Open Collections

UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Visualizing risk management data associated with capital expenditure projects Nezafatkhah, Sadaf 2011-12-31

You don't seem to have a PDF reader installed, try download the pdf

Item Metadata

Download

Media
ubc_2011_fall_nezafatkhah_sadaf.pdf [ 14.7MB ]
[if-you-see-this-DO-NOT-CLICK]
[if-you-see-this-DO-NOT-CLICK]
Metadata
JSON: 1.0063213.json
JSON-LD: 1.0063213+ld.json
RDF/XML (Pretty): 1.0063213.xml
RDF/JSON: 1.0063213+rdf.json
Turtle: 1.0063213+rdf-turtle.txt
N-Triples: 1.0063213+rdf-ntriples.txt
Original Record: 1.0063213 +original-record.json
Full Text
1.0063213.txt
Citation
1.0063213.ris

Full Text

Visualizing Risk Management Data Associated with Capital Expenditure Projects  by Sadaf Nezafatkhah  B.Sc. (Civil Eng.), University of Science and Culture, 2003 M. Sc. (Civil Eng.), Amirkabir University of Technology , 2008  A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF  MASTER OF APPLIED SCIENCE in THE FACULTY OF GRADUATE STUDIES (Civil Engineering)  THE UNIVERSITY OF BRITISH COLUMBIA (Vancouver)  September 2011  © Sadaf Nezafatkhah, 2011  Abstract Described in this thesis is an approach for visualizing data associated with the risk management function for large capital expenditure projects. The thesis first explores the current use of data visualization in support of the analytical reasoning involved in the risk management process and then explores some additional images that facilitate the process of extracting information in response to specific analytical reasoning needs. Contributions include casting light on the state-of-the-art of the use of data visualization in support of risk management (i.e. visualization tools that exist) and setting out the kind of analytical reasoning that could be supported by the use of data visualization (i.e. target analytical reasoning based on which visualization tools should be developed). By identifying analytical reasoning tasks of interest, risk visualization tools can be structured to respond to them. A few visual representations of risk related data are proposed and their potential worth is judged by assessing how well they respond to the analytical reasoning tasks of interest. We found that one of the main challenges in representing multidimensional risk data for construction projects is the ability to visualize in a noncluttered manner the large amount of information contained in the risk register of a full scale project. Therefore, it is important to equip images with interactive features in order to visualize subsets of information (by phase, by product, by participant, and by location.). We have concluded that with respect to the visualization tools suggested, although they respond to the analytic reasoning needs targeted, easily become cluttered when a large amount of information is to be visualized, thus limiting their application.  ii  Table of Contents Abstract .................................................................................................................................... ii Table of Contents ................................................................................................................... iii List of Tables ........................................................................................................................... v List of Figures ......................................................................................................................... vi Acknowledgements .............................................................................................................. viii Chapter 1: Introduction ......................................................................................................... 1 1.1. Thesis focus ................................................................................................................. 1 1.2. Motivation for consideration of role(s) data visualization could play in risk management .............................................................................................................................. 1 1.3. Objectives and focus of work ...................................................................................... 4 1.3.1. State of the art of risk visualization ................................................................... 4 1.4. Methodology and tests ................................................................................................. 6 1.5. Overview of thesis structure ........................................................................................ 6 1.6. Summary of thesis contribution and findings .............................................................. 7 Chapter 2: Review Related Literature .................................................................................. 8 2.1. Introduction .................................................................................................................. 8 2.2. Framework for analysis of risk visualization literature ............................................. 10 2.3. Dimensions of risk visualization tools ....................................................................... 11 2.3.1. Risk management stages (Explicitly)............................................................... 12 2.3.2. Performance measures (Explicitly) .................................................................. 14 2.3.3. Viewpoints (Implicitly) .................................................................................... 14 2.4. State of the art in risk visualization............................................................................ 18 2.4.1. Investigated visualization tools ........................................................................ 18 iii  2.5. Results of evaluating visualization tools.................................................................... 40 Chapter 3: Risk Register Properties and Analytical Reasoning ...................................... 42 3.1. Introduction ................................................................................................................ 42 3.2. The concept of project risk register ........................................................................... 42 3.3. Contents of ideal and model risk register .................................................................. 44 3.4. Examples of risk register ........................................................................................... 50 3.5. Analytical reasoning needs for risk management and roles of data visualization .... 80 3.5.1. Introduction ...................................................................................................... 80 3.5.2. Analytical reasoning in risk identification ....................................................... 81 3.5.3. Analytical reasoning in risk assessment ......................................................... 88 3.5.4. Analytical reasoning in risk mitigation ............................................................ 90 Chapter 4: Potential Use of Visualization in Risk Management .................................... 109 4.1. Introduction ............................................................................................................. 109 4.2. Potential use of visualization in risk identification .................................................. 110 4.3. Potential use of visualization in risk assessment ..................................................... 125 4.4. Potential use of visualization in risk mitigation....................................................... 129 4.5. Evaluation of the suggested visualization ................................................................ 134 Chapter 5: Conclusion ....................................................................................................... 138 5.1. Summary .................................................................................................................. 138 5.2. Recommendations for future works ......................................................................... 140 References ........................................................................................................................... 141  iv  List of Tables Table 2.1 Challenges in risk management vs. benefits in risk visualization .......................... 16 Table 2.3 Visualization technologies in practice ................................................................... 33 Table 3.1 Risk register 1 ......................................................................................................... 50 Table 3.2 Risk register 2 ........................................................................................................ 50 Table 3.3 Risk register in Primavera Pertmaster .................................................................... 53 Table 3.4 Risk register in Risk Aid ......................................................................................... 53 Table 3.5 Risk register in RRE ............................................................................................... 54 Table 3.6 Risk register in NHS org......................................................................................... 54 Table 3.7 Risk register in risk and issue management protocol. ............................................ 58 Table 3.8 Risk register used by Pattterson. ............................................................................. 58 Table 3.9 Summary of analytical reasoning ........................................................................... 94 Table 4.1 Rationale used for evaluating impact of risk events on performance measures ... 113 Table 4.2 A symbolic risk register ........................................................................................ 114 Table 4.3 Part of a risk register based on synthetic data ....................................................... 131 Table 4.4 Summary of the evaluation of the suggested visualization tools .......................... 136  v  List of Figures Figure 2.1 Risk visualization framework ................................................................................ 11 Figure 2.2 Risk drivers network diagramming ....................................................................... 13 Figure 2.3 Risk map showing risks with their residual and target positions .......................... 13 Figure 2.4 Threat diagram, risk diagram and threatment diagram for the two assets............. 22 Figure 2.5 Topology of Needs-Areas-Resaerches .................................................................. 26 Figure 2.6 Visualizing clusters of solutions............................................................................ 26 Figure 2.7 Design Structure Matrix (DSM) ............................................................................ 28 Figure 2.8 Bullet graph in Panopticon .................................................................................... 31 Figure 2.8 Bullet graph in Panopticon .................................................................................... 31 Figure 2.9 Horizon graphs in Panopticon ............................................................................... 32 Figure 3.1 Flow of analyses and plans from a project’s risk register ..................................... 43 Figure 3.2 Sample of probability-impact and risk ranking tables used in risk register .......... 46 Figure 3.3 Suggested content of risk register.......................................................................... 48 Figure 3.4 Single level risk taxonomy .................................................................................... 49 Figure 3.5 Risk register sample .............................................................................................. 51 Figure 3.6 Risk register sample .............................................................................................. 52 Figure 3.7 Risk register used in RiskAid ................................................................................ 53 Figure 3.8 Project risk summary in RiskAid .......................................................................... 54 Figure 3.9 Action plan 1 in RiskAid ....................................................................................... 54 Figure 3.10 Action plan 2 in RiskAid ..................................................................................... 55 Figure 3.11 Risk register in Pertmaster................................................................................... 56 Figure 3.12 Risk scoring matrix used in Primavera Pertmaster.............................................. 58 Figure 3.13 Risk scores in Pertmaster risk register................................................................. 58 vi  Figure 3.14 Tornado diagram used in Pertmaster in worst case scenario ............................... 59 Figure 3.15 Probability-to-probability map used in RiskRadar .............................................. 60 Figure 3.16 Impact definition used in RiskRadar ................................................................... 60 Figure 3.17 Risk exposure to level map in Risk Radar........................................................... 71 Figure 3.18 Risk exposure mapping in Risk Radar ................................................................ 71 Figure 3.19 Customize setting in RiskRadar Enterprise ......................................................... 73 Figure 3.20 Capability to roll up risks at parent and child project risks in RRE .................... 74 Figure 3.21 Details on risk data in RRE ................................................................................. 76 Figure 3.22 Risk mitigation description in RRE .................................................................... 77 Figure 3.23 RRE report detail ................................................................................................. 79 Figure 3.24 Comparing two mitigation actions ...................................................................... 91 Figure 3.25 Stacked bar chart to compare two alternatives (a), Kiviat chart to compare several risks (b) ....................................................................................................................... 91 Figure 4.1 Distribution of risk events by probability of occurrence and impact .................. 111 Figure 4.2 Visualizing risks and risk drivers in different views ........................................... 119 Figure 4.3 Table of risk details, multiple tree maps of risk drivers ...................................... 123 Figure 4.4 Risk drivers from product view at 2nd level of hierarchy ................................... 125 Figure 4.5 Impact of risks on performance measures ........................................................... 127 Figure 4.6 Impact of risks on performance measure a) risks with an overall impact of VL, L b) risks with an overall impact of M c) risks with an overall impact of H and VH .......... 128 Figure 4.7 Waterfall diagram ................................................................................................ 132 Figure 4.8 Evaluating the suggested visualization tools ....................................................... 135  vii  Acknowledgements “We can not direct the winds, but we can direct our sails.” Anonymous  I would like to thank Professor Alan Russell, not only for his support and mentoring in this work, but also for helping me to equip and train myself to direct my sail in a path that leads me to my goals. There is no doubt that this work could not get completed without his patience, support, and insights. I would also like to thank Dr. Staub French for her sincere pieces of advice and for reading this work.  I would like to thank my kind and supportive family for their continuous support and for training me strong enough to overcome challenges.  I would like to thank my teachers for giving me the means by which I could reach this point and my kind friends for their emotional support.  viii  Chapter 1: Introduction  1.1 Thesis focus The focus of this thesis is on visualization of risk management data associated with capital expenditure projects, with an underlying assumption being that thesis readers are familiar with the discipline of risk management. The primary goals of the thesis are twofold: (i) to explore the current use of data visualization in support of the analytical reasoning involved in the risk management process; and (ii) to explore additional images that facilitate the process of extracting information in response to analytical reasoning needs. We seek to contribute to the development of a continuum of images that covers all phases of risk management (from risk identification to risk assessment and mitigation) in order to provide a seamless flow of information that helps participants in the risk management process extract information and important insights. Benefits of the approach include bringing all risk management participants together and giving them an opportunity to interchange information, better identify risk events, make more trustable assessments of risk in terms of likelihood of occurrence and impacts if the risk occurs, and provide better risk responses and risk management strategies.  1.2 Motivation for consideration of role(s) data visualization could play in risk management Risk management is an important task in large, complex infrastructure projects. Governments are currently faced with very sizeable demands for capital expenditure projects such as roads, bridges, hospitals, schools, water supply, and waste water treatment plants. They desire to construct these facilities within tight budgets (capital and lifecycle), in a timely manner and at a high level of quality. Success in doing so relies in part on effective risk management, which requires risk events, their properties and their drivers to be identified and appropriate risk mitigation strategies identified and adopted.  1  “Risk” is known to have implications of negative results from an uncertain event. As discussed in Chapter 2, risk is defined as an adverse event which is uncertain either aleatorically (relating to an intrinsically uncertain situation) or epistemically (relating to a measure of belief or more generally to a lack of complete knowledge), and it is defined to contain three elements: outcomes; possibility of occurrence (uncertainty); and a formula to relate the first two elements. An important component of risk management is risk identification. Typically, one or more risk identification workshops involving multiple discipline experts are required to develop a roster or register of risks along with relevant properties, including drivers, likelihood of occurrence, consequences should they occur, interaction with other risks, and potential mitigation strategies; workshops are also a means of communicating findings to decision makers. A very important component of the risk identification process is effectiveness of the communication amongst discipline experts and project participants. This is central to identifying relevant risks, describing accurately their properties, and judging or interpreting the significance of findings of the risk elicitation process. Data and multimedia visualization can assist with these tasks, in part through helping to develop a shared understanding of a project. As a result, the quality of the findings of a risk identification workshop can be enhanced, a major challenge with current risk identification processes which are mainly based on using spread-sheet based risk registers for both public and private infrastructure projects. Although risk registers provide a mechanism to record identified risks and to track them through a project’s lifecycle, the very lengthy spreadsheets that result are hard to interpret. It is difficult for managers to navigate such spreadsheets to identify relevant risks along with their properties such as drivers, likelihood of occurrence and potential mitigation strategies, it is hard to extract drivers, participants, and mitigation measures that are shared amongst two or more risks, and it can be challenging to generate flexible groupings of risks under categories such as financial, economic, environmental, technical, political, stakeholders and organizational (contractual) risks) and/or in terms of their consequences in time, scope, cost, quality,  2  reputation, environment and safety metrics in order to generate important insights and set priorities. Our focus in the current work is on exploring appropriate data visualizations that can be used during the whole project lifecycle in both public and private projects. However, our primary emphasis is on the front end stages of a project including project start-up when key decisions are be made (choice of procurement mode, bid or no bid, etc.). To allocate risk events to the party or parties best capable of handling them, it is essential to ‘get the risk profile right” in terms of identifying all potential risks along with their properties, including risk event drivers. To achieve this, it is important to characterize the various dimensions of a project (participant, product, process, and environmental) along with other context issues such as performance requirements (project objectives) and their ranking of importance. The complexity of this task is complicated by the scale of most capital expenditure projects, especially public sector ones.  This characterization  facilitates the identification of potential risk events and helps to position them in terms of time, space, participant responsible, product(s) affected, etc. Although some IT based approaches are designed to assist with the elicitation of expert knowledge, either by individual experts or in a group session such as a risk identification workshop, regarding risk drivers, risk events, likelihood of occurrence, risk event outcomes and potential risk mitigation strategies, they lack data visualization tools that reflect a structured way of thinking about risk management and which facilitates the interpretation of the large set of data that accompanies a project’s risk profile. When participants have a true understanding of risk events and their drivers, they can provide better estimates in the risk assessment stage and accordingly design more realistic contracts with better risk response strategies. Suitable visual images and supporting interaction infrastructure can help participants “get the risk profile right” thereby contributing to several tasks that define the function of risk management. The type of commercially available software discussed in Chapter 3, while useful, does not offer assistance in assessing the multidimensional nature of construction projects, which constitutes the source of most risk drivers. Moreover, in such software, the impact of risk events is assessed on at most three performance measures, these being time, cost and technical performance. For major  3  capital projects, other measures of performance that may be impacted by the realization of risks include quality, reputation, scope, safety, and environment. The goal of the present research is to contribute to the development of a detailed specification of a data visualization environment in support of the risk management process. Dimensions of such an environment relate to the analytic reasoning supported, images and accompanying interaction features that support the reasoning involved, and the data encodings used. This thesis contributes toward realization of this goal by:   identifying key components of the analytical reasoning involved in risk management in order to show the type of information risk managers want to extract from risk management data; and,    suggesting images that respond to the analytical reasoning needs of participants.  1.3 Objectives and focus of work In this work, we are focused on the following objectives:   To provide a thorough overview of the state-of-the-art of the use of data visualization in support of risk management (Chapter 2);    To set out the kind of analytical reasoning that could be supported by the use of data visualization (Chapter 3);    To suggest potential visual representations of risk related data and how they respond to the analytical reasoning tasks identified (Chapter 4); and    To judge the potential worth of the visual representations suggested by assessing how they respond to specific analytical reasoning tasks (Chapter 4).  1.3.1 State-of-the-art of risk visualization In this thesis our focus is on idea generation and not producing a piece of software. For that purpose, we want to cast light on the current state-of-the-art of the use of data visualization for the risk management function in the early stages of a project’s lifecycle. Of particular interest is the visualization of multidimensional data by multiple discipline experts when they assemble to brain storm on risks as a function of project context. Thus,  4  we seek to understand the risk profile of a project and generate insights on interactions amongst drivers, risks and mitigation strategies, and the distribution of risks in various dimensions (e.g. time, space, participants, products, etc.).  Our primary focus is to  identify a continuum of images that can be used in risk identification, quantification (assessment), and mitigation workshops. Images that support multiple tasks are of more interest than those that can be used only in one specific stage of risk management. Further, emphasis is placed on examining collections of modelling objects (risks, drivers, mitigation strategies) as opposed to individual instances. To explore images with multiple applications, we have looked at the total risk management cycle (risk identification, assessment and mitigation) in a holistic manner instead of investigating only one particular stage. Within this holistic view, we have used an exploratory approach to determine the kind of visual images that seem to be the most appropriate for each stage in risk management. To assess the usefulness of the visualizations proposed, they should be tested based on their responsiveness to specific analytical reasoning tasks. For example, images proposed for the risk identification stage should support analytical reasoning by presenting high priority risk drivers that cause severe risk events. In risk assessment (judging likelihood of occurrence and performance dimensions impacted), images that represent interactions amongst risks in the same time frame, same location and that affect one activity (process) or one product, support analytical reasoning and help managers have a more realistic estimate of the consequences of a risk event. In the risk mitigation stage, images that show the degree of severity (exposure value) before and after applying mitigation actions to determine if resources have been allocated wisely are of importance. Visual representations that treat versioning and the way values (responsible party, time shifts, space shifts, and changes in risk severity) migrate over time after applying mitigation actions are of interest. Finally, all images should aid analytical reasoning tasks by showing patterns of data such as clusters, anomalies, and trends.  5  1.4 Methodology and tests From a review of the risk management literature, we seek the concerns of managers in terms of the information they want to extract from large risk registers. From an investigation of commercial software, we seek to identify the concerns of risk management personnel not currently addressed. Concerns of particular interest relate to analytical reasoning needs associated with risk identification, assessment and mitigation. Based on findings from the foregoing we then present possible visual representations that can be used to support analytical reasoning and pass judgment on their responsiveness to specific analytical reasoning tasks.  1.5 Overview of thesis structure The remainder of the thesis consists of 4 chapters. Chapter 2 overviews the literature describing risk management, risk visualization tools used by academia and practitioners, and benefits that risk visualization may bring. The visualization tools investigated are evaluated using an evaluation schema (Table 2.2) which states the purpose of the visualization, risk steps that are visualized, target audience, where the visualization can be used and tool(s) used to create the visualization. Images of the most important visualization tools are also provided. Our main concern in this chapter is to address the breadth of issues that should be treated. Some observations are offered on deficiencies in current risk management practices and where visualization can provide assistance. Chapter 3 examines the literature focused on the topic of the project risk register (i.e. what is suggested and what is done in practice), its important role in risk management, and the necessity of interpreting, visualizing and communicating its contents to project participants. We have defined what each property in current risk registers represents, what consensus exists on what the contents should be, how they are expressed, and therefore how they might be represented in visual form. Our interest is not in trying to determine what the best form/content of a risk register should be. Rather, knowing what the consensus view is on the essential contents of a risk register, attention can be directed at visualizing these data items. In this chapter we have also discussed the questions that  6  need to get asked to extract meaning from the risk register as it is built up and to assist in making decisions during risk workshops. In Chapter 4, we have made a point of seeking ‘pathways’ through aspects of the risk management function – so the applications treated will be connected. Various applications that visual representation may have in different stages of risk management are discussed. Chapter 5 summarizes the research conducted, the contributions made, and describes potential future work.  1.6 Summary of thesis contributions/findings With the purpose of proposing a continuum of data visualization tools, in Chapter 4 we have suggested visualization tools that support analytical reasoning discussed in Chapter 3, but we have found that they do not work for subsets of risk data. We have suggested the following visualization tools: 1. Parallel Coordinate Plots, to visualize risk drivers in the four views of product, process, participant and environment; 2. Parallel Coordinate Plots, to visualize the impact of a group of risk events on multiple performance measures; and, 3. Waterfall Diagrams, to visualize mitigation actions in different phases of the project, risks that they address and their effectiveness in terms of reducing risk exposure. We have tested on a preliminary basis the suggested visualization tools with synthetic risk registers that we have developed for the evaluation purpose. We have found that the three suggested visualization tools get cluttered and become hard to read when a large amount of information needs to be shown. This finding shows that it is not an easy task to find individual images for each stage of risk management to visualize the large amount of information contained in risk registers for full scale projects. Therefore, it is important to equip images with interactive feature to visualize subsets of information (by phase, by participant, by location, etc.)  7  Chapter 2: Review of Related Literature 2.1 Introduction Extracting information from a large risk management database can be a significant challenge especially for large infrastructure projects where a very significant amount of information is created (Nelms et al., 2006). Although computer-based methodologies (e.g. Risk Easy (NOWECO, 2006), Risk Radar (ICE, 2006), PertMaster Project Risk (Pertmaster, 2006), and RiskCom (Hall et al, 2001)) assist in the management and re-use of risk knowledge and related information (Russell et al, 2007), a number of major challenges remains in interpreting the data in order to generate the insights essential for effective management. To this end, data visualization can assist with generating the insights desired through visual analytical reasoning. In this chapter, we examine the state-of-the-art in risk visualization to identify areas not covered by previous research, areas partially covered but requiring more research, and areas fully covered by previous research and not in need of more effort. To provide a complete picture of the state-of-the-art, we have reviewed the academic/ practitioner literature classified as follows:   Literature on risk visualization regardless of the area of application;    Literature on risk management in the context of the construction industry;    Computer science literature on visualizing risk data; and    Practitioner literature on risk visualization currently used in risk management  software. In terms of relatedness to our work on risk data visualization, we have found the most relevant work in the computer science literature to be that of Eppler(2008); whereas, the risk management literature targeted at the construction industry was the least helpful. We also identified some literature on visualizing risk data in areas other than construction such as aerospace and finance, which proved helpful in the idea generation process.  8  In reviewing the literature, we have concluded that visual tools such as hierarchical representation of risk events, causal network diagrams, heat map diagrams, tree maps, and line graphs that represent time series and bar charts, have been heavily emphasized. However, an interactive continuum of images applicable to an integrated approach to risk management has not received much attention in previous works. From a risk management perspective, traditional means of risk visualization such as fish bone diagrams, cause-effect network diagrams, scatter plots, stacked 3D graphs, dynamic maps and risk maps, although useful, are much less so when they are not equipped with interaction features and not linked to each other. This makes it difficult for users to:   Detect hidden patterns;    Compare the effectiveness of different risk response strategies;    See problems from multiple views or perspectives (product, process, participant  and environment);   Interact with hierarchies of risk events and risk drivers    Drill down and jump between views;    Perform risk aggregations based on user interactions;    Perform time window analysis to identify changes in a time window; and    Visualize trends, clusters, outliers and potential correlations.  Most risk visualization tools have been developed to visualize a specific step in the risk management process, or a specific performance measure from a specific point of view in the project. To assist in organizing the findings presented in this chapter, briefly reviewed are: the risk management steps of risk identification, assessment, mitigation, and monitoring; project performance measures of interest (e.g. time, cost, and environment) and, view points (cognitive, social and emotional) that relate to the users of risk management data and its visualization. They are identified and addressed in detail in Table 2.1. View points are challenges (e.g. dealing with information overload, biased comparisons and evaluations, etc.) in risk management that can be overcome in part or in whole by a visualization tool.  9  A summary of the visualization tools investigated and their strengths and weaknesses is presented in Table 2.2. Other representations of the literature review findings that show the dimensions that each tool visualizes are also provided.  2.2 Framework for analysis of the risk visualization literature To review existing risk data visualization tools, we adopted the framework suggested by Eppler (2008), which threats the five dimensions shown in Figure 2.1. We have used this risk visualization framework to charaterise available risk visualization tools with emphasis on the needs of the construction industry as follows:   The purpose for which the risk visualization tool is developed (why);    The content that the risk visualization tool represents (what);    Target audience of the risk visualization tool (for whom);    The occasions for which the risk visualization tool is going to be used (when);    The techniques used to visualize risk data (how).  