top of page
  • Writer's pictureArvind Dang

Risk assessments: - At the organization & design activity levels in Design of architecture, Interior, and MEP 

Updated: Feb 8

Objectives of risk –assessment in Building Design functions


·     Categorise risks into High, medium, and low-risk categories to prioritize risk mitigation actions.

·      Allocate resources effectively based on impact and likelihood analysis of risk occurring to manage risks.

·.      Develop risk mitigation strategies

·      Enhancing compliance culture, including statutory compliance

What can be at risk in the organization (in the context of Real Estate)


·      Safety of people -customers, vendors, employees, and all business associates etc.

·      Reputation of organisation

·      Profitability & Business Performance

·      Plant & machinery, equipment, IT infrastructure, and all types of fixed assets

·      Buildings of any type under construction/completed.

·      Designs (Architecture, Interior, MEP, software , services etc, information, data

and so on

 Overview of the processes & business activities performed by the Building Design team   

As per the author's estimate, the architect design teams performs 18 key processes with 818 key activities, as summarised below.

Design  Processes  performed by Building designers  

No of processes  

Activities performed by


Activities performed by

Interior designers

Activities performed by

MEP designers #

Activities-All designers

Essential core design-related






Supporting activities to the core design












# Considering only two types of MEP packages, namely Airconditioning and electricals  & this no will grow considering if no of packages grows to, say, 30 types .


The names of processes are captured in Table 1&2  in an earlier article published by author on this website,on  Oct 31,2023  ,as per link below and hence not being duplicated.

Competent professionals must perform all these activities diligently to minimize risks of activity going wrong that may adversely impact the business, such as the following.

① Impacting Profitability or & sales revenue, or & Costs, or & Quality, or & End customer satisfaction   

② Impacting Statutory  regulations & compliances and Ethics

③ Impacting Delivery timelines/Efficiency or effectiveness of process performance

or any combination of ①, ② or ③

Therefore, risk assessment at the design process /activity levels is also essential in addition to external risks at the organization level.

This article includes the following aspects related to risk assessment. 

·      AA) Risk assessment at the Organization level as per illustration in template 1 using


·      BB)Risk assessment at the Design  Process/activity  level as per illustration in template 2 using a scoring model)

·      CC)Restricting access rights for business activities as per risk classification-template 3

·      DD)Activities(including unethical) that can affect business adversely in each risk assessment process 

AA)Risk assessment at the Organisation level -Template 1

Five (5) Activities are proposed by the author  for  carrying out the risk assessment process scientifically

1. Designating a cross-functional team (CFT)  for the risk assessment team as suggested earlier.


Constitution of CFT

Cross-functional team members from as appropriate


As appropriate


As appropriate

Permanent members of CFT

Building structure, Main Architecture, Landscape, Façade, external development work, Interior design, MEP, Risk management etc

1Lower :

2. Middle:

3. Senior

1 Staff,  or junior or Asst Mgr & so on

2.Manager, Senior manager & so on

3 General manager, Directors, Chief  Architect & so on

Need-based invitee members of CFT

F&A, legal or Quality or Contracts or Construction, and so on  

1Lower :

2. Middle:

3. Senior

1 Staff,  or junior or Asst Mgr & so on

2.Manager, Senior manager & so on

3 General manager, Directors, Head of invited function

2. Identifying aspects that can contribute to risks

3. Designing risk assessment templates  at the  vis a vis Organisation or Activity as applicable

4. Software programming of risk template and navigation for each template  

5. Populating the risk template

 Designers can also refer to my video on the subject as embedded below.


template 1- For classifying risks at the Organisation level


                         ( Illustration -1 for Architecture Design as reference )





Key Function name and code to be assigned

Architecture Design along with sub-functions  like Building structure, Main Architecture, Landscape, Façade, external development work,


Risk statements to be captured based on aspects

Risk statements are to be developed by the Chief Architect + cross-functional team as applicable/relevant to the design function  . This may include aspects like the economy, Govt policies, business associates, sudden outage of IT, political, social, types of buildings being designed/constructed and sold or leased , competition, customer demands, and so on


Risk Analysis & Implications

This is to be done vis a vis each of the aspects identified above. ie. 1. Economy:  2 Govt policies 3. business associates, 4. sudden outage of IT, 5. political, 6. social,7. types of buildings being designed/constructed and sold or leased, 8. competition, 9. customer demands, and so on . with a separate page devoted to each as applicable


Risk Level at the organization level to be assessed by Chief architect + CFT based on 3 above

