Risk Maturity Model for Construction Organization

Risk Maturity Model for Construction Organization

Published by : http://www.ijert.org‌

International Journal of Engineering Research & Technology (IJERT)

ISSN: 2278-0181

Vol. 14 Issue 04, April-2025

B. Harish,

Student, Department of Building Engineering & Management, School of Planning & Architecture, New Delhi

Dr. Abhijit Rastogi

Assistant Professor, Department of Building Engineering & Management, School of Planning & Architecture, New Delhi

Abstract: The construction industry is pivotal to economic development, particularly in India, where large-scale projects are foundational to infrastructure growth. However, the sector faces inherent risks that can disrupt project timelines, budgets, and quality. Effective risk management is essential for addressing these challenges, yet current practices in Indian construction organizations are often unstructured and inadequately integrated into project execution. This research addresses this gap by developing a comprehensive Risk Maturity Model tailored for the Indian construction sector, so that the clients have a proper understanding of the risk management capability of the construction organizations prior to the award of contracts.

Keywords: Risk Management, Maturity model, Contractor capability, Construction Organization

INTRODUCTION

Risk management should be considered at earliest stages of construction project planning and risk assessment activities should be continued throughout a project. The processes should promote transparency and effective communication between the parties to facilitate effective and expeditious management of risks. Risk management is very crucial for any project to complete successfully without compromising on the quadruple constraints of scope, cost, schedule and quality (Yazid, Abdullah, & Hussain, 2014). According to (Walewski & Gibson, 2003), the key to any project's success is having a thorough awareness of the risks involved in it and implementing risk management in an efficient manner. Understanding the many obstacles to risk management and how to get past them is necessary for effective project risk management (Hwang, Zhao, & Toh, 2014). As stated by (Zou, Chen, & Chan, 2010), there are many reasons for a construction organization to develop and implement risk management systems with (1) it being a legal requirement as outlined by legal policies for organizations, (2) to cater to all construction projects with each being unique and complicated with numerous risks,

(3) to address the changing nature of risks over time which are compounded by changes in legislation, effects of related authorities and uncertain site conditions, (4) construction projects involving different construction techniques, various stakeholders with different skills and (5) inadequate risk management would lead to an ineffective use of time and money.

Various authors such as (Chapman & Ward, 2012), (Royer, 2002) in their books and (Serpell, Ferrada, Rubio, & Arauzo, 2015), (Zou, Chen, & Chan, 2010) have explained the need to review the risk management maturity. (Mafakheri, Breton, & Chauhan, 2012) mentioned that if an organization is highly matured in the management of identified risks events on projects, the consequence of the risk events on project performance

objectives will be reduced. Though construction organizations in India have risk management in place in the form of policies and templates, the importance of it and implementation is less or lost at site level practice due to challenges previously identified. Not all organizations are able to achieve the anticipated results from the risk management process, and their inability to execute the risk management process consistently and predictably over time could be the reason of this. One of the challenges being faced at this time then, is how to measure the capability of a construction organization to perform risk management effectively and how to help this organization to improve along time (Serpell, Ferrada, Rubio, & Arauzo, 2015). Maturity models are tools that show the way toward a more organized and systematic approach to conducting business, one that typically involves people, organizations, and procedures. (Loosemore, Raftery, Reilly, & Higgon, 2006) indicated that many organizations operate at different levels of maturity for different type of risks. Risk management maturity can be used to identify the strengths and weakest areas needed for improvement, to contrast them with a reference framework and actions can be taken to increase the performance (Hopkinson, 2011).

