Risk-based audits in the construction industry

Audits are an essential part of risk management. They provide the feedback loop to help identify improvements. But too many audits can be counter-productive or wasteful. Large and complex construction projects are often subjected to numerous external audits or surveys, each focusing on a specific topic to meet a specific requirement of a particular project stakeholder, whether regulator, partner, insurer or third-party inspector.

The sheer volume of audits places a significant resource burden on the main contractor. This may be acceptable where recommendations arising from the audits truly add value, but all too often they make little or no contribution to reducing risk. This happens frequently when a prescriptive, checklist-based approach is taken to the auditing. The “one-size-fits-all” approach rarely fits anyone.

 

A RISK-BASED APPROACH

An approach that Risktec has found to be more effective is to focus on the management system. Typically Risktec would undertake periodic audits over the life of the project that aim to seek evidence that the management system is implemented effectively at the construction site as well as throughout the sub-contractor supply chain.

At the core of this approach is the desire to focus on the root causes of possible incidents rather than the last line of defence. This concept is illustrated in Fig. 1, the well known “Swiss cheese” model of accident causation. The prescriptive “tyre kicking” audit tends to look at the quality of the last line of defence, e.g. the fire extinguisher, whereas the management system audit would look at the quality of the arrangements for ensuring that all practical means of fire prevention and protection are maintained.

Figure 1 – Auditing the Swiss Cheese model

The overriding objective is to provide comfort to stakeholders that risks are being properly managed, at all times, and not just when the auditor is on site. Furthermore, the approach means that any recommendations equate to tangible benefits to the project.

For large construction projects the risks will change as the project progresses through its various phases. Therefore audits are timed to coincide with major changes on the project, for example, prior to enclosing structures which would change the fire risk, or prior to heavy lifts which introduce an additional risk.

 

VERTICAL SLICES

The typical steps of the “vertical slice” method that Risktec takes are shown in Fig. 2.

Figure 2 – approach to risk-based auditing

Firstly, the project programme is reviewed with the project senior management who explain how risks are identified, what the key risks are and how they are managed for each phase.

Documentation is then reviewed, starting with the risk register and moving on to the health, safety, environment and quality system manuals and procedures, fire control procedures, method statements, etc.

A specific high risk activity is selected and interviews are held with key personnel to understand how the risks are being managed, especially where more than one sub-contractor is involved. Follow-on audits are targeted on other high risk activities or on specific sub-contractors.

This is followed by a site walk-down to find evidence that what is being preached is actually being practised on the ground.

Any shortfalls are highlighted during the walk-down and reported shortly after, together with proposed recommendations for improvement.

 

BENEFITS

The benefits of these audits are that they:

• Focus on root causes rather than last ditch defences.
• Provide evidence that a professional approach to managing all risks is in place throughout the project lifecycle.
• Deliver fewer but more value-adding recommendations, which reduces cost, time and effort that may otherwise be wasted.
• Provide lasting benefits throughout the project organisation, from the principal contractor to all sub-contractors.

SUMMARY

Checklist-based audits of major construction projects can be an ineffective way of confirming that risks are being properly managed. Risk-based audits focus on what really matters – the risks and how effectively they are being controlled.

“Assessing the effectiveness of contractors’ management arrangements against international best practice (including e.g. ISO 9001:2000) gives us, as specialist insurance underwriters, the assurance that project risks are being well managed and potential losses controlled.” Engineering & Construction Team, Beazley Group plc

This article first appeared in RISKworld Issue 9.