Our primary focus is on the items marked with an asterik in Figure 2.1. Specifically, we sought tools that assist in identifying, assessing, mitigating or monitoring risks. And within that focus, we sought tools that represent risk drivers and groups of risk events rather than those that just show individual risks and related properties. In terms of our target audience, we sought tools targeted for risk managers and risk analysts especially quantitative charts, qualitative diagrams or visual metaphors for use in risk identification and treatment workshops.  10  Purposes:  Framework  Identification*  Assessment / quantification*  Strategy*  Mitigation*  Monitoring  Improvement Formats:  Quantitative charts*  Qualitative diagrams*  Visual metaphors*  Maps  Usage situations:  Report  Meeting  Presentation  Workshop*  Individually with PC  One-on-one conversation  1. Why?  2. What?  5. How?  3. For whom?  4. When?  Contents:  Individual risk  Group of risks*  Risk management steps or areas  Risk roles or responsibilities  Risk related information (i.e. causes) – drivers*  Target groups:  Risk managers / risk analysts*  Managers  Executives / board members  Auditors  Financial analysts / rating agencies  Regulators  Public / media  Figure 2.1 Risk visualization framework (source: Eppler, 2008) *: Asterisks denote topics of particular interest in the present work.  – adapted from: Eppler, M. J. and Aeschimann, M. (2008) Envisioning Risk: A Systematic Framework for Risk Visualization in Risk Management and Communication, Project Management Issues and Considerations (2009), http://www.maxwideman.com/issacons2/iac1215e/sld006.htmICA Working Paper 4/2008  2.3 Dimensions of risk visualization tools Most visualization tools found represent one or more of three types of information: (i) risk management stages, (ii) performance measures, and (iii) points of view. We discuss briefly each of the these types.  11  2.3.1 Risk management stages (Explicit) To characterise current risk visualization tools based on the stages of risk management they treat, we first discuss what would be useful to visualize for each stage:  Risk identification We seek visualization tools that can be used to assist in identifying the risk event (X), which occurs in one or more locations (Y) because of drivers (Z) in the form of components and their attributes at locations (Y). For risk identification, tools such as check lists, brainstorming, interviews, historical documentation reviews, cause/ effect and influence diagramming might be used (Russell et al. 2007).  Risk assessment Visualization tools of interest, are those that facilitate elicitation of properties such as likelihood (P) of the event (X) occurring, the performance criteria (C) impacted, and criteria outcomes (O) expressed quantitatively or qualitatively or a combination of both (Russell et al. 2007). We seek tools that help participants evaluate and prioritize risks correctly. Examples of images that can be used at this stage include risk driver network diagrams (Figure.2.2) which can assist in making rational estimates of the severity of risk events and their drivers, and risk maps (Figure.2.3) that show how impact values and likelihood of risk events migrate as result of mitigation actions. Other images include road maps and timeline diagrams that sequence risk-related activities chronologically (Eppler 2008).  Risk mitigation For the risk mitigation stage, we seek visualization tools such as risk driver network diagrams that show the residual risks that remain after taking a mitigation action, assist in identifying key factors that affect risk events and facilitate finding the best mitigation actions to control those factors.  12  Generally, visualization tools that can inform stakeholder groups about risks in an instructive and memorable way (e.g. metaphors) are of interest. Moreover, tools with a high level of interaction are of interest as they can facilitate learning and they surface new ideas.  Figure 2.2 Risk driver network diagramming (Source: Eppler, 2008)  Figure 2.3 Risk map showing two risks with their residual and target positions (Source: Eppler, 2008)  13  2.3.2 Performance measures (Explicit) Another dimension of a risk visualization tool is the performance measures that it visualizes. In construction projects, performance measures of interest (but not limited to) are cost, time, scope, safety, quality, environment and reputation. However, for almost all of the visualization tools investigated, cost and time are visualized because of their measurable nature. In visualizing cost, it can be divided into the two performance measures of capital cost and lifecycle cost. Almost all of the visualization tools examined show impact value in terms of cost without making a distinction between lifecycle and capital costs. 2.3.3 View points (Implicit) Risk visualization tools are typically designed to show explicitly data pertaining to a risk management stage and/ or a performance measure. In addition, however, an effective visualization tool should implicitly demonstrate a viewpoint dimension that deals with the cognitive, social and emotional challenges that accompanies risk management and the participants involved. An effective visualization tool is one that facilitates effective communication between experts and decision makers, facilitates group interaction, creates a shared understanding of project context amongst participants, accelerates navigation of the project context and risk register, and facilitates getting feedback from the project data available (Russell et al. 2007). Achieving these objectives is a challenge in complex industries such as construction where risks abound and various actors with different disciplines are involved. This is due to the cognitive, social and emotional challenges associated with managerial thinking, managerial communication and motivating and convincing other participants (Eppler, 2008). These challenges are elaborated upon in Table (2.1), which is adopted from Eppler’s (2008) work on strategic visualization. Cognitive challenges are an important issue for risk management in construction because of the significant amount of information of different types involved. According to Geisler (1998), representing data in visual formats “makes the human brain use more of its perceptual system for the initial processing of any data than relying completely on its  14  cognitive abilities”, thus facilitating the process of extracting information and/ or compressing large datasets. Moreover, graphical icons which are used in brain storming can help participants with different knowledge and backgrounds arrive at a common understanding of risk scenarios (Hogganvik et al. 2006), as they enable reframing and perspective switching (De Bono 1973) and prevent getting stuck in old views. Visualization tools can help avoid biased comparison and evaluation in risk management, and avoid focusing on negative outcomes which may lead to over cautious decisions, by helping participants keep details in mind, clarify expectations and questions, and avoid paralysis by analysis which can occur when too much data is available and there is a high emphasis on perfection. To overcome social challenges, visualization tools integrate different perspectives to provide a holistic representation of a project. Suitable visualizations of a multidimensional nature provide mutual understanding and coordination between people, facilitate navigation between views, and avoid incomplete communication and lack of information sharing which might hinder useful judgements (Morgan, 1986), leading in turn to incorrect decisions (Kim et al, 2005). In other words, by addressing social challenges, a risk visualization tool can help participants communicate better and reach a shared understanding. In terms of emotional challenges, data visualization can create a sense of involvement and engagement and facilitate convincing communication (Eppler et al, 2008). The involvement of diverse participants becomes more important in some cases such as environmental risks, which can be dealt with through active participation of the parties affected by design decisions (Al-khodmany, 1999).  15  Table 2.1 Challenges in risk management vs. benefits of risk visualization Characteristics of Risk Management  Source  Corresponding Strengths of Visualization  Cognitive Challenges Dealing with information overload Risk analysis creates a massive amount of information and un-structured datasets. There can be a significant number of risk categories (Fitzgerald 2004) with each category consisting of several individual risk events. It can be difficult to develop a roster of risks along with relevant properties, including drivers, likelihood of occurrence, consequences should they occur, and potential mitigation strategies. Stuck to old view points Different participants in a risk elicitation session have their own background and they view a project from their own perspective. Therefore, structured brainstorming is usually used in order to identify more, and possibly other, risks than possible from individuals of a homogeneous group. Biased Comparisons and evaluations Traditional tools such as risk maps do not necessarily support higher level decisions and they might cause biased outcomes. Tversky (2005), believes that people have strong biases that override rationality when they make decisions on risk. They might focus on negative outcomes that may cause a great sense of risk aversion and make overcautious decisions. Paralysis by analysis Many project leadership decisions are risk based decisions. According to Bailey (2009), decision evaluation in risk management involves too much data and there is usually a great emphasis on perfection; however, according to Roberts (2010) confidence in identified risks, estimated risk probabilities and their consequences are usually subject to uncertainty. Fear of uncertainty can have a paralyzing effect on the project and may lead to carrying out extensive analysis in the hope that results of the analysis allay the decision makers fear of unknowns. Moreover, a significant amount of the data may be forgotten during decision making process (Porter 1996)  Instructionist based approach planning Planning is done based on information available at the beginning of the project and cause effect relationships remain undetected. Many uncertainties remain undetected when planning is done using an instructionist approach. Non-efficient monitoring Construction data are usually poorly organized, because it lacks proper grouping and sub-grouping. This may cause difficulties in associating related data or facts, which in turn causes problems in monitoring and controlling a project.  Source  Cognitive Benefits Nelms et al. (2006) “Features of a Risk Management Tool Applied to a Major Building Project” Hogganvik et.al. (2006), “Graphical approach to risk identification” Vance, B. (2006) An antidote to bias http://findarticles.co m/p/articles/mi_m0 BJK/is_12_17/ai_n 26707579/ Bailey, H. (2009) Risk Analysis Paralysis http://blog.palisade. com/blog/risk-anddecision-analysistoday/0/0/riskanalysis-paralysis  T. Korde etal. (2005) “Visualization of construction”  Slow and non-efficient communication  16  Facilitating elicitation and abstraction According to Eppler, Larkin and Simon (1987) and Tversky (2005) reported that using visualization increases human input channel capacity. Vessey (1991) mentioned the important role of visualization in solving complex problems by compressing information. Visualization is a meaningful tool to extract information from large datasets as a part of decision making process. Enabling new perspective Visual methods enable reframing and perspective switching (De Bono 1973). According to Buzan (2003), Morgan (1986) and Whyte et.al (2008), pictures are able to inspire creativity and imagination. According to Hogganvik et.al. (2006), graphical icons may help the participants in a brainstorming session to arrive at a common understanding of risk scenarios without wasting too much time. Better, more exhaustive comparisons Many empirical studies such as those done by Bauer and Johnson-Laird (1993), Glenberg and Langston (1992), Larkin and Simon (1987), show the advantages of visual representations compared to verbal sequential representations. According to Lurie and Mason (2007), visualization makes it easier to keep details in mind when one wants to compare them. Easier recall and sequencing Shepard and Cooper (1982) suggest visual recall compared to verbal recall as help in sequencing multiple streams of information. According to Roberts (2010), visualization is a helpful tool in clarifying expectations and questions to be answered in risk analysis. Visual recall helps participants communicate clearly with each other to better identify risks and estimate more accurately probability and consequences instead of using single point estimates. Effective communication helps participants develop a ‘correct’ view of the degree that uncertainty affects the accuracy of identified risks, their consequences and probabilities. Enabling learning based planning Visualization helps important learning take place on cause-effect relationships that might otherwise go undetected and the proving or disproving of reasons for performance to date. Aiding decision making process from project conception to completion Exploration tools allow continuous interaction between users and graphic displays by offering scope for constant reformulation of search goals and parameters as new data are gained. So, information is continuously updated and it aids the decision making process from concept to completion of construction. Fast and efficient communication  Eppler et al. (2008) “Visual Strategizing”  Eppler et.al. (2008), “Visual Strategizing”  Eppler et.al. (2008) Visual Strategizing  Eppler et.al. (2008) “Visual Strategizing” Roberts L. (2010) “Analysis Paralysis: a case of terminological in exactitude”  T. Korde etal. (2005) “Visualization of construction” T. Korde etal. (2005) “Visualization of construction”  Characteristics of Risk Management  Source  Corresponding Strengths of Visualization  Information content of a dataset may be concealed or not easy to comprehend from its representation in tabular and text forms.  Various attributes of the data of interest are mapped against certain features like color, size, shape, location or position thereby reducing the need for explicit selection, sorting and scanning operations with the data. Using such techniques enables the eye to quickly distinguish features of data before the brain begins to process it.  Social Challenges  Social Benefits  Diverging views in risk elicitation sessions Participants with various backgrounds take part in risk elicitation sessions; therefore, there are different types of inputs from various members. Risks from each member’s point of view need to be elicited and aligned. Truth is more likely to come from a dialogue among people with different views; while individuals do not have the knowledge to act based on their own.  Incomplete communication Incomplete communication causes participants to have incomplete information and it leads to incorrect decisions. Lack of information sharing can hinder the right judgement.  DeMarco et.al (1997) “Risk Management Moving Beyond Process”  Ki Kim et.al. (2005) “An Investigation of Risk Management Issues in the Context of Emergency Response Systems”  Emotional Challenges Lack of sense of involvement As the volume of available data grows, an advantage will occur to organizations that are able to more quickly make sense of their data. To do that, they need high human involvement and interpretation.  Integrating different perspectives Project context can be characterized through four views which are physical, process, organizational and environmental. A multi view approach helps to pull data from different views of construction personnel as the personnel think about various dimensions of the project differently. The challenge becomes to develop a system that makes navigation between views as intuitive as possible and to foresee how data can be combined from different views in order to give more transparency around risk issues and surface areas of disagreement. The integration of views allows for changes in the project context such as design, regulatory and scope changes to be reflected in the risk profile (Nelms et.al 2006). Assisting mutual understanding Graphic metaphors provide a visual means to assure mutual understanding by making basic assumptions explicit (Morgan 1986).  Source T. Korde etal. (2005) “Visualization of construction”  Linear planning/ Repcon Notes Nelms et.al (2006) “Features of a Risk Management Tool Applied to a Major Building Project”  Eppler et.al. (2008) “Visual Strategizing”  Emotional Benefits Data Visualization in Business http://pkirs.utep.edu /cis4398/Data%20V isualization%20in% 20Business%20RD. htm  Persuading different participants with different views Since participants with different backgrounds participate in risk management, it is necessary to convince different participants as to the most realistic way to describe a risk.  17  Creating involvement and engagement Pictures can create involvement and they can engage people’s imagination (Buzan 1995, Huff 1990).  Eppler et.al. (2008) “Visual Strategizing”  Convincing Participants Visualization is suited for convincing communication and presentation purposes (Horn 1998).  Eppler et.al. (2008) “Visual Strategizing”  2.4 State-of-the-art in risk visualization Not a great deal of research has been carried out on how to visualize risks. Some of the studies which discuss visualization of risk are summarized in Eppler (2008), where various techniques such as volume visualization in the field of finance, spider graphs and distribution diagrams as quantitative methods in risk management reports, and conceptual diagrams to add context information to quantitative charts and cartographic methods for natural risk exploration are discussed in detail. Eppler (2008) concluded that the “risk visualization field still lacks systematic approaches that combine the rich area of visualization studies with the requirements of modern risk management”. Based on the risk visualization framework discussed in section 2.1 (why, what, for whom, when, and how), current visualization tools in academic and practitioner literature are examined and relevant findings summarized in Table 2.2 . 2.4.1 Investigated visualization tools Different types of visualization tools are used in the literature investigated (practitioners/ academia) in order to visualize risk. In what follows, we review several examples of existing visualization tools and evaluate them based on Eppler’s framework.   Visualization tools used in Riskonnect: Riskonnect is a web-based enterprise risk management system which is used by practitioners to provide a holistic or enterprise wide risk view. It can be used for the entire risk management cycle (risk identification, risk assessment and risk mitigation and monitoring) to visualize both qualitative and quantitative data. To develop a holistic risk profile, flexible labelling and various types of color-coding are used (i.e. color-coding based on position of risk in the risk profile which is a function of severity, effectiveness of control1, risk status2 and risk type).  1 current, target and inherent level of risk. 2 under consideration, accepted or mitigated  18  A dual window screen capability (e.g. risk map or risk profile) presents risks for two different versions-e.g. current vs. one of target, previous or inherent3 level of risk in one image, helping users to track severity and likelihood of each risk over history, or to see changes that should occur in likelihood and impact of risk event to reach the target level. Another example of a dual window screen in Riskonnect is the combination of color-coded risk profile and a hierarchical representation of risks that helps users navigate from each risk to its specific risk profile. In a qualitative view at the strategic level, drag and drop interactive tools can be used in a risk identification session to help senior managers express their realization of impact and probability of risk event. Managers can drag risk events to a point in a probability-impact diagram and explain their reasoning for such a positioning in a linguistic free-format. Color-coded network diagrams with color-coded bubbles that represent risks with colors representing the degree of correlation, triangles that represent risk indicators4 and arrows that represent relationships, are another visualization tool that is used in Riskonnect. As a cautionary note, Riskonnect is a web-based enterprise risk management (ERM) that does not appear to be heavily used in practice yet; we note this as we could not find reviews on its advantages and disadvantages from a users’ point of view.   RAG/ SEI risk statement/ Risk forms- In the academic literature, Kontio et al. (2004), have compared three visualization and documentation methods in a controlled experiment. This comparison was done as part of a search to provide a tool for practitioners to capture risk information, find an accurate way to document risks, and find the most cost effective methods for modeling risk without requiring the detail of traditional forms and yet not be as vague as documenting risks in just a few words  3  Inherent level of risk is defined as the level where no mitigation action is applied to the risk event. Risk indicators (not risks) are a means of tracking data inside the organization (e.g. fuel price is a means of tracking data inside or outside an organization and it has impact on risk such as fuel price volatility)  4  19  which leaves the true meaning of the risk vague and open to interpretation. The methods compared are Riskit Analysis Graphs (RAG), the Software Engineering Institute (SEI) risk statements, and risk forms. Three criteria used for comparison of the methods studied are accuracy, effectiveness and ease of use. Measures for these three criteria are as follows: Accuracy: By accuracy, Kontio et al. (2004) mean how well a technique captures the information produced in a session. Accuracy measures “information produced” that reflects whether a technique requires more information to be discussed in the session. It also measures how well different techniques succeed in capturing the content of discussion in the documentation. The “Information captured/ produced” ratio is used as a metric to compare methods from an accuracy perspective. Methods that capture all or most of discussion content were considered as better methods. Effectiveness: The ratio between effective time and number of risk items produced that supports how well a technique supports all essential aspects of risk documentation without unnecessary activities. This measure ranks methods based on pace of capturing information in a risk management session. Ease of use: this criterion was evaluated by using interview questionnaires to capture opinions, and video recording to measure time and undocumented risks. To compare the three tools based on the foregoing criteria, Kontio et al. (2004) performed an experimental study on students who were taking a “software project” class and were asked to work through systematic risk management in major software projects which contain all typical software design and implementation phases. Results of their study showed that: - The competitive advantage of the Riskit method is its ease of use, its ability to prompt and capture more points during discussion, and perceived effectiveness. The trade off is that it is a time consuming method. It is suitable for projects with risks of high consequence, where more detailed discussion about risk is required. - Risk forms are accurate in capturing points made during discussion. They are suitable for less risky projects, where it is of interest to produce results fast and  20  capture relevant information accurately rather than to engage in detailed discussions. - SEI statements did not perform better in any of the evaluations and performed worst in areas of perceived effectiveness, usability and ability to capture information from discussion. However, they can be used when ease of use and cost-efficiency are of considerable importance.   Threat diagrams/ Risk diagrams/ Treatment diagrams: In a graphical approach presented in the academic literature by Hogganvik et al. (2006), a threat diagram is mentioned as a helpful tool in identifying, explaining and documenting security threats and helpful in quickly understanding the risk picture. In the same study, risk diagrams introduced as a tool for risk assessment, monitoring, improvement and treatment diagram are introduced as a tool to assess mitigation actions and see whether they bring risks to an acceptable level or not. Threat diagrams, as a qualitative fault tree with more than one top node, originated from the CORAS method (http://coras.sourceforge.net) to support risk identification based on structured brainstorming5. CORAS is a method for conducting security risk analysis and it provides detailed guidelines on how to use a customised language for threat and risk modelling to capture and model relevant information during stages of security analysis. Threat diagrams give a clear and easily understandable overview of the risk picture and make it easier to see what the threat is and how the threat works (threat scenario) and which vulnerabilities and assets are involved. Threats are placed on one side of the diagram and vulnerable assets are on the other side. Unwanted incidents sit between the affected assets and the threat scenario which is placed between threats and unwanted incidents. A threat diagram should be designed so that it gives information regarding:  5  The main idea of structured brainstorming is that since the participants represent different competences, backgrounds and interests, they will view the target from different perspectives and consequently they will identify more and possibly other risks than individuals from a more homogeneous group would have managed to do.  21  1.  Threat scenarios and unwanted incidents that managers are most  concerned about; 2.  Who/ what initiate unwanted incidents? (threats/ risk event); and  3.  What makes the unwanted incidents possible? (vulnerabilities/ drivers).  A threat diagram is an input for risk estimation, where threat scenarios and unwanted incidents are assigned a probability and consequences. An example of a threat diagram is shown in Figure 2.4(a).  (a)  (b)  (c)  Figure 2.4 (a) Threat diagram, (b) Risk diagram for the two most important assets, (c) Treatment diagram (Source: Hogganvik et al. 2006)  22  Risk diagrams provide stakeholders with an overview and evaluation on the risks that need treatment. Finally, treatment diagrams are developed based on threat and risk diagrams to show at which stages what treatments should take place. Examples of risk diagrams and treatment diagrams are shown in Figures 2.4 (b) and 2.4 (c). Hogganvik et al. (2006) have evaluated the three tools described through an empirical study on clients in the business of vessel classification, telecom, energy and metal production. Results show that graphical models: -Facilitate active involvement of and effective communication amongst participants; -Facilitate understanding and remembering notions; and, - Make explicit the target of the analysis and risks to participants. For best results, other considerations for these graphical models include: a. Limiting the amount of information on the diagram (i.e. separate diagrams for threat type, scenario type or asset type); and, b. The ability to be adjusted by participants if they are involved early in the project. Once they are adjusted, diagrams can be updated continuously during the project.   Visualization tools used in Defect Detection and Prevention (DDP)  Defect Detection and Prevention (DDP) is a lifecycle risk management decision support tool developed for NASA research and application with the principal goal of developing geospatial information products for decision support systems (DSS). Through risk management DSS capability, the tool provides assistance in the execution of a strategic program plan and provides guidance in the selection of projects. It also provides continual assessment of changes as the project develops. Several visualization tools are used in DDP, and we have found several of them helpful in the process of idea generation. Before discussing features of the visualization tools involved, we review the thought process guiding DDP: 1. Forming a Requirement Matrix to show weighted risk events (RE) which is composed of: -  Establishing impact value of a risk event (RE) on program success should it occur, by scoring across all the goals (requirements). The impact on various  23  program goals is established using a non-linear scale of significance. The scale ranges from (0) for no impact to (1) for catastrophic impact. -  Weighing RE by its likelihood of occurrence if no mitigation action is applied, so the product of likelihood of occurrence and impact weights for each risk event.  -  Deriving the relative criticality of every RE to the success of the program (predefined requirements) as a product of likelihood of occurrence and impact of each RE.  -  Defining and ranking requirements as carrying the greatest impact across all risks identified in the program.  -  Determining proper courses of action (mitigation actions) to manage the most significant active risks. This involves establishing the relative chance that a RE is not responded to by a planned set of SO.  2. Forming an effectiveness matrix that shows the effectiveness of solution options in either detecting or preventing its counterparty risk event (RE). When a set of solution options is developed, an effectiveness matrix is formed to show the probability that a SO fails to detect and prevent risk events. The matrix is formed through the following stages: -  Specifying escape probabilities of different (SO) sets to REs, where escape probability involves the relative chance of not having an appropriate solution option defined. In that study, an inappropriate SO is defined as one that fails to detect and prevent the RE.  -  Determining net likelihood of escape when escape probabilities of all (SO)s are determined. In this study, net probability of escape is defined by multiplying escape probabilities from all SOs for each RE.  3. Obtaining the resultant severity for a RE as a product of impact of RE on requirements and escape probability for the combination of (SO)s considered. -  Performing a sensitivity analysis, applying “what-if” effectiveness value to assign a quantity to qualitative assessment of SO effectiveness.  24  -  Using percentage of change in attainment of requirements as a metric to show marginal benefit gained from applying a given change in effectiveness of solution option.  4. Assessing benefits of solution options in terms of residual risk profile. The visualization tools used in DDP are as follow: -  A weighted tree structure is used to document requirements and solution options as the two inputs for DDP.  -  Histograms are used to show the percentage of requirements not at risk. In such histograms, parent activities are given a weight of (1) and children are given weights as fractions of their parent activities, so that sum of weights of children activities will be (1).  -  Color-coded histograms are used to visualize solution options, so that height of a histogram indicates the effectiveness of the corresponding SO across all REs that the SO addresses, and its color shows the type of SO according to whether it is for alleviation, detection or prevention of risks. Effectiveness for various sets of solution options is determined based on the extent to which a risk is detected or prevented.  -  A stacked histogram of all active risks is used to show units of requirements lost before and after applying solution options.  -  Topology diagrams (Figure 2.5) are used to show Needs-Areas-Research, so that the top row shows practitioners, the middle row shows their needs and the bottom row shows the research carried out to respond those needs. Red lines connect practitioners to their needs and green lines connect researchers to the area they work in.  25  Figure. 2.5 Topology of Needs-Areas-Researchers (Source: Feather et al. 2006) - Images of clusters of (SO)s (Figure 2.6) are used to show how mitigation measures shown in each row (truncated in the source by Feather et al. 2006), correspond to clusters of solution options, shown in the columns. Since a cluster is comprised of multiple solutions, a mitigation action may be involved in none, some or all solutions in a cluster. In Figure 2.6, white means that the mitigation is not involved in any solution, grey means it is involved in some solutions and black means it responds to all solutions in the cluster.  Figure. 2.6 Visualizing clusters of solutions (Source: Feather et al. 2006)  26    Causal network visualization  In the financial risk management literature such as Allen et al. (2004), causal network diagrams such as process maps and event trees are discussed as risk visualization tools. Process maps are visualization tools that are useful in identifying high risk process stages that need a manager’s attention (i.e. potential weak points of an operational process) in the whole risk management cycle. Although useful, process maps require managers to identify critical risk factors at a level of breakdown based on their subjective views which makes the results dependant on the manager’s knowledge. An event tree is a visualization tool that can be used to identify risk events, chronological dependencies (especially when lags exist between the occurrence of an event and its ultimate outcome) and evaluate impacts of risk events. Although useful, similar to process maps, they require managers to identify critical risk factors and a level breakdown based on their own subjective views.   Connectivity models  Similar to causal network diagrams, we have found connectivity models like fish-bone and fault tree diagrams to be useful in visualizing risk data. Connectivity models can be used to identify risk events with more focus on causes rather than effects. A fish bone diagram is a qualitative visualization tool that can be used to visualize critical steps, the failure of which may spread through the whole procedure. This type of diagram is beneficial in finding root causes of risk events, but does not take into account quantitative risk visualization. Fault tree diagrams with both qualitative and quantitative capabilities are developed as a result of integrating an event tree with a fish bone diagram. They can be used to measure the extent of interdependency across the steps of a complex process. A fault tree diagram shows both the causal relationship between events and the probability of each scenario.   Tools for visualizing risks in planning and scheduling  A design Structure Matrix (DSM) is suggested by Browing (2004) as a visualization tool that provides a means for representing key drivers of cost and schedule risk, documenting potential process failure modes and affected activities in enterprise. Browning (2004) has  27  mentioned product, process, organization and information as key systems underlying enterprises such as aircraft, buildings, computers, consulting, etc. As shown in Figure 2.7, the diagonal cells in the DSM represent system elements (i.e. work package in process view), and off-diagonal cells indicate logical dependency between activities barring other resource constraints. Reading down a column shows work package predecessors and reading across the rows indicates work package successors. Thus, a DSM displays dependant activities (such as activity 2 that depends on activity 1), independent activities (such as activities 3 and 4) and coupled activities (such as activities 5 and 6).  Figure 2.7 Design Structure Matrix (DSM) (Source: Browing, 2004) Of particular interest are marks in the lower left triangle of the DSM, which show key drivers of cost and schedule risks. Such marks show that upstream activities (such as activity 2) depend on information created in downstream activities (such as activity 6). So, activity 2 will have to make an assumption about information it needs from activity 6. If the assumption is not correct, activity 2 may require rework when activity 6 is finished, which can cause large impacts on cost and schedule. So, a DSM helps managers quickly identify whether activities require re-sequencing or re-scheduling to minimize cost and schedule risk drivers (Browing, 2004). A DSM is a concise, visual format for representing processes. Its advantage is that it can reduce huge flowcharts to a single page. It helps everyone see how their activities affect a large process and see where information comes from and where it goes. They can see  28  why delaying activities that they depend on can force them to make assumptions which may cause rework later. Such visibility leads to improved process design from which risk assessment can be drawn. However, adding quantitative information to a DSM is useful in quantifying impacts of re-scheduling activities on time and cost performance measures.   