9 elements every firm should include in its formal risk management strategy
FMI artwork

Construction is all about managing risk. Whether the concern is employee safety, contract terms, subcontractor selection, material choices or another one of the myriad issues that go into a successful project, at some point or another, every juncture comes with its own level of risk. By conducting a formal corporate-wide risk assessment and implementing a risk management process, construction firms can more effectively recognize, address and mitigate potential risks before those issues develop into negative outcomes.

In today’s construction environment, managing risk is no longer just a defensive strategy. It’s not enough to just sit back and hope that a problem won’t happen, because it most likely will. The more sophisticated and formalized a company’s risk management processes are, the more opportunity a contractor has to profit from mitigating and managing the associated risks.

In this article, we explore the underlying reasons for developing a solid risk management program in construction, show why it’s smart to take a holistic view when developing a plan of action, and outline the nine key elements—based on our industry research—that should go into every firm’s risk management blueprint.

blueprint for risk management

You Are in the Risk Management Business

Contractors work in an inherently risky business. Tight time frames, multiple stakeholders up and down the value chain, and dangerous working conditions are all “just part of the job” for contractors. Risks are so common, in fact, that contractors can become numb to the wide range of issues that they face (or could face) on a daily basis.

The ever-changing construction market has added fuel to the fire. Good, bad or indifferent, all contractors are now operating in a new post-recession landscape characterized by tighter margins and less room for error. The days of high margins and favorable contractual language are gone. Owners are more educated, the competition is tougher, and companies are facing acute skilled labor shortages. As a result, businesses are running fast and hard, and increasing their risk exposure while decreasing their prices. It’s the perfect storm that can ultimately lead to company failure and bankruptcy (see the FMI Quarterly article on “Why Contractors Fail”).

In this new business landscape, contractors must manage risk differently than they did just 5 years ago. This notion was confirmed in a recent study where AGC and FMI surveyed the general and specialty contractors in AGC’s Surety Bonding and Risk Management Forum: More than 90 percent of survey respondents stated that they were managing risk differently compared to 5 years ago. 1

Based on its ongoing industry research, FMI has witnessed and helped successful construction companies reinvent their risk management practices and turn them into intentional and formalized programs at the enterprise level, rather than piecemeal or reactive on an individual basis. This is a very different approach compared to how risk has been managed historically and allows contractors to take a more holistic and strategic view of their business. Using a formalized risk management process centered on potential risks (i.e., compliance, finances, fraud, customers, etc.) and specific actions that address those risks, firms can take steps to support the overall organization in its quest to minimize risk. Rather than viewing risk as an inevitable evil, risk-averse firms have embraced it as a strategic opportunity.

Playing Offense and Defense

Let’s face it—risk management is not a new concept for anyone in the industry, and it’s not something that can simply be mandated. Like safety, risk management requires constant communication, education and efforts to build awareness and provide value to both employees and clients.

Alex Munoz, vice president of safety and risk management at Messer Construction Co., stated, “One of the easiest ways to create a corporate culture around risk management is by making it everyone’s job. That means moving from an ‘It’s the department’s role’ mentality to one that says, ‘We share a job, and that’s to create a risk-aware culture.’”

Many firms are taking this enterprise wide approach to risk management with two overarching objectives: offense and defense. Here’s the difference between the two:

  • Offensively, risk management aims to increase the value of the business by formalizing risk tolerance, potentially increasing profit margins and stabilizing earnings.
  • Defensively, risk management protects the business by guarding the balance sheet, profits and legacy of an organization.

Firms that want to do a better job of managing risk—or launch an entirely new, formal program that tackles the issues outlined in the beginning of this article—must incorporate a mix of offense and defense. Digging down to deeper levels of understanding, FMI has identified nine elements that should be included in a formal risk management strategy. By incorporating these elements and taking a more holistic approach to risk management that goes beyond just insurance or safety programs, firms can begin to realize the positive impacts of their efforts.

Here are the nine key elements—organized into three primary categories—that should be included in your firm’s formal risk management plan (see Exhibit 1):

Strategic Elements

  • Enterprise risk management—The traditional approach to risk management involved a “siloed” approach in which individuals (or teams) were only responsible for risks that impacted their respective silos, with the assumption that someone else would manage the other risks. An enterprise approach to risk, on the other hand, involves the collective identification, assessment and management of risks that a business faces. This occurs not just on a local level or within its business sector, but on a global level in areas that may not correlate directly to the business. This global perspective can help leaders identify risk areas more clearly and serve as an important precursor to strategic planning.

