Open access peer-reviewed chapter

Critical Success Factors for Effective Risk Management

By Geraldine J. Kikwasi

Submitted: September 20th 2017Reviewed: January 25th 2018Published: November 5th 2018

DOI: 10.5772/intechopen.74419

Downloaded: 2113

Abstract

Risk management is extremely important in achieving overall organizational goals and objectives. Achieving organizational goals amid risks entails determining and implementing critical success factors (CSFs). This chapter presents composite CSFs which organizations can focus on to achieve their overall goals and objectives by portraying a case study of the construction industry. Using this case study reveals statistical significance of impact of risk management on the project as reduction in design/production time, improved public perception, and improved team morale and productivity. Similarly, CSFs mostly implemented are awareness of risk management processes, appreciating that risk management practice is viable in the construction industry, organizations have policies to support the development of risk management and organization deal with internal/external environment that influences risk management in their organizations. The chapter also presents nine composite CSFs determined by the case study namely: management approach; goals and objectives of the organization; risk management policy and experts; information technology and culture; environment and usage of tools; teamwork and commitment of the top management; communication and training; awareness of risk management process and legal requirements; and risk monitoring and review. Lastly, the conclusion is drawn on nine composite CSFs for effective risk management.

Keywords

  • construction
  • critical success factors
  • management
  • organizations
  • risks

1. Risk management

Formal risk management is extremely important in achieving overall organizational goals and objectives. Risk management involves actions of identifying, analyzing, and controlling risks by organizations. Organizations undertake risk management to maximize opportunities and minimize consequences of events that may arise when implementing activities geared to achieving their goals and objectives. PMI [1] defines project risk management as the processes of conducting risk management planning, identification, analysis, response planning, and controlling risk on a project. Other explanations of risk management are found in the work of Berg [2] and Harry et al. [33]. Berg [2] explains that risk management is a systematic approach to set the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues. Harry et al. [33] point out that risk management is a continuous process where the sources of uncertainties are systematically identified, their impact assessed and qualified and their effect and likelihood managed to produce an acceptable balance between the risks and opportunities. Smith [3] explains that although there are inconsistencies between the definitions, there are noted similarities such as: it is a formal process; employs systematic and scientific methods; aims to identify risks in an operation or business; evaluates the importance or impact of those risks on the operation or business; provides mechanisms to control the individual risk to provide an acceptable level of overall exposure; and is not a one-off event. PMI [1] states that the objectives of project risk management are to increase the likelihood and impact of positive events and to decrease the likelihood and impact of negative events in the project. Generally, the risk management process mainly involves risk planning, assessment (identification and analysis), ranking, treatment and monitoring. The risk management process has been expanded by Berg [2], AbouRizk [31] and PMI [1] to include establishing goals and context (i.e., the risk environment) and preparation for risk analysis. Techniques for risk identification, analysis and handling are traced in risk management books and chapters, as well as researches conducted by Cagliano et al. [4], Chinenye et al. [5] and PMI [1]. Techniques for risk identification include but not limited to:

  1. Documentation reviews

  2. Information gathering techniques

  3. Brainstorming

  4. Delphi technique

  5. Interviewing

  6. Root cause analysis

  7. SWOT analysis (strength, weakness, opportunities and threats)

  8. Checklist analysis

Techniques for risk analysis both quantitative and qualitative include but not limited to:

  1. Brainstorming

  2. Sensitivity analysis

  3. Monte Carlo

  4. Decision tree analysis

  5. Decision theory

  6. Probability analysis

  7. Delphi technique

  8. Expected monetary value (EMV) analysis

  9. Simulation

  10. SWOT analysis (strength, weakness, opportunities and threats)

  11. Historical data

Risk handling techniques normally adopted during risk management are:

  1. Risk avoidance

  2. Risk reduction (mitigation)

  3. Risk transfer (sharing)

  4. Risk retention (acceptance/assumption)

In addition, Habib & Rashid [6] present another approach of risk handling techniques used in their study such as shape and mitigate (SMT), shift and allocate (SAT), influence and transfer (ITT) and diversify through portfolio (DTP) which they related to project outcomes. PMI [1] classifies risk handling options into risk strategies for dealing with negative risks or threats and those for dealing positive risks. While strategies for dealing with negative risks remain to be those listed in other studies, strategies for dealing with positives risks are exploit, enhance, share and accept. The use of any of these handling measures depends on the outcome of the analysis and rating of the risk. Qualitative and quantitative analyses determine the probability of occurrence of risk and its potential severity. Figure 1 summarizes a generic risk management process and Table 1 presents severity matrix used by organizations to decide on the handling option to follow.