Visualization tools used in Panopticon  Panopticon software (http://www.panopticon.com/) provides a series of visualization tools to be used by financial institutions and telecom and energy firms to analyze, understand and comprehend data to detect fraud, monitor performance and analyze risk. It has been developed to turn data into information and action based on this information. Information of interest for financial institutions is the likelihood of making money, return on the investment and knowing all risks. Actions that take place are trading, providing risk reports and predicting the future. Financial institutions usually use Value at Risk (VaR), as a measure of potential loss in value of a risky asset or portfolio, over a defined period, for a given confidence interval. It provides investors information regarding the most they can lose on the investment within a reasonable bound. For example a VaR of $100M at one week and 95% confidence level means that there is only 5% chance that the value of the asset will drop more than $100M over a given week. Although VaR can be used by any entity, it is usually used by commercial and investment banks to capture potential loss in value of their traded portfolios from adverse market movements over a specified period. This can be compared to their available capital and cash reserves to ensure  that  losses  can  be  covered  without  putting  the  firm  in  danger.  (http://pages.stern.nyu.edu/~adamodar/pdfiles/papers/VAR.pdf). Risk data visualization tools in Panopticon help managers understand the use of capital versus exposure versus profit and loss on a global basis, with all the details available at the click of a mouse. Risk visualization is an important task in fast-paced financial services firms, where managers are required to understand the exposure to risk in order to ensure efficient capital utilization and avoid dangerous concentrations of risk across their entire business. In financial services, managers are concerned about VaR, so Panopticon provides visualization tools to monitor and analyze risk data quickly to answer questions like:  29  -  What is VaR?  -  Where is VaR?  -  What is moving VaR?  -  Is there any concentration of risk that one should take action on, either internally  (by  office/region/portfolio)  or  externally  (market/sector/counterparty/issuer/currency, and so on.) -  Is this a one off or a common occurrence?  Panopticon uses a variety of visualization tools including tree map, heat map, heat matrix, bullet graph, scatter plot, line graph, bar graph, stack graph, dot plot, pie chart and horizon graph. Discussed below are some of the more important images: -  Scatter plots are useful tools for visualizing a large risk register, tables and risk reports that are difficult and time consuming to interpret. Data aggregation, while making it easier to understand risk reports and risk registers, masks outliers, correlations and trends, and makes them difficult or impossible to see. However, scatter plots are useful tools while looking for positive and negative correlations, trends and outliers in large statistical databases.  -  Bullet graphs are easy to interpret and convey much more information than traditional tools using substantially less screen real estate. They show information on a single quantitative measure and they are quicker to understand rather than radial measures. They are real time and respond instantly to changes. Examples of bullet graphs are shown in Figure 2.8.  30  Revenue 0  100  200  0%  10%  20%  200  420  800  1600  Profit  Profit 0%  Avg Order Size 0  Background shades indicate qualitative ranges like bad, satisfactory and good  Text Label  Performance Measure  10%  Qualitative Scale  Comparative Measure  New Customer 0  Cust Satisfaction 0.0  2.0  4.0  Figure 2.8 Bullet graph in Panopticon Source:http://www.panopticon.com/data_visualizations/bullet_graph_bullet_chart_infor mation_visualisation_software.htm -  Horizon graphs provide a space efficient way to overview a large number of time series in a limited rectangular space. Increasing the amount of data with which human analysts can effectively work is a large problem in visualization research. An example of such a problem is finding an effective presentation of multiple time series. The horizon graph was developed in response to that problem. The following steps are involved in developing a Horizon Graph: 1. First a line graph is drawn; 2.  Then line graph is filled as shown in Figure 2.10(a);  3. As shown in Figure 2.10(b), the minus side is flipped into the same region as positive value; (mirroring the negative side doubles the data density compared to filled line chart) 4. As in Figure 2.10(c), a chart is divided to bands and bands are layered to create a nested form and half the height (Heer et al, 2009). With a two layered band, a horizon graph doubles the data density compared to the previous stage. In Panopticon software, three layers are used which increases the data density even more. Finally, bands are collapsed to consume less space.  31  Figure 2.9 Horizon graphs in Panopticon (a) Filled line chart (b) “Mirrored” chart. (c) two-band horizon graph. (Source: Heer et al, 2009) To visualize time series, line graphs, bar charts and horizon graphs can be shown in a multi-screen format (e.g. bullet graphs, bar charts, tree maps and line graphs). As stated previously, Table 2.2 provides a summary of the visualization tools that have been proposed, explored and adopted in practice.  32  Table 2.2 Visualization technologies in practice Source  Why  What  For Whom  When  How  http://www.riskon nect.com/  -Risk identification -Risk assessment -Risk mitigation -Risk monitoring  -risk database -categorization risks -relationships, roles & responsibilities -Risk impacts on organization -Risk interactions  Risk owners  Across the entire system  Quantitative Qualitative  Visualization & Formalization Risk Information, Kontio et al (2004)  Identification (analysis & control) risks  Risk related information Risk scenarios  Project managers and risk management process owner.  Risk identification session  Qualitative  Risk related information (in a condition-consequence pair) Risk related information Graphical approach to risk identification, Hogganvik et al (2006)  Programmatic Risk Balancing7  6 7  Identify risks scenarios, security threats and vulnerabilities.  Identify threat, threat scenario and involved assets  Risk assessment, monitoring & improvement  Magnitude of risk (which is based on likelihood and consequences)  Requirement Visualization  Requirements (inputs)  Visualization Tool Riskonnect6 -Dual window screen -Color coded risk profile with possibility to navigate - Color-coded network diagram (risk influence diagramming technique) - Hierarchical representation -Dash boards VISIO/ Draw Riskit Analysis Graph on Blank flipchart/ magnetic laminated plastic frame used on whiteboard  Evaluation  Comment -Holistic or enterprise wide risk view -Interdependencies or interrelation of risks -Central repository for risks and risk related information.  -Accuracy -Effectiveness -Ease of use -Risks are valued through utility loss  - Well defined conceptual model is used to document risk information graphically. - Different symbols are used to model different aspects of risk in Riskit Analysis Graph. (risk factor, risk event, risk outcome, risk reaction, risk effect)  SEI risk statements (condition /risk factor-transition /risk event-consequence /risk effect) Risk Form system users, developers and decision makers  Brainstorming sessions  Qualitative: Graphical language supporting risk identification based on structured brainstorming  Threat diagram originated in CAROS method:  Risk Diagrams (L/M/S).  At introduction of  Weighted tree structure Histogram  ERM: web based enterprise risk management system Generally, it visualizes risk related information and residual risk profiles at each lifecycle stage  33  Weighted tree structure, stacked and color-coded histograms are  -Empirical study on various clients -Effective Communication -Easy to understand & remember notions  Multi-view approach is applied due to structured brainstorming.  Requirement Matrix is formed to determine the most critical risk  Source Tralli (2002)  Why  What  Visualization Solution Options  Solution Options (Input)  Assessment of Risk Event  Risks Risk drivers Risk impacts Risk owner Risks Risk drivers Risk impacts Residual risks  Mitigation  For Whom  When projects  Program manager  Risk identification Risk assessment  Risk related information  Public/ media  Web  Visualizing spatial data uncertainty using animation,  Risk Identification  Risks resulted by using coarse data  Decision makers (exploring route in early stages) Scientific Community: in latter phases  Early and late stages of project.  Risk Identification (multiple spatial uncertainties)  Individual Risks  Decision Maker: Risk Manager/ Analysts  Modelling & Visualizing Multiple Spatial Uncertainties, Davis (1996)  Tree structure Color coded Histogram  Visualization Tool  Evaluation  used in a lifecycle risk management decision support software-Defect Detection and Prevention (DDP)  Quantitative Network Diagram (Risk and its consequences) Drilling down (probability, severity and risk profile) Qualitative (Dynamic map)  Qualitative (Map-Multiple representations of uncertainty)  Comment events. Impact value of RE on program success (pre-defined) is defined, then REs are weighted by their likelihood of occurrence. Finally, most critical REs are derived from impact & likelihood.  Quantitative/ Qualitative Tree structure Colour histogram Quantitative/ Qualitative Tree structure Colour histogram  Global risk (2010), http://www3.wefo rum.org/docs/WE F_GlobalRisks_R eport_2010.pdf  Ehlschlaeger (1996)  How  Effectiveness matrix is formed to specify the net likelihood RE will remain undetected by SO. Determine proper response to manage risk based on impact of RE on requirements and escape probability of SO. ----  Risk Interconnection Map (RIM)  Animation instead of static maps and slides (2D animation + elevation contours, with the goal of understanding change between images) Colors indicate cost of each route  Statistical & Spatial characteristics must match error model so that animation not be misleading.  Animation is produced by stringing together a series of realizations, where amount of change from one realization to another shows amount of uncertainty in spatial data  -Static Viz.: map pairs (M-L8 & Std deviation), combo of two maps9, incorporation of fuzzy info to produce worst case scenario 10  Map comparisons: limited ability to demonstrate variability in a theme.  -In Dynamic Viz., hue (green, red) is used as a metric for certainty factor (max likelihood). -Variability of each pixel (std deviation) is shown on time axis.  8 Maximum Likelihood summary of data, only focuses on most likely values (e.g. pixel with value 1, certainty 0.85, soil type 3) while ignores results almost as likely that describe more dangerous situations (value 0.2 (more dangerous), certainty 0.8, soil type 4) 9 Changing focus of a particular object to represent uncertainty: decrease color saturation, changing the hue, fog or texture change (e.g. lowest variability values and lowest stability slope). 10  Incorporation of fuzzy information into static visualization in order to take into account less likely scenarios that can be more dangerous, so data that could be thrown away in Boolean processing are used.  34  Source  Map showing liquefaction susceptibility of San Mateo County, California”, Perkins,J. B.(1987) “Can-it-really-bethat-dangerous?”, Husdal (2001)  Why  What  When  How  Visualization Tool  Evaluation  -Dynamic Viz.11: Visualization of implication of variance (ex. changing slope stability from safe to unsafe) instead of static display of std deviation.  Combo of maps: helps to focus the data on one type of analysis, but eliminates much of info content.  Individual Risks  Nonspecialist decision maker  Qualitative  Risk Identification (spatial data uncertainty)  Individual Risks  Nonspecialist decision maker\ (Executives)  Qualitative (e.g. map of maximum likelihood and map of each pixel’s standard deviation)  Risk Assessment  Risk Rating Quantify potential damage  Risk Specialists Line Management Public  Risk Prevention Workshop To generate damage estimate  Qualitative (groundshaking intensity maps)  Static Map  Ease of use and understanding by user  -Risk Monitoring -Risk Assessment  Risk Rating Quantify potential damage  Risk Specialists Line Management Public  Weekly drought assessment named as: US drought monitor  Qualitative (Static Risk Map FEMA’s HAZUS map)  -Static Map -Yellow-orange-red map  -Perceptibility of visual attributes given to data. -Yellow-orange-red map is used to overcome challenges for redgreen color blind  representation of full range of realizations  35  Static table or graph that shows average level of data uncertainty e.g. Classification of Error Matrix Statistic graphic variables: e.g. -changing focus of object -using color variable  Dynamic Viz.: can be evaluated through cross comparison of decisions made based on various Viz. techniques. Lack of incorporation of uncertainty information to data display. Lack of information density  Risk Identification  http://www.husd al.com/2001/10/ 31/can-it-reallybe-thatdangerous11  For Whom  Comment -All possible realizations of max likelihood model based on variance data are shown by animation. -Steady pace of animation (spend equal time on likely and unlikely scenarios) can be improved by making them follow variance curve. -Fuzzy analysis retains info that almost fits into a specified class, but uncertainty is implicit in the results and needs interactive manipulation.  -Combining two maps: focus data for special analysis -Bivariate combo -Incorporating Fuzzy information to static visualization helps in developing “worst case scenario” map. -It shows three types of construction and damage associated with each building type for a given area.  Source  Why  What  For Whom  When  How  Visualization Tool  Evaluation  Comment  ones, and to also use in greyscale copies.  issues-invisualization-ofrisk-andvulnerability/ “Guide to enterprise risk management”, Protiviti (2006)  Risk assessmentAssess multiple interrelated events  Risk related informationrisk drivers  “Understanding market, credit, and operational risk: the value at risk approach”, Allen et al (2004)  Risk Identification (Effect oriented)  -High risk steps in operational process -Factors and events that affect each risk step  Risk Identification and evaluation of its impacts (Effect oriented)  Sequence of actions that may lead to undesirable outcome.  Risk Identification (Cause oriented)  Risk Identification (Cause oriented)  Objectives of risk assessment: Executive Managers, board of director, Risk Manager or Risk Analysts Risk Managers Managers  Workshop & presentation  Qualitative (Model of interrelationship among events for a risk category.)  Cause effect network diagram  Qualitative  Process Map (Causal Network)  Risk Managers Managers  Qualitative  Event Tree (Causal Network)  Risk Relation & Information (Connections b/w components in a process.)  Risk Managers Managers  Qualitative  Fishbone analysis (Connectivity model)  Risk Relation & Information (Link b/w errors & steps in production process)  Risk Managers Managers  Quantitative  Fault Tree Analysis (Connectivity Models)  36  Challenge: -Mapping data on events Draw backs: It’s subjective nature/ Lack of focus on macro-level interdependencies./Lack of quantitative analysis on likelihood of each external link/ Useful in identifying chronological dependencies Draw backs: -Subjective nature Emphasis: find where failure in critical step may spread through procedure. Drawback: -Probability of risk events is not assessed. -Subjective nature. Produced from combining event tree and fishbone diagram. Its strength is measuring extend of interdependency across steps of a complex process.  Source  Why  “Analyzing the Systems Underlying an Enterprise”, Browing, (2004)  Risk Identification  Gahegan (2000), Voser (1997)  Identify wild fire risk, making potential drought related risks apparent  Songer Hays (2003) Korde et.al. (2005)  Risk identification Risk assessment Mitigation Assignment of risk  What  For Whom  Risks Risk drivers (process failure modes and their impact on other activities)  Risk Managers and Executives  When Workshop & presentation  How Qualitative (can be extended to quantitative12) -How delay in activities they depend on can force them to make assumption which may cause reworks -Such visibility leads to improved process design from which risk assessment can be drawn  -exploring spatial relationships -dependency between variables  -number of risk related information (drivers) -distribution of environmental drivers in time, space -assignment of responsibility to their management  Visualization Tool Design Structure Matrix13 is a square matrix with corresponding rows and columns. -diagonal cells: system elements (e.g. activities in process view) -off diagonal cells represent dependency of one element to another - off diagonal cells show dependent, independent and interdependent activities are shown.  Plot variables against each other removing location information Focus on relationships independent of location  -Risk Manager -Risk Analyst  Qualitative  12  Tree map, scatter plot, histograms -Stacked 3D graphs -Tower shaped column in a time/ location cell is used to show how many risk drivers we have at a specific time and specific location. -Different colors and shapes are used to show risk owners -Precise information could be shown in small information box -Distribution of total number of drivers according to time & space are shown on side walls, different colors show different  Evaluation  Comment  -Adding quantitative information to the DSM and using simulation can quantify the impacts of process configuration changes on cost and schedule risk. -DSM provides a concise visual format for representing process. -Participants can quickly see how their activities affect large process Scatter-plot  -4 systems: product (output), process (network of wp), organization (structure of people who execute process system) and information systems (where data reading other systems are managed). -Marks on lower left triangle in DSM, shows drivers of cost and schedule risks (possibility to return to beginning of the project). The more populated the triangle, the bigger risk impacts on cost and schedule. -It shows how changing sequence of activities reduces impact of risk event on time & cost. -Helps risk analyst to explore relationship between variables -Spatial analyst visualizes in 3 dimensions  Vertical axis from origin shows no. of total drivers Other 2 vertical axis at the end of their respective horizontal axis show no. of drivers by responsibility integrated across time and space. So, user can easily see variety of information in one view.  Marks in lower left corner of DSM represent key drivers of cost & schedule risk, as there is a chance of having return to the beginning of project. Upstream activities depend on information created down stream, so they need to make an assumption which cause reworks if the assumptions are not correct. It is the managers’ goal to bring sub-diagonal marks close to diagonal in order to reduce their impact. Moreover, impacts that process configuration change may have on cost & schedule risk can be quantified. 13 N-square diagram with the addition of time basis  37  Source  Why  What  For Whom  When  How  Visualization Tool  Evaluation  Comment  organizational drivers and the total is shown in heavy black line Korde et.al. (2005)  Risk Identification  Risk drivers and their attributes  -Risk Manager -Risk Analyst  Korde et.al. (2005)  Risk Identification  Identify change orders that can happen in same time, space and by same project participants.  -Risk Assessment (Quantifying risk impacts)  http://www.pano pticon.com/data _visualizations  Risk identification Risk Assessment  Positive and negative correlations, trends and outliers in large statistical databases  Managers in financial and telecom services  Risk Assessment Risk Monitoring  14  Qualitative (Hierarchical structure are shown for total drivers and those owned by specific organization) Quantitative  Magic Eye View Technique  -Besides no. of drivers in every cell of time and location, identity of drivers is shown on surface of hemisphere.  -Color coded 3D graph14. -Different granularities are allowed in terms of time, location and project participants  Quantitative (size and location)/ Qualitative (color)  Multi-screen scatter-plot (x: exposure usage%, y: 1&10 day VaR limit utilization%)  Coarse time measurement (month) Three locations (onsite, offsite, both) So, user can select between locations as in some cases such as congestion or productivity loss, offsite changes do not contribute to problem. Facilitates: 1.exploring and discovering new truths in data 2.quickly identifying anomalies and taking corrective action 3. See risks at other hierarchical stages in multi-screen  Inf. on a single PM Quantitative scale Comparative measure for reference purpose  Quantitative  Bullet graph  Risk Identification Risk Assessment Risk Monitoring  Risk importance (size) Risk severity (color) Hierarchical relation (location)  Quantitative (size: importance and color: urgency)/ Qualitative (location)  Tree map  Risk Identification Risk Assessment Risk Monitoring  Real time data Historical data Risk severity (color) Hierarchical relation  Quantitative (color)/ Qualitative (location)  Heat map (simplified tree map)  Panopticon software  Vertical axis shows cost of change order, and the two horizontal axis show time and change order ID, colors represent change orders happened in one month.  38  -Easy to set up -Highly customizable -Can be equipped with filtering capabilities to help user be concentrated on some data Small footprints, easier to understand than radial forms Good for large, hierarchical datasets  -Visualizes large info. In small space -No linkage is provided among performance measures -Enables user to: comprehend size, color and grouping quickly; easily filter out less interesting data; focus on crucial outliers, and act quickly based on patterns and trends -Good for comparing more than ten data items -Enables user to: comprehend color and group quickly; filter out less interesting data; focus on crucial outliers, and act quickly based on patterns and trends  Source  Why  What  For Whom  When  How  Visualization Tool  Evaluation  (location)  Risk Monitoring  -Good for comparing more than ten data items  Real time data X & Y axes: quantitative Dataset type (color)  Quantitative/ Qualitative (color)  Line graphs  Change of large number of items through time  Quantitative Height of curve (underlying value), color (severity)  Horizon graphs  Risk Assessment Risk Monitoring  Comparative data Categorized risk groups Real time data Historical data  Quantitative (bar height)/ Qualitative (color)  Bar charts  Risk Assessment Risk Monitoring  Quantitative changes to several data sets over time  Quantitative (changes over time and contribution to the total) / Qualitative (color)  Stacked chart  Quantitative / Qualitative  Pie Chart  How each data point contributes to the total Sum of the values and individual items in one chart Risk Identification  Functions as part of the whole  Comment  39  -simple, intuitive information visualizations - Good for time when one time series crosses another -Way to overview a large number of time series in a limited rectangular space -Reduce space use by mirroring negative value and dividing the chart into bonds -Different display options, -Easy to work into different information display  Great for looking at revenue or gross profit/ loss figures over time across several product lines/ risks.  -Most popular data vis. Tool in the world -Not effective visualization tool for large and hierarchical dataset  -Enables user to Compare info about changes in data over time -Good for few datasets -Shows historical market risk (relative to BM or absolute) -Good to show large number of time series in one screen -Shows how a large number of items (risk events) have changed through time -Spot extraordinary behaviours -Facilitates making comparisons between item -Easy to understand -Good to communicate important comparative information, -Comparing ten or fewer data items across a single quantitative variable. - Historical market risk -Good choice when you have up to ten or eleven time series -Good in conjunction with Treemap, Heatmap or Scatter plot tools -Shows how each component in the database has changed compared to the others - When it is required to show contribution to total Not useful for visualizing large and complex database such as those in construction projects  2.5 Results of evaluating visualization tools To summarize the evaluation of the visualization tools discussed in Table (2.2), we have developed the matrix shown in Figure (2.11) to show the dimensions that each visualization tool treats. In this figure, every row represents a visualization tool and every column shows the dimension that the tool visualizes. If a tool is designed to visualize a specific dimension, the corresponding cell in colored in black. If the tool visualizes one dimension as a by product, the cell is colored in grey. If visualization tool offers minor benefits on visualizing a dimension, the corresponding cell is hatched in black dots. If a dimension is not addressed by a visualization tool at all, the cell is blank or white. From Figure (2.11), the majority of the visualization tools investigated are designed to assist the risk identification stage. Some of them also facilitate visualizing other stages in the risk management process like risk assessment (qualification), mitigation and monitoring as by-products. The second largest group of tools is designed to visualize the risk mitigation and risk assessment stages, but with some use for risk monitoring. Some of the investigated tools are qualitative and use a ranking system to show impact values. Some quantitative tools convert the impact value of a risk event on all performance measures to one of cost. Thus, most quantitative tools provide a dollar value or the percentage of VaR without visualizing the impact of a risk event on other performance measures. Thus, in Figure (2.11) a void exists in the central part of the matrix that represents a lack of enough work in terms of visualizing performance measures other than cost. Even Riskonnect and Panopticon which provide both qualitative and quantitative visualizations in the form of interactive, interconnected images to model market risks, modeled all risk events based on their impact on cost. Clients using these two tools are mainly concerned about how their earnings per share are impacted by the risk event and/ or the dollar amount that is lost as result of the risk event being realized. Although clients of construction projects have similar concerns regarding cost, the multi-dimensional nature of construction projects in terms of cost, time, scope, safety, etc. poses additional problems for visualizing risk data.  40  In next chapter we discuss the data that is contained in an ideal risk register, some of which could be candidates for insightful data visualizations.  Fig. 2.11 Evaluated visualization tools  41  Chapter 3: Risk Register Properties and Analytical Reasoning 3.1 Introduction The purpose of this chapter is three fold: a) To develop an in-depth understanding of the purpose of a project risk register and the contents of an “ideal or model” risk register. It is these contents that one wants to visualize in order to gather insights on a project’s risk profile in order to improve the risk management process; b) To examine the contents of risk registers used in practice; c) To explore the analytical reasoning that can be supported through risk data visualization.  3.2 The concept of project risk register Development of a risk register as a mean of recording identified risks, their severity and actions to be taken, is usually the starting point for applying risk management to a project. It can be a simple document, a spreadsheet, or a database system. It can play an important role in the successful delivery of a project, especially when updated on an ongoing basis throughout the total project lifecycle. Williams (1995) stated that a risk register serves two main roles. First, it serves as a repository of a corpus of knowledge and second, it can be used as a platform for initiating the analysis and plans that flow from it. For large projects, many of which are undertaken by a consortia rather than individual companies, few project members have a good overview of the whole project – a risk register helps to address this issue. As shown in Figure 3.1 the flow of analysis and risk management plans starts from the project’s risk register, which provides data for cost, time and technical analysis when it is combined with deterministic and other aleatoric data.  42  Figure 3.1 Flow of analyses and plans from a project’s risk register (1: deterministic and aleatoric uncertainty data, 2: epistemic and major aleatoric uncertainty data); Source: Williams (1995) As discussed by Richter (2011), a risk register facilitates risk communication in a way that all participants better understand the messages contained in individual risks and their properties as well as collections of risks, thus helping to persuade receivers of messages to modify attitudes and providing two-way communication as a mean of resolving conflicts about risk properties and risk management strategies. If a risk register is designed correctly, it enables clear and concise communication between team members which in turns increases the likelihood of project success. A risk register enables new team members to be quickly brought up to speed on the project. Further, a risk register can help with any difficulties associated with risk allocation which may arise from the wrong belief that some parties think risk can be transferred to some one else and hence they do not have to pay attention to avoid risks through risk reduction actions or contingency plans (Chapman et al. 1998). Thus, participants who bear the risk as well as those assigned responsibility for mitigating the risk should be identified in a well43  designed risk register. An important step in risk management is to maintain a risk database in a way that it is easier to gain knowledge about the origin and drivers of risks. Such a step should be considered in both constructing the risk register and using appropriate visualization techniques to extract information from it.  3.3 Contents of an “ideal” or “model” risk register In this section, through an examination of the literature, we explore the data that should be contained in an “ideal” or “model” risk register. Findings from this literature review are then complemented in the following section by examining risk registers as they appear in currently available commercial software tools. Items that should be included in a risk register are as follows: First, a list of adverse events that might occur should appear, meaningfully phrased. The probability and distribution of adverse impacts should also be recorded in the risk register and their effects modeled in further analysis (Williams, 1995). Two types of uncertainty have been discussed in the literature: aleatoric and epistemic. The former demonstrates intrinsically uncertain situations and the latter relates to a general lack of complete knowledge. A risk register should contain all epistemic risks which reflect a lack of knowledge especially at the beginning of the project and a gradual resolution of those uncertainties along with major aleatoric risks. Another category of information that should be included in a risk register relates to management actions consisting of risk reduction actions which reduce the probability of risk occurrence and/ or contingency plans that reduce the consequences of a risk if it occurs. Such information stimulates thoughts on how to reduce the likelihood of a risk event occurring and its impact if it occurs. This information also reveals to the risk manager those risk items for which no risk reduction or contingency plan is assigned. In another classification, Williams (1994) suggested that details of a risk be classified under the four categories of event, impact, actions and contractual, as follows. Event is  44  the category that includes description of a risk and its estimated likelihood of occurrence, (initially classified as high, medium and low, and then later in quantitative terms). As part of the event description the risk owner should also be included in the risk register to identify the participant that feels the effect of risk and the participant who is responsible for its removal. The area of the project in which the risk may materialize should be identified, a risk identification number should be assigned, and the description should include a brief statements as to causes and consequences. Impact is the category that includes the project objectives (time, cost and other performance measures) that a risk affects. As a first pass, severity of the impact is classified linguistically (e.g. high, medium, low), based on a subjective yet informed assessment; later, impact can be defined quantitatively as time and analysis permits. Patterson et al. (2002) suggested that the probability (or likelihood) of a risk occurring, impact of the risk if it occurs, and exposure value which is the product of likelihood and impact, be documented in a risk register. Then, risks can be ranked based on a combination of their impact, probability and exposure value at a point in time. Furthermore, they can be tracked during the project lifecycle, so active and solved risks are distinguished at different stages of the project. Patterson (2001) has provided the tables shown in Figure 3.2 to allocate non-numeric values to the corresponding percentage values for likelihood and impact. Such tables are not designed to generate accurate values of probability and impact of risk within the project, but they give ranges of probability and impact values based on subjective judgment to show an overall perception that the user has for each identified risk. Such an approach can be useful for the preliminary screening of risks, especially when the number of risks is large and scarce management resources have to be assigned.  