The problem of choosing risk management methodology at the example of railway construction

One of the most expensive projects in the construction industry are railway projects. High costs and specificity of implementation involve high risks throughout the investment and construction process. Over the years, project management methodologies have been developed that facilitate, among other things, the management of risk factors This article reviews the recommendations for risk management in each methodology. In addition, their usefulness have been evaluated in railway construction. 1 Risk issue in railway projects One of the most expensive projects in the construction industry are railway projects [1, 2, 3]. The reason for this is primarily from the very wide range of works being carried out [4]. It also causes a long investment period [5, 6, 7]. These values, i.e. cost, range and time [8, 9] are, according to many recognized methodologies(for example: PRINCE2, PMBOK, AGILE, IPMA, ITIL, SCRUM or JASPERS) three basic parameters of the project. Moreover, they are closely related, so that modifying the value of one parameter results in at least one of the other two. These three methodologies supplement the basic parameters with additional parameters. The parameters differ depending on the methodology, but each of them takes into account the issues related to the management of risk factors. In the article, the authors attempt to compare the ways of managing the risk factors represented by the individual methodologies, and also assess which of them would be most appropriate for the implementation into railway contracts. 2 Methodologies used in project management The year of the first project management methodology is considered to be 1942, when relevant studies were prepared for the Manhattan Engineering District Project. With the passing of time, new methodologies have appeared while the existing ones have been developing.. As a result of this process, there are a whole array of different methodologies today. What is the reason for such a large development of the area of project management knowledge? The reasons are mainly three. The first one is the geographic cause. In different * Corresponding author: k.kaczorek@il.pw.edu.pl DOI: 10.1051/ , 00073 (2017) 71170007 117 MATEC Web of Conferences matecconf/201 XXVI R-S-P Seminar 2017, Theoretical Foundation of Civil Engineering 3 © The Authors, published by EDP Sciences. This is an open access article distributed under the terms of the Creative Commons Attribution License 4.0 (http://creativecommons.org/licenses/by/4.0/). parts of the globe, in parallel with the needs of individual societies, methodologies were developed to meet their expectations (for examaple American PMBOK, British PRINCE2 or Swiss IPMA). The second reason was the adaptation of methodologies to the needs of individual industries. Most of this type of procedures were done for the IT industry (for example AGILE, ITIL or SCRUM). The third reason for generating new work is the fact that special programs are being developed within international organizations that require appropriate standards (for example materials issued by JASPERS to improve the preparation and implementation of projects applying for EU funding). In the remainder of the paper, the authors focused on three methods: PMBOK, PRINCE2 and JASPERS (Blue Book), as applicable to railway contracts. 3 Recommendations of individual methodologies for subsequent stages of risk management In the PMBOK, risk management is described in the "Risk Management" knowledge area, PRINCE2 under the "Risk" topic, and JASPERS in the "Risk and Sensitivity Analysis". The next steps in the risk management process are presented at Fig. 5. Fig. 1. The next steps in the risk management according to the PMBOK. [10]. 3.1 Planning risk management PMBOK defines planning risk management as „the process of defining how to conduct risk management activities for a project” [11]. The tools that are recommended at this stage are planning meetings and analysis. Participants who should attend the meetings are: the project manager, selected project team members and stakeholders, anyone in the organization with responsibility to manage the risk planning and execution activities, and others, as needed. The result of working at this stage should be a risk management plan that contains: methodology, roles and responsibilities, budgeting, timing and risk categories [11]. PRINCE2 recommends that you thoroughly review the documentation at the organization and program level and then develop a Risk Management Strategy for the project. The main purpose of developing this strategy is to show how the risk management will be integrated into the project management activities. The Risk Management Strategy consists of the following elements: introduction, risk management procedure, tools and techniques, required records, reporting, deadlines for risk management activities, roles and responsibilities, rating scales, proximity and risk categories, risk response categories, early indicators warning, risk tolerance and risk budget [12, 13, 14]. DOI: 10.1051/ , 00073 (2017) 71170007 117 MATEC Web of Conferences matecconf/201 XXVI R-S-P Seminar 2017, Theoretical Foundation of Civil Engineering 3


Risk issue in railway projects
One of the most expensive projects in the construction industry are railway projects [1,2,3]. The reason for this is primarily from the very wide range of works being carried out [4]. It also causes a long investment period [5,6,7]. These values, i.e. cost, range and time [8,9] are, according to many recognized methodologies(for example: PRINCE2, PMBOK, AGILE, IPMA, ITIL, SCRUM or JASPERS) three basic parameters of the project. Moreover, they are closely related, so that modifying the value of one parameter results in at least one of the other two. These three methodologies supplement the basic parameters with additional parameters. The parameters differ depending on the methodology, but each of them takes into account the issues related to the management of risk factors. In the article, the authors attempt to compare the ways of managing the risk factors represented by the individual methodologies, and also assess which of them would be most appropriate for the implementation into railway contracts.