Figure 1.

Risk management process (adapted from Naphade & Bhangale [30]).

1.1. Risk framework and risk register

Recent developments in audit services have led to certain public organizations in Tanzania to develop risk management frameworks and registers. Risk management frameworks and risk registers are the vital tools for an organization to implement risk management activities. The risk management framework is the document that guides the implementation of risk management activity. The risk management framework covers:

  1. Purpose

  2. Objectives

  3. Scope in terms of organizational activities and stakeholders

  4. Risk policy and appetite statements

  5. Roles and responsibilities of various organs, top management and staff in risk management in an organization

  6. Risk management procedures

  7. Templates for risk identification and analysis sheet, risk register, risk treatment schedule and action plan and risk treatment implementation report

A risk register is a tool used in the risk management process to keep record of all identified risks and their respective corresponding mitigations or counter measures. It comprises of:

  1. Purpose

  2. Organizational goals and objectives

  3. Risk assessment methodology

  4. Overall risk profile of an organization

  5. Summary of risks

  6. Details of risks in each organization objective

  7. Risk assessment sheets indicating causes, consequences, rating and mitigations measures

Tables 2 , 3 , 4 , 5 show templates of risk identification and analysis sheet, risk register, risk treatment schedule and action plan and risk treatment implementation report adopted by some organizations.

SignificanceConsequences
1
Trivial impact
2
Minor impact
3
Moderate—Minor impact
4
Major impact
5
Catastrophic
Probability1RareLowLowModerateHighHigh
2UnlikelyLowLowModerateHighVery high
3ModerateLowModerateHighVery highVery high
4LikelyModerateHighHighVery highExtreme
5Almost certainModerateHighVery highExtremeExtreme

Table 1.

Risk severity matrix.

Source: Adapted from Berg [2].

Risk title:provide a brief title of the riskRisk ID:provide a unique identity
Overview
RiskProvide a brief description of the risk
Principal risk ownerInclude title of the person managing the risk and the area where the risk falls
Supporting owner(s)Provide title of other persons affected by the risk
Risk categoryIs it a financial, technical etc.
Objective/planList the objective impacted by the risk
Details
Causes:provide the causes that may lead to the risk materializingConsequence(s):Provide description of what will happen if the risk will materialize
Inherent risk analysis (tick the appropriate ratings basing on the scenario that current controls do not exist or completely fail)
Inherent riskImpactVery highHighModerateLowVery low
LikelihoodVery highHighModerateLowVery low
Risk ratingImpact × likelihood□ Multiply the ratings from impact and likelihood.
□; Shade this area with appropriate color
Key risk mitigation/controls currently in place and their weaknesses:briefly describe the current controls existing to reduce the inherent risk, also point out the main weaknesses for the current controls.
Residual risk analysis(tick the appropriate ratings basing remaining risk levels after the above existing controls)
Residual riskImpactVery highHighModerateLowVery low
Likelihood:Very highHighModerateLowVery low
Risk ratingI × L:□ Multiply the ratings from impact and likelihood.
□ Shade this area with appropriate color
Actions/mitigating controls to be taken: (propose feasible treatment actions to be put in place to reduce the risk at tolerable levels, including resources required for each treatment action—financial, physical assets or human)
Treatment:
1.
2.
3.
Resource required
1.
2.
3.

Table 2.

Template for risk identification and analysis sheet.

ObjectiveRisk titleType of riskRisk IDRisk assessmentRisk ratingPrincipal risk owner
Impact (I)Likelihood (L)I × L

Table 3.

Template for risk register.

Date of review: ………………………………. Compiled by: …………………………………… Date: ……………………… Reviewed by: ………………………………… Date: ………………………………………………
Risk title and ID (from risk register in priority order)Proposed treatment/control options (from risk identification sheet)Results of cost-benefit analysis (A = accept, B = reject)Person responsible for implementation of treatment optionsTimetable for implementation (give specific start and end dates)How will this risk and treatment options be monitored

Table 4.