According to (Jia, et al., 2013), the analysis of RM processes in project management reveals a key issue on their quality. Thus, the use of effective tools and measures to deal with this process is important (Das, Rastogi, & Kumar, 2021). It is important for clients to have proper understanding of the risk management capability of the construction organizations prior to the award of contracts (Salawu & Abdullah, 2015) (Caiadoa, Lima, Nascimento, Neto, & Oliveira, 2016) and it could also guide the construction organizations in their bid-no bid decision. In the construction industry organizations, it is necessary to have a clear idea of their actual performance in risk management to define their objectives, specify processes, and manage progress in raising their risk management capabilities (RMRDPC, 2002) (Zou, Chen, & Chan, 2010). In the context of construction, companies need to implement the risk management consistently and systematically. While organizations may have developed sophisticated risk management systems, they have not fully imbedded it within its organizational behavior and practices. There is not a maturity model aimed at risk management in Indian construction to assess the level of this process according to the requirements of a management system and thus, applicable to companies of different sizes and market segments for proper understanding of them by clients.

RISK MANAGEMENT OVERVIEW

Barriers in Effective Implementation of Risk Management

The variation in perspective of stakeholders towards risk management and the variation in activities that made up existing models can be attributed to factors like country (socio-economic-cultural-political), project type and its delivery model / contract. This indicates that every nation or area has distinct objectives, and every business has unique interests, which ultimately, according to the author, influences the models that are proposed (Khursheed , Sharma , Paul , Alzubaidi , & Israilova , 2024). Based on the study conducted by author, it was concluded that there exist barriers to the effective implementation of risk management which could be categorized into 5 factors as seen in Table 1. To meet the project's goals, it is becoming more and more crucial for all parties

‌involved to implement a cooperative risk management plan (Loosemore, Raftery, Reilly, & Higgon, 2006) (Judson & Paul, 2022). (Jia, et al., 2013) and (Judson & Paul, 2022) states that the analysis of risk management processes in project management reveals a key issue on their quality. Thus, the adoption of effective tools and measures to deal with this process is crucial.

Table 1 Barriers to effective implementation of Risk Management (Author)

ORGANIZATIONAL RISK MANAGEMENT

In risk management it is essential to understand the terms capability and maturity. (Öngel, 2009) states that maturity can best be described to the business community by combining three different dimensions: action, attitude and knowledge. (CMMI, 2010) defines maturity as the "degree to which an organization executes processes that are explicitly and consistently documented, managed, measurable, controlled, and continuously improved. (Coetzee, 2013) states that the organizational risk maturity is in the determination of the quality and quantity of activities to be implemented in order to determine whether the risks are properly managed in accordance with the wishes of its board of directors and senior management, and if the process risk management is aligned with what is communicated with its stakeholders. According to (Doloi, 2009) contractor capability refers to the potential of a contractor to procure, mobilize and manage resources to execute a project with acceptable standard, time and budget. (Zou, Chen, & Chan, 2010) mentioned that risk management maturity reflects the sophistication of an organizations understanding of its risk portfolio and how to manage those risks as well as the internal business continuity systems needed to cope with and recover from their eventuality. (Siqueira, 2005) mentioned that the maturity of an organization is linked directly to processes and efficiency with respect to fulfilling it. The author points out that the company's management maturity has an impact on competitiveness for acquiring new contracts as well as for business continuity. Thus, focusing on this helps in identifying and planning for: (i) improvement of predictability, (ii) improvement of control, (iii) improvement of effectiveness. In construction, organizations capability is ultimately based on the organizations contractor capability. (Doloi, 2009) made the first attempt to investigate implications of contractor capability in the context of risk management and reported "risk management ability of contractors" as a key qualification factor that affect project objectives of time, cost and quality but the experts in the interview process for predicting the performance of contractors in achieving these objectives did not foresee significant influence of risk management capability on contractor performance which was proved wrong by (Iyer, Kumar, & Singh, 2019) in their comparative case study. Additionally, (Wang et al., 2016) noticed a significant correlation between an organizations contractor capability and its efficiency for risk management that could be achieved. However, as mentioned by (Iyer, Kumar, & Singh, 2019) these researches were at organization level and did not delve into the possible variations to observe how contractor capability of an organization and level of risk management it could achieve interact at project level settings.

