Network Theory-Based Analysis of Construction Project Risks

Because of their specific and complex characteristics, construction projects are exposed to numerous risks of various natures, which make their management more difficult. In this setting, Project Risk Management is an indispensable activity for their successful delivery. It consists in the risk identification, assessment, prioritization, treatment, monitoring and control. This paper presents a novel approach for the identification of construction project risks and a network theory-based methodology for their modelling and analysis. These models serve as a powerful tools comparing to classical methods and provide a support for decision-making regarding Project Risk Management. A case study of a real construction project is used to illustrate these findings.


Introduction
Construction projects are facing a growing complexity, in both their structure and context due to many features: (1) The variance of stakeholders involved during the project lifecycle, with different visions, simultaneous actions, and sometimes conflicting objectives (Walewski & Gibson, 2003).
(2) The dynamic of system due to the strong influence of environment (ground, weather, etc.) and interactions required with different stakeholders.
(3) Prototypical character of the works due to the difference in site and physical environment.
(4) Project's delay, which increases the likehood of undesirable events that impact its performance (change of standards, evolution of objectives, economic, political and social constraints ……) (Raftery, 1999).
To deal with these constraints, risk management is a systematic way of looking at areas of risk and consciously determining how each should be treated.It is a management tool that aims at identifying sources of risk and uncertainty, determining their impact, and developing appropriate management response (Uher, 2003).It also leads the project manager to identify favorable alternative actions, increase confidence in achieving project objective, improve chances of success, reduce surprises, give more precise estimates (through reduced uncertainty) and reduce duplication of effort (through team awareness of risk control actions) (Bannerman, 2008).
A novel method is proposed in this paper to facilitate the risk identification process.The proposed method is intended to aid the risk management team to investigate the different risks which may be involved in construction projects.Then, a network theory-based methodology is presented for the modeling and analysis of project risks and their interactions.This analysis assists project managers to evaluate the risks depending on their interactions and then to simulate the global behavior of the project.
The remainder of the paper is organized as follows: section 2 presents the relevant approaches used for the risk identification and the new method proposed for the case of a construction project.Section 3 describes the network theory and its application for the risk assessment.A case study of a real construction project is presented in section 4 to test the availability of the proposed approaches.Section 5 follows with a conclusion and provides the perspectives of this work.

Literature Review
The risk identification phase consists on a systematic search for initial causes that could defeat the project objectives (Verdoux, 2006).It is an important step in the risk management process.In fact, the absence of risk identification can push the project manager to operate in a reactive mode by draining important resources to mitigate the impact of unwanted outcomes.Also, there are the identified risks that will be assessed and monitored.Then, the success of a risk management process depends on the quality of this first phase (Chapman, 2001).
However, the project risk identification is a delicate task whose difficulty is due to the inaccessibility of information.In fact, the listing of project risks is an extrapolation task based in the anticipation and imagination of situations that can threat a project (Benaben, Gourc, Villarreal, Ravalison, & Pingaud, 2004).Its difficulty is also related to the common practice of applying risk management in the beginning of the project that is a drafting stage when the schedule is still a prototype (Villarreal, 2005).Chapman and Ward (2003) stated that risk identification is both important and difficult and calls for creativity and imagination.They recommended the directed-thinking approach that stimulate imaginative thinking and draw on the experiences of different individuals such as interviewing, brainstorming and decision conferencing.In addition to these methods, some other techniques based on group decision making could be used for the risk identification as: pin card, Gallery, Battle-Belmuden-Brainwriting (BBB), Collective Note Book (CNB) and Nominal Group Technique (NGT) (Makui, Mojtahedi, & Mousavi, 2007;Mojtahedi, Mousavi, & Makui, 2008).
Moreover, other alternatives were proposed to identify risks such as risk typology (Verdoux, 2006).In this setting, different classifications of risk have been developed over the years.A classification taking into account the nature, origin and impact of risks in the elements of the project was suggested by Courtot (1998) that classifies the risks following their: (1) Nature: technical, financial, human, organizational, managerial (2) Origin: country, customer, product, supplier, government (3) Consequences: customer dissatisfaction, abandoning project (4) Detectability: the ability to predict the risk occurrence (5) Controllability: selected or incurred risks Many other approaches have considered the source of risk as the most important criterion when classifying risks.In fact, AFNOR (2003) distinguished internal risks associated to endogenous project processes and external risks associated to exogenous processes.The proposed typology is structured as follow: (1) Internal risks: management, social/organizational, design techniques, contractual or operations/maintenance (2) External risks: political/strategic, legal/juridical, industrial policy, security, financial, media, external technology or technological evolution Project Management Institute PMI (2004) suggested four classes of risks: (1) Technical risks related to the used process and technology (2) External risks due to the business environment of the project, the market situation and the customers and suppliers' relationships (3) Corporate risks arise from the project organization such as available resources, the project priority and its interdependencies with other projects (4) Risks related to project management Miller and Lessard (2001) classified risks into three categories: (1) Market-related risks derived from the markets for revenues and financial markets (2) Completion risks came from technical designs or technologies employed, construction cost and time overruns and operational problems (3) Institutional risks arised from laws and regulations, opposition from environmental and local groups, and government bodies wanting to renegotiate contracts Within the broader context of construction projects, several studies have been conducted to define a risk taxonomy adapted to their specifications.
In this sitting, Thompson andPerry (1992) distinguished technical, legal, natural, logistical, social, economic, financial, commercial andpolitical risks. Baloi (2003) categorized the construction project risks into static/dynamic, acceptable/unacceptable, internal/external, positive/negative, individual/collective and insurable/uninsurable.Zeng (2007) classified risks as human, site, material and equipment risks.Rezakhani (2012) proposed a specific classification where the project risks are decomposed into external risks, operational risks, risks related to project management, risks related to engineering and financial risks.
Besides the source criterion, some researches have focused on the project aspect for the risk classification.In this context, Desroches (2003) classifies risks into eight areas related to project management: (1) Expression of needs and their specifications  Williams (1995) proposed a typology that characterizes the risks according to the project progress.He divides them into two sections, those related to the project study and to project execution: (1) The study phase: the associated risks can be either internal risks caused by the vagueness of some tasks, ambiguity of objectives, inconsistency of specifications, poor planning of material and human resources or external risks such as political risks, risks of commercial obsolescence, regulatory risks and risks related to relations with subcontractors, external partners and customers.
(2) The implementation phase: it includes the risks derived from the project dysfunctions (rules and procedures of project management, system of monitoring and controlling) and the risks due to a late detection of problems or to a misdiagnosis of the situation.