Template for risk treatment schedule and action plan section/unit.

Risk management quarterly implementation report for the quarter ending………………………………….. Prepared by: ………………………………… Date: ………………………………………………
Risk title and ID (from risk register in priority order)Proposed treatment/control options (from risk identification sheet)Person responsible for implementation of treatment options (as in the risk identification sheet)Timetable for implementation (give specific start and end dates)How will this risk and treatment options be monitoredStatus of implementation (completed, ongoing, not done)Remarks and/or comments

Table 5.

Template for risk treatment implementation report section/unit.

Advertisement

2. Critical success factor (CSFs)

CSFs are selected key result areas that can facilitate achievement of organizational goals and objectives including risk management. CSFs were first defined by Rockart ([35] cited in Chen [7]) as the limited number of area in which results, if they are satisfactory, will ensure successful competitive performance for the organization. Later on, a number of CSFs definitions were given by various researchers. CSFs are certain rules, executive procedures and environmental conditions (Pinto & Covin, [36]). CSFs are the critical areas which organizations must accomplish to achieve its mission by examination and categorization of their impacts (Oakland [37] cited in Salaheldin, [34]). Deros et al. [38] defined CSFs as a range of enablers which, when put into practice, will enhance the chance for successful benchmarking implementation and adoption in an organization.

2.1. Critical success factors for effective risk management

Effective risk management entails doing the right thing with respect to risk management process. Top management needs to embark on CSFs as means of minimizing or eliminating risks in their organizations. Studies worldwide have documented CSFs which serve as a cornerstone for managing risks. For example, Grabowski and Roberts [8] identify the four important factors for risk mitigation that are organizational structuring and design, communication, organizational culture and trust. Hasanali [9] categorizes five critical success factors into: leadership; culture; structure, roles, responsibilities; information technology infrastructure; and measurement. Na Ranong and Phuenngam [10] determined seven CSFs for the financial industry namely: commitment and support from top management, communication, culture, information technology (IT), organization structure, training and trust. Studies of Agyakwa-Baah & Chileshe [11] identified 10 CSFs for the construction industry which are: management style, awareness of risk management process (RMP), cooperative culture, positive human dynamics, customer requirements, goals and strategic objective, impact of environment, usage of tools, teamwork and communication and availability of specialist in risk management. Chileshe and Kikwasi [32] assessed the 10 CSFs and determined that awareness of risk management processes, team work and communications and management style were the top three for Tanzania. Zhao et al. [12] determine top three CSFs as commitment of the board and senior management, risk identification, analysis and response and objective setting. Tsiga et al. [13] reveal initiation, identification, assessment, response planning, response implementation and risk communication and attitude, monitoring and review as CSFs for the construction industry. The study by Renault et al. [14] reveal drivers for ERM implementation namely legal and regulatory compliance requirements, nonmandatory reports, credits rating agencies’ requirements, reduced earnings volatility, reduced cost and losses, increased profitability and earnings. Hosseini et al. [15] determine support from managers, inclusion of risk management in construction education and training courses for construction practitioners, attempting to deliver projects systematically and awareness and knowledge of the process for implementing risk management as factors for implementing risk management systems in developing countries. Chen [7] suggests four composite CSFs for the bank industry namely: bank operation management ability, developing bank trademarks ability, bank marketing ability and financial market. Collectively, CSFs identified in these studies can serve as key result areas which construction enterprises and other stakeholders can bank on to enhance risk management in their locality.

The manner that the chosen CSFs influence the performance of a certain organization or sector has been a subject of discussion in researches conducted worldwide. Commitment and support from top management has been found an important aspect in achievement of organizational goals. For example, Ifinedo [16] investigated the impact of contingency factors such as top management support, business vision and external expertise and established that top management support influences the success level of the organizational system. Similarly, Zwikael [17] argues that the high importance of top management support is considered to be among the CSFs for project management. Renault et al. [14] determine that lack of support from top management and management priorities are among key obstacles to enterprise risk management (ERM). Risk management happens to be a process that an organization has to assume. Awareness of risk management process has been identified by Chileshe and Kikwasi [32] as one of the barriers to adoption and implementation of risk assessment and implementation practices (RAMP). Likewise, Agyakwa-Baah and Chileshe [11] point out that awareness of risk management processes within an organization is paramount to the sound success of the project.

