Tools for development business
This guide is designed to be used in conjunction with the FORGE Property Development Risk Register, a comprehensive Excel template for identifying, assessing, and mitigating development risks. The risk register includes pre-built categories and fields to capture critical risk information and mitigation plans. It also features automated risk scoring and reporting to help you understand your project's risk profile at a glance.
In addition, the second sheet of the template provides over 120 examples of common risks across different categories such as market, financial, construction, and political/legal. These concrete examples can help spark thinking about the specific risks your project may face.
You can download the FORGE Property Development Risk Register here.
Effective risk management is crucial for the success of any property development project. With so many moving parts and potential uncertainties, having a robust process for identifying, assessing, and mitigating risks can make the difference between a project that thrives and one that struggles.
At the heart of this process is the risk registry - a comprehensive tool for documenting and tracking risks throughout the project lifecycle. In this guide, we'll walk through each component of a well-crafted risk registry, with a particular focus on property development. Whether you're a seasoned project manager or just getting started in the field, understanding how to build and utilize a risk registry is an essential skill. Let's dive in.
A risk registry is typically set up as a spreadsheet or database, with each risk captured as a separate row and various attributes logged in the columns. Here's a detailed look at the key fields you'll want to include:
Every risk needs a unique identifier for easy reference and tracking. A simple scheme is "R-001", "R-002", etc. This ID will stay with the risk throughout the project.
Risks can emanate from many different areas.
Categorizing them helps with analysis and assignment. Key categories for property development include:
This is the heart of the risk registry entry. The description should be specific, detailed, and clear about cause, event, and impact. Use a risk metalanguage such as: "Due to [cause], [event] may occur, leading to [impact]."
For example: "Due to the presence of contaminated soil on the site (cause), remediation may be required (event), leading to increased costs and schedule delays (impact)."
Risks can represent threats or opportunities.
Classifying the type guides the subsequent response strategy. Dropdown options would be:
These are warning indicators or events that signal a risk may be about to occur or is increasing in likelihood. Identifying potential triggers allows the team to be proactive. Examples could be certain market movements, missed milestones, stakeholder complaints, etc.
Digging into the underlying drivers or root causes of a risk is key to effective mitigation. There may be multiple contributing causes. Some examples across different categories:
Technical Root Causes
Financial Root Causes
Stakeholder Root Causes
You can download the FORGE Property Development Risk Register here.
The likelihood of the risk event occurring is rated on a scale of 1-5:
The team will need to use a combination of historical data, expert judgment, and scenario analysis to determine probability. As the project progresses and more information becomes known, the probability rating should be regularly revisited.
When we talk about the Impact of a risk in a project context, we're essentially asking: "If this risk comes to pass, how much damage could it cause?" Impact is our way of sizing up the potential negative consequences of a risk event.
Assessing Impact means donning our forecasting caps and envisioning worst-case scenarios. We have to probe the risk from all angles, considering how it might affect our project's key success criteria. Some common dimensions to consider are:
As we dig into these kinds of questions, we start to build a vivid mental picture of the risk's "worst-case" impact. It's not always a pleasant exercise, but it's a crucial one for making informed decisions about where to focus our risk management efforts.
To make these Impact assessments more consistent and comparable across different types of risks, many project teams adopt a standardized rating scale. A typical one looks like this:
Let's make this concrete with an example. Imagine we've identified a risk around a key vendor potentially missing a delivery deadline. As we play out the scenarios, we determine that in the worst case, this could set our schedule back by 2 weeks, increase costs by 15% due to rush charges, and slightly reduce the scope of our final product. All undesirable outcomes, to be sure, but likely not project-ending. So we might rate this risk a 3 (Moderate) on the Impact scale.
Now, it's important to understand that predicting future Impact is an inexact science at best. We're making informed guesses based on the best information available to us at the time. As our project unfolds and new information comes to light, we'll need to regularly re-evaluate and update our Impact ratings. It's an iterative process of continual refinement.
The payoff of all this Impact assessment work is better prioritization and focus. With a clear-eyed understanding of each risk's potential severity, we can train our attention and resources on mitigating or preparing for the heaviest hitters. Which brings us to the concept of Risk Scores.
The Risk Score is all about boiling down our risk analysis into a single, easily understandable number that conveys the overall priority level of each risk. It's calculated by multiplying the Probability and Impact ratings:
Risk Score = Probability x Impact
So in our vendor example, if we had assessed the Probability of the risk occurring as a 4 (Likely), then the Risk Score would be:
4 (Probability) x 3 (Impact) = 12 (Risk Score)
You can think of the Risk Score as a kind of "risk thermometer" - a quick way to gauge the severity of each risk relative to others. Risks with higher scores generally demand more immediate attention and more robust response planning.
So why multiply Probability and Impact instead of, say, adding them? It comes down to accurately representing the outsized importance of high-impact risks. Consider two risks:
If we added instead of multiplying, Risk A would score a concerning-sounding 6, while Risk B would score an innocuous-seeming 2. But I think most of us would agree that Risk B is the bigger threat, despite its lower probability, because of its catastrophic potential impact. The multiplicative Risk Score captures this crucial insight.
Many project teams take the Risk Scoring a step further by color-coding scores into intuitive "heat map" categories:
This color mapping makes it easy to quickly eyeball a long risk register and spot the most alarming risks at a glance - a helpful communication tool when time is short and stakeholder attention is fleeting.
Now, a high Risk Score doesn't necessarily spell doom, nor does a low score give us permission to simply ignore a risk. Scores are a critical input into our risk response decisions, but they're not the whole story. Low-scoring risks still need to be monitored (their ratings may change!), and even towering risks can often be brought down to size with the right game plan.
As project managers, our role is to look beyond the raw numbers, consider the wider context, and ultimately chart the smartest course through the risk landscape. The humble Risk Score is an indispensable tool in that ongoing strategic journey.
You can download the FORGE Property Development Risk Register here.
Every risk is assigned an owner who is responsible for monitoring that risk and implementing the agreed response actions. The owner should have the knowledge, influence, and resources to effectively manage the risk. Typically the owner would be the project manager, a functional lead, or a subject matter expert, depending on the nature of the risk.
The primary approach for handling the risk is selected from a set of options:
The selected strategy will guide the subsequent action planning.
These are specific actions designed to reduce the likelihood and/or potential downside consequences of the risk event. They are proactive measures taken in advance. Examples include:
Each action should have a clear owner and timeline.
These are pre-planned actions that will be taken if and when the risk event is triggered, in order to minimize the impact. They are reactive responses to limit the damage. Examples include:
Having these "Plan Bs" ready to go can significantly improve the project's resilience.
The status field tracks where the risk is in its lifecycle:
This timestamp records when the risk registry entry was last modified. It's an indicator of how actively the risk is being managed and how current the information is.
Building the risk registry is an important first step, but the real value comes in putting it to work:
In property development, risk is an ever-present companion. But with a robust risk registry and an engaged team committed to proactive risk management, it's a companion that can be understood, planned for, and even turned into an advantage.
You can download the FORGE Property Development Risk Register here.
The key is systematic and continuous application of proven practices: diligent identification, objective assessment, proactive planning, clear ownership, and disciplined follow-through. By embedding these practices into the fabric of the project, property development leaders can steer their projects - and their organizations - towards consistent success.
Remember, the risk registry is not just a static document or a box to be checked. It's a dynamic tool for navigating uncertainty and driving better outcomes. Embrace it as such, and watch your project's resilience and performance soar.
