Objectives of risk –assessment in Building Design functions
· Categorise risks into High, medium, and low-risk categories to prioritize risk mitigation actions.
· Allocate resources effectively based on impact and likelihood analysis of risk occurring to manage risks.
·. Develop risk mitigation strategies
· Enhancing compliance culture, including statutory compliance
What can be at risk in the organization (in the context of Real Estate)
· Safety of people -customers, vendors, employees, and all business associates etc.
· Reputation of organisation
· Profitability & Business Performance
· Plant & machinery, equipment, IT infrastructure, and all types of fixed assets
· Buildings of any type under construction/completed.
· Designs (Architecture, Interior, MEP, software , services etc, information, data
and so on
Overview of the processes & business activities performed by the Building Design team
As per the author's estimate, the architect design teams performs 18 key processes with 818 key activities, as summarised below.
Design Processes performed by Building designers | No of processes | Activities performed by Architects | Activities performed by Interior designers | Activities performed by MEP designers # | Activities-All designers |
Essential core design-related | 8 | 228 | 119 | 153 | 500 |
Supporting activities to the core design | 10 | 106 | 106 | 106 | 318 |
Total | 18 | 334 | 225 | 259 | 818 |
# Considering only two types of MEP packages, namely Airconditioning and electricals & this no will grow considering if no of packages grows to, say, 30 types .
The names of processes are captured in Table 1&2 in an earlier article published by author on this website,on Oct 31,2023 ,as per link below and hence not being duplicated.
Competent professionals must perform all these activities diligently to minimize risks of activity going wrong that may adversely impact the business, such as the following.
① Impacting Profitability or & sales revenue, or & Costs, or & Quality, or & End customer satisfaction
② Impacting Statutory regulations & compliances and Ethics
③ Impacting Delivery timelines/Efficiency or effectiveness of process performance
or any combination of ①, ② or ③
Therefore, risk assessment at the design process /activity levels is also essential in addition to external risks at the organization level.
This article includes the following aspects related to risk assessment.
· AA) Risk assessment at the Organization level as per illustration in template 1 using
S-O-D-Concept
· BB)Risk assessment at the Design Process/activity level as per illustration in template 2 using a scoring model)
· CC)Restricting access rights for business activities as per risk classification-template 3
· DD)Activities(including unethical) that can affect business adversely in each risk assessment process
AA)Risk assessment at the Organisation level -Template 1
Five (5) Activities are proposed by the author for carrying out the risk assessment process scientifically
1. Designating a cross-functional team (CFT) for the risk assessment team as suggested earlier.
Constitution of CFT | Cross-functional team members from as appropriate | Level As appropriate | Position As appropriate |
Permanent members of CFT | Building structure, Main Architecture, Landscape, Façade, external development work, Interior design, MEP, Risk management etc | 1Lower : 2. Middle: 3. Senior | 1 Staff, or junior or Asst Mgr & so on 2.Manager, Senior manager & so on 3 General manager, Directors, Chief Architect & so on |
Need-based invitee members of CFT | F&A, legal or Quality or Contracts or Construction, and so on | 1Lower : 2. Middle: 3. Senior | 1 Staff, or junior or Asst Mgr & so on 2.Manager, Senior manager & so on 3 General manager, Directors, Head of invited function |
2. Identifying aspects that can contribute to risks
3. Designing risk assessment templates at the vis a vis Organisation or Activity as applicable
4. Software programming of risk template and navigation for each template
5. Populating the risk template
Designers can also refer to my video on the subject as embedded below.
.
template 1- For classifying risks at the Organisation level
( Illustration -1 for Architecture Design as reference )
sno | Aspects | Description |
1 | Key Function name and code to be assigned | Architecture Design along with sub-functions like Building structure, Main Architecture, Landscape, Façade, external development work, |
2 | Risk statements to be captured based on aspects | Risk statements are to be developed by the Chief Architect + cross-functional team as applicable/relevant to the design function . This may include aspects like the economy, Govt policies, business associates, sudden outage of IT, political, social, types of buildings being designed/constructed and sold or leased , competition, customer demands, and so on |
3 | Risk Analysis & Implications | This is to be done vis a vis each of the aspects identified above. ie. 1. Economy: 2 Govt policies 3. business associates, 4. sudden outage of IT, 5. political, 6. social,7. types of buildings being designed/constructed and sold or leased, 8. competition, 9. customer demands, and so on . with a separate page devoted to each as applicable |
4 | Risk Level at the organization level to be assessed by Chief architect + CFT based on 3 above |
|
5 | Countermeasures, Timelines & responsibility | Chief architect +CFT to capture vis-a-vis each aspect at point 3 above get inputs from functional heads |
6 | Top management Comments on points 2 to 5 | To be populated by top mgmt |
The above template 1 must have the following table attached to it to ensure the segregation of duty and to be populated appropriately by CFT.