Communication is the backbone of any successful endeavor. Effective communication between the teams that are working on the project will enhance project success including mitigation of risks. Clutterbuck & Hirst [18] argue that communication ensures that the team members understand and support not only where the team is now but also what they want to be. Grabowski & Roberts [8] stress that communication plays an important role in risk mitigation and that provides opportunities for clarification, for making sense of the organization’s progress, and for members to discuss how to improve the organization and the impact of using different risk mitigation strategies. Culture has an influence on how organizations manage risks. This is echoed by Grabowski & Roberts [8] that risk management requires the combination of several cultures that make the system into a cohesive whole in which the deep assumptions and espoused values of each of the member organizations can be built around the need for melding a culture of reliability. Training is important in equipping trainees with knowledge on emerging issues including risk management. Carey [19] points out that the ability to respond to changing conditions in an organization’s operations relates to a range of activities including the development of risk training courses and the involvement of staff in responding to early warning systems. Advancement in technology and changing in clients’ requirements calls for embarking on information technology. Hasanali [9] points out that an organization is on such a large scale that it would be difficult for members to communicate and share information without an information technology infrastructure.

Advertisement

3. A case study: risk management in the construction industry

3.1. Overview of the case study

The construction industry in Tanzania like in many other countries contributes drastically to the national growth through gross domestic product (GDP), gross fixed capital formation, creation of employment and industrial productivity. The National Bureau of Standards (NBS) [20] reveals that in volume terms, the construction industry accounted for an average of 6.8% of GDP in the 2003–2010 periods. The contribution of the industry to gross fixed capital formation in 2011 was over 50% (URT, [39]). In 2016, data indicate the construction sector contribution to GDP was about 12%, the second single sector with highest growth rate preceded by agriculture. The general outlook of the contribution of various sectors of the economy is shown in Figure 2 .

Figure 2.

Contribution of various sectors of the economy to GDP.

Construction being one sector of the economy is prone to risks. These include technical, social, construction, economic, legal, financial, natural, commercial, logistics and political risks. These risks are also classified into internal and external risks. Internal risks emanate from activities performed within the organizations such as technical, social and construction. External risks are risks which originate outside of the organization’s undertakings and these include economic, natural and political risks. Accordingly, the construction industry needs to adopt a sound risk management system to maximize opportunities and minimize negative events in its operations for it to contribute effectively to national growth.

3.2. Risk management in construction

The risk management as part of project management is extremely important in achieving project objectives of time, cost, quality, improved health and safety and no disputes. Changes in technology and more sophisticated clients’ requirements attract more risks in construction projects which call for formal risk management process. Although there have been remarkable efforts toward risk management in construction projects, implementation of risk management process is still inadequate. Studies [5, 21, 22, 23, 24, 25] have documented risk management practice in the construction industry. Akintoye & MacLeod [23] found that risk analysis and management in construction depend mainly on intuition, judgment and experience. They also cited the reasons to be lack of knowledge coupled with doubts on the suitability of these techniques for the construction industry. Ahmed & Azhar [22] established that risk analysis and management techniques are rarely used by the general contractors due to a lack of knowledge and expertise. This is echoed by the study by Chinenye et al. [5] which established that organizations within the construction industry do not work with risk management in such a structured manner due to additional cost to be incurred when performing risk management on construction projects and lack of knowledge in the area of risk management. Mahendra et al. [25] determined that the participants used to handle the risks with an informal approach because of less knowledge and awareness among the construction industry stakeholders. Similarly, Abdul-Rahman et al. [21] found that the implementation of risk management process in Malaysian construction industry is still at a low level, due to the fact that most of the construction employees involved in risk management are not fully aware of the available risk management techniques that can be applied in construction projects. Kikwasi [24] also noted inadequate risk management knowldege among consultants and determines that most consultants use document reviews and assumptions to identify risks and contingency sum method to quantify risks. A survey by Yusuwan et al. [26] also reveals low level of awareness of risk management in the clients’ organization and that they have implemented risk management in their operations on a small scale.