RISK MATURITY

Contractor Capability and Risk Management

From the study by (Iyer, Kumar, & Singh, 2019) it was concluded that attributes of contractor capability can be broadly listed as financial stability, experience, workforce, resource, assets, soundness of business, management and technical ability, risk management, past performance, quality, health and safety, workload, and commitment of contractors. Further, the paper stated that organizational maturity positively affects risk maturity and contractor capability. Keeping these attributes in perspective, it can be understood that in order to set objectives, outline procedures, and track advancement toward improving risk management skills, businesses must have a thorough understanding of their present risk management strateg (RMRDPC, 2002). Although research highlights the significance of contractor capability for risk management, assessments done by (El-Sawalhi, Eaton, & Rustom, 2007) and (Semaan & Salem, 2017) on existing contractor pre-qualification models suggest that the risks are not considered while deciding prequalification criteria to assess contractor capability. This is a contradictory trend that was observed considering the significant correlation between contractor capability and risk management. Additionally, it was proved from the comparative case study by (Iyer, Kumar, & Singh, 2019) that the poor performance of prequalified contractors is an industry implication rooted in this contradictory trend. In order to look deep in to this trend, it is necessary to not only look at organizational level risk maturity but further consider project level risk maturity that arises from the uniqueness and distinct requirements for each project.

In the evaluation of project performance as a function of an organization's risk attitude, leadership, and project management expertise, (Crispim, Silva, & Rego, 2018) established the concept of project complexity. Project complexity is defined as a feature of a project that modifies the impact of organizational and risk maturities on the performance and practice of risk management (Moza & Paul , 2024). This leads to the statement mentioned by (Iyer, Kumar, & Singh, 2019) that projects have a moderating effect on phenomena related to prequalification, contractor capability, risk management and project performance. This uniqueness and project complexity of a project can be linked to the risks that are to be identified initially and taken into account by the client before the award of contract or in fact should be considered for prequalification. The authors (Iyer, Kumar, & Singh, 2019) aimed to understand the role of contractor capability in risk management of projects through comparative case study analysis and revealed that the role of contractor capability in risk management is much complicated and dynamic than their correlation reported by (Wang et al., 2016). Through the comparison of contractor capability in two similar projects P & Q, it was noted that the contractors in project P were less effective and equipped to mitigate the risks when compared to the contractor of project Q. Contractor in project Q was able to mobilize

resources, bear financial burdens, mitigate risks and keep other stakeholders satisfied only since it possesses sufficient financial stability, assets, site management capability, planning and control ability and risk management ability. They concluded that contractor capability of an organization and the minimum capability required in a project, both, can vary due to the impact of risks on the project or the organization. This conclusion also proves the point made by (Crispim, Silva, & Rego, 2018) that contractor in project Q being a big and old organization, showed higher risk maturity as predicted.

This further proves that the organization is required to maintain supply of resources, i.e., contractor capability more than the demand of resources, i.e., minimum capability required at any time in a project. Should the risks identified in the project materialize, the demand for resources increases and thus the minimum capability required for the project varies over the project duration. Project P in the above-mentioned study is one of the cases in which contractor fell short of minimum capability required and thus, leading to time and cost overruns of the project. These points highlight how establishing prequalification criteria without taking risks into account leads to an unrealistic evaluation of contractor capability and the selection of contractors who are just marginally qualified (Iyer, Kumar, & Singh, 2019). This emphasizes the requirement for looking into both organizational level and project level setting while formulating a framework for assessing risk maturity of a construction organization for a project.

EXISTING PRE-QUALIFICATION CRITERIA

The statements made by (El-Sawalhi, Eaton, & Rustom, 2007), (Semaan & Salem, 2017) and (Iyer, Kumar, & Singh, 2019) suggest that there is a need to look in to the existing pre-qualification criteria in Indian context. According to (El-Sawalhi, Eaton, & Rustom, 2007), the pre-qualification model that gives the best results should meet 7 critical characteristics out of which 3 most important are listed –

1. Pre-qualification is a multi-criteria problem. The proposed model should do analysis of the criteria on a simultaneous basis.