Description | created by | edited by | viewed by | deleted by | approved by |
Subfunction within Architect | aa, bb, & so on | cc, dd & so on | aa, bb, cc, dd & so on | dd & so on | Chief Architect |
User’s Level in Architecture | Middle | Top or Middle | Top or Middle or lower | Top or Middle | Chief Architect |
User’s Position in Architecture | GM, DGM, & so on | GM, DGM, & so on | GM, DGM, Sr Mgr, Mgr & so on | GM, DGM, | Chief Architect |
Signatures | To populate | To populate | To populate | To populate | To populate |
Dates | To populate | To populate | To populate | To populate | To populate |
Here, sub-functions like aa, bb, cc, etc., mentioned in columns 2 &4 above mean Building structure, Main Architecture, Landscape, Façade, external development works etc as relevant
i) The software for populating above attachment must-have features for creating, editing, viewing ,deleting & approving rights, and capturing users’ sub-function, level, position, signature, dates, etc., by having a navigation process.
ii) Various aspects captured in this template can enhance the professional’s understanding and can be amended at the discretion of the Chief architect.
iii)This template would become an integral part of the proposed risk register or risk manual, which includes all types of organisation-level risks vis-a-vis all of the functions but would remain a confidential document
BB) Risk assessment at the Core Process /activity level Template 2
11 activities are proposed to be performed, summarised below, including a template
1. Making a cross-functional team- CFT as suggested in the previous point (members can be different)
2.To populate this template, CFT asks a simple question, vis a vis each business activity, “ What is the adverse impact on the business in case the design activity being performed goes wrong?” and analyzing answers broadly under three categories of Severity, Occurrence & Detectability as below.
3.CFT Identifies & analyses Severity Parameters on 10 Point scale based on aspects such as per the following summary and assigning score
i)Severity Parameters-score on a 10-point scale based on aspects listed below.
.
· Profitability, sales revenue, or cost
· Statutory compliance
· Satisfaction of customers, vendors, contractors,Channel brokers, business associates,
and employees
· Corporate governance
· Quality of Buildings
· Financial statement accuracy
wherein a score of 1- represents the lowest adverse impact on business;
Score 10 represents being highest adverse impact on business
4. CFT Identifies & analyzes Occurrence Parameters as per the following summary and assigning a score
ii)Occurrence(or exposure Parameters-score on 10 Point scale based on aspects listed below that can contribute to or lead to adverse impact:
· 1. Inadequate design skills or & resources.
· 2. Improper segregation of duties initiating, modifying, editing, deleting, and approving responsibilities.
· 3. Incorrect or incomplete execution of work/activity.
· 4. Inadequate verification of design work output.
· 5. Incorrect source data or input parameters for design work.
· 6. Weak internal controls.
· 7. Non-robust system /non-implementation of SOP.
· 8. Not ensuring the availability of appropriate authority norms,
· 9. Design logic needs to be configured properly.
· 10. Design process complexity, malicious intent, lack of diligence, change
management, etc
wherein a
score of 1- represents the number of causes being only 1
score of 5- represents the number of causes being 5
score 10- represents the number of causes being 10
5. CFT identifies & analyzes Detectability parameters as per the following summary based on at what stage the effect of wrong /error is found and assigning a score.
iii)Detectability Parameters-score on 10 Point scale based on the stage at which “wrong” is detected:
· Stage 1: At the very early stage, by the Architect himself who initiates business activity in a function.
· Stage 2: At the subsequent stage, i.e., the verification stage within the Architecture function.
· Stage 3: “Outside the initiating function i.e. in next function but “within the same Business unit e.g Construction function.
· Stage 4: During the internal audit stage, during a random internal audit, within the Business unit and
· Stage 5: At the customer end (e.g. Apartment owner or lesses), Who is outside the business unit
wherein
Score 1- represents -Detectability at 1st or initial stage;
Score 6- represents -Detectability at 3rd stage;
Score 10- represents - Detectability 5th stage, i.e., at the customer/business associate stage
6. CFT computes an Impact score as shown below
· Impact score on a 100 point scale=Severity score out of 10 multiplied by Detectability score out of 10,
7. CFT develops a template to capture the Impact and Exposure scores analysis as below.
8. CFT Develops norms for categorizing each business activity as High or Medium or Low risk
The author proposes the criteria below for classifying business activity risks as High, medium, or low.
