From the moment we come into the world, we are faced with different risks and so is the case with infrastructure projects. This is why it is crucial to identify risks that may arise throughout your life and to make informed decisions based on that information.

In this regard, it is essential look to the past, identify risks, characterize and evaluate them in order to make the best decisions. This involves setting benchmarks and defining the future objectives of the project. Only then can we use the information obtained from the identified risks to make better decisions and move forward with confidence.

Often, however, risk matrices are used statically, simply to meet a requirement, rather than being used as clear information, support and monitoring tools for decision-making.

‍

Why is risk management important for infrastructure projects?

‍

To understand risk management from a project perspective, it is important to take into account the basic information, the existence of laws, decrees and various guidelines. Although these elements do not constitute the only basis for our management, they are important both for their foundation and for the different approaches we can adopt. Law 1523 of 2012 and Decree 2157, for example, give us an approach to risk management from a global point of view of the country, the importance of risk management, its meaning and definition in terms of disasters, which due to exogenous or endogenous threats to the project can be generated by certain vulnerable elements. On the other hand, ISO 31000 gives definitions of management comprehensive risk assessment, the way in which information, analysis, review, control and feedback should be conceptualized. And NTC 5254 also gives some definitions and different methodologies for risk assessment. Starting from the standards, it is necessary to emphasize the differences that may arise in infrastructure projects. For this reason, it is essential to highlight two specific approaches, although there are many others, which are summarized in the following table:

Figure 1 shows the common differences between risk management for project continuity and disaster risk management. Both approaches are of vital importance in infrastructure projects, even if they have different stakeholders, characteristics and evaluation objectives are different, but, in the end, their main objective is always to monitor, reduce and contain risks. In this context, it is crucial to highlight the importance of risk management in infrastructure projects, especially with regard to business continuity, in how the management carried out becomes a fundamental ally when making a decision with a high impact on the Project. From the very conception of any project, solid risk management based on own information and knowledge, and in line with available guidelines and methodologies, is required. Therefore, it is essential to consider the following risk management flow for each stage of the project:

Figure 2, based on ISO 31000, presents an effective flow for risk assessment. It all starts with understanding the objectives of the project and its context, and gathering the relevant information. Then, the scenarios for the current phase and potential stages of the project are identified, and each one is characterized in order to assess the associated risks. Once the scenarios are properly characterized, it is important to determine the treatment that will be given to the risk and to identify the controls or recommendations necessary to maintain, avoid, contain or transfer the risk. The treatment of each of the risks will determine the importance of risk management in infrastructure projects. Therefore, it is necessary to be aware of what types of controls exist and what treatments to establish.

The different controls required in each project, and the type of treatment appropriate for each of the risks identified, establish a clear line for decision-making in projects. Without this information, it becomes difficult to monitor the project and it becomes even more difficult to achieve the expected results. Therefore, it is crucial to carry out good risk management in the project, following methodologies and maintaining a clear approach. However, the most important thing is to evaluate the risk, as mentioned by Knight (1921): “If agents assign subjective probabilities, then they make consistent choices.”

‍In short, and answering the initial question, the importance of risk management lies in the fact that a good evaluation makes it possible for the project's actors to make the right decisions.

‍

Conclusions and recommendations

• Risk management goes beyond creating a risk matrix, simply identifying and listing potential risk scenarios. This is a dynamic process that requires continuous monitoring of risks and seeking ways to mitigate them or reduce their impact (residual risks).
• The optimization and studies of infrastructure projects are more efficient with the implementation of clear risk management from the initial stages of conception.
• Risk management, its results and continuous monitoring, should serve as a valuable tool for decision-making.