2. Pre-qualification contains risks inherited from different decision makers opinion.

3. Pre-qualification contain subjective judgement made by decision makers.

Study conducted by the authors to review pre-qualification models suggested that the uncertainty and risks are not considered while deciding prequalification criteria to access contractor capability. (Goel, 2016) criticized the system of lowest quoted cost selection suggesting that even if a bidder received higher score during pre-qualification or technical criteria, still in order to get the contract he would have to be the lowest bidder. Therefore, it can be concluded that pre-qualification criteria that are well chosen and well-defined can reduce project risk for clients. This statement helps in setting a firm base for the need of this study as to why risk management capability should be an assessment criterion in bid evaluation to help clients choose the most capable contractor.

RISK MATURITY

Risk management is vital when tendering for construction contracts. Therefore, it is essential to incorporate the identification of risk factors and their assessment for each bidder in making

decisions regarding contractor selection. The importance of including risk management was also mentioned by (Perrenoud A. , Lines, Savicky, & Sullivan, 2017) in their study which used five criteria other than price for the qualification of contractors. The authors concluded that contractors with higher risk maturity consistently demonstrated that they can identify and plan for specific project risks before the project begins and throughout the project lifecycle. Additionally, they also proved that greater risk maturity is positively corelated with (i) quality of workmanship, (ii) professionalism & ability to manage, (iii) risk communication, explanation & documentation, and

(iv) overall customer satisfaction regarding construction projects. This finding supports the idea that construction companies should enhance their risk-management procedures. This study is the first to present empirical evidence that project performance is enhanced by higher risk management capabilities based on existing research.

According to (Mafakheri, Breton, & Chauhan, 2012), the impact of risk events on project performance targets will be lessened if an organization is well developed in managing identified risk events on projects. (Mu, Chen, Chohr, & Peng, 2013) (Salawu & Abdullah, 2015) accepted on the fact that it is very important to properly understand risk management capability of construction organizations in lieu of the high-risk nature of construction business. Knowledge of the maturity levels on each attribute helps to identify the areas of strengths and weaknesses of organizations (Hopkinson, 2011). Thus, to help assess the risk management there is a growing need for research on this front, especially in Indian context with very less study on it.

The risk maturity model assists organizations in assessing their risk management capabilities and comparing them to a reference framework. The first risk maturity model was developed by (Hillson, 1997) and all the other models that developed further has its roots on this. (Isaka, Yoneda, & Koga, 2017) present their model from the point of view of contracor as a Hybrid Risk Evaluation Model (HREM), which can help the contractor in bidding decision, i.e., bid or no bid decision based on the combination of qualitative and quantitative evaluations. They suggest that the model can be used to assess if the potential project risks are within the range of company by assessing the project's risk probability, project overall score and thus overall project risk level (qualitative). This combined with profitability distribution, expected profit ratio and success profitability of the project are measured as part of the quantitative evaluation and thus the organization or contractor is advised for submitting the bidding only if final evaluation satisfies the organization goals.

According to (Zhao, Hwang, & Low, 2013), the application of risk maturity models still has deficiencies in the construction industry. (Proença, Vieira, & Borbinha, 2017) mentions a significant fault within this domain in their paper with the analysis of many models that there is a lack of specific instructions regarding how to develop maturity models.

RESEARCH QUESTIONS, AIM AND OBJECTIVES

This discussion thus, brings the following research questions that need to be answered –

1. What are the attributes and dimensions of risk management capability, and what are the elements of risk maturity model?

2. What are the project characteristics to be considered for the application of risk maturity model?

3. What are the guidelines in the assessment of risk management maturity of construction organization?

The following objectives are to be met in order to answer the research questions

1. To identify the attributes and dimensions of risk management capability and define the elements of the risk maturity model by analyzing the risk management standards, guides and past risk maturity models.

