.svg)
What is a Risk Register in the Building Maintenance Industry?
In every building, potential risks can lurk around every corner. With equipment, jobs and even lives on the line, these risks cannot be overlooked.
By using a risk register, you can effectively identify and manage potential hazards to safeguard your building and its occupants. It can also provide opportunities to make informed decisions that can create greater value for the organisation.
SFG20, the industry standard for building maintenance specification since 1990, are committed to upholding building safety and compliance. We want to arm you with the best possible tools and resources you need to succeed – tools such as guides like the one you’re reading right now.
Below, you’ll find a clear explanation of the definition of a risk in the building maintenance industry, what a risk register is, as well as different risk resolution strategies.
What Defines a “Risk” in the Building Maintenance Industry? 
Historically, the term “risk” has been given a negative connotation due to its heavy use in Health & Safety activities.
It’s about identifying the likelihood that a negative consequence will occur from a particular hazard and assessing the severity of its impact in causing loss of life, injury or other health impacts, property damage, operational and economic disruption or environmental degradation.
According to the New Rules of Measurement (NRM) as set out by RICS, "risk" in the building maintenance industry is defined as “a probability or threat of liability, loss or any other negative occurrence that is caused by external vulnerabilities, errors, or oversights and that may be avoided by pre-emptive action.”
However, as stated in RICS professional guidance on the management of risk, risk management is now widely recognised as being concerned with both threat and opportunity.
The international standard on Risk Management (ISO 31000) simplifies it further and talks about risk being the effect of uncertainty on objectives.
It highlights that objectives can cover many different aspects and categories, but risk is usually expressed in terms of risk sources, potential events, their impact/consequence(s) and their likelihood.
Failure to maintain a built asset is a threat, but undertaking Planned Preventative Maintenance (PPM) could lead to over-maintenance which makes it both an opportunity and a threat. Both are risks in different ways.
You and your organisation carry real risks by working from paper-based, out of date PPM guidance. It's why it’s so integral to follow PPM guidance from SFG20, the gold standard for building maintenance specification.
You can rely on our full-time team of Technical Authors who create and upkeep the SFG20 standard in line with current legislation, translating complex legislative information into actionable Planned Preventative Maintenance (PPM) schedules so you don’t have to.
Risk as an Opportunity
Risk is often viewed as a threat, potentially hindering goals, but it can also be an opportunity, presenting a chance to achieve more than anticipated.
Failing to undertake maintenance tasks might save you money, but if the asset fails, its cost to repair and any other consequential losses to the business might cost more than you saved, were the threat to materialise as an issue.
Technically, this is a Run-to-Failure approach, which only makes sense if the cost to the business is more to maintain it than it would cost to replace it (including the loss of revenue).
Risks can also present opportunities for positive outcomes, such as increased efficiency, cost savings, or even achieving goals faster than expected.
However, risks can also have a negative impact on business objectives, leading to potential losses, delays, or failure to meet targets.
Therefore, undertaking PPM will cost you money, but that mitigates the uncontrolled failure of the asset and all that ensues with the loss/denial of an asset. It is about managing risk to create optimum value.
If undertaking PPM extends the asset’s life beyond the expected life or Reference Service Life (RLS), this means that you can save yourself the cost of its capital replacement for the extra years of life and it may also make the asset more efficient to run.
What is a risk Register?
A risk register, also commonly referred to as a risk log, is usually kept as a digital document or within a database to identify, assess and manage risks.
Fundamentally, risk registers are an effective risk management tool used to understand the impact/consequence(s) of each potential risk and the probability of it happening.
From this, a risk rank/risk score can be determined followed by the production of a dedicated risk resolution action plan for each risk to prevent/reduce/promote its occurrence or impact.
If we just look at the negative aspects for the moment, risks with a high score that sit outside of the risk tolerance or risk appetite of the organisation will need to be prioritised with urgency, while those with a low-risk score can be monitored without a detailed risk mitigation action plan.
Each risk will need to be assigned to an appropriate team member (commonly known as a Risk Owner) who will be responsible for its associated monitoring and risk mitigation action plan.
It’s important to be aware that risk registers are not static documents, but rather ongoing, meaning they need to be constantly reviewed and updated.
What is Risk Appetite?
Risk appetite is defined as the amount and type of risk that an organisation is willing to take in order to meet their strategic objectives (i.e. the general level of risk you accept), and before any action is determined to be necessary to reduce the risk.