45  Figure 3.2 Sample of probability-impact and risk ranking tables used in risk register (Source: Patterson et al. 2002) Actions is the category in which risk reduction actions are described, targeted at the reduction of the probability of a risk occurring, and contingency plans to reduce the impact of a risk if it occurs. Contractual category shows the degree of risk transfer that might be affected - it should be categorized and recorded (Williams, 1994). Williams has highlighted the criticality of the link between a risk register and the contract, and suggested a new way of classifying risks based on which ones can be transferred to the tenderer or to the procurer. Once risks are identified, based on the level that is feasible (not desired) to transfer risks from procurer to tenderer, risks can be categorized in terms of legally unavoidable risks, quantifiable risks, epistemic risks, and actuarial risk. Unavoidable risks are those that cannot be transferred by their nature. Quantifiable risks are those that management feels comfortable assigning a numeric value to and for which contingency plans can be formulated. Epistemic risks are those risks the extent of which is not known until they actually happen, so they are less predictable than quantifiable risks. Such risks are covered only by a qualified transfer with a contingency. Actuarial risks are those with  46  low probability and high impact and they are generally expensive to be covered by a contingency (e.g. risk of nuclear power plant accident). Barry (1995) described a risk register as a comprehensive risk assessment system. Using that definition, a risk register constitutes a formal method for identifying, quantifying and categorizing risks and provides a means of developing cost-effective responses to control them. Some researchers such as Carter et al. (1995) provide a descriptive version of a risk register and stated that a risk register provides a database of risks which evolves from the beginning of a project. Since there are different types of forms and registers, they advised that risk registers be kept in electronic format so their maintenance is facilitated (Patterson et al., 2002). In research conducted on the application of a risk register in the Automotive Manufacturing Industry, Patterson et al. (2002) noticed that organizations developed their Risk Register based on their own needs. No instructions were reported for constructing a risk register in general-i.e. no “general” model was put forth. In Figure 3.3, Patterson et al. (2002), has summarized examples given by Williams (1995), Carter (1995) and Ward (1999) with respect to the types of information that can be stored in a risk register. According to Patterson (2002), there is a general consensus that a risk register should contain a description of a risk, its impact and likelihood or probability of occurrence and mitigation actions. Although, several researchers such as Williams (1994) and Carter et al. (1995) have pointed out the importance of a risk register, neither they nor Chapman and Ward (1997), Barry (1995) and Ward (1999) have provided directions on how best to design and construct a risk register.  47  Figure 3.3 Suggested content of risk register Source: Patterson et.al. (2002) Hillson (2003), has recommended using a Risk Breakdown Structure (RBS) (a hierarchical structuring of potential risk sources) in order to deal with the large amount of data/ information in risk management. A RBS helps participants understand how different risks are distributed on a project which aids effective risk management. A RBS defines the total risk exposure of a project based on a source-oriented grouping: e.g. external sources (market risk, risks arising from action of competitors, suppliers or regulators); and internal sources (people, processes or procedures) (Hillson, 2003). A risk taxonomy, which is a linear list of potential sources of risk, is an essential part of a RBS under which individual risks are arranged. An example of a single level risk taxonomy is given for a construction project in Figure 3.4. 48  Figure 3.4 Single level risk taxonomy: Patterson et.al. (2002) When risks are identified, they can be categorized based on sources. This allows areas of concentration of risk to be recognized which helps managers determine the most significant sources of risk. Although it is helpful to know the total number of risks caused by one specific source, it can be a misleading piece of information as it does not take into account the relative severity of risks from different sources. In order to overcome this problem, scores associated with probability (P) and impact (I) of a risk can be used. These numerical scores can be multiplied to give a combined value. Then the concentration of risks within a RBS can be assessed by comparing the total risk score which gives a more meaningful perspective than a simple total count of risks. Categorizing risks based on a RBS provides additional benefits for risk management. According to Hillson (2003), such a categorizing helps one understand the type of risk exposure on the project, reveals root causes of risk, reveals the most important sources of 49  risk, indicates areas of correlation between risks, helps managers concentrate risk responses on high risk areas, and allows managers to develop responses for root causes of a group of risks. Moreover, a RBS facilitates risk reporting. It helps one to roll up information and to prepare reports for senior management or drilldown into details and provide reports for the project team. Issacsons (2009) identified the following items as essential parts of the main body of a risk register:   Risk identification number    Risk category    Risk title and a brief description    Date that risk is reported or entered in risk register    Risks identified by space (location)    Possible causes of the risk    Triggers (signal that the risk is occurring)    Probability of occurrence (both pre-response, and post response)    Impact on the project (both pre-response, and post response)    Risk Level    When it might occur (period of high risk)    Planned prevention or mitigation options    Contingent response plan    Residual risk    Responsibility assigned    Potential resources that are required for mitigation  3.4 Examples of risk registers In this section, the contents of risk registers used by practitioners are investigated and results of the investigation are summarized in Tables 3.1 to 3.8. These tables provide a summary of the content of risk registers used in commercial software such as RiskAid, Pertmaster, RiskRadar as well as risk registers utilized by practitioners such as the 50  National Health Service of UK, the office of government commerce of UK and a risk register used by Patterson et al (2002). Generally speaking, all of the risk registers were developed to provide information on the following items:   Details of a risk which includes description of the risk, risk category and risk rating.    Person responsible for recording the risk, owning the risk and implementing a risk mitigation strategy.    Dates on which risks are identified and reviewed, due dates of action plans.    Likelihood of a risk to occur and its impact in case of occurrence.    Proposed mitigation plans, their estimated costs, benefits and effectiveness in mitigating risks.  51  Table 3.1 Item class Identification  Assessment  Ref: Federal Gov. Agency Item A. Number  How expressed alphanumeric  Ref: What is Risk Register Item A. Date  How expressed alphanumeric  B. Risk category  linguistic  B. Risk Type  linguistic  C. Description including cause & consequence  Linguistic (free form)  C. Description  Linguistic  D: Likelihood of occurrence  Linguistic – predefined choices Linguistic – predefined choices Linguistic – predefined calc Linguistic – predefined choices Linguistic – predefined choices?  D. Likelihood of occurrence  Linguisticpredefined choices Linguistic – predefined choices Linguistic – predefined calc  Low (<30%), Medium (3170%), High (>70%)  E: Severity of occurrence F: Inherent risk (D x E) G. Project specific or global  Treatment  Cost base  Probability Impact  H. Initial allocation under DBB I. Quantified J. Risk expert K. Mitigation strategy (cost/benefit) L. Project agreement reference M: blank column N. Cost basis O. Value P. Blank column Q. 0% to 100% R. Rationale for probability assumption S. Impact: best T. Impact: most likely U: Impact: worst V. Mean of impact estimates W. Rationale for best, most likely, worst assumptions  Consequence  Comment  Table 3. 2 Item class Identification  Assessment  E. Severity of effect F: Inherent risk (D x E)  Comment Date that risks are identified or modified. Optional to add target and completion dates. Business, project or stage risk.  Means what? Linguistic (name)  Treatment How expressed  Counter Measure  Linguistic  Express the contingency plan  How expressed  Owner  Linguistic  Status  Linguistic  Express individual responsible for managing the risk C-Current E-Ended Check what this is  Check what this is  Cost base  Numeric Number  Likelihood? How expressed?  Probability  Numeric Numeric Numeric Numeric  Seemingly only cost Seemingly only cost Seemingly only cost  Impact  Linguistic – free form? Consequence  Y. Shared Z. Transferred  N. Cost basis O. Value P. Blank column?? Q. 0% to 100% R. Rationale for probability assumption S. Impact: best T. Impact: most likely U: Impact: worst V. Mean of impact estimates W. Rationale for best, most likely, worst assumptions X. Retained Y. Shared Z. Transferred  52  Numeric? Number  Likelihood? How expressed?  Numeric? Numeric? Numeric? Numeric  Seemingly only cost? Seemingly only cost? Seemingly only cost?  Linguistic – free form? Make a choice between X, Y, Z?  Table 3.3 Item class Identification  Ref: PERTMASTER Item A. Number B. Risk Type C. Title  Premitigation  D. Probability (0100)% E: Impact on Schedule F: Impact on Cost G. Impact on Performance H. Score  Mitigation  Table 3.4 Item class Identification  Comment  Linguistic (free form) Linguisticpredefined choices Linguistic – predefined choices Linguistic – predefined choices Linguistic – predefined choices  Ex. Weather affecting ground Choices: VL/L/M/H/VH  C. Risk Expert  How Expressed Numeric Linguistic (Causes/ consequences) Linguistic  D. Date  Numeric  Choices: VL/L/M/H/VH  E: Type  Linguistic-predefined  Choices: VL/L/M/H/VH  F: Category  Linguistic-predefined  G. Probability  Range of probability is positioned in heat map diagram Positioning in heat map diagram Positioning in heat map diagram Linguistic-free form  Choices: VL/L/M/H/VH  Pre-mitigation  H. Impact on cost  I: Response  Numeric (based on D, E, F, G) Linguistic  J: Title  Linguistic (name)  J: Rationale for impact assumption K: Rationale for probability assumption L: Probability  I. Impact on Schedule  K: Total Cost PostMitigation  L: Probability (0100%) M: Impact on Schedule N: Impact on Cost O: Impact on Performance  P. Score Details  Ref: RiskAid Item A. Number B. Description  How Expressed Alphanumeric Threat/ Opportunity  Q: Owner R: Description S: Cause T: Effect  Linguistic – predefined choices Linguistic – predefined choices Linguistic – predefined choices Linguistic – predefined choices  Numeric (based on D, E, F, G) Linguistic (free form) Linguistic (free form) Linguistic (free form) Linguistic (free  Choices: VL/L/M/H/VH  Technical/ Human/ PoliticoEconomic Project/ Consortium/ External N/VL/L/M/H/VH/ Definite, limits can be set by user  N/VL/L/M/H/VH/ Definite limits can be set by user ex. Specialty in skill/ difficulty in replacing ex. Being a member of dangerous sport team  Choices: VL/L/M/H/VH  M. Impact on cost  Numeric  Choices: VL/L/M/H/VH  N: Impact on Schedule O: Type  Numeric  P: Cure Probability Q: Cure Reasons  LinguisticPredefined Linguistic-free form  Range defined from None to Definite extremes. N/VL/L/M/H/VH/ Definite, limits can be set by user N/VL/L/M/H/VH/ Definite limits can be set by user Preventative (reduce the chance: avoid, transfer, insure, diversify)/ Limiting (reduce impact: contractual cases, alternative solutions) N/VL/L/M/H/VH/ Definite limits can be set by user Why action should take place?  Weather  R: When?  Linguistic-predefined  During contract/  Rain Season  S: Title  Linguistic-free form  Loss of productivity  T: Description  Linguistic-free form  Choices: VL/L/M/H/VH  Post Mitigation  Linguistic-free form  Comment  Action  53  LinguisticPredefined  Table 3.3 Item class  Ref: PERTMASTER Item U: Manageability V: Status W: Proximity X: Start and End Dates  Table 3.5 Item class Identification  Ref:: RRE Item A. Number B. ID Date C. Priority D. Classification E. Risk Originator F. Risk Owner G. Risk Title  Assessment  H: Risk Description including cause, effect and context of risk E: Probability F: Impact on technical  How Expressed form) Linguistic (free form) Linguistic (free form) Linguistic (free form) Numeric  How Expressed alphanumeric Numeric Numeric Linguisticpredefined choices Linguisticpredefined choices Linguisticpredefined choices Linguistic-free form Linguistic -free form Linguistic – predefined choices Numeric/ Linguistic – predefined  Ref: RiskAid Item  How Expressed  Easy/ Moderate/ Hard  U: Risk Expert  Linguistic (Name)  Proposed  V: Chance of action being needed X: Chance of action curing cost and delay Y: Cure probability reasoning Z: Approved α : Progressed β: Cost  Linguistic Predefined Linguistic Predefined Linguistic free-form  Comment  Table 3.4 Item class  Overdue  Comment  Table 3.6 Item class Risk Form  Ref: NHS Org Item A: Risk No. B: Risk Area C: Risk Description  Linguistic (Y/N) Numeric (%) Numeric  Comment  Range can be defined from None to Definite Range can be defined from None to Definite  $ Days  How Expressed Numeric  Comment  D: Impact on person/ trust  Linguistic-predefined  Who specifies risk  E: Unfavorable publicity  Linguistic-predefined  Death/ Extensive Injuries/ Medical treatment required/ First aid treatment/ Minimal financial loss Remote/ Unlikely/ Possible/ Likely/ Probable  Peron responsible for managing risk (point of contact)  F: No. of person affected  Numeric-predefined  G: Clinical complaint  Numeric-predefined  H: Consequences  Linguistic/ Numericpredefined (based on D, E, F, G) Numeric-predefined  Risk Identification Date What out of what. Multiple risks may have same ranking. Ex. Unclassified  Near Certain (0.9)/ Highly likely (0.7)/ likely (0.5)/ unlikely (0.3)/ remote (0.1) (0-5) OR (VL-VH) are predefined in linguistic free form  I: Likelihood J: Risk Rating  54  Numeric- based on H and I  Remote/ Unlikely/ Possible/ Likely/ Probable Catastrophic (5), major (4), moderate (3), minor (2), insignificant (1) Numbers represent likelihood as none, possible, likely, highly likely, certain  Table 3.5 Item class  Ref:: RRE Item G: Impact on schedule H. Impact on cost  I: Impact on other parameters J: Risk Exposure K: Risk level L: Level Trend M: Risk level Risk level through time  N: Status O: Early Impact P: Late Impact Q: Days to Impact  Linguisticpredefined Arrows Position risk in heat map Total no. of risk in each probability impact bin at 4 time frames: at the time of analysis/ near, mid and far future Linguisticpredefined Numeric-from calendar Numeric-from calendar Numeric  R: Impact Horizon  Linguisticpredefined  S: Last Updated  Numeric-from calendar Numeric-from calendar Linguistic-  T: Next Updated Triggers  How Expressed choices Numeric/ Linguistic – predefined calc Numeric/ Linguistic – predefined choices Numeric – predefined choices Numeric  U: Internal description  Table 3.6 Item class  Ref: NHS Org Item  How Expressed  Action form  K: Action Description  Linguistic-free form  L: Adequacy of Control  Linguistic-predefined  ?  M: Start Date  Numeric-free form  (Probability x impact)-all impacts combined together L/M/H defined based on risk exposure rates Up/ down/ horizontal  N: Due Date  Numeric-free form  O: Cost  Numeric-free form  Comment (0-5) OR (VL-VH) are predefined in linguistic free form (0-5) OR (VL-VH) are predefined in numeric(%) free form  Monitor/ Mitigate/ Transfer Earliest date you expect may impact the project Latest date you expect may impact the project No. of days to earliest date that risk may become a problem Past/ near (now to x days)/ mid (to y days)/ far (beyond)  55  Comment  Adequate/ inadequate  Table 3.5 Item class (drivers)  Ref:: RRE Item V: External description X: Rule Y: Trigger Value or Date Z: Current Value  Attributes  α: Type β: Source γ: Control δ: Critical Path ε: Phase ζ: Program Area η: Focus Area θ: WBS Specification Ref ι: Milestone  Cost  Mitigation  κ: Occurrence cost λ: Factored Cost μ: Mitigation Cost ν: Factored Cost ξ: Opportunity Cost ο: Factored Cost π: Mitigation description ρ: Mitigation Plan ς : Due date of each stage  Mitigation Window  σ : Description of each stage τ: Mitigation step no  How Expressed predefined Linguistic-free form Linguisticpredefined Numeric-free form Numeric-free form Linguisticpredefined Linguisticpredefined Linguisticpredefined tick Linguisticpredefined Linguistic-free form Linguistic-free form Numeric-free form Linguisticpredefined  Linguistic-free form Time-Impact diagram Numeric-free form Linguistic-free form Numeric  Comment  Table 3.6 Item class  Ex. Greater than/ changes from  Internal/ External  Does the risk affect an activity on critical path Lifecycle phase that risk affects Ex. Engineering  Activity that spawned the risk Select a milestone from dropdown  Process of mitigation  56  Ref: NHS Org Item  How Expressed  Comment  Table 3.5 Item class  Ref:: RRE Item υ:. Mitigation title φ: Mitigation description χ: Point of contact Ψ: Start, due, and date completed ω: Projected probability ϊ :Projected impact on cost, time, performance, other ϋ :Risk exposure ό :Risk level  Risk Mitigation options Root Cause Window  ύ: Risk mitigation option checkbox Risk mitigation option description ύ: Underlying causes of the issue  How Expressed Linguistic-free form Linguistic-free form Linguisticpredefined Numeric  Comment  Table 3.6 Item class  Numericpredefined Numeric Linguisticpredefined tick  Result of probability and combination of impacts Avoidance/ transfer/ control/ assumption/ research  Linguistic-free form Linguistic-free form  57  Ref: NHS Org Item  How Expressed  Comment  Table 3.7  Risk Identification  Risk Assessment  Ref: Risk & Issue Management Protocol (Ogc.gov.uk) A: Risk ID B: Risk owner  Numeric-free form  C: Risk owner D: Impact on target  Linguistic-free form  E: Impact on service F: Impact on reputation G: Likelihood H: Current score I: Status of control program  Mitigation  J: Previous month risk score K: Quantified impact L: Control actions M: Indicator  Comment  Linguistic-free form Linguistic-free form  Numeric-result of D, E, F, G- Status is represented by colors Color coding score cells  Linguistic-free form  N: Responsibility  Linguistic-free form/ predefined  O: Action by  Linguistic-free form/ predefined  Table 3.8  Ref: Patterson et al. (2002)  Numeric-free form  Risk Register Report  A: Risk No. B: Risk Area  Numeric-free form Linguistic-predefined  C: Risk description D: Probability  Linguistic-free form Linguistic-predefined  E: Impact on time F: Impact on cost  Linguistic-predefined Linguistic-predefined  G: Impact (total) H: Severity  Linguistic-predefined Linguistic-function of D&G  I: Risk Ranking  Numeric Visual (Pie chart)  J: Trend indicator  Arrow  K: Evaluated by L: Risk Owner M: Risk Reduction/ mitigation plans  Numeric-predefined Linguistic-free from Linguistic-free from  N: Notes  Linguistic-free from  O: On risk register  Check box  Red: little/ no mitigation work Amber: partial mitigation Green: Mitigation fully implemented  Information/ metrics that indicate whether a risk is emergingclickable heat map Individuals responsible for owning control plansclickable heat map Individuals responsible for implementing control actions- clickable heat map  58  Comment  Area within the project that risk occurs From VL to VH/ translation by numeric and nonnumeric values  Output: Oval divided to number of risks ranked/ ranking presented in corresponding slice  Table 3.7  Ref: Risk & Issue Management Protocol (Ogc.gov.uk) P: Due date Q: Required risk  Ref: Patterson et al. (2002)  Numeric-free form  Comment  clickable heat map  P: Risk solved  Linguistic-predefined  Yes/ No  Red/ Amber/ Green: reflect severity of risk after ctrl actions implemented  Q: Link to Risk Owner form  Numeric  (total severity value/ no. of risks) Identify riskiness of project/ track them over the time: to see how well risks are mitigated over time (Sum of active risks x 100) List and track no. of active risks in a life span of project Active risks: above horizon What areas need more attention due to high risks (ID: represents areas)  Numeric-free form  Comment  Numeric-from calendar Color –coded score cells  Table 3.8  Risk Assessment Tool  59  R: Link to Risk reduction/ mitigation plan form S: Overall project risk T: Assessment the overall risk to project  Linguistic-predefined  U: Percentage of risks requiring attention V: No. of active risks  Numeric  X: Severity of risk in project lifespan  Risk severity vs. risk no diagram  Alphanumeric-free form  Some important features of the risk registers summarized in Tables 3.1 to 3.8 are discussed in more detail in what follows. The risk register used by Patterson et al. (2002) is shown in Figure 3.5. It consists of an electronic Visual Basic Code Risk Assessment Tool which can be divided into two parts. In the first part, information on individual risks, their description, associated probability, impact value, identification number and areas of the project in which they happen are given. Then, the second part of the assessment tool provides a risk assessment based on the severity values of the individual risks. Patterson et al. (2002) have suggested the following contents for a risk register:   The area of the project in which the risk may materialize;    Risk Identification Number;    Brief description of the risk;    Probability value;    Impact value (on time and cost);    Total impact value (combination of impact values in terms of time and cost);    Severity value (combination of probability and total impact value);    Ranking of the risk within the project (ranked risks are those with a high severity that are active in the project);    Track of the risk (i.e. has the risk increased, remained the same, or decreased in severity since the previous month);    Phase or time by which risk should be evaluated;    Risk owner;    Brief description of risk reduction/ mitigation plans that have been developed;    Whether the risk is active on the register;    Whether the risk has been solved.  60  Figure 3.5 Risk register sample (Source: Patterson et al., 2002) Another example of a risk register published by Richter (2011) is shown in Figure 3.6. Components of this risk register are quite similar to those recommended by academia (see Figure 3.3). Richter (2011) outlined the importance of recording the date in a risk register as it is a living document (dates on which risks are identified and modified). Further, Richter (2011) has mentioned three categories of risks as business (B), project (P) or stage (S). Business risks are defined as those risks that relate to the delivery of desired benefits; project risks relate to managing the project in terms of time and resources, and stage risks are those risks associated with a specific phase.  61  Figure 3.6 Risk register sample (Richter 2011)  62  Another example of a risk register is provided by RiskAid, a risk management software tool. Risk information treated is shown in Figure 3.7.  Figure 3.7 Risk register used in RiskAid Source: Risk Reasoning Ltd. (2009) http://www.riskreasoning.co.uk/ RiskAid also provides a summary which can be used to give an idea of the costs and delays if actions are and are not taken.  63  Figure 3.8 Project risk summary (Source: Risk Reasoning Ltd. 2009 http://www.riskreasoning.co.uk/filer.cfm?file=RiskAid_Enterprise_Brochure) Complementing the risk register shown in Figure 3.7 is the action plan extracted from RisAid as shown in Figure 3.9.  Figure 3.9 Action plan (Source: Risk Reasoning Ltd. 2009 http://www.riskaid.co.uk/E_gatekeeper.cfm?FileID=140) Other displays are also used in order to communicate an individual’s responsibility with respect to risk management along with notes and alerts that need their attention. Information on this page is filtered and limited to items relevant to a specific individual.  64  Figure 3.10 Action plan (Source: Risk Reasoning Ltd. 2009 http://www.riskaid.co.uk/E_gatekeeper.cfm?FileID=140)  Another risk register investigated is the one used in Primavera Pertmaster. As shown in Figure 3.11 the Primavera risk register is composed of qualitative and quantitative parts. In the qualitative part, information about a risk such as risk Id, type of risk (threat or opportunity), and risk title is shown. Further a mitigation strategy is described and risks are assessed both before and after applying the mitigation strategy. Other details such as risk owner, risk description, causes and effects of a risk, status and degree of manageability of a risk are contained in the risk register. Figure 3.11 shows a sample of the qualitative risk register used.  65  Figure 3.11 Risk register in Pertmaster (Source: http://www.westsoft.dk/Files/Filer/konferencer/Primavera_brugerm_290508/Pertmaster.pdf)  66  For quantitative risk analysis, the impact of a risk event on the performance measures of time and cost is taken into account regardless of possible impacts the risk event may have on other performance measures such as quality, scope, safety, environment, and reputation. Time and cost distribution graphs are drawn to estimate the likelihood of completing a project by a pre-defined date or budget. Tornado diagrams are used to show tasks that can highly affect the performance measures of time and cost. Managers can then distinguish those tasks that highly affect time and cost and based on tornado diagram, they can prioritize risk events, an important outcome of the risk management function. Since management resources are scarce, managers can not manage all risk events at the same level- they need to allocate more resources to high priority risks. Usually risk events are prioritized based on their exposure value (product of impact value and probability); however, a high degree of subjectivity can be involved in estimating the impact value of risk events. So, when a manager seeks to make a decision based on the exposure values, they should be able to assess its reasonableness. Therefore, the whole process of deriving that value should be visible to the user. To make this procedure explicit, risk events can be grouped by the tasks that they affect, with the sensitivity of tasks with respect to time and cost shown in Tornado diagrams. Thus, a Tornado diagram can be used to help in prioritizing risk events when risk events are mapped to tasks. Risk Scoring Matrix- Risk events are entered into a risk scoring matrix in the risk register (Figure 3.12) and they are scored from very low to very high, based on probability of occurrence and their impact value on the three measures of “cost”, “schedule” and “performance”. Scores are shown in the qualitative section of the risk register (Figure 3.11), where the impact value of every risk event is derived based on a subjective view. Risk events with the highest priority are those that affect tasks because of their high sensitivity to time or cost where sensitivity of events is shown through a tornado diagram (Figure 3.12). S-curves and probabilistic cash flow are other images used in the quantitative part of the risk register. S-Curves are used to determine if mitigation strategies are useful to save  67  money. Using S-curves, the user can compare pre-mitigated results with the original and post-mitigated results.  Figure 3.12 Risk scoring matrix used in Primavera Pertmaster (Source: Primavera Pertmaster http://www.westsoft.dk/Files/Filer/konferencer/Primavera_brugerm_290508/Pertmaster.pdf)  Figure 3.13 Risk scores in Pertmaster risk register (Source: Primavera Pertmaster http://www.westsoft.dk/Files/Filer/konferencer/Primavera_brugerm_290508/Pertmaster.pdf)  68  Figure 3.14 Tornado diagram used in Pertmaster in worst case scenario (Source: Primavera Pertmaster http://www.westsoft.dk/Files/Filer/konferencer/Primavera_brugerm_290508/Pertmaster.pdf)  One of the most comprehensive versions of risk registers investigated in the current work is the one used in Risk Radar Enterprise (RRE), a Microsoft Access database risk management application. Risk Radar was developed by American System (a privately held IT service provider) to help project managers and their teams identify, analyze, track, report, and mitigate risk events in a project and increase risk visibility across the organization. The application is certified by Navy Marine Corps Intranet (NMCI). (http://www.2asc.com/Services/ProfessionalTechnicalITServices/RiskManagement/Risk ManagementTools.htm) RiskRadar provides a dynamic tool through which a number of risks in each cell of the probability-impact (heat map) diagram is shown in time frames (past-near future, mid future and long future). Although, it is important to know the number of risks of high,  69  medium or low probability, it is more important to characterize risks by their future impact and impact horizon. To estimate risk exposure value, the probability of risk occurrence and its impact value if it occurs are defined as per following tables:  Figure 3.15 Probability-to-probability map used in RiskRadar (Source: RiskRadar 3.3 User Manual 2003)  Figure 3.16 Impact definition used in RiskRadar (Source: RiskRadar 3.3 User Manual 2003) To prioritize risks, risk exposure is calculated as a product of probability assigned to each risk event and the largest impact it may have on any of the three aspects defined in the project (cost, time or performance). For example, if one risk has an impact of 0, 0 and 2 on cost, schedule and technical performance of the project respectively, the risk exposure will be derived as the product of probability and the largest impact (2). Consistent use of numerical risk values during the project lifecycle provides a consistent risk ranking methodology that enables the most important risks to be kept on top of the list during the project life cycle. However, both probability and impact values listed in Figures 3.15 and 3.16 are assigned to risk events based on a subjective view which may cause difficulty in gathering consistent results from different participants. Moreover, when the user comes  70  back to check the reasonableness of results, they cannot evaluate the degree of confidence in these numbers as the tacit knowledge used to record estimates is not recorded. In Figure 3.17, three levels of risk are defined based on Risk Exposure in Risk Radar as:  Figure 3.17 Risk exposure to level map (Source: RiskRadar 3.3 User Manual 2003) Since risk exposure is calculated as the product of probability and impact, it is more useful to visualize risk level, risk exposure value, probability and impact value of each risk event on a heat map matrix, a 5x5 example of which is shown in Figure 3.18.  Figure 3.18 Risk exposure mapping (Source: RiskRadar 3.3 User Manual 2003) Red is assigned to unacceptable risks, amber represents risks that can be accepted if some additional management approach is applied, and green shows risks which have minimum impact. Risk level varies over the life of the project; therefore, it is important to know the trend of such variation as the project evolves. Figure 3.19 extracted from the American System website shows how risk analysis settings can be customized by the user.  71  Clickable heat maps and the ability to roll-up risks at different levels as shown Figure 3.20 are two capabilities provided in Risk Radar Enterprise. More detailed information about risks can be viewed by clicking on the number of risks presented in each cell of the heat map.  72  Figure 3.19 Customize setting in RiskRadar Enterprise Source: American System (2010) http://www.2asc.com/NR/rdonlyres/BB407D38-1AD5-4AA5-8020D89B2E1DB357/0/RRE_Overview.pdf  73  Figure 3.20 Capability to roll up risks at parent and child project risks Source: American System (2010) http://www.2asc.com/NR/rdonlyres/BB407D38-1AD5-4AA5-8020D89B2E1DB357/0/RRE_Overview.pdf  74  In Risk Radar Enterprise, information about risk identification, risk assessment, triggers, attributes and cost are summarized in a separate window, as shown in Figure 3.21. Some information in this window is presented in linguistic form (mostly predefined and some free form), and some in numeric format. Risk exposure is the only piece of information that is shown in a visual format. The information shown in predefined linguistic form can be visualized more easily compared to the information shown in free form (e.g. risk title, description, and external triggers). In Risk Radar Enterprise, details about mitigation strategies are summarized as shown in Figure 3.22(a), where, a brief description of risk is followed by mitigation description, required mitigation steps, step title, due dates, and status (completed/ not completed). There is a clickable icon named “action” which accesses more details on a mitigation step, as shown in Figure 3.22(b). Finally, as shown in Figure 3.23, Risk Radar Enterprise allows user to customize reports through selecting details and data field of interest.  75  Figure 3.21 Details on risk data Source: American System (2010) http://www.2asc.com/NR/rdonlyres/BB407D38-1AD5-4AA5-8020D89B2E1DB357/0/RRE_Overview.pdf  76  Figure 3.22(a) Risk mitigation (description and required steps)  77  Figure 3.22(b) Risk mitigation (description of each step) Source: American System (2010) http://www.2asc.com/NR/rdonlyres/BB407D38-1AD5-4AA5-8020-D89B2E1DB357/0/RRE_Overview.pdf  78  Figure 3.23 RRE report detail Source: American System (2010) http://www.2asc.com/NR/rdonlyres/BB407D38-1AD5-4AA5-8020-D89B2E1DB357/0/RRE_Overview.pdf  79  3.5 Analytical reasoning needs of risk management and roles of data visualization  3.5.1 Introduction Project participants think in different ways about a project, because of differences in experience and knowledge. Analytical reasoning is used in project and construction management in order to gain an understanding and generate insights from the perspective of various project participants. Analytical reasoning facilitates exploring causal relations between project conditions and project performance (Russell et al. 2009) and communicating findings to an audience. The focus of this section is on the analytical reasoning needs of risk management, especially with respect to the front end steps of risk management (e.g. identification, quantification, mitigation) with an eye to identifying opportunities for visual analytics to help with understanding the contents of a risk register and communicating important insights. Some commentary is also offered on potential approaches for visualizing data with a more detailed elaboration provided in Chapter 4. Chiu et al. (2010) have defined a visual analytic environment as a “computerized information system which enables users to create their own scenes composed of one or more pre-coded visual representations and an interface that assists users to interact (filter, sort, zoom, highlight, coordinate, etc.) with data and a palette of pre-coded images designed to facilitate analytical reasoning”. In the following subsections, we have identified some of the analytical reasoning needs associated with risk management under the main headings of risk identification, risk assessment and risk mitigation. We observe that our interest is with the messages contained within a collection of risk events in a project’s risk register, as opposed to reasoning about individual risk events. A summary of findings is presented in Table 3.9.  80  3.5.2 Analytical reasoning in risk identification In multi-dimensional projects, individual risk events are likely to have different drivers reflecting the various perspectives of product, process, participant and environment. Accordingly, risk events may have different types of adverse outcomes. Thus, a risk manager should look at these four perspectives in order to identify driver(s) of a risk event and their relation with adverse outcomes. When drivers are identified, the interaction amongst drivers that cause one risk event and drivers of other risk events that exist in a common time frame or in a common location should be taken into account, because of the potential for interaction amongst risks. In addition, every risk event may affect different performance measures (i.e. time, cost, quality, scope, safety, environment and reputation), not all of which can be measured in the common unit of cost and time. To develop a deep appreciation of a project’s risk profile at an overall level as well as with subsets of risk management data, analytical reasoning directed at questions that deal with the issues that follow should be conducted: - At the global level   Causal pathways from risk drivers to risk events form a basis for the strategic selection of how, where and when to undertake risk treatment action. It is important to identify points at which treatment action can be effectively applied to break the pathway and prevent adverse events or identify measures that facilitate managing (mitigating or transferring) adverse outcomes (Australian Government, Department of Health and Ageing, 2005). Possible combinations of causal links between risk drivers and adverse outcomes are as follow:   One risk driver results in a single adverse outcome.    One risk driver results in multiple adverse outcomes.    Multiple risk drivers result in a single adverse outcome.    Multiple risk drivers result in multiple adverse outcomes.  