Methodologies used in project management
The year of the first project management methodology is considered to be 1942, when relevant studies were prepared for the Manhattan Engineering District Project. With the passing of time, new methodologies have appeared while the existing ones have been developing.. As a result of this process, there are a whole array of different methodologies today. What is the reason for such a large development of the area of project management knowledge? The reasons are mainly three. The first one is the geographic cause. In different parts of the globe, in parallel with the needs of individual societies, methodologies were developed to meet their expectations (for examaple American PMBOK, British PRINCE2 or Swiss IPMA). The second reason was the adaptation of methodologies to the needs of individual industries. Most of this type of procedures were done for the IT industry (for example AGILE, ITIL or SCRUM). The third reason for generating new work is the fact that special programs are being developed within international organizations that require appropriate standards (for example materials issued by JASPERS to improve the preparation and implementation of projects applying for EU funding). In the remainder of the paper, the authors focused on three methods: PMBOK, PRINCE2 and JASPERS (Blue Book), as applicable to railway contracts.

Recommendations of individual methodologies for subsequent stages of risk management
In the PMBOK, risk management is described in the "Risk Management" knowledge area, PRINCE2 under the "Risk" topic, and JASPERS in the "Risk and Sensitivity Analysis". The next steps in the risk management process are presented at Fig. 5.

Planning risk management
PMBOK defines planning risk management as "the process of defining how to conduct risk management activities for a project" [11]. The tools that are recommended at this stage are planning meetings and analysis. Participants who should attend the meetings are: the project manager, selected project team members and stakeholders, anyone in the organization with responsibility to manage the risk planning and execution activities, and others, as needed. The result of working at this stage should be a risk management plan that contains: methodology, roles and responsibilities, budgeting, timing and risk categories [11].
PRINCE2 recommends that you thoroughly review the documentation at the organization and program level and then develop a Risk Management Strategy for the project. The main purpose of developing this strategy is to show how the risk management will be integrated into the project management activities. The Risk Management Strategy consists of the following elements: introduction, risk management procedure, tools and techniques, required records, reporting, deadlines for risk management activities, roles and responsibilities, rating scales, proximity and risk categories, risk response categories, early indicators warning, risk tolerance and risk budget [12,13,14]. JASPERS does not undertake risk management planning. In conclusion, the first two methodologies provide a solid foundation (in the form of a PMBOK risk management plan or PRINCE2 Risk Management Strategy) for subsequent risk management processes. JASPERS does not undertake risk management planning because it is a dedicated field-specific methodology (rail infrastructure), so the adaptive needs of the methodology for the project are significantly smaller..

Identifying risks
PMBOK defines identifying risks as "the process of determining which risks may affect the project and documenting their characteristics" [11]. Methodology proposes a whole range of tools: documentation reviews, information gathering techniques (brainstorming, Delphi technique, interviewing, root cause analysis), checklist analysis, assumptions analysis, diagramming techniques (cause and effect diagrams, system of process flow charts, influence diagrams), SWOT analysis and expert judgement. As a result of the tools are the following products: list of identified risks, list of potential responses, root causes of risks, updated risk categories [11,15,16].
PRINCE2 recommends the so-called "Risk workshop" -a group session that is organized to identify hazards and opportunities. The risk identification techniques proposed by the methodology include: experience review, risk checklists, risk categorization lists, brainstorming and risk sharing structure diagram. The result of the activities should be the Risk Register [12,18].
JASPERS proposes a ready-made list of risk factors that, based on the experience of the members of the association, have been aggregated and allocated to specific groups of risk factors.. These groups are: demand risks, design risks, administrative risks, land acquisition risks, procurement risks, performance risks, operational risks, regulatory risks, financial risks, management risks, political risks and other risks. It is important that the list remains open, so despite the extensive list, further proposals for risk factors [17].
In conclusion, the first two methodologies offer a wide range of tools for identifying risk factors. However, they do not offer any sample list. This is not the case for JASPERS, which offers a prepared list of factors. Unfortunately, beyond the list, there is no information on tools to identify potential factors that are not included in the enclosed list. It is obvious that the most rational approach to the topic would be to supplement the JASPERS list with the tools proposed by PMBOK or PRINCE2.