Previous studies in the construction industry reveal poor implementation of risk management process, as well as CSFs for effective risk management. This calls for the need to review the impact of risk management on project outcomes, assessment of implementation of previously identified CSFs and determination of a new set of CSFs.

3.3. Methodology

The study drawn a sample of 200 practitioners from the construction industry comprised of consultants, clients and contractors. The study adopted a descriptive research type that attempts to provide an insight on categories of CSFs that can enhance effective risk management in the construction industry. Data were collected using literature review and questionnaires. Two hundred questionnaires were distributed to randomly selected respondents through emails and hand delivery. Out of 200 distributed questionnaires, 100 were returned, out of which 67 were fairly filled for analysis equating to a response rate of 33.5%. A list of critical success factors for effective risk management used in the study was extracted from previous studies. Previous studies also aided in establishing gap to be filled by the current study. The collected data were analyzed using the Statistical Package for Social Sciences (SPSS) version 20. Descriptive statistics were used to compute mean scores for project outcomes and CSFs and principal component analysis (PCA) was used to compute composite CSFs. A 5-Likert scale was used, i.e., 5 = Strong agree, 4 = Agree, 3 = Neutral, 2 = Disagree and 1 = Strong disagree.

3.4. Results

3.4.1. Respondents’ profile

The participation of the intended groups namely consultants, client and contractors was 36.4, 21.2 and 42.4%, respectively. The three groups comprised of 13.4% architects, 23.9% engineers, 33.5% quantity surveyors, 17.9% project managers and 9% others. Furthermore, majority (83.9%) of these respondents have experience of more than 5 years. Majority of respondents (91%) have indicated that they worked on projects that have gone over budget.

3.4.2. Impact of risk management on project outcomes

Risk management has an influence on both the risk management process and project success. This is echoed by Junior and de Carvalho [27] that risk management practices have an impact on project success. Similarly, Kishk & Ukaga [28] through their case study concluded that there is a direct relationship between the effective risk management and project success. The influence on the risk management process includes: creation of a risk sensitive organization, formalized risk reporting, improved focus and perspective on risk, efficient use of resources and compliance matters. The impact on project outcomes is aligned with fulfilling objectives of the project, mainly time, cost, quality, health and safety and no disputes.

Table 6 presents assessment of impact of risk management on project outcomes. Results reveal three significant outcomes of risk management in construction which can be adopted in other sectors namely: reduction in design/production time, improved public perception and improved team morale and productivity. The case study therefore underlines that risk management has positive results toward achievement of organizational goals and objectives.

S/NOutcometdfSig. (2-tailed)Mean difference95% Confidence interval of the difference
LowerUpper
1Project completed on time−1.69747.096−.271−.59.05
2Project completed within budget/major cost saving−1.85546.070−.234−.49.02
3Product to the required budget−.53545.596−.065−.31.18
4Reduced accidents on site1.27346.209.170−.10.44
5Reduction in design/production time−3.20744.003−.400−.65−.15
6Improved public perception−3.07646.004−.447−.74−.15
7Reduction in contract claims−1.43045.160−.217−.52.09
8Improved team morale and productivity−2.14146.038−.298−.58−.02

Table 6.

Impact of risk management on project outcomes.

3.4.3. Selected areas of CSFs implementation in construction organizations

Figure 3 indicates selected areas of CSFs implementation. Among the areas assessed, the areas that seem least implemented are: understanding the risk management guideline or policy, organization has a documented risk management guideline or policy, the organization has guideline to support the goals and objectives of risk management, the organization conducts training to new employees, organization has established procedures for keeping up-to-date and informed with changes in regulations and organization use methods and tools to manage risk. This implies that organizations rarely formulate policy or guidelines for risk management and conduct training to new employees and the use of methods and tools to manage risks is at a low level.

Figure 3.

Implementation of selected aspects of CSFs. Key: F1 = Aware of risk management processes. F2 = Risk management practice viable in the construction industry. F3 = The organization has a policy to support the development of risk management. F4 = Understand the risk management guideline or policy. F5 = The organization has a documented risk management guideline or policy. F6 = The organization has guideline to support the goals and objectives of risk management. F7 = The organization conducts training to new employees. F8 = Internal/external environment influences risk management in your organization. F9 = The organization has established procedures for keeping up-to-date and informed with changes in regulations. F10 = Organization use methods and tools to manage risk.