2. To examine the applicability of the risk maturity model at the project level based on project characteristics.

3. To develop a framework to assess the risk management capability of construction organizations.

4. To examine whether the scoring of evaluation parameters differ among different project categories.

RISK MATURITY MODELS

Review and Analysis of Past Models

A detailed literature review of past risk maturity models is conducted in order to understand their structure, applications, attributes and scales used along with their advantages and drawbacks in each of them. The maturity models under study were chosen based on the industry they were meant to be used for, i.e., construction industry. The first risk maturity model by (Hillson, 1997) presents a formal approach to risk management. The author explains diagnosing risk maturity in 4 levels and based on 4 attributes. He explains that the granularity between levels is such that there should be a clear distinction in most cases and it should prove possible to allocate most organization unambiguously to a single level. This model does not give a tool to assess nor does it explain about the dimensions under each attribute clearly. The same drawbacks were noticed in the model developed by (RMRDPC, 2002) which based its study on Hillson model. Similarly, (Hopkinson & Lovelock, 2004) who based the model on Hillson, stressed more on the process of risk management, thus listing risk identification, analysis and mitigation as three separate attributes. The authors by focusing a lot on process attributes, they measure stakeholders, project management and RM culture as aspects of the process while leaving out many dimensions.

(Caiadoa, Lima, Nascimento, Neto, & Oliveira, 2016) with the help of literature, listed down 25 attributes of risk management capability but the major drawback came when he only considers top 4 of the 25 attributes using survey for the final framework. A common point shared by the author and Hillson model was that using more than four levels of maturity would increase the ambiguity without bringing any additional refinement to the mode. While assessing the risk management maturity of construction organizations in Nigeria, (Salawu & Abdullah, 2015) considered 4 attributes and 19 dimensions associated with them. These dimensions were also given weightage based on survey and fuzzy evaluation method. They were then measured against 4 levels of maturity using a questionnaire survey of 26 questions. (Wibowo & Taufik, 2017) developed a self- assessment tool which was considered easy to use with the help of 34 attributes narrowed down from 45 using Delphi method and given weightage using AHP to be measured against 4 maturity levels. The authors use AHP to bring the respondents' score of 1-9 to a score level of 0-100 defined

for each maturity level, with the help of defined weightage for each factor. A better and detailed questionnaire tool was used by (Mu, Chen, Chohr, & Peng, 2013), who made a list of 6 attributes and detailed out each one of them to form 21 questions which were then evaluated on Likert-scale. A detailed study was conducted by (Proença, Vieira, & Borbinha, 2017) for developing a model based on ISO 31000. The author developed questionnaire survey of 39 questions as a tool and linked these questions with the maturity levels. While the attributes for this model were derived from the framework and process of risk management, the maturity levels defined by the author had a major issue that levels 2, 3 and 4 as defined were too far apart, with level 3 being given a lot of focus with 26 out of 39 questions. This issue increased the potential to ultimately sort lot of organizations under level 3. Some of the most comprehensive works on this domain were given further by (Caiadoa, Lima, Nascimento, Neto, & Oliveira, 2016), (Hoseini, Hertogh, & Bosch- Rekveldt, 2019) and (Bk & Jedynak, 2023). The first paper in this developed a model based on the concepts of Enterprise Risk Management, thus defining 8 attributes. The authors evaluated these against 5 levels of maturity using a scoring system on each dimension under the attributes mentioned and analyzing it using bar graphs and radar charts to highlight the strength and weakness in the system.

(Hoseini, Hertogh, & Bosch-Rekveldt, 2019) addressed the attributes on two fronts one based on Organizational factors and the other Application and Process. The authors formulated 53 statements for all dimensions combined and the assessment was marked for each based on a scale of 1-10. The scoring system introduced was unique from other models since it considered Importance (marks for each dimension assigned by experts for individual project), Score (marks given by the stakeholders on the current condition of the project) and Ambition (marks set as a target for the team to achieve by improving in RM). Thus, this model allowed for project specific assessment of risk maturity of an organization, along with cross-project analysis for learning purposes. The scoring system made it much easier for the project team to know their current condition and compare it to the desired level for continuous improvement.