  • 1. Economy related- Funds availability is likely to be very limited, Risk =High, and so on

  • 2. Govt Policy related - Corporate tax rates may go up-Risks -High

  • 3. Business associate-related vendor/contractor’s credit period likely low - Medium, and so on


Countermeasures, Timelines & responsibility

Chief architect +CFT to capture vis-a-vis each aspect at point 3 above get inputs from functional heads


Top management Comments on points 2 to 5

To be populated by top mgmt

The above template 1 must have the following table attached to it to ensure the segregation of duty and to be populated appropriately by CFT.


created by

edited by

viewed by

deleted by

approved by

Subfunction within Architect

aa, bb, & so on

cc, dd & so on

aa, bb, cc, dd & so on

dd & so on

Chief Architect

User’s Level in Architecture


Top or Middle

Top or Middle or lower

Top or Middle

Chief Architect

User’s Position in Architecture

GM, DGM, & so on

GM, DGM, & so on

GM, DGM, Sr Mgr, Mgr & so on


Chief Architect


To populate

To populate

To populate

To populate

To populate


To populate

To populate

To populate

To populate

To populate

Here, sub-functions like aa, bb, cc, etc., mentioned in columns 2 &4 above mean Building structure, Main Architecture, Landscape, Façade, external development works etc  as relevant

i) The software for populating above attachment must-have features for creating, editing, viewing ,deleting & approving rights, and capturing users’ sub-function, level, position, signature, dates, etc., by having a navigation process.

ii) Various aspects captured in this template can enhance the professional’s understanding and can be amended at the discretion of the Chief architect.


iii)This template would become an integral part of the proposed risk register or risk manual, which includes all types of organisation-level risks vis-a-vis all of the functions but would remain a confidential document

BB) Risk assessment at the Core Process /activity level Template 2 

11 activities are proposed to be performed, summarised below, including a template

1.     Making a cross-functional team- CFT  as  suggested in the previous point  (members can be different)

2.To populate this template,  CFT asks a simple question,  vis a vis each business activity, “ What is the adverse impact on the business in case the design activity being performed goes wrong?” and analyzing answers broadly under three categories of Severity, Occurrence & Detectability as below.


3.CFT Identifies & analyses Severity Parameters on 10 Point scale based on  aspects such as per the following summary and assigning score 


i)Severity Parameters-score on a 10-point scale based on aspects listed below.


·      Profitability, sales revenue, or cost

·      Statutory compliance

·      Satisfaction of customers,  vendors, contractors,Channel brokers, business associates,

and employees

·      Corporate governance

·      Quality of Buildings   

·      Financial statement accuracy

       wherein a score of 1- represents the lowest adverse impact on business;

                             Score 10 represents being highest adverse impact on business

4. CFT   Identifies & analyzes Occurrence Parameters as per the following summary and assigning a score 


ii)Occurrence(or exposure  Parameters-score on 10 Point scale based on  aspects listed below that can contribute to or lead to adverse impact:

·      1. Inadequate design skills or & resources.

·       2. Improper segregation of duties initiating, modifying, editing, deleting, and approving responsibilities.

·       3. Incorrect or incomplete execution of work/activity.

·      4. Inadequate verification of design work output.

·      5. Incorrect source data or input parameters for design work.

·      6. Weak internal controls.

·      7. Non-robust system /non-implementation of SOP.

·       8. Not ensuring the availability of appropriate authority norms,

·       9. Design logic needs to be configured properly.

·      10. Design process  complexity, malicious intent, lack of diligence, change

management, etc

wherein a

score of 1- represents the number of causes being only 1

score of 5- represents the number of causes being 5

score 10- represents the number of causes being  10


5. CFT identifies & analyzes Detectability parameters as per the following summary based on at what stage the effect of wrong /error is found and assigning a score.


iii)Detectability  Parameters-score on 10 Point scale based on the stage at which “wrong” is detected:

·      Stage 1: At the very early stage, by the Architect himself who initiates business activity in a function.

·      Stage 2: At the subsequent stage, i.e., the verification stage within the Architecture function.

·      Stage 3: “Outside the initiating function i.e. in next function but “within the same Business unit e.g Construction function.