Qualitative risk analysis
PMBOK defines qualitative risk analysis as "the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact" [11]. Methodology at this stage proposes the following tools: risk probability and impact assessment, probability and impact matrix, risk data quality assessment, risk categorization, risk urgency assessment and expert judgement. The purpose of this stage is to update the risk register, which consists in complementing it with the following elements: relative ranking -list of project risks sorted by relevance, grouping risks by category, list of risks requiring in the near term, list of risks requiring additional analysis and response, list of observed risks of low significance and trends characterizing the results of qualitative risk analysis [11,19,20].
PRINCE2 recommends considering: the probability of threats and opportunities in terms of how likely they are to occur; the impact of each threat and each opportunity with respect to the objectives of the project; the proximity of these threats and opportunities; scope of changes in the impact of threats and opportunities during the life of the project. Methodology proposes two techniques to achieve the stated objectives: the Pareto principle and the probability / impact matrix. The result of the work is a completed and updated Risk Register [12,21].
During qualitative analysis, JASPERS requires that the following characteristics be described for each risk factor: cause, effect, risk manager, project phase at risk, probability, impact strength, and risk level. The methodology includes tables that provide ready-to-use compartments to qualify individual risk factors. The effect of the operation is to locate the individual factors on the matrix level of risk [17].
The first two methodologies are very broadly concerned with the qualitative analysis of risk factors. They propose a whole range of tools to help in making the right analysis. The last method is limited to the most common tool -the risk matrix.

Quantitative risk analysis
PMBOK defines quantitative risk analysis as "the process of numerically analyzing the effect of identified risks on overall project objectives" [11]. Methodology recommends the implementation of tools from one of two groups of techniques: Data gathering and representation techniques (surveys, probability distributions, expert opinions), quantitative risk analysis and modeling techniques (sensitivity analysis, expected monetary value analysis, decision tree analysis, modeling and simulation) and expert judgement. The result of this stage of risk management process is the next update of the risk register. The register is supplemented with a probabilistic analysis of the project, the probability of achieving cost and time goals, a list of measured quantitative risks classified by relevance, and trends characterizing quantitative risk analysis results [12,22].
PRINCE2, as in qualitative analysis, offers only two tools for quantitative analysis. These are the probability trees and the monetary value worked out. In addition, risk models, such as Monte Carlo analysis, are recommended during the evaluation. Similarly to qualitative analysis, quantitative analysis is also used to supplement and update the Risks Register [12].
JASPERS recommends quantitative analysis of risk factors based on probability distributions. These can be compiled according to Annex "R" to the Blue Book, which provides a list of historical data that will be needed to properly analyze. After obtaining probability distributions, the methodology recommends using the Monte Carlo method or other simulation method [17].
As with the qualitative analysis of risk factors, the first two methodologies propose a similar, very broad approach in quantitative risk analysis. Moreover, the choice of parameters and characteristics to be taken into account in the analysis leaves the decisions of the employees involved in project management. JASPERS, however, makes it very clear what inputs are needed to perform a meaningful quantitative evaluation using the selected simulation method.

Planning risk responses
PMBOK defines qualitative risk analysis as "the process of developing options and actions to enhance opportunities and to reduce threats to project objectives" [11]. Methodology proposes four tools that can be applied at this stage: strategies for threats (avoidance, transfer, mitigation), strategies for opportunities (use, access, reinforcement), threats and opportunities strategies (acceptance), contingent response strategies and expert judgement. Thanks to the strategies used, an updated risk register and a project management plan are developed as well as contractual risk agreements [11].
PRINCE2 presents potential responses to risk factors in tabular form (for threats: avoidance, reduction, reserve plan, transfer, acceptance; for threats or opportunities: sharing; for opportunities: use, reinforcement, rejection. In addition, it requires that the owner and the contractor assign risk responses to the individual factors [12]. JASPERS also includes the proposed responses to project risk. Unlike the previous two methodologies, the Blue Book sets out only countermeasures for threats (prevention, limitation, transfer and tolerance). There is no information about responding to opportunities [17].
In conclusion, the first two methodologies describe the topic of responding to risk factors very broadly. They anticipate reactions both to threats and to opportunities. JASPERS methodology is limited to responding to threats only.