The TRI Approach of the Project Risk Identification
The typologies presented above can be grouped into two sections: (1) "Risk" oriented approaches (Courtot, 1998;AFNOR, 2003;PMI, 2004;Miller & Lessard, 2001;Thompson & Perry, 1992;Zeng, 2007;Rezakhani, 2012) that take the project as a single entity and focus on the intrinsic characteristics of risks.
These approaches may have limitations in the case of a construction project but complement one another for exhaustive risk identification.
An effective risk identification process must also involve stakeholders influence.They are defined as any group or individual who can affect or is affected by the achievement of the organization's objectives (Freeman, 1984).The Figure 1 defines the stakeholders involved in a construction project and their different interactions.Let EXIST_R a function whose parameters are the three elements s, t and p.It returns "1" if a risk is identified according to this triplet and "0" if it is not identified.
Let also ADD_R the function defined by: Where R is the global set of risks.
The TRI method is then defined using the following function: The outcome of this method is a threedimensional framework that lists and classifies the different risks related to the studied project.It allows the project manager to detect the critical risk owners that must be overseen and monitored, to identify the project phases presenting a risk concentration and then to define another type of project critical path analysis.

Identification of Risk Interactions
Most researches related to the risk management use the assumption of risks independence.This assumption, interesting for the generated simplifications, does not reflect the reality of the projects (Nguyen, 2011).In fact, most of the methods use lists, as if they were independent, in order to prioritize them, to assign them to risk owners and to group them into smaller clusters (Marle, 2010).
To represent the risk dependencies through a network, we must first identify the risk interactions that consist on determining the cause-effect relationship between them.For that, we use the Risk Structure Matrix (RSM), which is a binary and square matrix with entry RSMij=1 when there is a relation-ship link from Ri to Rj and 0 else (Marle & Vidal, 2008).This matrix is based on the principle of Design Structure Matrix (DSM) (Steward, 1981) that has proved to be a practical tool in project management for representing and visualizing relations and dependencies among system components.

Network Theory Based Analysis of the Risk Assessment
The graph theory was born in 1736 when Euler proved that it was impossible to cross all the seven bridges in the Konigsberg city only once and return to the starting point.It is a mathematics field that has also developed in various disciplines such as chemistry, biology, social sciences and industrial applications (Levorato, 2008).A graph is generally used to represent the structure, connections and possible paths of a complex set using nodes and links connecting them together.
To define the importance of project risks and their interactions, we will use some properties of topological analysis.
For this, we define the graph G={V, E} representing the topological structure of the risk network, wherein V={1, 2,..., N} is the set of nodes representing the identified risks and E={e ij }.The set of links defined by the RSM established.

