risk management activities will be structured and performed.1,3 A survey to 31 micro, small and medium sized companies of the construction sector was performed in the north of Portugal. Around 74% of the companies use risk management beyond what is required in the Occupational Safety and Health Plan, even considering that half of the companies just does it in a superficial way. Most of the companies developed their own methodology based on their own experience and just two companies followed the PMBOK procedures.13 In the scope of construction site, a particular attention should be given. So, all objectives and solutions of possible necessities that can occur should be well defined.14–16

Identification of risks

The main goal of Identifying risks is to generate an organized and structured list of identified risks, showing their characteristics, causes and consequences, so it can be used during next phases or even in other projects.1,11 This is an iterative process since new risks can occur during the project life cycle or in which existent risks become more obvious.3 Even if companies have the knowledge of the existing risks, the level of concern regarding risk management is not high and many companies do not use routinely a complete risk treatment.13 Companies mostly identify risks using the brainstorming technique where an identification list of risks is produced in mutual agreement between project stakeholders.11,17 This is the most common technique.3,11,18,19 Following brainstorming is the checklist analysis.3,11,18 There is a proposal of risk identification through a checklist analysis where risk elimination is decided for further analysis in the following process.17,20

Perform risk analysis

Performing Risk Analysis, after identifying risks, is either a qualitative and/or quantitative risk analysis task. It is not always possible to predict an event importance comparing with others, due to the lack of quantifiable results. For this reason and to be faster and economical, in some situations in construction projects, only a qualitative risk analysis is performed.11 Qualitative risk analysis is a process which prioritizes risks according to their importance level. It involves evaluation, combination of probability and impact, the gap between answer delay and company risks toleration. It is connected to project restrictions whose project documents updates are a result of qualitative risk analysis.1 The main goal of this process is to enable project manager to reduce the level of uncertainty and to focus in high priority risks.1,3

Plan risk responses

This process involves the development and determination of actions aimed to increase the probability and impact of the positive events and to decrease the probability and impact of negative events, which were found during the risk analysis process.3,21 Activities and resources are inserted in the budget, as well as the schedule and project plan, as needed.3 The construction companies interviewed by Fortunate11 used the following tools to plan risk responses: revision of previous projects in 35% of the companies and risks transference plans, occasionally in 39% of them.

Monitoring and controlling risks

The last process is Monitoring and Controlling Risks that consists in executing Risks Responses Plans (being followed by the identification of risks), monitoring the residual risks and identifying and assessing new ones, as well as the efficiency of all evaluation during the project.1 Although risk responses are executed during the whole life cycle of the project, the project must be continuously supervised in such a way to detect new risks and possible changes.1,13,22 According to the work developed by Martins13 28% of the companies analysed controlled risks through risks review and for 35% of the companies through measuring the technical performance.

Research methodology

The present research followed a case study methodology of a Portuguese small sized enterprise. Therefore, the results obtained cannot be generalized. However, it is possible to predict some tendencies. The main reference method in project management followed in this research was the PMBOK Guide 5th Edition1 and the Portuguese book Gestão Moderna de Projetos.3 Data collection from internal company documentation and an in-depth interview were used. A script was elaborated as a tool for the interview which was divided into five sections: interviewee's data, enterprise characterization, project identification, risk management processes and other relevant questions. Considering the nature of an exploratory study, the methodology of investigation consisted on the use of a case study of a construction industry company to meet the goal of this work. The construction company, as already referred, is a small-sized company from the Portuguese construction industry, it means that its annual turnover or total annual balance sheet is under EUR 10 million.23 The headquarters of the company are located in the north-western district of Braga, in Portugal. It was founded over 20 years ago and its main activities are construction and public works, specialized in masonry. A qualitative method and the analysis of data collected from an in depth open-ended questions interview were employed. These two methods were put together based on the literature review. The questionnaire was answered by the responsible for project management of the company, which developed functions of Quality and Financial Control Technician. This project manager described in detail all the processes for risk management used in the company and supplied several documents for analysis. An interview seemed the most appropriate tool, since data had to be collected as part of personal contact with the project manager of the company – an interview is known as an efficient way to examine the perceptions of people involved in the processes. It was developed to elicit data that could lead to understand and interpret the perceptions, opinions, and expectations of the project manager.24 This type of investigation is particularly suitable for exploratory case studies in which the dimension of the sample is not a big issue.25 Prior to conduct the interview, it was tested through its application to two other project managers of two other companies to assess its face validity. Minor refinements were made, such as, rephrasing the questions to improve its comprehension, however these refinements did not affect construct validity. After that, the project manager of the studied company was contacted and invited to participate in our study. Once data collection was performed, content analysis of the responses followed.