81  A topology diagram (Figure 2.5) is occasionally used as a visual representation to show relationships (one-to-many, many-to-one, one-to-one and many-to-many) between drivers and risk events where drivers and risk events are shown by squares on two parallel axes. Such diagrams add value as they help managers quickly identify drivers that cause a risk event and see risk events that are caused by multiple drivers. However, all drivers related to a risk event may not have the same level of priority with respect to generating a risk. For example, two drivers may exist in building a coffer dam on a river: positioning a pier in the river (product driver/ primary driver); and the river at flood level (environmental driver). Square size of visual mark or color saturation could be used as metrics to show the relative importance of drivers, for each risk event, and line weight could be used as a metric to show the linkage between a driver and a risk event. As a draw back, topology diagrams may suffer from labeling and scaling issues that may occur when overlaps happen on lines that link risk events and drivers and datasets are large. To help avoid this, risks could be investigated in different time frames and/ or locations, etc.   An important task in the risk management function is to prioritize risk events. Prioritization is usually done based on a manager’s subjective view according to the two criteria of: the impact that the risk event may cause on pre-defined project objectives which are described in terms of various performance measures, and the probability of occurrence of that risk event. To evaluate the level of risk impact (e.g. L/M/H), use is generally made of an expert’s tacit knowledge. How to capture aspects of this knowledge (e.g. specific drivers in terms of the four views of product, process, participant, environmental) becomes important in terms of identifying potential root causes of an event, targeting mitigation measures to reduce or eliminate the risk itself or the consequences should it occur, and setting priorities for addressing risks.  82  To evaluate probability of occurrence of every risk event, use can be made of the drivers identified. Those risk events that occur as result of multiple drivers or drivers which are hard to control, might have a high probability of occurrence; hence, they may have higher priority compared to other risk events. It is important to find those drivers that are common to multiple risk events. Removal of such drivers, if feasible can be an effective means of mitigating some or all the risk events. Thus, to have a rational approach to prioritize events based on their impacts and probability of occurrence, it is beneficial to identify components (product, process, participant and environmental) both contributing to the risk event and affected by the risk event if it occurs. In the following part, analytical reasoning of interest is discussed in the context of the foregoing four project views. From a process perspective, it is useful to identify work packages that every risk affects, and to visualize risks based on the affected work packages to: 1. Rank risks based on the impact of risks on products, participants and locations within the affected work package; 2. Rank risks based on sensitivity of project cost and time to changes in the affected work package cost and time; 3. Rank work packages based on exposure value of the risk events within that work package; Once risks that affect work packages are identified, they can be prioritized based on the impact the affected work packages have on project objectives. For example, those risks that affect work packages on the critical path will be given higher priority for time-driven projects where meeting a tight deadline is more important to project success than meeting a budget. Tree-maps can be used, to show the distribution of risk events in the hierarchy of work packages. On the top level of the tree map hierarchy, risks can be grouped based on phases or time frames in which  83  they happen, which provides a big picture of number of risk events and their impact values at different points of time. To elaborate a bit more in the process view, managers may wish to prioritize risk events in every work package, based on their impact(s) on all performance measures (not only on time, but also on cost, reputation, scope, safety, quality and environment). To have a rational assessment of the risk events, it is useful to show products, participants, and locations that are affected by the risk events in every work package in a matrix view. Once the impact of every affected component is assessed in terms of the performance measures of interest, the total impact of all the risk events for that work package could be calculated for each performance measure. Since impact values on all performance measures can be transformed to equivalent cost (at least in theory), the impact of a risk event on all performance measures can be summed together using a monetary measure. Tornado diagrams and spider plots can be used to show sensitivity of project cost to changes in work package cost. Once the risk events are categorized based on the work package(s) that they affect and Tornado diagrams and spider plots are drawn to rank work packages based on their role in determining the total project cost, risks that affect highly ranked work packages in Tornado graphs will be given higher priority due their large impacts. Work packages in the Tornado diagram could be clickable, so details of the risks that affect every work package would be shown on demand in detail. Once risks are prioritized based on all performance measures, it is useful to show them in each project phase or specific time frames. Risks that exist in each time frame could then be ranked based on their exposure values. As a result, a different heat map diagram could be generated for each time frame to facilitate prioritization of active risks, distinguish risks initiated in each time frame and omit risks that are no longer active. Looking at risk prioritization in each time frame facilitates resource allocation in that time frame.  84  Visualizing risk events in every work package not only facilitates ranking the risk events based on their impacts, but also helps in ranking the work packages based on the exposure value of the risks that affect them. It is useful to label work packages with the number of risk events that affect them, their individual impact values and in an ideal case the total impact value of all risk events corresponding to that work package (i.e. aggregate across all risk events at the work package level). Then, similar to heat-map diagrams, work packages can be prioritized based on the total exposure value (product of probability and impact value) of all risk events that affect each work package. Thus, managers will be able to identify quickly the most critical work packages and if necessary allocate more resources to them. Network diagrams and tree-maps can be used to show ranking of work packages based on their risk exposure. Similar to visualizing distribution of risks by work packages, it would be useful to show the distribution of risk drivers in a work package hierarchy to identify and manage those drivers that contribute to many risks or cause risks with large exposure values. From a product perspective, it is useful to show the products or their constituent parts (e.g. bridge or piers and superstructure) that are affected by a risk event, or are the driver of risk event. It would be useful to attach different risk events and their exposure values to each product, and then color-code products based on their exposure values. This would enable critical products which are affected by risks with high exposure values to be quickly identified. Managers could then decide to replace critical products with less risky ones if feasible to do so, or provide appropriate contract terms (e.g. transfer some risks by outsourcing procurement of that product). To show products and their constituent parts which are affected by every risk event, color-coded tree-maps could be used to show the number of risks and exposure value of risks that affect  85  every product. Such a tee-map would help managers rank products based on the impact of the risks that affect them. From a participant perspective, risks could be classified based on risk owner, participant affected by the risk and participant who is responsible for risk mitigation or decision making. It would be useful to have a clickable color-coded organizational chart of the project, so that by clicking on each participant, risks that are owned by that participant pop out. In this way bearer(s) of risks would be visible to the manager in an organizational chart, and participants could be prioritized and color-coded based on the exposure of the risks that they bear. It would help managers quickly identify those participants who are overloaded with risks, to distribute risks equally among other participants or to decide on outsourcing or using alternative procurement modes.. For example, if an owner is responsible for a large number of risks, P3 procurement might be chosen to transfer significant risks to the concessionaire. Such a clickable color-coded organizational chart might also provide a tool to check whether risks are assigned to the right participant or not. Visualizing distribution of risks by participants helps managers see relationships between participants (i.e. Are they equal in the consortium? Are they sharing risk? Or are they unequal in a contractor/ subcontractor relationship with one largely bearing the risk?), thus providing a visual representation of the bearer(s) of risk (Williams, 1993). Similar to the two previous views, grouping risks based on the affected participants facilitates the ranking of risks based on their impacts on participants. It would also be useful to show the distribution of risk drivers in terms of the hierarchy of participants, so that those participants who cause many risks or cause risks with large exposure values can be identified and managed. From an environmental perspective, risks and drivers could be grouped by the location at which they occur. Grouping risks based on their location would help participants better remember risks and have them in mind when the project reaches  86  a specific location. It would also help participants to distinguish the most critical locations in the project which are threatened by multiple and potentially high severity risks. It would also be useful to show the distribution of risk drivers in terms of a hierarchy of locations (assuming there is one), so that those locations that cause many risks or cause risks with large exposure values could be identified and managed. In an ideal case, tree-maps for all four views could be linked to each other and shown in a multi-screen view. So, once a risk event that affects work package X is selected in the process perspective, affected products, participants and locations are shown in the three other views. Once clusters of risk events that occur in one or more of a common time frame or location, affect a common product or are owned by a common participant are identified, their drivers can be highlighted on corresponding tree-maps to show whether they are shared amongst the risk events in the cluster. At the individual work package level, analytical reasoning of general interest includes:   For each risk event, what are all the drivers from the four views? From an overview perspective, all of the drivers of a risk event in the four views could be shown in one image. This would increase the certainty regarding that all relevant drivers have been identified.    Are there any other risks caused by the identified drivers? How severe are those risks? Those drivers that cause multiple risk events or high level risks need more attention.    What is the root cause of the risk event? Some of the current risk registers, such as the one used by Risk Radar Enterprise have explained the root cause of risk event linguistically in free format.    What is the alert that shows a risk is emerging? (e.g. Exposure value becomes greater than X)    What is the risk status? (e.g. Mitigated, Transferred, Execute Contingency, Retired, Watch, Monitor, Avoid)  87  From a process perspective, analytical reasoning of interest includes:   Which work packages contribute to risk events? Are they on a critical path? Can they be removed? What is the likelihood that such driver(s) occur?    Which work packages/ phase does a risk event affects Is a milestone date affected by a risk event  From a product perspective, analytical reasoning of interest includes:   Are there any products that contribute to an individual risk?    Which products are affected by an individual risk event? What are its constituent parts?  From a participant perspective, analytical reasoning of interest includes:   For every individual risk event, which participant(s) act as driver(s)?    Who should bear the risk? If more than one participant needs to bear the risk, are they at an equal level in consortium and share the risk or at unequal level (e.g. prime contractor / sub-contractor level) so that one can tolerate more risk compared to others? Which participants are highly critical in the project due to the high risks they should bear, and should be taken care of?    Who is responsible for mitigating an individual risk event?  From an environmental perspective, analytical reasoning of interest includes:   Which locations cause risks?    Which locations are affected by an individual risk event?    What are the environmental component risk drivers for each risk event?    Which environmental components act as risk drivers for multiple risk events?  3.5.3 Analytical reasoning in risk assessment In the risk assessment stage, risk exposure is determined as the product of the probability of occurrence of a risk and impact should it occur. Once probability and impact of individual risks are known, risks can be ranked amongst all active risks based  88  on their exposure value.  If there are multiple risks happening for a common  component, interactions among them should be taken into account to provide a rational risk assessment. A general way to express interactions is to say that an effect is modified by another effect. To manage risks that occur in a common time frame, in a common location, or are owned by a common participant, resources should be efficiently allocated to them. Impact value of risk events with the effect of interaction In assessing the likelihood and impact of individual risks, possible interactions among risks should be identified. The impact or likelihood of a risk can be magnified if more than one risk happens at a same time; at the same location or the risks are allocated to the same participant. This leads to the need to conduct analytical reasoning about the potential for risks to be clustered and their severity to be affected. To develop insights on potential interactions amongst risks, it is useful to group risk events based on time frames, drivers (products, processes, participants and environment components) or locations. Then, risks in the same group of time, drivers or locations can be prioritized taking into account the potential for interactions amongst them. Synergic, additive, antagonistic, cumulative or aggregated effects The Department of Health and Ageing (Australian Gov., 2005), has provided a risk analysis framework in the context of gene technology and general public health to show a picture on how they identify, assess and address risks. They have mentioned possible interactions (synergic, additive, antagonistic, cumulative or aggregated) amongst risks. Synergic effects happens when the effect of each driver in combination with others is magnified compared to when their effects are considered separately from others (i.e. the whole is greater than the sum of the parts). Additive effects occur when different hazards (drivers) give rise to the same adverse outcome (risk event) and increase the negative impact. Cumulative effects occur when there may be a repeated exposure over time and the outcome worsens with each repetition. Antagonistic effects happen when an action (e.g. a risk event or mitigation measure) alters the characteristics of another action in an opposing way. As an example for the latter effect, a gene that is introduced to  89  increase production reduces growth rate (Department of Health and Ageing, Australian Gov., 2005). Residual risk – analytical reasoning of interest includes:   Does the interaction among risks affect residual risks? Some risks are mitigated, some are shared and others are transferred. It is important to know how residual risks are changed when risks happen at the same time, owned by the same owner or caused by the same driver.  3.5.4 Analytical reasoning in risk mitigation   Managers are interested to allocate limited resources to those risks that have a high impact on project objectives and also have high potential to be mitigated. One approach is to select high ranked risks as shown in a heat map diagram and focus mitigation policies on them. However, it might not be a wise decision to allocate resources to highly ranked risks to achieve only a small reduction in exposure, when with the same resources we could reduce a significant percentage of other risks or even cancel out some lower ranked risks. Color-coded bar charts provide a means to reveal an unbalanced treatment of risks. For example, Feather et al. (2006) used a bar chart as shown in Figure 3.24 to reveal the total impact of risk in two situations, when mitigation is and is not applied. Such an image shows any unbalanced treatment of risks when excessive resources are used to reduce risk exposure a little, while other risks remain unaddressed.    Managers are often faced with making a choice between two or more mitigation actions. Stacked color-coded bar charts (Figure 3.25) can be used to show the effect that each action can have on mitigating risk. In such bar charts, the relative effect of an alternative mitigation strategy, (increasing or decreasing probability) is shown by colors (black and yellow) on the base bar chart which represent the effect of the first mitigation strategy. When managers are asked to choose among more than two mitigation strategies, Kiviat Charts (Feather et al, 2006) can be used to compare several strategies simultaneously, where each polygon shows one specific  90  mitigation strategy, and a spoke of each polygon represents the amount of risk remaining after a risk mitigation strategy is applied.  Risk exposure without mitigation Risk exposure with mitigation  Figure 3.24 Comparing two mitigation actions (Source: Feather et al. 2006) Alternative mitigation action increase probability  Alternative mitigation action decrease probability  (a)  (b) Figure 3.25 Stacked bar chart to compare two alternatives (a), Kiviat chart to compare several risks (b) (Source: Feather et al.(2006)   In risk management we seek risk mitigation strategies that can address multiple risk events. So, it is beneficial to find drivers that are shared amongst multiple risks, because by removing one or more of those drivers more than one risk can be reduced or removed. Similar to risk and driver relations, a topology diagram can be 91  a helpful image to show the relationship between mitigation strategies and risks that can be one-to-one, one-to-many, many-to-one or many-to-many. By placing the cursor on each risk, their corresponding drivers and mitigation strategies could be highlighted. Each mitigation strategy could be shown by a clickable square, where the size of square can be used as a metric that represent the effectiveness of each mitigation strategy with respect to the risk. Further, by clicking on each mitigation strategy square, risk mitigation strategy data (e.g. participant responsible for mitigation, cost, benefit, required resources and due date) could pop out. The color of squares could be used as a metric to represent the type of mitigation strategy (e.g. preventing or contingency). Residual risks could also be visualized by color-coding risk events. For example, risks that are shown by squares could be colored in white, black and gray to show risks that are totally transferred, accepted as they are, or partially transferred. When risks are partially transferred, the residual risk exposure could be labeled on the risk. Topology diagrams could be shown for different time frames or different locations in order to enhance clarity of the image.   Managers are interested to know whether or not mitigation actions cause secondary risks. Secondary risks could be shown at a level lower to the mitigation strategy level in the topology diagram discussed previously.    We are also interested to know the resources required for each mitigation strategy. By making the topology diagram clickable, all information about a risk mitigation strategy (e.g. resources, controls required to manage risks effectively, policies and actions required to implement the strategy) could be popped out.    It is important to know how a mitigation strategy can reduce risk exposure. Risk map diagrams are useful images that show how a mitigation strategy for a risk event reduces probability and/or impact of the risk event and the region to which the risk is moved in the heat map diagram. Effective risk mitigation strategies are those that move risks from red zone (high impact and high probability) to the amber or to the green zone.    In each project, a variety of solutions exist to manage risk. Each solution may be composed of multiple mitigation strategies. Valuable mitigation strategies are those used in multiple solutions (Feather et al, 2006). It is important to know what  92  mitigation strategies exist in each solution. It is useful to cluster solutions and show mitigation strategies used in each cluster of solutions. As shown in Figure 2.6, each cluster of solutions can be shown as a column in a grid, where each row of the grid represents a mitigation strategy. The degree to which a mitigation strategy is involved in each cluster of solutions is shown by color saturation, so that black means mitigation is involved in all solutions, white means mitigation is not involved in any of solutions in the cluster and tones of gray indicate degree of involvement of a mitigation strategy in the solutions in each cluster (Feather, 2006). For effective risk management, such an image would contain more dark squares (black and dark grey) rather than bright squares (white and light grey), which means mitigation actions are used in the majority of solutions for every cluster. An image similar to Figure 2.6 can be used to show mitigation actions versus cluster of risk events (instead of cluster of solutions). Thus, color saturation would show the percentage of risk exposure that is reduced in each cluster of risk events, when a mitigation action is applied. For example, black squares would show that a mitigation action X, mitigates the exposure value in the risk cluster Y by (80100)%; white shows that a mitigation action X would reduce risk exposure by (1020)% and tones of gray show percentage between the two extremes.   To compare forecast and actual values of residual risk (i.e. what it actually cost if it occurred), color-coded bullet charts could be helpful.  As stated previously, Table 3.9 provides a summary of the analytical reasoning of interest, and as well, includes where appropriate candidate visualizations.  93  Table 3.9 Summary of analytical reasoning Analytical reasoning of interest  No. 1  Reasoning supported  Candidate visualization  Overview visualization  1.1  What is the total distribution of risk events by likelihood and impact? What is the distribution in terms of every performance measure (PM)?  1.2  What is the distribution of risk events by responsibility?  It is important to have an understanding of the general risk level in the project; however, in multi-dimensional decision making, it is also important to know project risk level in terms of every PM. A 2×4 matrix can be used to show 8 heat-map diagrams, where the first cell shows the general risk level in the project (based on risk impact on all PM), the other cells show project risk level in terms of each PM. Managers can: 1. Rank participant (bearer(s) of risk) by exposure of the risk they bear, so they can implicitly analyze bearers’ attitude towards taking the risk (risk prone, risk averse, neutral). 2. Quantify impact of individual risks on every participant (including risks inherent by subordinates) in terms of all performance measures (4). 3. Quantify impact of clusters of risks owned by a common participant, taking into account the effect of interactions and possible shared drivers. 4. Identify participants overloaded with risk (e.g. do all risks remain with the prime contractor? Then, prime contractor has an important role and the project may fail if the prime contractor ceases to exist). So, they can distribute risks equally amongst all participants or to decide on outsourcing or using alternative procurement modes. 5. Identify relationship between participants (i.e. are they equal in consortium? Are they largely sharing risk? Or are they unequal in a contractor/ subcontractor relationship with one largely bearing the risk?) 6. Control whether risks are assigned to the right party or not. Visualization Tools: 1. A color-coded organizational chart might be used to show level of risk owned by every participant. User can define the level of hierarchy at which they want to see organizational chart. Details of risks owned by each participant can be popped out in a window on demand. 2. Similar to (1.3), tree-maps can be used to show hierarchy of risk events owned by every participant. Level of hierarchy can be selected by user, position shows the participant (in hierarchy) that owns the risk, size shows relative importance of risk and color shows risk level.  94  1. Level 1/ Level 2/ Level 3  2. Tree-map: (1.3)  No. 1.3  Analytical reasoning of interest  Reasoning supported  What is the distribution of risk events by time or phase?  Managers can: 1. Rank work packages (WP) based on their level of risk; 2. Quantify impact of an individual risk on every work package in terms of all performance measures (4). 3. Quantify impact of clusters of risks that share a WP, taking into account the effect of interactions and possible shared drivers. 4. Identify WP/ phases which are at high level of risk, to plan for them or distribute their risks among other WPs. 5. See risks in one phase/ time frame.  1. Network diagram with Tornado Diagrams  Visualization Tools: 1. A color-coded network diagrams can be used to show risk level at each WP, where risks on every WP are shown on a dropdown window and more details about risks are popped out in a detail on demand window. 2. Tree maps can be used to show hierarchy of risks in process view, so that risks are positioned based on the work package that they affect in work package hierarchy. Size can show relative importance (exposure value) and color shows risk level (predefined). 3. Tree-maps can be equipped with interactive feature so that user selects a time frame and see the risk events in that specific time frame. Also more details on risks in every cell can be popped out in a detail on demand window. Tree-maps can be joined with bar-charts to show exposure value of all risk events in every cell. So manager can see most important risks both in tree maps and in bar charts.  2. Tree-map (Top-down and Bottom-up approaches) Level 1/ Level 2/ Level 3/ Level 4  Where do dependencies can be dispensed with, to increase parallelism?  Candidate visualization  Adapted from:http://www.panopticon.com 3. DSM (2.8)  Once a risk is chosen in a tree-map, its position on the three matrices (1.6) can be highlighted. 1.4  What is the distribution of risk events by product?  Managers can: 1. Rank products based on level of risk that they contain to find those with high level risks to transfer or mitigate risks in them, provide appropriate terms of contract for that product, etc. 2. Quantify impact of an individual risk on every product in terms of all performance measures (4). 3. Quantify impact of clusters of risks that share a product, taking into account the effect of interactions and possible shared drivers. Visualization Tools:  95  Tree-map: (1.3)  Analytical reasoning of interest  No.  Reasoning supported  Candidate visualization  Similar to (1.3), tree-maps and bar charts can be used to show hierarchy of risks but in product view. 1.5  1.6  How risks are distributed in location?  What are the risks distributed across different processes, products, participants, and locations.  Managers can: 1. Rank locations based on level of risk that they contain to find those with high level risks to transfer or mitigate risks in them. 2. Quantify impact of an individual risk on every location in terms of all performance measures (4). 3. Quantify impact of clusters of risks that share a location, taking into account the effect of interactions and possible shared drivers. 4. Keep risks of a location in mind, when the project reaches to that location. Visualization Tools: 1. A color-coded static map can be used, where green, amber and red show low, moderate and high risk levels. However, such predictions are not accurate and uncertainty in data can be shown by white pixels. So, managers can see high risks locations in the project and simultaneously they can see which regions which have less accurate estimates. 2. Similar to (1.3), tree-maps and bar charts can be used to show hierarchy of risks but in environmental view. Once the hierarchy of risk events is known from the four views (1.2), (1.3), (1.4), and (1.5), visualizing risks across views helps managers: 1. Identify risks in common components across views (e.g. common product and common process) to investigate interactions amongst them to rationally assess the impact of clusters of risks in those common components; 2. Quickly find the most problematic areas across the views; 3. Rationally assess impact value of an individual risk event. (i.e. once cross views are linked to individual views, affected components in every view will be shown once a risk is selected in an individual view. Once the affected components are identified, risk impact on each of them can be quantified in terms of performance measures) Visualization Tools: Matrices, where colors show risk level which is defined based on exposure value. Details of risks in every cell can be popped up in a separate window on demand. To show one-to-many relationships, affected products, processes, participants and environments can be highlighted on the matrix in (1.6) and on tree-maps in (1.2) to (1.5), once risk is selected on a window on demand.  96  1. Static Map  Source: Husdal (2001)  Source: Hengl (2006)  2. Tree-map: (1.3)  Level1/ Level2/ Level3  Source: Adapted from http://www.panopticon.com  Analytical reasoning of interest  No.  Reasoning supported  Candidate visualization  Every matrix can be joined with two bar charts to show distribution of exposure values among components in row and in column of the matrix. 1.7  What are interactions amongst risks in a common cluster?  Identifying clusters helps managers to: 1. Analyze interactions amongst risks in a cluster (risks are those that are owned by a common participant, happen at the same WP, affect the same product or occur in the same location), to assess impacts of risk clusters.  1.8  What are causal pathways from the risk event to the affected components in the 4 (product, process, participant and  Clusters of risks in each view can be selected in tree-maps shown in (1.2), (1.3), (1.4), (1.5). Clusters across views can be chosen from matrices in (1.6). Then interactions amongst risks in the same cluster need to be investigated for a rational risk assessment. 1. Which risks affect only one component in a view (product, process, participant, environment) 2. Which risks affect multiple component in a view (product, process, participant, environment) 3. Which components in any of the four views are affected by more than one risk events? How do these risks interact with each other? 4. Which risks are highly correlated (happen in form of clusters) and affect multiple components  Risks with one-to-one pathways may need less attention especially if the have low impact on the component that they affect. When such risks are selected from the table in right hand window, only one component in the tree-maps (left hand side) will be highlighted. User can select level of hierarchy of interest as discussed in (1.3). Identifying one-to-many pathways helps managers identify affected components and assess level of risk impact on every component to rationally assess the total impact of that risk. Risks that affect many components need high attention and need to be tracked during the project lifecycle. When such risks are selected from the table in right hand window, all “many” components will be highlighted on the tree-maps in left hand side. User can select level of hierarchy of interest as discussed in (1.3). Identifying many-to-one pathways helps managers identify critical components in any of the four views that are affected by “many” risk events. Then, it becomes important to analyze interactions amongst “many” risks. When a component is selected from the tree-maps on the left window, many risks will be highlighted in the table in right hand window  Identifying many-to-many pathways helps managers find cluster of risk events that are caused by a common driver, happen in a common time frame, or location, or product or are owned by a common participant. Once they occur, they affect multiple components in the four views. When such risks are selected from the table in right hand window, all risks in  97  Dual window: Process/ Product/ Participant/ Environment View  Adapted from:http://www.panopticon.com  Analytical reasoning of interest  No.  (in cluster form)?  2. 2.1  Reasoning supported the same cluster can be highlighted in the table. Also, affected components in tree-maps will be highlighted in the left hand tree-maps.  Driver visualization What are risk drivers for the risk issue categories?  2.2  What are risk drivers at every participant?  2.3  What are risk drivers at every work package?  When generic areas (Patterson et al. 2001) are defined in the risk register, it is useful to see risk drivers in every area to assign them to the right manager and to help all managers see risks that exist in every area. Once the tree-maps are formed based on hierarchy of project areas, risk drivers in every area can be shown on tree maps. Size of every cell shows number of risk drivers in that area and color can represent number of risks caused by drivers (predefined). It is useful to know drivers of risk event in participant view, to know who should be given Tree-maps such as (1.2) can be used to visualize hierarchy of risk drivers in participant view. By comparing (1.2) and (2.2), causal relations between risks and drivers may be identified. (Images can be linked, so when one selects risks/ drivers from one, drivers/ risks are highlighted on the other image) It is beneficial to know phases/ WP at which drivers arise. Those work packages that contain many risk drivers, should be studied to possibly be changed/ replaced with less risky work packages or appropriate procurements should be selected to transfer risks. Moreover, once work packages which are drivers of risks are identified, mitigation actions should planned to prevent those drivers. A tree map like (1.3), can be used to show hierarchy of risk drivers in process view. By comparing (1.3) and (2.3), managers can see whether risk events and risk drivers occur at the same WP, and if not they can see the lag between risk event and driver(s). Then, manager can select mitigation actions with a response time that fits the lag. By comparing (1.3) and (2.3), causal relations between risks and drivers may be identified. (Images can be linked, so when one selects risks/ drivers from one, drivers/ risks are highlighted on the other image)  98  Candidate visualization  Analytical reasoning of interest  No. 2.4  What are drivers in every product?  2.5  What are drivers in every location?  2.6  What are the risk drivers distributed across different processes, products, participants, and locations.  2.7  What are drivers (in the 4 views) that cause every risk event?  