The Network Density
The network density refers to the proportion of actual links presenting within a network to the maximum number of potential links if all network nodes are interconnected with each other (Chinowsky, Diekmann, & Galotti, 2008).The network density is measured by equation 1:

D=E/[N(N-1)] 1
The network density ranges between 0 and 1.The higher the density, the more dependencies are between risks.So, the denser a network is, the more difficult is the risk criticality analysis.

Source Risk, Well Risk and Hub Risk
The activity degree of a risk is the number of its outgoing arcs while the degree of passivity corresponds to the number of its incoming arcs (Kreimeyer, 2010) (Fang, Marle, & Zio, 2012).These measures provide information about the local connectivity of risks.
Based on these concepts, we can classify risks into three categories: • Source risk: a risk which has Deg a ≠0 and Deg P =0 • Well Risk: a risk which has Deg a =0 and Deg P ≠0 • Hub risk: a risk which has Deg a ≠0 and Deg P ≠0 This classification allows the risk manager to decide on the risks that should be given priority based on their local dependencies.
To refine this decision, we use the notions of closeness centrality and betweenness centrality and define the notion of importance level.

Closeness Centrality
The notion of closeness centrality measures the degree to which a point is close to all other points in the graph (Freeman, 1979).
For its calculation (Sabidussi, 1966) proposed to measure the centrality of a point by summing the geodesic distances from that point to all other points in the graph that is a measure of point decentrality or inverse centrality since it grows as points are far apart.So, the closeness centrality of a risk i is defined using the equation 2: To overcome the complexity of calculations related to this formula, a more general form called residual closeness is defined by Dangalchev (2006) using the following equation: In a risk network, a high value of risk closeness means that risks linked to it tend to be connected by short dependency paths and the shorter a connection is, the more direct the impact becomes.The most central risk according to closeness centrality can quickly interact to all others risks and constitutes a key passage for risk propagation.

Betweenness Centrality
The betweenness centrality of a node is defined as the proportion of all shortest paths between pairs of other nodes that include this node.It is used to measure to what extent a node can play the role of intermediary in the interaction between the others (Wambeke, Liu, & Hsiang, 2012).It quantifies the number of times a node acts as a bridge along the shortest path between two other nodes (Kanno, 2015).
In a risk network, a node with high betweenness centrality influences the propagation speed through the network.
If this ratio after normalization is close to 1, then, this node acts as a bridge along most of the shortest paths connecting two risks in the network, whereas if it is close to zero, this implies that this node has no influence in the risk propagation.
The betweenness centrality is measured using the following equation: Where d (j,k) is the number of shortest paths between the risks j and k and d (j,k) (i) is the number of shortest paths between risks j and k, along which the risk i acts as a bridge.
The betweenness centrality increases with the number of vertices in the network, so a normalized version is often considered with the centrality values scaled to between 0 and 1. Betweenness centrality can be normalized by dividing its value by the maximum value that is (N-1) (N-2) (Kumar, Balakrishnan, & Jathavedan, 2014).In this way, the betweenness centralities of nodes denote the number of pairs of risks they lie between.

Importance Level of Risk
The Efficiency is an index that aims at identifying important nodes.It is used to evaluate and measure how efficiently a node exchanges information with other nodes (Latora & Marchiori, 2001).
This notion is inversely proportional to the geodesic distance and calculated according to the following formula: Where N is the number of risks, d (i,j) the geodesic distance between two risks i and j and E is the overall efficiency of the network.
In the case of a risk network, we will associate the overall efficiency of the network to the global propagation rate of project risks.The importance level of a risk is then evaluated according to its removal effect on reducing this rate.
For this, let the variation of propagation rate defined by the following equation: Where E (i-1) is the global propagation rate of project risks after removal of the risk i and ΔE (i) is the drop of global propagation rate normalized by E (i).
The following algorithm describes the methodology proposed to define each risk effect on the value of E: Function Risk_Effect (G) End For

End Function
Finally, an importance level is assigned to each risk i following the decreasing classification of ΔE (i) according to the table below: Table 1.Assignment of ranking to risks according to Importance level

Case Study: An Electrification Project
To demonstrate the presented approaches, we propose a case study of a real construction project.

Case Study Background
The studied project concerns the construction of a medium-voltage power line entrusted to a company specializing in electrical installations based in Morocco.This study focuses to the risks related to the implementation phase of this project.
Figure 3 presents the flowchart related to this phase.The objective is to identify and assess the risks that could affect the implementation phase using the approaches presented in sections 2 and 3.
The team leading this mission consists of: the Technical Director, the Project Manager, the Head of Purchasing and Logistics, the Quality Manager and the works foreman.
We have assumed the role of Risk manager who will lead and guide the implementation of this method.