Results and discussion

Risk Management decomposition is divided into processes which are composed by diverse groups (or steps), whose definitions change with the authors, however, generally they are similar. The Risk Management knowledge area intervenes during the Planning stage and Monitoring and Controlling stage. The Planning stage is composed by the first four processes which are: Risk management Plan, Identify risks, Risk analysis and Plan risk responses. The Monitoring and Controlling stage is composed by: Monitoring and risks controlling.1 A detailed explanation of all those processes will be presented forward, as well as how they are implemented in the company studied.

  1. Plan risk management: defines roles and responsibilities, like the ones mentioned by PMBOK that are executed by this company. It has contractual agreements such as third-party insurance or insurance against occupational accidents or specific plans. The data collection is made through informal meetings with stakeholders and analytical techniques, as presented by PMBOK1 and António Miguel.3 Besides these outputs, it follows the national law regarding to the Health and Safety at the work on switchyard, DL n. º 273/2003.26
  2. Identify risks: the most internal risks identified concern the initial project phase risks, construction and occupational hazards and human risks, identified also previously by other authors.9–11 The most frequent external risks identified were administrative financial risks and social risks. When the company is subcontracted, risks are lower that when the company subcontracts, for example, in insolvency of a sub-contracted company the studied company has to support all expenses jeopardising its own survival. Social risks such as thievery or negligence. An input in this process is the Organizational process assets which are not updated and organized. In this situation the stakeholder experience is the only considered aspect.
  3. Qualitative risk analysis: project documents’ update is the result of the process of risk analysis, however the interviewee claims that it is not done. The company believes that the applied risk management by them is enough, however for the improvement of risk management, it is necessary to update project documentation.1
  4. Plan risk responses: the risk transfer is the strategy to handle threats, by previously defined contractual agreements. In this case, there are no contingency plans. In situations in which the main worker is absent, there is no solution previewed, which affects the work efficiency. During the construction execution on site, the foreman signs a document with the reception date of the new plan as a response strategy against initial project phase risks. To avoid situations connected with construction risks, workers are informed by the Site Manager and Foreman about the construction procedures to be followed. In order to avoid occupational hazards and human risks, the company affirms that workers carry Personal Protective Equipment (PPE), get training and are monitored during their functions. Around 40% of companies occasionally do training to the workers.13 When the situation allows it, mechanical equipment’s can be used to reduce workforce.27 As a preventive measure against administrative and financial risks, a cost management planning is made through a working capital. Part of the invoice value is retained by the developer (usually, from 5% to 10%) and payed to the construction company after work’s conclusion in the construction site. Another way to tackle this risk found by the company was to move to the international market (it happened when crisis in Portugal started to increase).
    1. The Measuring and Monitoring Plan presented by the company consists of databases with a list of suppliers to identify new possible suppliers, as well as suppliers with whom previous commercial relations were made. It describes undesirable situations that occurred during the year with the entities that provided products or services. In this checklist the requirements the suppliers should follow are indicated. Besides that, the quality of services provided is also specified, namely the construction situations that did not fulfil the defined requirements. This is a useful tool given the fact that it has the historic of suppliers, for the acquisition of a specific material, allowing to choose the most convenient supplier, according to the needs (Table 3).


Product A



Regular supplier

Others under consultation

Requirements to be requested to the supplier

Price (when not defined initially)

Deadline to deliver



Where, when are the requirements specified

In the parcel


Evidences to be requested from the supplier

Quality marking and/or conformity

C.E. marking

Deadline to deliver

At the deadline defined

Who and when inspects


Product deliver

What is inspected

Requested requirements



What is acceptable

What was requested

Where is recorded

Purchases delivered in the construction site:

record in the transportation guide and

fulfilment of the purchasing conformity

verification guide. If purchases are made at

the reception desk: no record needed Or Fulfil

the purchase conformity verification guide

What to do in case of non-conformance

To fulfil the non-conformance

record or to request its fulfilment to the


administrative department

Table 3 Measuring and Monitoring Plan

    1. The Verification plan is a quality management tool through a checklist analysis that allows scheduling the equipments’ inspections and reviews. In a semester-basis, a periodicity grade is distributed to each equipment in which its operation conditions must be calibrated or verified, and the task of maintaining the equipment assigned to a responsible person. This plan allows the reduction or elimination of those risks and the adaptation of the financial and schedule management to the problem detected, avoiding unforeseen situations.
    2. The Implementation and Monitoring Plan consists of analysing a checklist in all projects and specific activities. A list of entities, which must execute an activity, the necessary equipment, what should be controlled, who is the responsible for this control and which is the frequency of it is created. The Implementation and Monitoring Plan is a guarantee of quality control measure of the required conditions, ensuring the compliance of all criteria (Figure 2); The Non-Conformity Report function is to maintain the certification and quality assumed by the company. Any person in the construction site is allowed and should fill in a non-conformity report, in case of any irregularity detected (and after applying a corrective measure if needed) (Figure 3).

Figure 2 Example of an Implementation and Monitoring Plan used by the company.

Figure 3 Example of Non-Conformity Report form used by the company.

  1. Monitoring and risks controlling: the company holds a “standard model” to carry out its projects, upgrading this model to each project. According to the interviewee, for the risk management improvement a more thorough documentation of all projects should exist.
  2. The results of this research are according to the majority of results obtained by Martins13 company follows internal methodologies and not all the procedures and tools presented by PMBOK Guide and Standards. As mentioned by Fortunato,11 Martins13 and Soares17 without risk management experts, human resources manage the risks based on their specialities. As smaller the company, the biggest the responsibility of the employers (multitasking). This fact does not allow a careful and monitored management, as desired.


For Planning Risk Management the construction company studied has as outputs the roles and responsibilities, uses checklist analysis and brainstorming techniques has mentioned in PMBOK. The most common and inherent internal risks to the project, mentioned by the company were initial project phase risks, construction risks, also occupational hazards and human risks. The main reasons for the existence of these risks are lack of control in the quality of materials or construction methods. To avoid those situations, the company has to fill in documents during the reception or delivery of the materials, and to verify the Technical Sheets of the materials, where all their technical specifications are mentioned. It was predictable that Occupational hazards and human risks where mentioned, since the construction industry is a sector with higher occupational accidents, because of higher dependence on hand works, use of products and manufacturing of hazardous products to the environment and health. As risk responses, the company does not have an alternative plan (or contingency plan). Therefore it has no leverage in case of occurrence of unpredictable situations. That hinders the good use of the management techniques and it has a direct influence in the management applied by the company in all procedures. The company only uses information systems and carries on meetings with a various range of stakeholders as information gathering techniques as PMBOK specifies, to avoid risks. To Plan risk responses the company developed internal documents. After updating the identification risks process, a Measuring and Monitoring Plan is used, which allows to make decisions concerning the requested services. The Verification Plan allows minimizing or eliminating some risks. The Implementation and Monitoring Plan and the Non-Conformity Report are documents created to comply with the quality criteria assumed by the company. The company agrees that the application of risk management techniques influences the performance improvement of the quality, costs, schedule or workers safety. In the Monitoring and risks controlling phase the interviewee considers that is necessary a better documentation of all processes and procedures. The creation of stimulus or legal obligations to the companies can encourage them to use preventive measures to the implementation of risk management practices. The developed work leads to the conclusion that in most of the cases the person responsible for decisions analyses criteria based on personal factors, such as experience or its own attitude towards risk. This subjectivity in the decision moments may turn management tools impractical. There were some limitative factors during the case study such us the fact that it was not possible to access any tools from other knowledge areas, such as cost management. It would have been interesting to understand if there were initial planning derivations and which were the causes. The answers obtained where mainly related to the quality and financial department due to the interviewee functions in the company. For this reason, in future research will be important to interview other workers, working in different departments, for a deeper analysis.


The authors thankfully acknowledge the construction company, which gave us the opportunity to study its Project Management methods and to develop this work.