Monitoring and controlling risks
PMBOK defines monitoring and controlling risks as "the process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project" [11]. Methodology proposes the following tools and techniques for monitoring and controlling risk factors: risk reassessment, risk audits, variance and trend analysis, technical performance measurement, reserve analysis and status meetings. Thanks to used tools and techniques there are developed: risk register updates, organizational process assets updates, change requests, project management plan updates and project document updates [11,22].
PRINCE2 recommends, first and foremost, extensive communication and reliable reporting, based on which decisions are made to correct previous assumptions. The reports listed in the methodology are: Control Point Reports, Periodic Reports, Stage Final Reports, Project Final Reports, and Experience Reports [12]. JASPERS does not impose or recommend any standards for the monitoring and control of risk factors. It is limited to suggesting the development of brief descriptions of monitoring procedures and templates of protocols [17].
The broader issue of monitoring and control of risk factors has been developed in the PMBOK methodology. PRINCE2 is limited to the list of documents (including sample examples) to be prepared during the implementation of the project. The least recommendations on the topic include the JASPERS method, which is limited to just a few sentences suggesting the development of appropriate procedures.

Tabular comparison of methodologies
In order to increase the transparency of the analysis from third point, the authors decided in a synthetic way to present the results of their work in tabular form. With this approach, the decision-making process associated with the choice of methodology for the various stages of risk management is facilitated. The plan provides a solid foundation for further risk management and allows for the adaptation of the methodology to the project. Time-consuming.

P 2
Analysis of documentation.

Risk Management
The Strategy provides a solid foundation for further risk management and allows for the Time-consuming. Strategy.
adaptation of the methodology to the project. J None. None. Saving time.

M Tools and techniques Outputs Advantages Disadvantages
P M Documentation reviews, information gathering techniques, checklist analysis, assumptions analysis, diagramming techniques, SWOT analysis, expert judgement.
list of identified risks, list of potential responses, root causes of risks, updated risk categories.
The described tools allow for a very thorough development of the problem.
All factors should be identified from the beginning. There is no initial list with risk factors.
Risk workshop. Risk register.
The described tools allow for a very thorough development of the problem All factors should be identified from the beginning. There is no initial list with risk factors.

J
None.
A ready-made list of risk factors is provided.
Saving time.

P M
Risk probability and impact assessment, probability and impact matrix, risk data quality assessment, risk categorization, risk urgency assessment and expert judgement.
Risk register updates.
The described tools allow for a very thorough development of the problem. Time-consuming.

P 2
The Pareto principle and the probability / impact matrix.
Completed and updated Risk Register.
The described tools allow for a very thorough development of the problem. Time-consuming.

J
Tables that provide ready-to-use compartments to qualify individual risk factors.
Feedback on the potential impact of each factor.
Saving time.
It may be necessary to use tools from another methodology for further analysis. Ready-made materials make it easy to get input to develop probability distributions.
Requires historical data. It may be necessary to use tools from another methodology for further analysis. Assignment to the each factors: reaction, owner and contractor reaction.
The recommendations concern both opportunities and threats.  It is necessary to use tools from another methodology for further analysis.

Summary and conclusions
Railway investments are large in scope. This causes high investment costs. The high costs generate the need for reliable management of risk factors. There are many methodologies that allow the management of rail projects and, therefore, risk factors. Some methodologies are universal, and their approach to project management is very broad. Thanks to that, they have very great adaptability to various projects. Unfortunately, this involves additional time, money and human resources. Other methodologies are dedicated to specific issues. Their scope is much narrower, but they often have ready-made solutions to streamline the management process.
In the analyzed case of railway constructions, it is best to base on the methodology of the JASPERS Blue Book and complement it with tools offered by the other two methodologies. Proposed solution, will allow for significant time savings, and what is associated with it, also costs savings. In addition, the areas described in the JASPERS Blue Book insufficiently can be supplemented by tools from PMBOK or PRINCE2. This creates a complete risk management project for the railway investments while minimizing the time, cost and human effort required.