Parameter | High | Medium | Low |
Impact score (severity x detection) | 70-100 | 50-70 | upto 50 |
Exposure score | 8-10 | 5-8 | less than 5 |
9. Software programming of Risk template for navigation/workflow
IT/ERP team to do the programming, enabling workflow of template from one person to another
10)- Populating “Core Process /activity level Risks” in the template.
All activities to be populated for each core process.
11)Affecting Changes in templates 2 below
Periodically, these templates are to be revisited by CFT in case of any changes happening in;
· Core activity
· Changes assessed in any parameter like severity, occurrence, or detectability, would impact the exposure score.
· User-level changes
· User position changes
Two templates have been proposed for assigning risks to business activities.
You can find more details in my book available at Amazon as per the links below.
Amazon link: India-
Amazon link-Global-
Template 2 Risk assessment at the Design Process/activity level (using a scoring model)
The header and footer to be as below.
Header: Name of Key Core Process: Designing of structure of building (includes 7(seven) key activities) as per details in chapter 1 of my book
Wherein
Impact Score= Severity score out of 10 multiplied by Detectability score out of 10
Exposure score= Occurrence score on 10 point scale
If the scoring Model approach does not apply to a business process, CFT may assign a score based on CFT’s experience based on judgment.
Footer: Business activities for this process are below
Illustration =Process : Designing the structure of the building with 7 (seven)key activities
Activity vis a vis this Core Process | Impact score Out of 100 | Exposure scores out of 10 | Risk Classification Level |
Developing concept design | 100 | 8 | High |
Vetting of structure design by independent proof consultant | 100 | 10 | High |
Developing GFC and specifications of materials | 100 | 8 | High |
Preparing tenders covering drawings & technical; specifications, and Quality standards | 90 | 8 | High |
Obtaining a structural stability certificate | 100 | 8 | High |
Making cost estimates of structure | 70 | 8 | Medium |
Issuing as built design-post building completion | 50 | 5 | low |
This Template 2 to have a S-0-D table similar to the one attached to Template 1 to ensure the segregation of duty
CC) Restricting access rights for business activities as per risk classification -Template 3
Access must be restricted by assigning rights at the software Transaction level or workflow level depending on the type of design software used for structure or architecture, façade, landscape etc
· STADD, ETAB, .
· AutoCAD
· Revit Architecture (BIM)
· 3D Studio Max
· And so on any other design software
·
Template 3-Access rights to be well defined/unique for each stage of Architectural design
Access right w.r.t each design | Structure design | Architecture | Facade | Landscape | external development work |
| To Populate | To Populate | To Populate | To Populate | To Populate |
2. Editing | do | do | do | do | do |
3.Viewing | do | do | do | do | do |
4. Deleting | do | do | do | do | do |
5. Approving | do | do | do | do | do |
This must be done by a chief architect with inputs from the COO /CEO , level /position, and competence level of designers and periodically reviewed.
These should be preferably based on level/position rather than named individual to take care of employee’s recruitments, transfers, promotion and departures etc.
DD)Activities (including unethical)that can adversely impact business
Inappropriate levels /positions of CFT members vis-à-vis “Design functions” and consequent inadequate skills for comprehending organization risks
Inadequate participation by a nominated member of “Design functions” in deliberation meetings of CFT for identifying organization risks.
Inappropriate software development and workflow of “organization level risks” template (standard for all functions) making risk capturing cumbersome and inefficient
Non-comprehensive review by CFT of all aspects vis-à-vis “Design functions -” that can contribute to Organisation risks in the Risk template, resulting in inaccurate/non-comprehensive capturing of the following: *
Risk statements
Risk Analysis and Implications
Inaccurate classification by CFT of risk at the organization level (High, Medium, or Low) vis-à-vis “Design functions” due to improper risk analysis and implications *
Inadequate time commitment by top management to review Risk template developed by CFT vis-à-vis “Design functions” and hence non-comprehensive or not accurate capturing of countermeasures *
Non-periodic/non-timely review of previously populated risk template in “Design functions to incorporate changes in business environments like customer demands, statutory changes, economy changes, and so on *
The above-listed activities that are marked* reflect activities that can have adverse statutory implications.
Book of the author
You can read more details about this article in Chapter 1 of my handbook ETHICS in the real estate and hospitality industry, Volume 1- Architectural, Interior design, and MEP services “