(Bk & Jedynak, 2023) in their book analyzed 34 different maturity models developed across various industries to build a framework for risk management maturity. Their model consists of 5 levels of risk maturity with defined scoring range for each of the levels (max. score of 40). This was used to evaluate risk management based on 8 well defined attributes Strategy, Planning & Goals, Culture, Standards & Procedure, Process, Roles & Responsibilities, Compliance and Crisis resilience. Though the book covered all aspects of risk management required for effective implementation in an organization, it does not explain about the questionnaire tool used to evaluate the organization in detail.

Based on the analysis of the past risk matuity models it can be concluded that

1. Attributes to be considered should majorly depend on the practices admissible and explained in various guides such as PMBOK, ISO 31000 and IS 15883 Part 8. The narrowing down of the attributes should take into account the local context of the organizations, i.e., the organizational level settings along with the project level settings.

2. The scale of risk maturity level adopted depends on the attributes listed as well as the local context and, in some cases, can differ for type of project / industry it is used for. The best scale of risk management maturity involves a 5-level scale with a numerical scoring that can be assigned to each level for better definition and thus, keep a realistic view for the organizations to improve their risk maturity.

3. The assessments can be marked against a numerical scale assigned for each attribute so defined based on the opinion of experts. The assessment done should be a mix of internal and external assessment, which allows space for both questionnaire survey as self-assessment, and documentation log wherever required to support the questionnaire which is to be assessed externally by experts.

   ATTRIBUTES AND DIMENSIONS

   Table 2 covers the attributes and dimensions narrowed down based on the review of past models. Four attributes are listed down for risk management capability Organization Culture, RM Processes, RM Practices, RM Resources. These four attributes are considered fundamental by every paper reviewed with different naming and similar explanation, and breakdown of each of these attributes gives a list of 5, 6, 3 and 2 number of dimensions respectively.

   Each of the 16 dimensions listed can be assessed according to (Royer, 2002), (Zou, Chen, & Chan, 2010), (Mu, Chen, Chohr, & Peng, 2013), (Zhao, Hwang, & Low, 2013), (Proença, Vieira, & Borbinha, 2017) and (Bk & Jedynak, 2023) based on a set of criteria or questions. Table 2 provides a list of possible parameters or questions with which each of the 16 dimensions can be assessed. The possible parameters are listed down by taking into consideration the effect each dimension has on organization level and project level combined.

   ‌Table 2 Attributes, Dimensions and Possible Criteria/Questions for Assessment of Risk Maturity Levels (Author)

   ATTRIBUTES	DIMENSIONS	PARAMETERS / QUESTIONS (based on (Royer, 2002), (Zou, Chen, & Chan, 2010), (Mu, Chen, Chohr, & Peng, 2013), (Zhao, Hwang, & Low, 2013), (Proença, Vieira, & Borbinha, 2017) and (Bk & Jedynak, 2023))
   ORGANIZATION CULTURE	Top management commitment through risk management policy	along with other management processes?
   	Governance, Responsibility and Authority	4. Do the top management individuals or defined organizational department oversee risk management practices in the organization and project for the plans developed, followed and tracked?

   1. Does the organization have a clearly defined risk management policy that outlines the objectives, scope, roles, responsibilities, and timeline for risk management activities, provides rationale for managing risk, management processes for risks with conflicting interests and baselines for RM performance and is made known to all the staff?