Risk Identification
Using the TRI method, we identified the 23 risks threatening the project objectives.where: R1 The first step in the risk assessment is the definition of risk interactions that allow defining the structure of the risk network.We present below the obtained RSM matrix: Table 3.The RSM matrix From this matrix, we construct the risk network presented in Figure 4.The risk network is composed by N=23 nodes and E=34 edges.Its density is equal to 0.07 and the number of edges is of the N order showing that the graph is sparse.
(2) Source, well and hub risks: By analyzing the local connectivity of risks, we obtain the results displayed in Figure 5.The average degree of the graph is 2.96, implying that every risk is connected to 3 risks on average.So, the local connectivity of the graph is not significant.It is also found that the risk network consists of 11 source risks, 8 hub risks, 3 well risks and one unconnected risk.
The risk R21 (lack of coordination between project participants) has the highest activity degree of 5 which means that the occurrence of this risk affects directly the probability of occurrence of the five risks: R5 (materials not accepted by the client), R9 (lack of scheduling), R11 (delay in the acceptance of excavations), R12 (mistake in the grid picketing) and R14 (long cadence of the execution team).It is therefore a critical node in the risk network.
The well risk R14 (long cadence of the execution team) has the highest passivity degree of 12, meaning that it has 12 immediate predecessor risks.This position makes it more difficult to control.In fact, as this risk can be the result of many parameters, its mitigation is related to the control of the twelve predecessor risks which can be resource intensive.
(3) Closeness centrality: Using Eq. 3, the residual closeness centrality of the 23 identified risks is calculated.The Figure 6 shows the obtained results.We see that the top five nodes with the highest closeness centrality are R21 (lack of coordination between project participants), R16 (equipment Failure), R4 (out of stock), R22 (high performance or quality expectations) and R23 (low management competency of subcontractors).They constitute key passages for risk propagation and must be treated with preventive actions in order to block their effect on the other risks.
(4) Betweenness centrality:  As illustrated in this graph, eighteen risks are invisible because their betweenness centralities are zero, which means that they do not play the part of intermediary in the interaction between other risks.R17 (contractor's cash flow problem) has the highest betweenness centrality with the value of 12.This indicates that the largest number of shortest paths from all risks to all others pass through this risk.Then, it can directly lead to quick propagation through the network.In fact, the cash flow problem can block the project progress and thereby generates many additional risks.
(5) Importance level: The importance level of risk calculated using the function Risk_Effect (G) is displayed in Table 4.As seen in this table, risks with the highest importance level such as R17 (contractor's cash flow problem) and R14 (long cadence of the execution team) causes the highest drop measure of the propagation rate.These risks should then be treated with caution, mainly with preventive or confinement actions (multiplying the funding sources, strengthening resources …).

Conclusion
In this paper, we present an original method for the risk identification and a network theory-based methodology for their modelization and analysis.The outcomes of this analysis provide a qualitative vision to the project manager about the risks assessment with respect to their role in the network behavior.A realistic application on a construction project is performed to illustrate these findings.
Future works will focus on the validation of this exploratory qualitative analysis by a confirmatory quantitative approach based on the notion of weighted criticality considering the "snowballs" effect of the risk propagation.
Technical and operational performance (8) Users and operating sites Figure 2 sh and projec FUNCTION IDENT_R (A, T, P) R = {} for each a ϵ A do for each t ϵ T do for each p ϵ P do while EXIST_R(a, t, p)

Figure 3 .
Figure 3. Steps for the implementation phase of the project

R15
not accepted by the client R6: Unavailability of sufficient amount of skilled labour R7: Hardness of the ground R8: Non compliance of the delivery time R9: Lack of scheduling R10: Unsuccessful concrete batch control R11: Delay in the acceptance of excavations R12: Mistake in the grid picketing R13: Opposition to the passage on a land owned by a third party R14: Long cadence of the execution team respect for the rules of the art R21: Lack of coordination between project participants R22: High performance or quality expectations R23: Low management competency of subcontractors 4.3 Risk Assessment 4.3.1 Construction of the Risk Network

Figure 4 .
Figure 4. Structure of the project risk network (G)

Figure
Figure 5. Diagram of risks degree

Figure 6 .
Figure 6.Residual closeness centrality of the risks

Figure 7
Figure 7 displays the betweenness centrality values of the 23 risks.

Figure 7 .
Figure 7. Betweenness centrality of the risks

Table 2 .
Table 2 presents the obtained list.List of the identified risk

Table 4 .
Importance level of the risks