3.4.4. CSFs effective risk management in construction

Several CSFs have been listed by researchers in the financial, construction and other sectors. Most of CSFs are associated to actions by top management, communication within organizations, organization structures, policies, risk management experts and knowledge.

Table 7 below presents 25 CSFs. Using descriptives, results reveal top seven CSFs for effective risk management which are training, communication, commitment and support from top management, awareness of risk management process, teamwork, clear objectives and guidelines for risk management and management styles. Generally, there are 23 CSFs that have scored a mean score greater than 3.5 indicating a fair agreement of respondents. This result calls for further analysis to scale down the number of CSFs and thus the use of principal component analysis (PCA).

S/NNMSStd. Dev
CSF 1Training684.25.760
CSF 2Communication684.19.697
CSF 3Commitment and support from top management674.15.680
CSF 4Awareness of risk management process674.10.741
CSF 5Teamwork674.10.873
CSF 6Clear objectives and guidelines for risk management674.03.904
CSF 7Management style674.01.879
CSF 8Availability of specialist risk management consultants673.93.804
CSF 9Risk monitoring and review663.92.882
CSF 10Having documented risk management policy or guidelines673.87.886
CSF 11Consideration of internal and external environment673.82.869
CSF 12Trust653.80.905
CSF 13Effective usage of methods and tools673.75.927
CSF 14Cooperative culture673.72.982
CSF 15Management priorities673.70.835
CSF 16Impact for environment673.66.808
CSF 17Risk identification, analysis and response663.62.837
CSF 18Customer requirements673.61.870
CSF 19Goals and objectives of the organization673.581.002
CSF 20Information technology infrastructure673.55.942
CSF 21Positive human dynamics673.54.959
CSF 22Organizational structure653.52.868
CSF 23Objective setting673.511.021
CSF 24Allocating adequate resources663.38.837
CSF 25Legal and regulatory compliance requirements673.34.845

Table 7.

CSFs mean scores (MS).

Further, principal component analysis reveals nine factors of CSFs for effective risk management. Table 8 reveals that about 74% of the total variance is explained by the first nine factors. The factors are arranged in decreasing order of total variance explained. To allow for flexibility in the results, the Eigen value greater or equal to 1 was assumed implying that that only factors that account for variances greater or equal to 1 are included in the factor extraction. On the coefficient display format, small coefficients with absolute value below 0.5 were suppressed. Consequently, only factor scores greater than 0.50 are shown on the rotated component matrix in Table 10 .

ComponentInitial Eigen valuesExtraction sums of squared loadings
Total% of varianceCumulative %Total% of varianceCumulative %
CSF 15.23820.95020.9505.23820.95020.950
CSF 22.89511.58032.5302.89511.58032.530
CSF 32.2368.94441.4742.2368.94441.474
CSF 41.7617.04348.5171.7617.04348.517
CSF 51.6846.73855.2551.6846.73855.255
CSF 61.4215.68560.9401.4215.68560.940
CSF 71.3075.22966.1681.3075.22966.168
CSF 81.0824.32970.4981.0824.32970.498
CSF 91.0374.14774.6441.0374.14774.644
CSF 10.9333.73378.377
CSF 11.8853.54181.918
CSF 12.7723.09085.007
CSF 13.7523.00988.016
CSF 14.5382.15390.169
CSF 15.4441.77591.944
CSF 16.3921.56793.511
CSF 17.3471.38994.900
CSF 18.3011.20596.105
CSF 19.2981.19097.296
CSF 20.223.89098.186
CSF 21.173.69498.879
CSF 22.134.53899.417
CSF 23.069.27599.692
CSF 24.040.16199.853
CSF 25.037.147100.000

Table 8.

Total variance explained.

In Table 9 , some of the variables are more highly correlated with some factors than others. In order to make it easier to assign meaning to the factors, it is ideal to see groups of variables with large coefficients for one factor and small coefficients for the others. The component matrix is therefore rotated to achieve simple structure, where each factor has large loadings in absolute value for only some of the variables, making it easier to identify.