Reasoning supported Once the products that are drivers of severe risks are identified, they can be replaced or if possible be removed. Tree maps similar to (1.4) can be used where instead of risk events, risk drivers are shown on every cell. By comparing (1.4) and (2.4), causal relations between risks and drivers may be identified. (Images can be linked, so when one selects risks/ drivers from one, drivers/ risks are highlighted on the other image) Tree maps similar to (1.5) can be used where instead of risk events, risk drivers are shown on every cell. By comparing (1.5) and (2.5), causal relations between risks and drivers may be identified. (Images can be linked, so when one selects risks/ drivers from one, drivers/ risks are highlighted on the other image) Similar to (1.6), matrices can be used to show risk drivers across views, and it helps managers investigate interactions amongst drivers. In many cases, a driver in one view (e.g. location A) will be removed, when it is moved to another component in another view (e.g. WP B). (i.e. a location like river is a risk driver when piers are planned to be built in June. If the work package is moved to another phase, river is not driver any more). So, matrices to large extent facilitate finding the right mitigation action. Any risk event may have more than one driver rooted in one or more views (product, process, participant, and environment). When managers are focused on one view, they can easily miss the drivers in other views, so a visual tool that shows all drivers in the four views in one image will be useful. Parallel coordinated graphs might be used to show linkage between drivers at every view and the risk events. Risk events at the top level of hierarchy can be shown on the axis in the center and risk drivers at the top level of hierarchy can be shown on the axes around it. Risks will be linked to their drivers once they are selected. Link lines can be color-coded based on level (high, medium, low) of the risk selected. If the driver on the axis is the root driver it is colored in red; otherwise, it is in black and user is required to drill down to see the hierarchical tree where route to the root driver is colored in red. As a disadvantage, such a diagram might be less readable when it is polluted.  99  Candidate visualization  Matrix: (1.6)  Analytical reasoning of interest  No. 2.8  What are schedule drivers?  Causal pathways from driver to risk event  2.9  1. Which risk drivers result a single risk event? What is the hierarchical relationship of that risk event with other risks? 2. Which drivers cause multiple risk events?  Reasoning supported  Candidate visualization  It is important to visualize how activities rely on information/ products of other work packages. Those activities at the front end of the project lifecycle, that rely on information produced in the back end are risk drivers as they may cause re-works and they may need to be re-scheduled. DSM is matrix that shows the logic between activities, so that columns show activities (Xi) that activity (Yi) relies on, and rows show activities (Yi) that activity (Xi) provides information for. The marks on the lower left triangle indicate activities that rely on the later activities and may cause re-work if they are carried out based on wrong assumptions. Once managers see them, they should reschedule activities and re-order rows and columns so that the lower left triangle becomes less populated. Identifying one-to-one pathways helps managers identify risk drivers that cause one risk event only. Such pathways can be identified in a dual window (1.8) or by comparing the tree-maps that show risk event (1.2) to (1.5) versus maps that show risk drivers (2.2) to (2.5).  Identifying one-to-many pathways help managers: 1. Identify drivers that cause multiple risk events. Managers are interested to remove such drivers to remove multiple risks.  Source: Browning (2004)  1.Dual window:  Process/ Product/ Participant/ Environment View  2. Comparing tree-maps:  2. Identify cluster of risk events that are caused by a single driver. In that sense, interaction among “many” risk events that are caused by “one” driver assists in providing a rational risk assessment.  3. Which one risk event occurs as result of multiple drivers?  Such pathways can be identified in a dual window (1.8) or by comparing the tree-maps that show risk event (1.2) to (1.5) versus maps that show risk drivers (2.2) to (2.5). Identifying many-to-one pathways help managers identify risk events that are caused by multiple drivers. In this case to find the root driver, it is important to study interactions amongst “many” drivers that cause “one” risk. Such pathways can be identified in a dual window (1.8) or by comparing the tree-maps that show risk event (1.2) to (1.5) versus maps that show risk drivers (2.2) to (2.5).  100  Source:http://www.panopticon.com  Analytical reasoning of interest  No.  4. What are cluster of risk drivers that cause cluster of risk events?  Reasoning supported 4. Identifying many-to-many pathways helps managers identify clusters of risks that occur as result of clusters of drivers. These are risks/ drivers (in one or multiple views) that are highly correlated with each other but not under a common parent in hierarchical tree, so they can not be replaced by their parent risk/ driver. Such drivers that occur together, cause a cluster of risks to occur in form of a cluster. Once manager identified such pathways, interactions and interdependencies amongst drivers should be studied to find the root driver(s), and interactions amongst risks should be studied to have a rational risk assessment. Such pathways can be identified in a dual window (1.8) or by comparing the treemaps that show risk event (1.2) to (1.5) versus maps that show risk drivers (2.2) to (2.5). In this case, once a risk event is selected in a tree-map, other risk events in the same cluster are highlighted on tree-maps (1.2) to (1.5) and drivers are highlighted on tree-maps (2.2) to (2.5).  3.  Performance visualization  101  Candidate visualization  Analytical reasoning of interest  No. 3.1  What is the impact of an individual risk event on all performance measures (cost, time, quality, scope, safety, reputation and environment). What is the range of possible outcomes? (other than the most likely outcomes)  Reasoning supported Making the impact value of risks on each PM visible and available, helps managers: 1. Evaluate the overall impact of the individual risk event in order to calculate risk premium to cover cost overruns, delays, etc. 2. Be confident in the answer and be able to assess reasonableness of the calculated premium 3. Facilitate communicating amongst parties. Visualization Tool: If amount of impact values are certain, they can be shown on every PM by: . 1. Bullet graphs provide both qualitative and quantitative visualization, so that they show quantity of every performance measure versus the maximum accepted exposure value. Three shades are provided in the graph to show low, medium and high level of risk. Details of performance measure and its reference point will be shown when cursor is moved on the bullet. 2. Once hierarchies of risks in the 4 views are shown in tree-maps in (1.2), (1.3), (1.4) and (1.5), a color-coded tableau can be used to show effected components (based on defined level of hierarchy) and show risk exposure and risk level in terms of every performance measure. In the last column, total exposure value is shown based on previous columns. If amount of impact values are uncertain, they can be shown by 1. Multiple estimates or a range of estimates (shown for cost and time). 2. White points can be used to show amount of uncertainty in the evaluated risk level in table discussed above. So, managers can see impacts of the risk event on all performance measures, while they can see which performance measures have less accurate performance measures.  Candidate visualization Certain Impacts 1.  Source:http://www.panopticon.com 2.  Uncertain Impacts  Source: RiskAid (2009) 3.2  What is the risk level before and after mitigation action at the individual and cluster levels?  It helps managers assess the effectiveness of mitigation actions in mitigating risks: Visualization Tools: 1. Pairs of tree-maps: Tree-maps in (1.2), (1.3), (1.4) and (1.5) show risks  102  1. 4 sets of 7 pairs of tree maps: For every view:  No.  Analytical reasoning of interest  Reasoning supported and their impact (exposure) before mitigation. The same tree-maps can be used to show exposures after mitigation. So, for every selected cluster in any of the four views 7 pairs of tree-map will be available to compare pre and post mitigation exposure values in terms of every performance measure. Where every set of 7 pairs are repeated for every view. This helps managers see the effectiveness of mitigation action in reducing risk exposure and identify risk events that are not addressed by any mitigation. Moreover, the hierarchical nature of tree-maps helps the user see exposure value of events at lower levels of hierarchy which may be hided when only average values are investigated at top levels. To save space, one pair of tree-maps can be shown for every view, while different performance measures can be selected from the drop down and the exposure values on every risk event in the hierarchy will come up based on the selected performance measure. 2. Pairs of heat maps: In every selected cluster of risk events (or for total risks in the project), heat maps can be used to show number of risk events in every cell of heat-map. Risk levels can be shown based on risk impact on every performance measure and in general.  Candidate visualization  2, Heat-map pairs:  For individual RE:  3.  Dashboards  For individual risk events, a pair of heat map can be used, where risk event is positioned on it before and after mitigation. Images can be equipped with interactive features so that user selects the timing of interest from calendar/ slide bar and see the heat map in the selected time horizon. 3. Pair of dashboards: For quantitative and qualitative measures, pair of dashboards can be used to show risk impacts before and after mitigation.  103  Source: RiskAid (2009)  Reasoning supported  How the exposure values of risk events change over project life-cycle?  Since exposure values change during project life-cycle, it is useful to track the exposure value during the project. 1. Line graphs: Once the exposure value of every risk is derived in terms of risk level (1, 2, 3, 4, 5), they can be visualized in form of line graph through project life cycle. 2. Stacked graph: Since line graphs might be populated with lines, stacked graphs might be used instead, where every stack shows risk level for an individual risk or one cluster of risks in terms of one PM and color shows risk level (high/ moderate/ low). So, in a good risk management, stacks should be tall and red at the beginning, but become smaller and greener as the project evolves. Stacked graphs can be used to show all risks in one cluster, so that every stack shows overall risk level of one risk in the selected cluster.  104  Candidate visualization  Risk level on PMi (cost) Overall risk level  3.3  Analytical reasoning of interest  Risk level of a selected RE on PMi  No.  Risk level of REi (part of a cluster) REi REj REk REl  Individual Risk  Cluster of risk  Adapted from:http://www.panopticon.com  No. 3.4  Analytical reasoning of interest  Reasoning supported  What is the impact of a cluster of risk events?  Once cluster of risk events are identified in tree maps shown in (1.3) to (1.5), and impact of individual risks within risk events is assessed in (3.1), impact of all the risks with in a cluster can be shown in one screen. Visualization Tool: Once cluster of risks are selected on tree maps (1.3) to (1.5): 1. Matrix of scatter plots can be shown on a second window to compare impact of risk events on pairs of performance measures (i,j). Such a matrix, is useful when limited number of risks exist in the cluster; otherwise, it takes a lot of space and put a lot of weight on the user to evaluate total risk impact based on all cells. 2. Star plot matrices (radar charts) can be used to show impact of every risk within the selected cluster on the 7 PMs. The area enclosed in every star plot shows the overall risk impact. Radar charts can be ordered in the matrix based on their enclosed area or based on one PM of interest. The matrix is useful when at least two PM are affected by the risk in each cell, and when number of risks in the cluster is so limited that the matrix does not take a lot of space. 3. Normalized star-coordinated plots (similar to star coordinated plots) can be used to show impact value of the selected risks on every performance measure; where initially, scopes are positioned equally from each other. Impacts on every PM are transformed to monetary measure according to the ratio of that PM to cost, and then the impact values are vector summed to calculate total impact of the risk event. Finally, a unique impact value is derived for every risk event, which is shown by a point that represents multiple dimensions. The plots support interactive features like scaling size (to show importance of one measure compared to the others) and scaling angles (to group performance measures).  105  Candidate visualization 1.  2.  3.  Analytical reasoning of interest  No. 4 4.1  4.2  Reasoning supported  Candidate visualization  Mitigation visualization What mitigation actions are planned for every risk event? What is the effectiveness of every mitigation action (at project level and at risk event level)?  What is the distribution of mitigation actions by participant?  For cost benefit analysis, it is useful to see list of all mitigation actions and their effectiveness in terms of the exposure value that they reduce. Visualization Tool: Bar-chart graphs show exposure level of every risk event, before and after mitigation action. The exposure value mitigated by every mitigation action, is shown under that mitigation. Sum of the cells in each row represents the total exposure mitigated in every risk event. Sum of the cells in each column shows total exposure mitigated by one mitigation action. According to the space it uses, it is a useful tool to show small number of risks vs. small number of mitigation actions. Once mitigation action are selected, risk events could be highlighted on the tree-maps (1.3) to (1.5) and risk drivers that are addressed by mitigation action could be highlighted in (2.3) to (2.5). Distribution of mitigation actions by participants help managers 1. See the direction on action plans, and see how contingency should flow down the management structure. 2. Check whether the mitigation action can correctly address the drivers in (2.2) 3. Check how mitigations mitigate impact on the participant in (1.2) 4. Check whether the mitigation action is owned by the right person (one who has authority and ability to mitigate risk), or if multiple mitigation actions are assigned to one participant. 5. Once the owner of mitigation action is known, managers can easily see the participant and can ensure that decisions regarding the mitigation actions are accepted and acted upon. Visualization Tool: Once the distribution of risk events and risk drivers by participant are shown on tree-maps (1.2) and (2.2), it is useful to show distribution of mitigation actions on a similar tree-map.  106  Mitigation Action Id  Tree-map (1.3)  Analytical reasoning of interest  No. 4.3  What is the distribution of mitigation actions by WP?  Reasoning supported Distribution of mitigation actions by work packages help managers: 1. Check if mitigation action has occurred at the right time (i.e. reduction actions should take place before the phase in which risk events occurs, contingency plans should be scheduled to occur at a phase after risk event). 2. See which WP is the most cost effective phase to apply mitigation action (By moving mitigation actions across project phases, the optimized NPV will be reached.).  Candidate visualization 1. Tree-map (1.3) 2. Water-fall diagram  Visualization Tools: 1. Tree-map: once distribution of risk events and risk drivers by work package are shown on tree-maps (1.3) and (2.3), distribution of mitigation actions can be shown on a similar tree map. Comparing the three maps helps managers reach the above.  4.4 .  What is the distribution of mitigation actions by product?  4.5  What is the distribution of mitigation actions by location?  4.6  What is the distribution of mitigation actions across views?  4.7  Do mitigation actions themselves cause new risks?  2. Water fall diagram might be useful as they show: distribution of mitigation actions by project phase, risk events affected by mitigation action, risk exposure before and after mitigation and residual risks. But they can be applied when mitigation actions and corresponding risk events happen in the same phase, and when number of risk events is not that big to widen the image. Once managers see distribution of risk events by product in (1.4) and distribution of drivers by product in (2.4), it is useful to see distribution of mitigation actions by product to control if all risks are correctly responded and if some risks are assigned more mitigations than required. Tree-maps similar to (1.5) and (2.5) can be used to show distribution of mitigation actions by location. Comparing the three maps helps managers see if mitigation responds to right drivers and mitigate right risks. It also shows if in a location multiple mitigation actions occur at the same time which may lead to congestion. Once drivers are shown across views (2.6), interactions amongst drivers can be analyzed to plan for suitable mitigation actions. Distribution of mitigation actions across views helps managers see mitigations that should occur at a common cross view (same WP and by same participant, or at same WP and same location). It should be controlled whether they cause problems such as congestion, responsibility overload, etc. Once mitigation actions are visualized in the four views, the possibility of creating secondary risks should also be investigated.  107  Tree-map (1.3)  Tree-map (1.3)  Matrix: (1.6)  Water fall diagrams might be useful; in spite of its limitations  No. 4.8  Analytical reasoning of interest  Reasoning supported  How effective are they in mitigating risks?  Visualizing such information helps managers see the effectiveness (benefit) of every mitigation action, and after comparing with cost decide on taking the action. Moreover, it shows risk events that are not affected by any mitigation plan, and those that are not properly mitigated. Visualization tool: 1. Waterfall diagrams (4.3), can be useful in visualizing effectiveness of mitigation actions. Area of mitigation boxes shows effectiveness of mitigation action (width: number of mitigated risks, height: mitigated exposure). Risks remained at the end can be derived by summing up all residual risks. 2. Once cluster of risk events are defined based on the tree-maps in (1.2), (1.3), (1.4), (1.5) or based on any matrices shown in (1.6), they can be shown on the horizontal axis of the matrix vs. mitigation actions on the vertical axis. Colors show effectiveness of mitigation actions in mitigating risk severity in every cluster. (e.g. black shows that mitigation action X can (80-100)% reduce risk exposure value in cluster Y, white shows mitigation action X can (0-20)% reduce risk exposure value in cluster Y, and tones of grey can be defined between black and white).  4.9  What is the effectiveness of mitigation actions on reducing the drivers?  Candidate visualization  Source:  Feather et al. (2007) In a good risk management, the matrix is darker which shows selected mitigation actions can effectively reduce risk severity in the majority of clusters and optimum use is made of risk reduction sources  To evaluate effectiveness of mitigation actions, it is useful to visualize mitigated risk exposure value, number of mitigated risks and fraction of risk drivers before and after mitigation action. - Bar chart shows the exposure value which is mitigated by every mitigation action. - Line graph shows number of risks mitigated. - Fraction of drivers in product, process, participant and environmental views before and after mitigation are shown on outer and inner circles.  4.10  What is effectiveness of an individual mitigation plan through project life?  A waterfall format shows how risk is mitigated by a mitigation plan during project life. So, manager can quickly see risk level at every point of time.  Source: RRE overview (2010)  108  Chapter 4: Potential Use of Visualization in Risk Management 4.1 Introduction The purpose of this Chapter is two fold: a) To suggest visualization tools in support of the following analytical reasoning:   Risk identification: - What are the risks with high probability and high impact? - What are the drivers of the risk events with high probability and high impact? - What are the drivers of an individual risk event from the four views of process, product, participant, and environment?    Risk assessment - Where does the impact value of an individual risk event come from? - What is the impact value of a risk event on each performance measure (with more focus on risks with high impact and high probability)?    Risk mitigation - What mitigation actions are planned for the risk events with high probability and high impacts? - What is the distribution of mitigation actions by project phases? - Which risk events does an individual mitigation action address? (Those mitigation actions that address multiple high level risk events are of particular interest); - How effective is a mitigation action in reducing risk exposure?  b) To evaluate the visualization tools suggested based on three general rules of thumb explained in Russell et al. (2009): -  Does the suggested visual representation of data scale well?  -  Is it readable?  -  How many analytic reasoning tasks does the tool support? This may reduce the time needed to analyze multi-dimensional data.  109  -  Does the visualization tool support interaction features to facilitate examining data from different perspectives and different levels of detail?  -  Can the visualization tool be designed in multiple images, so that one shows the big picture of data and others show more details?  As part of our methodology we have created a synthetic risk register to test the suggested visualization tools. The main issue with most of the tools suggested is that they become cluttered and unreadable when they are used to visualize a large amount of information. Sections 4.2, 4.3 and 4.4 treat the visualization tools that we have suggested for risk identification, risk assessment and risk mitigation stages in support of the aforementioned analytical reasoning. They are then evaluated based on the rules of thumb set out in Russell et al. 2009 and tested with the synthetic risk register content:  4.2 Potential use of visualization in risk identification Once risks are prioritized based on their probability and impact, they can be usefully nested on a heat map similar to Figure 4.1. Heat maps facilitate identifying risk events with high probability and high impact values (red cells in Figure 4.1), which require high attention and need to be mitigated or removed. Amber cells show those risk events which are not as problematic as the red cells, but they require attention in order to avoid being moved to the red zone. Green cells show risks with low probability and low impact, and need less attention compared to the other two zones. To transform risks from the red and amber zones to the green zone, it is useful to investigate risk drivers (i.e. where a risk has come from) and respond to them correctly through preventative actions or contingency plans. We have examined two options to visualize drivers of risks: parallel coordinate plots, which are recommended in the data visualization literature such as in Grinstein (2001) as a way to visualize multidimensional data, and multiple tree-maps as an  110  alternative tool to visualize the distribution of risk drivers by product, process, participant and location. To keep the images readable and not cluttered, our main focus is to show those risks which are positioned in an individual cell of the heat map.  Risk #: 96 Code:01.05.04.01 Description: Cofferdam flooded; river flow ≥ 50 yr max Impacts: cost, time, life Resp: Contractor  Likelihood Linguistic Range Average  75  VH  0.8 - 1.0  0.9  0.09  2  96  0.54  11  44  71  2.7  25  56  37  74  6.75  18.0  97 5  10  H  0.5 - 0.8  0.65  0.07  0.39  21  M  0.3 - 0.5  0.4  0.04  18  L  VL  0.05 - 0.3  0 - 0.05  0.175  0.025  33  68  0.02  83  88  9  26  77 90  Cost Linguistic Outcome Range ($ mill) Average  34  45  0.003 100  103  30  70  65  6  79  76  59  16  85  65  51  0.24  15  31  41  19  1.95  63  4  12  22  91  39  52  1.2  47  20  38  46  72  73  0.11  32  13  0.53  3  1  17  8  40  14  23  89  55  28  13.0  53  3.0  64  67  87  7  29  93  1.31  57  3.5  42  0.02  0.08  0.19  0.5  L 0.2 - 1.0 0.6  M 1.0 - 5.0 3.0  H 5.0 - 10.0 7.5  VH 10.0 - 30.0 20.0  Confidence level (likelihood/outcome):  H / H  H / L  L / H  L / L  Figure 4.1 Distribution of risk events by probability of occurrence and impact Source: Russell (CIVL 522 and BAPA 580 Lecture Notes) Parallel coordinate plots Parallel coordinate plots use parallel axes (Figure 4.2) instead of perpendicular ones where each axis represents a dimension of a multi-dimensional dataset (Grinstein, 2001). Once a cell is selected from Figure 4.1 (e.g. a red cell at the top right corner), risk events within that cell and their driver(s) could be shown on Figure 4.2, which works as follows: -  The four peripheral axes show product, process, participant and environmental views;  111  78  8.0  104  VL 0 - 0.2 0.1  62 82  114  4.88  27  43  84  -  Squares on each peripheral axis show risk drivers in the view that the corresponding axis represents (e.g. pier in the product view);  -  The central axis shows the risk events in an individual cell selected from Figure 4.1;  -  Every square on the central axis shows an individual risk event (squares are labeled with the risk Id);  -  Lines connect every square(s) on the central axis to the square(s) on the peripheral axes to show causal pathways (one-to-one, one-to-many, many-toone and many-to-many) between risk event(s) and risk driver(s);  -  Color is a mean of distinguishing between risk events and it facilitates tracking every risk event regardless of its risk level (red, amber, green). Risks within a common cell of heat maps have the same color.  To show how parallel coordinate plots work, we have created a synthetic risk register in Table 4.2. Table 4.1, shows the rationale that we have used to evaluate the impact of risks on each performance measure considered. Figure 4.2 shows how parallel coordinate plots can be used to show risk drivers in the four views.  112  Table 4.1 Rationale used for evaluating impact of risk events on performance measures (PM) Adapted from: Kerzner (2009), Making it Happen (2002) PM  Scope  Safety (per  (O&M cost to  (Percentage of  week)  total project cost)  change in  Time (linguistic)  Capital cost (cost over-  Quality  Time (time over-run to  run to total project cost)  total project duration)  Reputation  Risk level  scope)  N  No impact  0  VL  Minimal impact  (0-1)%  1%  (0-1)%  1%  Environment  Salmon  Water quality  No change  0  No reduction in sepecies  No contaminants  Minor article in local  Many minor  An individual  Lose (1-3)% of semen  Contaminants that affect  media or on a website  scopes change  injures slightly-  water color- non toxic  and can get cured in an hr L  Additional resource  (1-5)%  (1-5)%  required to meet a need  Contaminants that affect  All minor  An individual  scopes and a  injure severely-  water odor and color- non  few major  and can get  toxic  scopes change  cured in less  date 3%  Lose (3-5)% of semen  Headline article in local media  3%  than 3 hrs M  Minor slip in key  (5-7)%  (5-7)%  milestones 5% H  Major slip in key  Some major  An individual  Lose (1-3)% of salmons  Contaminants that affect  scopes changes  injure severely-  Lose (3-5)% of semen  water odor and color- might  5% (7-10)%  (7-10)%  milestones 7%  Minor article in national media  needs to stay at  harm children and elder  hospital  generation  Headline article in  Several major  An individual  Lose (3-5)% of salmons  Toxic contaminants that  national media  scopes changes  injure severely-  Lose (5-10)% of semen  affect water odor and color-  lose a limb  7%  not suitable for drinking but serves other purposes (washing, irrigation)  VH  Prolonged national  Project is  An individual  Lose more than 10% of  Highly toxic contaminant-  & major program  media campaign or  completely  passes away  salmons and semen  not suitable for irrigation  milestones  lobby group campaign  changed in  because of  purposes, water vapor will  scope  injury  contaminate the air.  Can’t achieve key team  10%  10% or more  10% or more  10%  113  Table 4.2 A Synthetic risk register Driver  Impact of performance measure  To divert the river, a coffer dam  Project  should be built, which may go with  Deliverables  the flood.  Cost  (Foundation)  e  River  Contractor  Thrusting Pier  a pier  (Foundation)  (cast in place)  H  VL  N  H  Mitigation action  -Avoidance: Use cable stayed bridge without pier  H  N  M  VL  V L  Depends on water quality  First Nations  representativ  Environment  Legislation  damage their farms.  Pier  Pay for damages  2161  owned by first nations which may  Fist nation first nations  4730  External  N  M It takes time to convince  River route will be diverted to lands  Safety  M  Scope  -Contractor  Reputation  penalties)  River  Quality  place)  -Owner (charge for  Penalties  (Foundation)  (cast in  Cap. cost  Salmons  a pier  L Owner may temporarily  Natural  Pier  L  stop the work  Project  Time  insemination.  -Thrusting  Participant  relocated, which may harm their  Process  should be diverted; salmons should be  Product  Risk Id  2001)  To thrust a pier on June, river route 1275  (Patterson  Environment  Project area Risk Description  -Transfer to contractor -Avoid by using a diversion tunnel  -Mitigate by heightening the Owner (charge for penalties)  114  River  H  H  L  V H  coffer dam L  H  VH  -Avoid by replacing a pier bridge with cable stayed one  Driver  Impact of performance measure Environment  Safety  Scope  Reputation  Quality  Cap. cost  Time  Participant  Process  2001)  Product  Risk Id  (Patterson  Environment  Project area Risk Description  Mitigation action  Corrosion may happen in pier if the 1. Mitigate by increasing the  concrete coating is gone as result of not being well attached to concrete or 1322  when coating is gone as result of cavitations. This need regular inspections and maintenance.  Project Deliverables Quality  width of concrete coating on Pier (rebarconcrete)  Operation  Contractor  River  VL  V L  H  L  VL  V L  L  the rebar and enhancing the finishing quality. 2. Avoid by replacing a pier bridge with cable stayed one  1. Mitigate by increasing the 1323  Separation may occur at the joint between pile cap and pile.  Project Deliverables  penetration depth of rebar in Pier (rebar)  Contractor  River  VL  L  H  M  N  L  L  Quality  concrete; 2. Avoid by replacing a pier bridge with cable stayed one  Separation may occur at the joint 1. Mitigate by increasing the  between pile cap and superstructure. Project Deliverables  1324  Pier (rebar)  Contractor  VL  Quality  V L  M  V L  N  V L  penetration depth of rebar in VL  concrete; 2. Avoid by replacing a pier bridge with cable stayed one  1325  Cavitations may occur in high flow  Project  Pier  Operation  Contractor  115  River  M  H  H  H  M  M  H  1. Mitigate by enhancing  Driver  Impact of performance measure Environment  Safety  Scope  Reputation  Quality  Cap. cost  const  If occurs during  const  inspections and maintenance.  concrete surface; 2. Avoid by replacing a pier bridge with cable stayed one  Geotechnical investigations show  1. Mitigate by performing an  bedrock at the depth of 5m from river 2136  Mitigation action  quality of finishing the If occurs during  (concrete)  Quality  Time  Deliverables  not smooth enough. This need regular  Participant  velocities, if surface of the concrete is  Process  2001)  Product  Risk Id  (Patterson  Environment  Project area Risk Description  base at Pier 2. According to regional  Technical  soil condition a layer of alluvial soil  Design  may exist at depth of 4, which may  Geotechnical  Thrusting  Management  Pier  pier  of Geotech.  (Foundation)  (onsite or  team  round  V  H  H  soil  pre-cast)  cause 3cm settlement in pier 2 if not  in-depth geotechnical  Underg  H  V H  M  M  H  investigations/ inserting pile to a depth more than 4m. 2. Avoid by replacing a pier bridge with cable stayed one  identified before. L  L While the access road is under  used and traffic jam may occur in the  Resources  old narrow alternative highway B. (it  Facilities  is unsafe, old and narrow, which may  Access Access road  road  Highw  constructi  ay B  on  slow traffic)  116  V L  N  M  VL  H  May affect air pollution  Project  May slow down the process  1233  large amount of traffic) can not be  of delivering material  construction, new highway A (with  Accept but reduce the construction time of the access road.  Driver  Impact of performance measure Environment  Safety  Scope  Reputation  tunnel  Quality  tunnel (wall)  Cap. cost  Boring the  Time  Diversion  Participant  Process  2001)  Product  Risk Id  (Patterson  Environment  Project area Risk Description  Mitigation action  To divert river a 10m diversion tunnel 1243  should be bored in the mountain;  Project  faults may be activated while boring  Natural  and small earthquakes may occur that  Fault  Rocky mounta  H  H  in  V H  H  L  V H  Avoid by performing an inVH  depth study of the faults, and choosing the right place  stop the boring process. If walls of diversion tunnel are not waterproofed well, water will flow 2144  inside the fractions on the wall, wash the soil in fractions which may harm  Technical  Diversion  Design  tunnel (wall)  Technical  Diversion  Design  tunnel (wall)  River  H  River  H  River  V H  H  V H  H  V H  VH  Water-stop should be used  wall stability and tunnel may collapse. If wall of the tunnel is rough due to 2145  low quality of finishing, cavitations may occur in high flow velocities. If mouth of tunnel is not designed  2146  well, large drag force will damage the tunnel.  One TBM exists in the project, and if 2315  it stops working it takes 7 days to replace it with a new one.  4759  The highway passes the forest owned  Technical Design  V  H  H  H  H  H  L  L  M  M  V  VH  H  M  H  L  M  VH  L  N  N  N  H  M  N  H  H  Diversion tunnel (mouth)  Technical Equipment  Tunnel  Boring the  Availability  (main)  Road  Rocky  tunnel  TBM Company  mounta  Passing  First nation  Forest  TBM External  V  117  in  V L  N  Enhance quality of finishing of concrete surface.  Provide an appropriate design for tunnel mouth  Set an appropriate contract with TBM provider.  Transfer the risk by  Driver  Impact of performance measure  Impact on trees  the Forest  Environment  Safety  Scope  Reputation  Quality  Cap. cost  Cutting trees  Time  Legislation  of trees should be cut. While first  Participant  by the First Nations, and large amount  Process  2001)  Product  Risk Id  (Patterson  Environment  Project area Risk Description  nations may not allow cutting their trees.  Mitigation action  outsourcing that part of the project to third party  As an alternative, instead of passing Avoid by an in-depth study of  through the forest, a 20km tunnel can be bored to not to cut trees. Water will 2234  leak inside the tunnel and tunnel will collapse if the fractions are not  Technical Construction Tunnel  Tunnel (wall)  the elevation of water level,  Tunneling  Underg  beneath  round  the forest  H  H  H  V H  M  V H  M  drain water and water proof the tunnel.  waterproofed well.  2235  Since soil in the area is not cohesive,  Technical  Tunnel (soil  Tunneling  it may not resist and may cause the  Construction  surrounding  beneath  tunnel to collapse.  Tunnel  the tunnel)  the forest  Appropriate soil stabilization Underg round  H  H  V H  H  M  V H  M  techniques should be applied. (e.g. rock bolts with appropriate strength)  118  (a)  (b)  (c)  Figure 4.2 Visualizing risks and risk drivers in different views: a) three risks b) six risks c) eleven risks  119  Analytical reasoning that the image supports includes the following: -  What product(s) are the driver(s) for an individual risk? (e.g. pier, tunnel, road)  -  What process(es) are the risk driver(s) for an individual risk? (e.g. Thrusting a pier, which means forcing the pier to soil)  -  What participants(s) are the driver(s) for an individual risk? (e.g. Contractor, Owner)  -  At which location(s) are the driver(s) for an individual risk? (e.g. River, Forest, Underground)  -  Which drivers cause multiple risks and need high attention? (e.g. pier and river in Figure 4.2).  -  Which risk events happen as a result of multiple drivers? (e.g. RE 4730 is caused by two drivers in participant view: owner and contractor)  Evaluating the visualization tool shows the following: -  When a large number of risk events (e.g. 11) is shown on the central axis (Figure 4.2(c)), a parallel coordinate plots becomes less readable, because lines that show the linkage between risks and drivers overlap and they cannot be easily tracked. To make matters worse, as the number of risks increases, so do the number of risk driver components.  -  As shown in Figure 4.2(c), the plot suffers from a labeling problem, because it requires every square on the peripheral axes to be labeled with its name and squares on the central axis to be labeled with the risk Id;  -  For a few risk events (e.g. 3 risk events in Figure 4.2(a) and 6 risk events in Figure 4.2(b)), parallel coordinate plot shows risk drivers in the four views in a single image and it reduces the time required for investigating every view separately, but for multiple risk events, it becomes unreadable;  -  Even if the image is cluttered (Figure 4.2(c)), it facilitates identifying the drivers which cause multiple risk events (e.g. pier and river) ;  -  Parallel coordinate plots show risk drivers only at the top hierarchical level to keep the image readable;  120  -  Drivers identified in one view (e.g. product view in Figure 4.2(c)) might be more in number than those identified in other views. This may cause the squares and lines on that view to be denser compared to another view, which makes the image less readable. To enhance readability, it is useful to equip the image with interaction features such as scaling. Thus, the user can drag the axis and see lines more clearly.  Finally, parallel coordinate plots might be used to show a big picture of the linkage between a few risk events (e.g. less than five) and their drivers at the grandparent level. For multiple risk events and drivers at multiple levels of hierarchy, the diagram becomes cluttered and hard to read such as Figure 4.2(c). To enhance clarity, interactive features such as dragging and scaling the axis, or inclining the axes might be useful as they help separating lines from one another. Multiple tree-maps Multiple tree-maps are used in Panopticon to show risks that are distributed by locations at different levels of hierarchy (region, country, city, store and desk). Similarly, every cell of the heat map (Figure 4.1) can be linked to tree-maps to show the distribution of drivers of risks within that cell by product, process, participant and location. Multiple tree maps are shown in Figure 4.3 (adapted from Panopticon http://www.panopticon.com/) and they work as follows: -  Figure 4.3(a) shows the list of risk events in the selected cells of the heat maps (Figure 4.1) and their details, (e.g. risk ID, risk owner, date on which risk is identified, risk exposure, etc.) are extracted from the risk register;  -  Tree-maps (Figure 4.3(b)) show the hierarchy of risk drivers in the process, product, participant and environmental views;  -  Users can select the hierarchical level in each tree-map using the slide bar on top of that map (i.e. level of detail can vary in each tree-map);  -  Every cell in each tree-map represents one driver at the selected level of hierarchy (i.e. levels 1,2,3);  121  -  Once risks are classified to quantifiable, and non-quantifiable (i.e. epistemic and actuarial) (Williams, 1994), color can be used as a metric to show their driver. So that risk drivers that cause non-quantifiable risks and need to be covered by contingency plans are colored in red and drivers that cause quantifiable risks are colored in blue. For example for a driver such as river under flood conditions, preventative mitigation actions will not work, but they may need contingency plans;  -  Size of every cell on the tree-maps shows the number of risks which are caused by that driver (e.g. “river” is a driver that causes 4 non-quantifiable risks and it is shown with a large red box on the tree-map, but “thrusting a pier” is a controllable driver which causes 2 risks, and is shown with a smaller blue box);  -  When a risk is selected from the table in Figure 4.3(a), its drivers from the four views will be highlighted on the tree-maps in 4.3(b).  122  Figure 4.3 Table of risk details (right hand window), Risk drivers distributed by work packages, products, participants and environmental components (left hand window). Adapted from: http://www.panopticon.com/demo_gallery/view-urls.php?id=99  123  Figure 4.3 supports the following analytic reasoning: -  For a selected group of risks (e.g. those in a selected cell of the heat map in Figure 4.1), which products (what) are the risk drivers? (e.g. pier)  -  For a selected group of risks, which work packages are the risk drivers?  -  For a selected group of risks, which participants (who) are the risk drivers? (e.g. owner)  -  For a selected group of risks, which locations are the risk drivers? (e.g. river)  -  What is the causal pathway between the risk event and the driver(s) o  One to one: Once a risk is selected from the table (Figure 4.3(a)), one driver will be highlighted in each tree-map in Figure 4.3(b).  o  Many-to-one: Once a risk is selected from the table (Figure 4.3(a)), multiple drivers will be highlighted in each tree-map in Figure 4.3(b).  o  One-to-many: Once a driver is selected from the tree-maps (Figure 4.3(b)), multiple risk events will be highlighted in the table (Figure 4.3(a)).  o  Many-to-many: Once a risk is selected from the table (Figure 4.3(a)), multiple drivers will be highlighted in the four tree-maps (Figure 4.3(b)) and other risks that are caused by that driver will be highlighted on the table (Figure 4.3(b)).  Evaluating the visualization tool proposed leads to the following observations: - The use of tree-maps to show risk drivers of the risk events in Table 4.2 enhances readability. - Figure 4.4 shows risk drivers from the product view, where the size of each cell shows the number of risk events caused by that driver and color shows whether the driver is controllable or not. We have found that the number of risk events caused by a parent driver is not necessarily equal to the sum of the number of risk events caused by its children. For example, a pier may fail in operation as result of corrosion. Corrosion in rebar can occur if the rebar is not well embedded in the concrete (i.e. rebar is the driver). From another point of view, if the surface of concrete is not smooth enough, the concrete cover on the rebar will be damaged as a result of cavitation and the rebar will become exposed to corrosion (i.e. concrete is the driver).  124  Therefore corrosion is addressed twice by both rebar and concrete drivers. Summing the number of risk events caused by drivers at the child level (e.g. rebar and concrete) does not necessarily result in the correct number of risk events caused by the driver at the parent level (e.g. pier). Therefore, the number of risks caused by the driver cannot be shown by size. 8  Figure 4.4 Distribution of risk drivers by product at the 2nd level of hierarchy of risk drivers -Since the tool shows drivers from multiple views in one image, it reduces the time needed for investigating drivers in every individual view. -The visualization tool supports interaction features to facilitate examining data at different levels of detail. Once the user selects the top level of hierarchy from the slide bar, they are able to see the big picture of drivers and then they can drill down to a lower level of detail.  4.3 Potential use of visualization in risk assessment Risks are prioritized based on probability of occurrence and their impact value. Risk impact which is derived from the impact of a risk event on different performance measures can be expressed qualitatively (with predefined levels of none, very low, low, high, and very high) or quantitatively (with the outcome cost, when impacts on all performance measures are expressed in a monetary measure). Once the probability and the impact of every risk event are known, risks are nested in a heat map similar to  125  Figure 4.1. As shown in Figure 4.1, the risks in a common cell are not equal in terms of their impact. Impacts can range from $10M to $13M, so it is useful to visualize impact value of the individual risks (in a common cell) on every performance measure (cost, time, quality, reputation, scope, safety, and environment), then evaluate their total impact. Visualization tools such as bullet graphs (http://www.panopticon.com/) have been used by others to show the impact value of an individual risk event (not all the risk events in a common cell of the heat map) on multiple performance measures. To show the impact of a group of risk events, we have suggested parallel coordinate plots which work as follow: - The top row shows a group of risk events (e.g. risks within a cell of the heat map) and user can select amongst them; - Performance measures are shown on the axes, where each PM has a specific dimension; - Performance measures are weighted relative to cost based on their importance regarding project objectives (e.g. reputation, safety and quality are given larger weights compared to others), to evaluate the overall risk impact based on all performance measures; - Squares on every axis show the impact levels, which are defined as none, very low, low, moderate, high and very high according to the rationale explained in Table 4.1. - Once a risk event is selected from the list on the top row, its impact on every performance measure could be shown on the corresponding axis; - A line connects risk impact on one PM to the risk impact on another PM; - A connected line facilitates tracking every risk event.  126  Figure 4.5 Impact of risks on performance measures Figure 4.5 supports the following analytical reasoning needs: -  What is the total impact of an individual risk event? Once the impacts of an individual risk event on the weighted performance measures are shown, it will be easier to derive the overall impact;  -  Once the total impact of a risk event is calculated, it is useful to know where the impact number has come from (e.g. Risk event 2144 is ranked as VH, because of its very high impact on cost, safety, reputation and environment which are given large weights).  -  Which performance measures are highly affected compared to others? (e.g. cost, reputation, quality, environment are highly affected compared to time)  Evaluation of Figure 4.5 shows the following: - Figure 4.5, shows that parallel coordinate plot gets cluttered with lines and becomes less readable when a large number of risks is visualized; - A parallel coordinate plot can be used to show the impact of a small group of risk events:  127  (a)  (b)  Figure 4.6 Impact of risks on performance measure a) risks with an overall impact of VL, L b) risks with an overall impact of M c) risks with an Dense Lines  (c)  128  overall impact of H and VH  -  Axes can be scaled based on the weight assigned to each performance measure. Thus, reputation axis will get three times longer than cost axis. In that sense, the point that shows high impact of risk on reputation (with weight 3) is not at the same column as the point that shows high impact of risk on cost (with weight 1);  -  Once the axes are scaled, they take a lot of space; whereas much of the space will remain unused;  -  When distribution of risk impacts on the performance measures are skewed, (e.g. the majority of risk events have VH impact on Reputation), only a small amount of that axis (e.g. reputation) will be used in the resulting plot if it is linearly scaled;  -  If the aforementioned case happens, it will be hard to see what is happening in the dense cluster of lines (Figure 4.6(c)).  To solve the two second problems, all the axes in parallel coordinate plots should have the same scale or they should be normalized. Performance measures in Table 4.1 do not have a common dimension and it seems not to be possible to normalize dimensions of performance measures like reputation where levels of risk impact are defined linguistically (Table 4.1). Therefore, parallel coordinate plots are not a good fit to visualize the impact of risk events on multiple performance measures, unless they are used to visualize performance measures with similar scales.  4.4 Potential use of visualization in risk mitigation: Once risks are identified, assessed and prioritized, they need to be responded to in a way that risks in red cells of the heat map in Figure 4.1, are removed or transformed to less problematic areas (i.e. amber or green zones).  129  To visualize mitigation actions, risks that they address and the effectiveness of mitigation actions in terms of reducing impact and probability, we have suggested the use of water fall diagrams shown in Figure 4.7. To test applicability of the water fall diagram, we have created a risk register based on a synthetic set of data (Table 4.3) that shows mitigation actions, the phase in which they occur, risks that they address and risk exposure value before and after mitigation action. Figure 4.7 works as follows: -  The diagram is ordered by project phases;  -  Risk events (on the top) are placed in the phase that they occur;  -  Every box shows an individual mitigation action;  -  Mitigation actions are placed in the phase that they are planned to occur;  -  Area of boxes is used as a metric to show effectiveness of each mitigation step. The width of each box shows the number of risks addressed by the mitigation action and its height shows the amount of risk exposure reduced (i.e. narrow and tall rectangles show mitigation actions that effectively reduce exposure in a few risks, but wide and short rectangles represent mitigation actions that reduce the exposure a little amount but for a large number of risk events). For effective risk management, one expects to see many wide and tall boxes to show mitigation actions that effectively reduce exposure in multiple risks;  -  Finally, the total value of residual risk events can be derived by summing the exposure values of the mitigated risk events;  -  Colors (red, amber, green) show the risk level. For effective risk management, it is expected that risks are red at the top and they turn to amber and green at the bottom of waterfall diagram.  -  Each box can be color-coded to show the type of mitigation action (preventative or contingency plan).  130  Table 4.3 Part of a risk register based on synthetic data Risk #  Cost Of Mitigation ($K)  Phase that risk  Pre mitigated  Post mitigated  affects  Exposure  Exposure  Conceptual Design  10  Construction  5  3  M1-2  Design  5  Construction  4  2.5  M4-1  M2-1  Feasibility Study  3  Construction  3  1  M1-2, M5-2  M2-2  Concept Design  4  Design  4  1  M3-1  Feasibility Study  2  2  M3-2  M3-2  Design  3  Construction  5  3  Construction  M2-1, M3-1, M5-1  M4-1  Construction  7  Construction  4  1  Risk 8  Commissioning  M4-2  M4-2  Commissioning  7  Commissioning  2  1  9  Risk 9  Construction, Operation  M4-1, M6  M5-1  Design  8  Operation  3  1  10  Risk 10  Feasibility study  M6  M5-2  Construction  6  Construction  4  3  11  Risk 11  Operation  M6, M7  M6  Construction  10  Operation  5  2  12  Risk 12  Feasibility study  M8  M7  Construction  3  Construction  3  1  13  Risk 13  Operation  M10  M8  Design  5  Operation  3  1  14  Risk 14  Commissioning  M4-1, M5-2  M9  Design  4  Commissioning  4  1  14  Risk 15  Design, Construction  M9  M10  Operation  1  Construction  3  1  0.038  0.018  Risk  Phase in which risk  Mitigation  Mitigation Phase  Descript  is created  Step  1  Risk 1  Construction  M1-1, M2-2  M1-1  2  Risk 2  Design, Construction  M1-1  3  Risk 3  Construction  4  Risk4  Conceptual design  5  Risk 5  Operation  6  Risk 6  Design  7  Risk 7  8  Operation  76  131  1.8%  Figure 4.7 Waterfall diagram  132  Milestone #3  Milestone #2  Figure 4.7- Waterfall diagrams Milestone #1  Shift before mitigation Shift after mitigation  Figure 4.7 supports the following analytical reasoning: -  What mitigation actions are planned in the project?  -  Which risks are addressed by an individual mitigation action?  -  How effective is every mitigation action in reducing risk exposure? (i.e. How many risks does it address? How much risk exposure does it reduce?) Figure 4.8 shows that in the investigated synthetic risk register, several mitigation actions are planned, but many of them address only one risk event and they do not effectively reduce risk exposure.  -  How are mitigation actions distributed through the project life cycle?  -  What is the process of mitigating an individual risk event? (e.g. risk event 7 with exposure value of 4 which occurs in the construction phase, will be mitigated to exposure value of 3 through mitigation action M2-1 in feasibility study. Then it is mitigated at two more steps, through M3-1 (in feasibility study) and through M5-1 (in the design phase), and finally it affects construction phase;  -  What is the total cost of the selected mitigation actions?  -  What is the total exposure value of residual risks?  -  Is there any unaddressed risk event? (e.g. risk event 5)  -  Is there any mitigation action which is positioned in the wrong phase? (e.g. risk 4 is created in conceptual design phase, it is mitigated in design and construction phases while it affects the project in design phase. So, if mitigation action M5-2 is a preventative one, it is not correct to position it in the construction phase.)  Evaluating Figure 4.7 shows the following: -  The visualization tool supports several analytical reasoning tasks;  -  The diagram is easy to read and understand;  -  It is easy to scale for a limited number of risk events, but if one wants to see all risks within a risk register a waterfall diagram requires a lot of space and cannot be easily scaled;  133  4.5 Evaluation of the suggested visualization tools In the current section, we have evaluated the visualization tools that we have suggested in sections 4.2, 4.3 and 4.4, based on their degree of effectiveness in terms of overcoming view point challenges which are discussed in Table 2.1. Results of this evaluation are summarized in Figure 4.8, where rows show challenges and columns show visualization tools. The degree to which visualization tool X overcomes challenge Y, is shown by black, grey or white cells. Figure 4.8 shows that the suggested visualization tools effectively overcome cognitive challenges but they are less effective in terms of solving social and emotional challenges. Further, in Table 4.3, we have ranked the suggested visualization tools to VL, L, M, H, and VH, based on their level of effectiveness in terms of overcoming viewpoint challenges. In Table 4.3, we have provided a brief summary of the suggested tools regarding the risk management stage that they affect, the degree to which they overcome viewpoint challenges, the analytical reasoning that they support, their advantages and disadvantages, and supportive interactive features that might be useful to partially solve the current disadvantages of these tools.  134  Figure 4.8 Evaluating the suggested visualization tools based on the degree they overcome viewpoint challenges  135  Table 4.3 Summary of the evaluation of the suggested visualization tools Visualization Tool  Supported  Supported View  Stage  Point(s)  Supported Analytical Reasoning  Cons  Supportive interactive features  - It is useful tool to show links b/w  - It is hard to read when  - Axes can be scaled to  risks and drivers once limited REs  multiple REs and/ or multiple  enhance readability  are selected.  drivers are shown;  - Axes can be inclined  - It takes attention to those drivers  - It fails to show drivers at  to enhance clarity by  that cause multiple REs.  different hierarchical levels;  separating lines from  - It takes attention to REs that are  - Once the diagram is skewed,  each other  caused by multiple drivers.  the axes are not efficiently  -User can select/  - It effectively overcomes viewpoint  used;  deselect the axes.  Pros - Since drivers on the peripheral axes are dimensionless, the plot works.  - Drivers of an individual RE from Parallel  Risk  Coordinate Plots  Identification  Cognitive (H)  multiple views;  Social (H)  - Causal pathways between RE  Emotional (L)  and the driver(s); - Drivers of REs within a cluster.  challenges.  Multiple Tree-  Risk  maps  Identification  Cognitive (M) Social (M)  Same as above  Emotional (VL)  - It is possible to drill down to see  -It is not that effective in terms  child drivers in the hierarchy  of overcoming viewpoint  - It helps to see drivers from  challenges.  different views at different levels of  -Size can not be used to show  hierarchy on a common screen  no. of risks caused by the  -Slide bar can be used to choose level of hierarchy.  driver.  Parallel  Risk  Coordinate Plots  Assessment  Cognitive (VH) Social (H) Emotional (M)  - It takes attention to PM that are  - It is not a good fit for  -Selecting PM with the  - Impact of an individual and a  highly affected by multiple REs;  visualizing risk impact on  same scale  cluster of REs on multiple PMs;  - It takes attention to REs that have  multiple PMs, where each of  - To make the image  - Weight of every PM;  high impact on PMs with large  them has its own scale and they  readable at high levels  -Total impact of an individual RE  weights;  can not be normalized.  of detail, it is helpful to  - It facilitates evaluating the overall  - It is hard to read when  provide features to  136  Visualization Tool  Supported  Supported View  Stage  Point(s)  Supported Analytical Reasoning  Pros  Cons  Supportive interactive features  impact of RE (based on all PM);  multiple REs and/ or multiple  enable dragging the  - It facilitates identifying the outliers  drivers are shown  axes.  (REs that have different trends in  - When distribution of risk  terms of affecting PM, and PMs that  impacts on multiple PMs are  are affected differently compared to  highly skewed, a large fraction  others)  of lines will exist in a small part of the axis. It is hard to track lines in such a dense fraction.  - Mitigation actions and their distribution in project phases; - Risks that are addressed by mitigation actions; -Effectiveness of mitigation  Waterfall  Risk  diagrams  Mitigation  actions in terms of reducing risk  - Its helps in identifying the process  - For a large number of REs  Cognitive (H)  exposure and no. of REs they  that happens to RE from the time it is  (more than 15), the diagram  Social (H)  address.  evolved until the end of project;  becomes wide  Emotional (L)  - The phase in which RE evolves;  -  -- For a large number of REs it  - The phase which RE impacts;  will be hard to track lines.  - The phase in which RE is mitigated - Risk level (red, amber, green) at different points of the risk lifecycle.  137  -User can select a limited no. of RE to see their mitigation actions. (e.g. risks in a cell of the heat map)  Chapter 5: Conclusion and Future Work  5.1 Summary In the current thesis, we sought to contribute to the development of a continuum of images that covers three phases of risk management (from risk identification to risk assessment and mitigation). We explored the current use of data visualization in support of the analytical reasoning involved in the risk management process, and we explored some additional images that facilitate the process of extracting information in response to analytical reasoning needs. However, we found that the images explored can become easily cluttered and less readable when they are overloaded with the large amount of information that accompanies risk registers for large scale projects. This observation highlights the important role of applying interactive features to the suggested tools. Our findings in the current work are summarized as follows: 1. We found that the majority of the investigated visualization tools which are currently used in the various stages of the risk management process are typically designed to explicitly show data pertaining to the risk identification stage rather than other risk management stages. Visualization tools that are designed for the risk assessment stage mainly show the impact of risks on the two performance measures of time and cost while not separating capital cost and lifecycle cost from each other. Risk impact on environment and reputation is considered in some of the tools examined; however, impacts on scope, safety and quality were not addressed in the tools studied. Regardless of the function of a visualization tool, its effectiveness in terms of facilitating communications, group interactions, creating a shared understanding and getting feedback from the project data available, is enhanced through addressing cognitive challenges. Visualization tools can help indirectly with social challenges and have minor benefits to emotional challenges.  138  2. Through examining the literature, we explored the data that is recommended to be contained in an “ideal” or “model” risk register. Further, we have examined the content of risk registers which are already used in practice. We have found that the risk register content that is derived by putting together all risk registers which are used in practice covers almost all the items which are suggested to be included in an ideal risk register. Then we identified the analytical reasoning needs associated with risk management under the main headings of risk identification, risk assessment and risk mitigation, and the information that has to be extracted from an ideal risk register to meet these needs. According to the importance of prioritizing tasks in the risk management process, we have picked some analytical reasoning needs in each of the three stages of risk identification, risk assessment and risk mitigation that add value in terms prioritizing risk events. Further, we have explored visualization tools that respond to these analytical reasoning needs. In risk identification, we sought visualization tools that show drivers of a cluster of risk events from multiple views and show causal links between a risk event and its drivers. In the risk assessment stage, we sought visualization tools that show the impact of a cluster of risk events on multiple performance measures. In the risk mitigation stage, we sought visualization tools that show mitigation actions, risk events that they address and their effectiveness in terms of reducing exposure value of an individual risk event or multiple risk events. 3. Synthetic risk registers were developed to test how the suggested visualization tools assist with visualizing risk register information in support of the analytical reasoning needs identified. From another point of view, we have evaluated the suggested tools based on their effectiveness in terms of overcoming the view point challenges which are discussed in Chapter 2.  139  We concluded that, although the suggested visualization tools support the target analytical reasoning needs and they effectively overcome view point challenges, they become easily cluttered and hard to read when they are overloaded with a large amount of information (i.e. sizeable risk registers). Therefore, we have suggested supportive interactive features that can help with making the visualization tools more readable.  5.2 Recommendation for future work This research could be further developed in the following ways: 1. Equip the suggested visualization tools with interactive features and test their performance in terms of visualizing the content of an “ideal” risk register; 2. Develop more visualization tools that respond to the suggested analytical reasoning needs in each stage of risk management to cover areas less addressed or areas not addressed by current visualization tools (i.e. white cells in Figure 2.11); and, 3.  Create a linkage between the visualization tools suggested for each stage of risk management to make a continuum of images that covers the whole risk management process.  140  Reference: Allen, L., Boudoukh J, Saunders A., (2004), “Understanding market, credit, and operational risk: the value at risk approach”, Wiley Blackwell Al-khodmany, 1999, “Using visualization techniques for enhancing public participation in planning and design: process, implementation, and evaluation” Vance, B. (2006) American System (2010) [online] Available at http://www.2asc.com/NR/rdonlyres/BB407D38-1AD5-4AA5-8020D89B2E1DB357/0/RRE_Overview.pdf Australian Government. Department of health and aging, Office of Gene Technology Regulator, (2005), “Risk Analysis Framework” Barry, L. J , (1995), “Assessing risk systematically”, J. of Risk Management, Vol. 42 , pp. 12–17. Bailey, H. (2009), “Risk Analysis Paralysis” [online] Available at http://blog.palisade.com/blog/risk-and-decision-analysis-today/0/0/risk-analysisparalysis Browning, T., (2004), “Analyzing the Systems Underlying an Enterprise”, INCOSE Insight Volume 6, Issue 2 Chapman, C., and Ward, S., (1997), “Project risk management; processes, techniques and insights”, (1st ed.), John Wiley, Chichester, UK Carter R, Hancock T, Morin JM, Robins N., (1995), “Introducing RIKSKMAN Methodology”, 1st ed. UK:NNC Blackwell Ltd.  141  Chiu C., Russell A. D., (2010), “Design of a construction management data visualization environment: A top–down approach”, J. of Automation in Construction, Vol. 20, No.4, pp. 399-417 Davis, T. J., Keller P., (1996), “Modeling and visualizing multiple spatial uncertainties”, J. of Computer and Geosciences, Vol. 23, No. 4, pp. 398-408 Data Visualization in Business [online] Available at http://pkirs.utep.edu/cis4398/Data%20Visualization%20in%20Business%20RD.h tm De Bono, E. , (1973), “Lateral Thinking. Creativity Step by Step”,Harper Colophon, New York Ehlschlaerger, C. R., Shortridge A. M., Goodchild, M., (1997), “Visualizing spatial uncertainty data using animation”, J. of Computers in GeoSciences, Vol. 23, No. 4, pp. 387-395. Eppler, M., J., Platts K. W., (2009), “Visual Strategizing”, J. of Long Range Planning, No. 42, pp. 42-74 Eppler, M.J., Aeschimann, M., (2008), “Envisioning Risk”, Institute for corporate communication, [online], Available at www.knowledgecommunication.org/pdf/envisioning-risk.pdf Feather, M. S., Cornford, S. L., Kiper, J. D., and Menzies, T. (2006), “Experiences using Visualization Techniques to Present Requirements, Risks to Them, and Options for Risk Mitigation”, In Proceedings of the International Workshop on Requirements Engineering Visualization (REV 06), pages 10–10, Minnesota, USA. IEEE.  142  Gemmer, A., (1997), “Risk management: moving beyond process”, Computer, Vol. 30, Issue 5, pp. 33–43 Global risk (2010), World Economic Forum, [online], Available at http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2010.pdf Grinstein, G., Trutschl, M., & Cvek, U. (2001). “High-dimensional visualizations”. In Data mining conference KDD workshop 2001 (pp. 7–19). New York: ACM Press Hogganvik, H., Stolen, K., (2006), “A Graphical approach to risk identification”, LNCS 4199, pp. 574 – 588 Hall, J. W., Cruickshank, C., and Godfrey, P. S. (2001). Software-supported risk management for the construction industry. Civil Engineering, 144, 42-48.AD Hillson, D., (2003), “Using a Risk Breakdown Structure in project management”, J. of facilities management, VOL .2, NO.1, pp. 85–97 Husdal (2001), “Can-it-really-be-that-dangerous?”[online] Available at http://www.husdal.com/2001/10/31/can-it-really-be-that-dangerous-issues-invisualization-of-risk-and-vulnerability/ Heer J., Kong N., and Agrawala M., (2009), “Sizing the horizon: the effects of chart size and layering on the graphical perception of time series visualizations”, In ACM CHI, pp. 1303–1312 Issacson (2009) [online], Available at: Project Management Issues and Considerations http://www.maxwideman.com/issacons2/iac1215e/sld006.htm Kerzner, H., (2009), “Project Management: A systems approach to planning, scheduling and controlling”, Wiley  143  Kim, J., K. , Sharman, R. ,. Rao, H.R, (2005),”An investigation of risk management issues in the context of emergency response systems”, Proc. of Eleventh Americas Conference on Information Systems (AMCIS), Association for Information Systems, Omaha, Nebraska, USA Kontio, J., Jokinen J., Rosendahl, E., (2004), “Visualization and Formalization Risk Information”, Proceedings of the 10th International Symposium on Software Metrics (METRICS’04) Korde T, Chiu C., Russell, AD, (2005), “Visualization of construction”, 6th Construction Specialty Conference (CSCE), Montreal, Canada Morgan, G., (1986), “ Images of Organisations”, Sage Publications, Beverly Hills, CA Nelms, C. E, De Zoysa, S., Russell, A. D, (2006), “Application of an information and knowledge management methodology in analyzing risks in construction projects”, Proc. Of Joint int. conf. in computing and decision making in civil and building Eng. Pp. 3256-3265 Northwest Controlling Corporation Ltd (NOWECO). (2006). RiskEasy® Risk Register risk management software.[online] Available at http://www.noweco.com/riskrege.htm Panopticon software[online] Available at http://www.panopticon.com Patterson F. D, Neailey, K., (2002), “A Risk Register Database System to aid the management of project risk” Perkins, J. B., (1987), The San Francisco Bay Area – On Shaky Ground, Association of Bay Area Governments, Oakland, CA  144  PertMaster Project Analytics (PertMaster). (2006). PertMaster Project Risk. [online] Available at http://www.pertmaster.com/products/projectRisk.htm Primavera Pertmaster [online] Available at http://www.westsoft.dk/Files/Filer/konferencer/Primavera_brugerm_290508/Pert master.pdf Protiviti (2006), “Guide to enterprise risk management”, [online] Available at http://www.protiviti.com/_layouts/1033/Custom404.html [Accessed October 2010] Renn, O., (1998), “Three decades of risk research: accomplishments and new challenges”, J. of risk research, Vol.1, No.1, pp. 49-71 Richter (2011), “ What is risk Register”, [online] Availabel at http://www.brighthub.com/office/project-management/articles/3247.aspx, Risk Reasoning Ltd. (2009), [online], Available at http://www.riskreasoning.co.uk RiskRadar 3.3 User Manual (2003), [online], Available at http://www.mitre.org/work/sepo/toolkits/risk/ToolsTechniques/files/RRUserManu al.pdf Risk Radar Enterprise, (2010), [online], Available at http://www.2asc.com/NR/rdonlyres/BB407D38-1AD5-4AA5-8020D89B2E1DB357/0/RRE_Overview.pdf Risk Radar®, Integrated Computer Engineering Inc (ICE), (2006), “Essential Software for Managing Project Risk”,[online] Available at http://www.iceincusa.com/Products.aspx?p=Products_RiskRadar  145  Russell, C.E. Nelms, (2007), “The application of IT to support the elicitation of expert judgement in project risk management”, Construction Management and Economics, CME Conference Russell A. D., Chiu C, Korde T., (2009), “Visual representation of construction management data”, Vol. 18, No. 8, pp. 1045-1062 Russell (2011), CIVL 522 and BAPA 580 Lecture notes, UBC Riskonnect software, [online] Available at http://www.riskonnect.com/ Songer A. D., Hays, B., (2003), “ A frame work for multi-dimensional visualization of project control data”, Proc. ASCE Construction Research Congress. Tralli, D. M., (2003), “Programmatic Risk Balancing”, 2003 IEEE Aerospace Conference The Risk Register Working Group, (2002), “Making it Happen” A Guide for Risk Managers on How to Populate a Risk Register, [online], Available at http://www.dhsspsni.gov.uk/guidance_on_register.pdf Vance B., (2006), “An antidote to bias”[online] Available at http://findarticles.com/p/articles/mi_m0BJK/is_12_17/ai_n26707579/ Ward, S. , (1999) “Assessing and managing important risks”, Int. J. of Project Management;17:331–6. Williams, T.M. (1995), "Using the risk register to integrate risk management in project definition", International Journal of Project Management 12, 17-22. Williams, T.M. (1993), "Risk management infrastructures", International Journal of Project Management 11 / 1, 5-10. Williams, T.M., (1994), “Using a risk register to integrate risk management in project definition”, 12 (1), pp. 17-22  146  World Economic Forum (2010), [online], Available at http://www.weforum.org/documents/riskbrowser2010/risks/# [Accessed on October 2010]  147  