   2. Does the upper management actively take part in risk activities, support and encourages risk management?

   3. Does the organization plan for activities to promote risk management

   		by all team members?
   	Integrity and ethics	7. Is there build-up of trust within the organization and projects teams in relation to risk management?
   	Competence	framework, including developing plans, identifying decision-making processes, and modifying them as needed?
   	Risk communication and stakeholder relationship	make decisions and evaluating risks?
   RM PROCESSES	Scope, Context and Criteria setting	and monitoring of their dependencies?
   	Risk assessment
   	Risk mitigation
   	Monitoring and controlling

   1. Does the organizational structure ensure planning, operational and monitoring activities?

   2. Are the responsibilities for managing risks distributed and carried out

   1. Is risk management widely accepted and practiced in all levels within the organization?

   2. Are the time and resources dedicated to projects in accordance to the severity of risk events identified and analyzed?

   3. Does the organization effectively implement the risk management

   1. Is the risk management information, identified risks information processed, grouped and communicated to all project participants consistently throughout the entire project life cycle?

   2. Are stakeholders from all areas required considered in a project to

   1. Does the organization define risk criteria in its scope and objectives for a project, type of risks it can accept along its risk threshold and does it align with the organizational goals?

   2. Does the organization take into account the environment in which it operates for defining project objectives along with managing, tracking

   1. Are the potential risks identified each time for new projects?

   2. Is there a systematic methods / tools used to ensure major risks are identified based on WBS, probability-impact of the identified risks are analyzed and quantitatively measured?

   3. Is the interdependence of different risks assessed?

   4. Are risk owners assigned for all identified risks?

   5. Are the risks to be treated prioritized based on the analysis?

   1. Does the organization have a plan in place to mitigate the identified risks depending on risk significance, risk appetite and tolerance, resource availability, cost versus benefit comparisons, as well as the project objectives?

   2. Are contingency plans developed to address potential worst-case scenarios?

   3. Could the impact of the risks be reduced at most extent?

   4. Are team members ready to take risk ownerships during project implementation based on risk threshold?

   1. Are the risks identified consistently monitored through appropriate metrics / KRIs and reevaluated throughout the project to determine when or why to trigger implementation of contingency plan?

   2. Are the actual risks found compared with risk threshold, initially identified risks to address any deviations from risk management plans?

   3. Are the risks managed in an iterative cycle?

   		27.Is there a schedule allocated for monitoring and reviewing in the project?
   	Risk information and knowledge managemnt	staff members for decision making?
   	RM audit	the potential areas for improvement?
   RM PRACTICES	Integration with other management tasks (Risk based business process and decision making)	evaluations and reward systems?
   	Standardization and routinary
   	Relevant compliance assurance mechanism	requirements?
   RM RESOURCES	Allocation, capability and training of resources	47.Are the dedicated number of staff members appropriate for the risks in the projects that are handled and does the organization have the capacity to allocate additional manpower and budget should the project require?

   1. Are the risk management activities recorded as per practices outlined in the internal documents for reviewing and improving?

   2. Is there an established knowledge management system / platform for risk management to store, learn and use information from previous projects?

   3. Is the information from past learning available for all organization

   1. How often is the risk management performance assessment carried out in the organization to ensure framework is effective?

   2. Is the current risk management framework suitable/effective for helping achieve the objectives of project and the organization?

   3. Does the audit include assessment of all personnel involved in the project?

   4. Do the risk management performance audit report help in identifying

   1. Is the organization's risk appetite clearly defined and integrated into business decision making strategy and well known to all staff?

   2. Are the analytical results from RM audit used to aid in strategic planning for risk responses?

   3. Does the organization make optimal trade-off decisions by considering all possible outcomes from cost/benefit, policy and plan?

   4. Are opportunities recognized as an aspect of risks and pursued for the expected improvement of project?

   5. Is risk management tools and techniques integrated with other management functions such as quality, safety, and environmental management?

   6. Are risk management considerations included in performance

   1. Do the risk management practices comply with regulatory and legal requirements in its implementation?

   2. Is the risk management practiced as part of everyday activities?

   1. Does the organization have mechanisms in place to ensure compliance with relevant risk management regulations and standards?

   2. Are compliance audits conducted regularly to identify and address any non-compliance issues?

   3. Are corrective actions taken promptly to address any compliance deficiencies?

   4. Does the organization deal with compliance risk through appropriate methods and ensure compliance with internal and external

   		employees' risk management capabilities?
   	Learning and change management capability	organization and/or project levels based on active monitoring?