Risk appetite provides a framework which enables organisations to make informed management decisions.
By defining both optimal and tolerable positions, an organisation can clearly set out both the target and acceptable position in the pursuit of its strategic objectives.
The terms "risk appetite" and "risk tolerance" are often used interchangeably, however it's important to understand the difference.
Risk appetite encompasses an organisation's overall willingness to take risks, while risk tolerance sets precise boundaries and limits for acceptable risk levels within the broader risk appetite that the organisation can accept.
An organisation's appetite for risk should never exceed its actual tolerance for that risk to materialise and turn into an issue.
Organisations should also be very careful in stating they have the lowest level of risk appetite (Opposed or Averse in the examples below) as this means they are content to exhaust all of their resources to mitigate and remove the risk.
Invariably, most organisations do not have that level of resource and are willing to accept some risk.
The Benefits of Adopting a Risk Appetite
- Supports informed decision-making
- Reduces uncertainty
- Improves consistency across governance mechanisms and decision-making
- Supports performance improvement
- Focuses on priority areas within an organisation
- Informs spending review and the resource prioritisation processes
Risk Appetite Scale Example 1:
|
Risk Appetite |
Description |
|---|---|
|
Opposed |
Avoidance of risk and uncertainty is key objective. |
|
minimalist |
Preference for safe options that have a low degree of inherent risk. |
|
Cautious |
Preference for safe options that have a low degree of residual risk. |
|
Mindful |
Willing to consider all options and choose one that is most likely to result in successful delivery. |
|
Enterprise |
Eager to be innovative and to choose options that suspend previous held assumptions and accept greater uncertainty. |
Risk Appetite Scale Example 2:
|
Risk Appetite |
Description |
|---|---|
|
Averse |
Avoidance of risk and uncertainty in achievement of key deliverables or initiatives is key objective. Activities undertaken will only be those considered to carry virtually no inherent risk. |
|
minimalist |
Preference for very safe business delivery options that have a low degree of inherent risk with the potential for benefit/return not a key driver. Activities will only be undertaken where they have a low degree of inherent risk. |
|
Cautious |
Preference for safe options that have a low degree of inherent risk and only limited potential for benefit. Willing to tolerate a degree of risk in selecting which activities to undertake to achieve key deliverables or initiatives, where we have identified scope to achieve significant benefit and/or realise an opportunity. Activities undertaken may carry a high degree of inherent risk that is deemed controllable to a large extent. |
|
Open |
Willing to consider all options and choose one most likely to result in successful delivery while providing an acceptable level of benefit. Seek to achieve a balance between a high likelihood of successful delivery and a high degree of benefit and value for money. Activities themselves may potentially carry, or contribute to a high degree of residual risk. |
|
Eager |
Eager to be innovative and to choose options based on maximising opportunities and potential higher benefit even if those activities carry a very high residual risk. |
Types of Risk Resolution
Risk resolution/responses take the form of one or more of the following four options, regularly known as the 4Ts. These are:
Terminate (Risk Avoidance)
Where risks have such serious consequences to the organisation that they are totally unacceptable.
Risk avoidance measures might include looking at the whole system and redesigning it to ensure there is no chance that the risk can occur.
Treat (Risk Reduction)
Where the level of risk is unacceptable and actions are taken to reduce either the chance of the risk occurring or the impact of the risk should it occur.
Transfer (Risk Re-allocation)
Where the organisation who are managing the activity that creates the risk have no levers to mitigate, avoid or accept it. Their only alternative is to pass it to a party that does control the appropriate levers.
This may be a maintenance provider passing the risk back to the client organisation to “own” and identify resources to mitigate it.
Tolerate (Risk Retention)
Where the original/residual risk is within the risk appetite of the organisation, i.e. they are comfortable with it. The risk just needs to be monitored to ensure that it does not change for the worse.
Don’t Drag Out Your Risk of Non-compliance
Proactive risk management goes hand in hand with building safety compliance.
Reputational damage, financial penalties and even prison time are just a few of the serious consequences awaiting those who neglect their compliance responsibilities.
You can turn the complexities of facilities management into your strategic advantage with SFG20’s Ultimate Guide to Compliance in Facilities Management linked below which is filled with over 35+ years of industry leading expertise.
.svg){kind=small}