Cite

Citation Scheme:

        

Citations by CSL (citeproc-js)

Usage Statistics

Country Views Downloads
China 22 23
United States 16 7
Canada 10 7
Germany 6 0
Japan 4 0
Austria 1 0
India 1 0
Indonesia 1 2
Qatar 1 0
City Views Downloads
Unknown 13 6
Shenzhen 10 23
Ashburn 9 1
Guangzhou 5 0
Vancouver 4 0
Shanghai 4 0
Tokyo 4 0
Beijing 3 0
Millarville 2 0
Mumbai 1 0
Innsbruck 1 0
Doha 1 0
Burnaby 1 1

{[{ mDataHeader[type] }]} {[{ month[type] }]} {[{ tData[type] }]}
Download Stats

Share

Embed

Customize your widget with the following options, then copy and paste the code below into the HTML of your page to embed this item in your website.
                        
                            <div id="ubcOpenCollectionsWidgetDisplay">
                            <script id="ubcOpenCollectionsWidget"
                            src="{[{embed.src}]}"
                            data-item="{[{embed.item}]}"
                            data-collection="{[{embed.collection}]}"
                            data-metadata="{[{embed.showMetadata}]}"
                            data-width="{[{embed.width}]}"
                            async >
                            </script>
                            </div>
                        
                    
IIIF logo Our image viewer uses the IIIF 2.0 standard. To load this item in other compatible viewers, use this url:
http://iiif.library.ubc.ca/presentation/dsp.24.1-0063213/manifest

Comment

Related Items