Conflicts of interest





  1. PMBOK. A Guide to The Project Management Body Of Knowledge. 5th ed. Project Management Institute (PMI), Newtown Square, Pennsylvania, USA; 2013. p. 589.
  2. Abdolmohamadi Milad. Risk Management in Small Construction Projects in Kermanshah Province. International Journal of Research in Social Sciences. 2014;4(5):30–40.
  3. Miguel António. Gestão Moderna de Projetos: Melhores Técnicas e Práticas. 7th ed. FCA - Editora Informática, Lisboa, Portugal; 2013. p. 485.
  4. Ameh O, Osegbo E. Study of relationship between time overrun and productivity on construction sites. International Journal of Construction Supply Chain Management. 2011;1(1):56–67.
  5. Flyvbjerg, B, Garbuio M, Lovallo D. Infrastructure Projects: Two Models for Explaining and Preventing Executive Disaster. California Management Review. 2009;51(2):170–193.
  6. Hwang B, Zhao X, Toh L. Risk management in small construction projects in Singapore: Status, barriers and impact. International Journal of Project Management. 2014;32(1):116–124.
  7. Abderisak A, Lindahl G. Take a chance on me? Construction client’s perspectives on risk management. Procedia Economics and Finance. 2015;21(15):548–554.
  8. Khodeir LM, Mohamed AHM. Identifying the latest risk probabilities affecting construction projects in Egypt according to political and economic variables. HBRC Journal. 2015;11(1):129–135.
  9. Peckiene A, Komarovska A, Ustinovicius L. Overview of risk allocation between construction parties. Procedia Engineering. 2013;57: 889–894.
  10. Lam KC, Wang D, Lee PTK, et al. Modelling risk allocation decision in construction contracts. International Journal of Project Management. 2007;25(5):485–493.
  11. Fortunato T. Modelo de Gestão de Risco em Obras de Escavação de Túneis em Rocha. Master Thisis, Instituto Superior Técnico (IST), University of Lisbon, Lisbon, Portugal; 2013; p. 91.
  12. Al-sabah R, Menassa CC, Hanna A. Evaluating Significant Risks in the Middle East North Africa (Mena) Construction Projects From Perspective of Multinational Firms . Proceedings of the CIB W78 2012: 29th International Conference, Lebanon; 2012 p. 1–10.
  13. Martins A. Risk Management in Civil Construction Works. Master Thisis in Civil Engineering, University of Trás-os-Montes and Alto Douro (UTAD), Vila Real, Portugal; 2011. p. 100.
  14. Almeida K. Analysis of risk management applied to the acquisition of goods and services for capital goods projects. Dissertation in Civil Engineering, Universidade de São Paulo. USP, São Paulo, Brazil; 2008.
  15. Sotille Mauro. Planilha de processos do Guia. 5th ed. PM Tech, Brazil; 2013.
  16. Antunes P. Deviations of deadlines and costs in the execution of public works contracts. Dissertation, Lusophone University of Humanities and Technologies, Lisbon, Portugal; 2012.
  17. Soares J. Análise das metodologias de cálculo do risco aplicáveis a projetos de construção. Dissertation, Universidade do Minho, Braga, Portugal; 2014.
  18. Dziadosz A, Rejment M. Risk analysis in construction project - chosen methods. Procedia Engineering. 2015;122(122):258–265.
  19. Martins CG, Luiz M, Ferreira R. Application of risk identification techniques in enterprises. Engineer. 2006;8(2):120–133.
  20. Estrela M. Analysis method and Risk control of deadlines in construction project. Dissertation, Universidade Técnica de Lisboa, Lisboa, Portugal; 2008.
  21. Lopes S. An assessment of risk management practices in civil construction projects in companies in the State of Rio de Janeiro. X National Congress of Management Excellence, Brazil; 2014.
  22. FERMA-Federation of European Risk Management Associations. Norma de gestão de riscos. Brussels, Belgium; 2002.
  23. European Comission. Recomendação da Comissão relativa à definição de micro, pequenas e médias empresas. Jornal Oficial da União Europeia. 2003;124:36–41.
  24. Ammeter A, Dukerich J. Leadership, Team Building, and Team Member Characteristics in High Performance Project Teams. EMJ-Engineering Management Journal. 2002;14(4):8.
  25. Godoy A. Introduction to qualitative research and its possibilities. Revista de Administração de Empresas. 1995;35(2):57–63.
  26. Diário da República, no 251. I Série A, Decreto-Lei n.o 273/2003 de 29 de Outubro–Estabelece regras gerais de planeamento, organização e coordenação para promover a segurança, higiene e saúde no trabalho em estaleiros de construção – Portugal; 2003.
  27. Baptista J. Segurança na Construção de obras de Engenharia Civil. Oral presentation, Universidade de Trás-os-Montes e Alto Douro. Vila Real, Portugal; 2015.
Creative Commons Attribution License

©2018 Violante, et al. This is an open access article distributed under the terms of the, which permits unrestricted use, distribution, and build upon your work non-commercially.