    “Everyone in the company is now included in our risk management practice,” said Dallis Christensen, CFO at Layton Construction. “Our superintendents are more involved with both quality and safety issues, project managers might be looking at subcontractor or owner contract clauses more closely, and our estimators review our subcontractors’ pre-qualifications and financial strength in much more detail.”

  • Risk management partners—As in any business, the right partners are vital to a firm’s success. In the construction industry, those partners include both insurance and surety partners that possess construction industry expertise, commitment to the construction industry, industry-focused research (e.g., emerging issues) and sufficient bench strength. The top insurance brokers and companies in the industry understand their clients’ business and serve as strategic partners, equipping companies with the right suite of products to navigate an ever-changing marketplace.
  • Leveraging risk management—As the industry has evolved, contractors have had to shift how they view risk management. Today, best-in-class firms are able to protect themselves better, increase the value of their organizations, and identify new ways to improve profit margins. At its essence, company leaders are starting to accept and manage appropriate risks that have the potential to add value to their businesses. This is a far cry from the past, when contractors had a fairly consistent knee-jerk reaction to risk, either refusing to accept it in the contract and/or immediately passing it on to others (i.e., subcontractors and suppliers).

Structural Elements

  • Financial participation—The majority of today’s construction leaders lack a full understanding of their company’s risk tolerance. In other words, they may be exposing their businesses to more potential economic loss than they can tolerate, either reputationally or financially. On the flip side, some companies have risk management functions that are benefiting others more than they should (e.g., owners, insurance carriers, competitors, etc.). This so-called financial over- or under-participation can make or break a firm and represents a critical step in balancing risk versus protecting the balance sheet.
  • Risk management department—Leading contractors have a formalized risk management department embedded in their organizations, led by a professional (usually full-time) risk manager with a defined role and specialized responsibilities. This role should not be relegated to an outside broker, de facto safety manager or someone else in the organization. Risk managers contribute significantly to the overall management of a construction business and should have a seat at the executive table, embedding risk management into the corporate strategy.
  • Insurance program—The role of insurance is simply to allow companies to “rent” the insurance company’s balance sheet when risks and the potential losses exceed an organization’s risk tolerance. Understanding that need for protection, companies must ensure that the suite of insurance products sufficiently protects their balance sheet and earnings stream—should something undesirable occur. The key is to have an insurance program that appropriately matches the risks of the company’s specific business and exposures.

Operational Elements

  • Project risk assessment—Leading contractors have a systematic and consistent process to evaluate and analyze potential project risks prior to pursuing a project award. This process involves a team of internal experts with specialized experience who review key areas of project risk (i.e., contract terms, constructability, financing, partners, location, logistical issues, equipment needs, etc.). Armed with a clear understanding of their enterprise risk tolerance as well as a strong project risk assessment, contractors are better-equipped to incorporate appropriate contingencies and margins on specific projects, which ultimately results in more accurate job costing.
  • Safety program—All contractors have safety programs in place these days, but the leading organizations have created a culture of safety throughout their organizations and up and down their value chains. Leading organizations also aggressively track and manage claims—focusing on the process and the costs, including robust return-to-work programs—and understand that safe jobs tend to be profitable jobs. A strong safety program not only has the “right” components, but it also has the appropriate measurements and metrics in place to monitor performance and accountability.
  • Project execution—Whether acting as a subcontractor or a general contractor, there is an inherent and obvious risk in executing a project. When a contractor’s operations involve subcontractors and vendors, that contractor still has both financial and reputational risks on the line—yet someone else is doing the work. With this dynamic in mind, it’s easy to understand why subcontractor management is a key focus for leading firms.

Steps to Success

The idea of managing risk as an “offensive” strategy is not a new concept. Best-in-class companies understand the value of a formalized and intentional risk management program and long ago embraced the idea of strategic risk management. Whether in reaction to tight markets with demanding and impatient stakeholders, or with the foresight to see the advantage of this type of planning, the industry is evolving its view of risk management. As the industry continues to change, and as executives spend increased time considering risk, this model of best-in-class risk management will serve as a blueprint for success.

1 Key findings of this study “Managing and Mitigating Risk in Today’s Construction Environment” were published by AGC and FMI in June 2016.