·      Stage 4: During the internal audit stage, during a random internal audit, within the Business unit and

·      Stage 5: At the customer end (e.g. Apartment owner or lesses), Who is  outside the business unit 


Score 1- represents -Detectability at 1st or initial stage;

Score 6- represents -Detectability at 3rd  stage;

Score 10- represents - Detectability 5th stage, i.e., at the customer/business associate  stage



6. CFT computes  an Impact score  as shown below

·      Impact score on a 100 point scale=Severity score  out of 10 multiplied by Detectability  score  out of 10,

7. CFT develops a template to capture the Impact and Exposure scores analysis as below.


8. CFT Develops norms for categorizing each business activity  as High or Medium or Low risk  

The author proposes the criteria below for classifying business activity risks as High, medium, or low.





Impact score

(severity x detection)



upto 50

Exposure score



less than 5

9. Software programming of Risk template for navigation/workflow

IT/ERP team to do the programming, enabling workflow of template from one person to another


10)- Populating “Core Process /activity level Risks” in the template.

All activities to be populated for each core process.


11)Affecting Changes in  templates 2 below

Periodically, these templates are to be revisited by CFT in case of any changes happening in;

·      Core activity

·      Changes assessed in any parameter like severity, occurrence, or detectability, would impact the exposure score.

· User-level changes

·      User position changes

Two templates have been proposed for assigning risks to business activities.


You can find more details in my book available at Amazon as per the links below.

Amazon link: India-


Amazon link-Global-

Template 2 Risk assessment at the Design  Process/activity  level (using a scoring model)

The header and footer to be as below.

Header: Name of Key Core Process: Designing of structure of building (includes 7(seven) key activities) as per details in chapter 1 of my book


Impact Score=  Severity score  out of 10 multiplied by Detectability  score  out of 10

Exposure  score= Occurrence score on 10 point scale


If the scoring Model approach does not apply to a business process, CFT may assign a score based on CFT’s experience based on judgment.

Footer: Business activities for this process are below

Illustration =Process : Designing the structure of the building with 7 (seven)key activities

Activity vis a vis this Core Process

Impact score

Out of 100

Exposure scores out of 10

Risk Classification Level

Developing concept design




Vetting of structure design by independent proof consultant




Developing GFC and specifications of materials




Preparing tenders covering drawings & technical; specifications, and Quality standards




Obtaining a structural stability certificate




Making cost estimates of structure




Issuing as built design-post building completion




This Template 2  to have a S-0-D table similar to the one attached to Template 1 to ensure the segregation of duty 

CC) Restricting access rights for business activities as per risk classification -Template 3

Access must be restricted by assigning rights at the software Transaction level or workflow level depending on the type of design software used for structure or architecture, façade, landscape etc



·       STADD, ETAB, .

·      AutoCAD

·      Revit Architecture (BIM)

·      3D Studio Max

·      And so on any other design software


Template 3-Access rights to be well defined/unique for each stage of Architectural design

Access right w.r.t  each design

Structure design




external development work

  1. Initiating

To Populate

To Populate

To Populate

To Populate

To Populate

2. Editing












4. Deleting






5. Approving






This must be done by a chief architect with inputs from the COO /CEO , level /position, and competence level of designers and periodically reviewed.

These should be preferably based on level/position rather than named individual to take care of employee’s recruitments, transfers, promotion and departures etc.

DD)Activities (including unethical)that can adversely impact business

  • Inappropriate levels /positions of CFT members vis-à-vis “Design functions” and consequent inadequate skills for comprehending organization risks   

  • Inadequate participation by a nominated member of “Design functions”     in deliberation meetings of CFT for identifying organization risks.

  • Inappropriate software development and workflow of “organization level risks” template (standard for all functions) making risk capturing cumbersome and inefficient 

  • Non-comprehensive review by CFT of all aspects vis-à-vis “Design functions -” that can contribute to Organisation risks in the Risk template, resulting in inaccurate/non-comprehensive capturing of the following: *

  • Risk statements

  • Risk Analysis and Implications

  • Inaccurate classification by CFT of risk at the organization level (High, Medium, or Low) vis-à-vis “Design functions” due to improper risk analysis and implications *

  • Inadequate time commitment by top management to review Risk template developed by CFT vis-à-vis “Design functions” and hence non-comprehensive or not accurate capturing of countermeasures *

  • Non-periodic/non-timely review of previously populated risk template in “Design functions to incorporate changes in business environments like customer demands, statutory changes, economy changes, and so on *

The above-listed activities that are marked* reflect activities that can have adverse statutory implications.


Book of the author 

You can read more details about this article in Chapter 1 of my handbook ETHICS in the real estate and hospitality industry, Volume 1- Architectural, Interior design, and MEP services “








935 views0 comments


bottom of page