Component
123456789
CSF 1Risk identification, analysis and response.783
CSF 2Customer requirements.735
CSF 3Allocating adequate resources.654
CSF 4Having documented risk management policy or guidelines.632.549
CSF 5Objective setting.611−.501
CSF 6Teamwork.610
CSF 7Consideration of internal and external environment.586
CSF 8Availability of specialist risk management consultants.573.511
CSF 9Impact for environment.554
CSF 10Clear objectives and guidelines for risk management.521
CSF 11Effective usage of methods and tools
CSF 12Organizational structure.771
CSF 13Information technology infrastructure.705
CSF 14Cooperative culture.688
CSF 15Trust.594
CSF 16Training
CSF 17Management style.663
CSF 18Communication.703
CSF 19Commitment and support from top management
CSF 20Goals and objectives of the organization.544.616
CSF 21Management priorities
CSF 22Legal and regulatory compliance requirements
CSF 23Awareness of risk management process
CSF 24Positive human dynamics
CSF 25Risk monitoring and review.526

Table 9.

Component matrix.

Extraction method: principal component analysis; 9 components extracted

Table 10 shows the rotated component matrix after varimax rotation and after the variables have been sorted by the absolute values of the loadings with nine components. Five variables are highly correlated to factor 1; variables 6 and 7 are highly correlated to factor 2; variables 9 and 10 are highly correlated to factor 3; variables 11 to 13 are highly correlated to factor 4; variables 14 and 15 are highly correlated to factor 5; variables 16 to18 are highly correlated to factor 6; variables 19 and 21 are highly correlated to factor 7; variables 22 and 24 are highly correlated to factor 8; and variable 25 is highly correlated to factor 9.

Component
123456789
CSF 1Management style.823
CSF 2Allocating adequate resources.788
CSF 3Risk identification, analysis and response.737
CSF 4Clear objectives and guidelines for risk management.725
CSF 5Customer requirements.563
CSF 6Goals and objectives of the organization.924
CSF 7Objective setting.878
CSF 8Positive human dynamics
CSF 9Having documented risk management policy or guidelines.918
CSF 10Availability of specialist risk management consultants.899
CSF 11Information technology infrastructure.805
CSF 12Trust.765
CSF 13Cooperative culture.673
CSF 14Consideration of internal and external environment.881
CSF 15Effective usage of methods and tools.789
CSF 16Impact of environment.669.
CSF 17Teamwork.634
CSF 18Commitment and support from top management.630
CSF 19Communication.752
CSF 20Management priorities.609
CSF 21Training.595
CSF 22Legal and regulatory compliance requirements.717
CSF 23Awareness of risk management process.629
CSF 24Organizational structure.608
CSF 25Risk monitoring and review.878

Table 10.

Rotated component matrix.

Extraction method: principal component analysis

Rotation method: varimax with Kaiser normalization; Rotation converged in 12 iterations

In summary, the following are categories of CSFs for effective risk management:

  1. CSF 1 Management approach: Comprise of five CSFs with management style scoring high followed by allocating adequate resources and risk identification, analysis and response

  2. CSF 2 Goals and objectives of the organization: Comprise of two CSFs all with high scores

  3. CSF 3 Risk management policy and experts: Comprise of two CSFs all with high scores

  4. CSF 4 Information technology and culture: Comprise of three CSFs with information technology infrastructure scoring high followed by trust.

  5. CSF 5 Environment and usage of tools: Comprise of three CSFs with consideration of internal and external environment scoring high followed by effective usage of methods and tools.

  6. CSF 6 Teamwork and commitment of the top management: Comprises of two CSFs all of them scoring fairly.

  7. CSF 7 Communication and training: Comprise of three CSFs with communication scoring high followed by management priorities.

  8. CSF 8 Awareness of risk management process and legal framework: Comprise of three CSFs with legal and regulatory compliance requirements scoring high followed by awareness of risk management process

  9. CSF 9 Risk monitoring and review: Comprising of risk monitoring and review with high scores

Collectively, the nine categories of CSFs have yielded the top eight CSFs with component loading of between 1 and 0.8:

  1. Goals and objectives of the organization (0.924);

  2. Having documented risk management policy or guidelines (0.918);

  3. Availability of specialist risk management consultants (0.899);

  4. Consideration of internal and external environment (0.881);

  5. Objective setting (0.878);

  6. Risk monitoring and review (0.878);

  7. Management style (0.823);

  8. Information technology infrastructure (0.805).

3.5. Discussion

The case study has underlined that risk management in construction projects has positive results such as reduced accidents on sites, product to the required budget, reduction in contractual claims, project completed within budget and project completed on time. This finding is partly in line with the study by Al-Shibly et al. [29] on aspects of time. On the other hand, this finding supports the work of Kishk and Ukaga [28] that the conventional view of project success based on cost, time and quality objectives is not sufficient. They argue that the project success has to base on the predetermined and preagreed success criteria set by all stakeholders.

Through description, the study identified top seven CSFs; however, about 23 CSFs were generally within acceptable limits based on the mean score. These CSFs were further reduced using PCA and nine composite CSFs for effective risk management were determined. This approach also was used by Chen [7] to suggest four composite CSFs for the banking industry. These CSFs are management approach, goals and objectives of the organization, risk management policy and experts: information technology and culture, environment and usage of tools, teamwork and commitment of the top management, communication and training, awareness of risk management process and legal requirements and risk monitoring. Collectively, the nine CSFs have yielded the top eight CSFs namely: goals and objectives of the organization, having documented risk management policy or guidelines, availability of specialist risk management consultants, consideration of internal and external environment, objective setting, risk monitoring and review, management style and information technology infrastructure. To a great extent, this finding supports the works of Grabowski and Roberts [8], Hasanali [9], Agyakwa-Baah and Chileshe [11], Chileshe and Kikwasi (2014), Zhao et al. [12] and Tsiga et al. [13]. The current study supports the work of Hosseini et al. [15] on issues of management support, training and awareness of risk management process. The study also noted lack of understanding of risk management guideline or policy, organizations lacking documented risk management guideline or policy and guideline to support the goals and objectives of risk management, organizations not conducting training to new employees, organizations lacking established procedures for keeping up-to-date and informed with changes in regulations and organizations not using methods and tools to manage risks.

Advertisement

4. Conclusion

The chapter sought to explore theories on risk management and using the construction industry as a case study establishes CSFs for effective risk management. The case study also has explored the impact of risk management to project outcomes and the status of implementation of selected previously identified CSFs. Generally, risk management in organizations has positive results to the risk management process as well as achievement of organizational goals and objectives. Similarly, organizations at certain levels have been implementing previously determined CSFs. From a list of 25 CSFs determined previously, a new set of 9 composite CSFs have established for effective risk management. The findings of the current study provide snapshot on the composite CSFs that can be assumed by organizations in achieving their goals and objectives. The limitation of this which is worth to be acknowledged is that the study has drawn 9 composite CSFs from only 25 CSFs.

Advertisement

Conflict of interest

The author declares that there is no conflict of interests regarding the publication of this chapter.

© 2018 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution 3.0 License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

How to cite and reference

Link to this chapter Copy to clipboard

Cite this chapter Copy to clipboard

Geraldine J. Kikwasi (November 5th 2018). Critical Success Factors for Effective Risk Management, Risk Management Treatise for Engineering Practitioners, Chike F Oduoza, IntechOpen, DOI: 10.5772/intechopen.74419. Available from:

chapter statistics

2113total chapter downloads

1Crossref citations

More statistics for editors and authors

Login to your personal dashboard for more detailed statistics on your publications.

Access personal reporting

Related Content

This Book

Next chapter

Construction Supply Chain Resilience in Catastrophic Events

By Yasangika Gayani Sandanayake, Tharaka Bandara Dissanayake and Chike Oduoza

Related Book

First chapter

Smart Home Systems

By P. Lalanda, J. Bourcier, J. Bardin and S. Chollet

We are IntechOpen, the world's leading publisher of Open Access books. Built by scientists, for scientists. Our readership spans scientists, professors, researchers, librarians, and students, as well as business professionals. We share our knowledge and peer-reveiwed research papers with libraries, scientific and engineering societies, and also work with corporate R&D departments and government entities.

More About Us