   1. Are the dedicated staff members familiar and capable of using risk management tools for identification, qualitative and quantitative risk analysis for analysis?

   2. Are there regular training and development programs to enhance

   1. Are there mechanisms in place to identify and address any skill gaps related to risk management?

   2. Are the risk management processes updated based on the experience and information available from past projects?

   3. Does the organization have a practice to look for improving the current system based on investigation and experimentation?

   4. Does the organization have the flexibility to adapt to changes at

   PROJECT CATEGORIZATION

   Project Complexity

   Project complexity is a factor that is discussed extensively in the literature of project management, which indicates the effect it has on management of projects significantly. Features like clear goal definition, technology integration, budget allocation, the structure of the project organization, the choice of personnel with the necessary experience and expertise, and risk management procedures like interface management may all be influenced by project complexity (Baccarini, 1996). A corresponding set of tools must be incorporated into the construction management process based on the complexity of the project in order to provide an appropriate level of planning and control. It indicates that conventional approaches used for complicated projects might not be suitable for simpler ones, and vice versa (Safa, et al., 2015) (Yadav & Paul, 2023). The way a project is categorized during analysis depends on the concept of complexity that is applied (Moza & Paul , 2024). (Shenhar & Dvir, 1996) assessed project complexity from the view of scope and technological uncertainty. The paper explained three levels of scope uncertainty and four level of technological. Based on a detailed literature study and analysis of different complexity models, (Moza, Paul, & Solanki, 2022) listed down 23 determinants of project complexity and came up with a methodology for evaluating project complexity for Indian construction industry. Out of the 23 determinants No. of elements and stakeholders, Uncertainty in goals & methods, Site Location, Project size, Multiplicity of technologies and non-standard specifications, Impact on environment, Tasks with no known procedure and No. of department are some of the important determinants.

   Project Classification

   Due to their unique nature, it is particularly difficult to categorize the wide range of construction project. The construction project management process must provide each project category the freedom to select the right amount of planning and control for large, complex, high- risk, and new projects (Das, Khursheed, & Paul, 2025). The way the construction projects are grouped affects how specifications information is organized, how documents are structured, and how costs are calculated (Yadav & Paul , 2023) (Khursheed, Sharma, Paul , Al-Farouni, & Charos , 2024).

   (Sanatana, 1990) classified the construction projects into three categories based on decreasing degrees of social, economic and environmental impact, and decreasing numbers of specialists,

   consultants and contractors employed. The categories according to the paper, are singular, complex and normal projects. This project categorization aligns with the required categorization based on the level of risk management maturity required for construction project. (Safa, 2013) in his thesis classifies construction project with respect to their complexity, i.e., their size, cost, duration, no. of elements, and technology used, along with risk tolerance into four classes Class I (megaprojects), Class II (large and unique), Class III (complex) and Class IV (basic and normal). According to (Safa, et al., 2015), although there are benefits to these kinds of classification, there are many traits or qualities that construction projects display that might be utiized to establish categories and group them into specific groups.

   PROJECT CATEGORIZATION BASED ON RM MATURITY

   This section of study first attempts to select the most appropriate characteristics for defining the optimal categories. Based on the mentioned literature above, it can be understood that the projects can be categorized based on the following characteristics

   1. Site Location (reachability, distance from resources, hostile terrain)

   2. Project type,

   3. Cost of project (amount of investment, no. of investors),

   4. Size of project (single or multiple stages of development),

   5. Duration of project (no. of years, urgency of schedule, regularity of intervals if in stages),

   6. Technology used (no. of technology, new technology with non-standard specification),

   7. Scope control / No. of elements / No. of stakeholders (no. of contracts, work packages, stakeholders with diversity)

   8. Regulation required (no. of approvals, laws & policies, restrictions)

   9. Environmental impact (no. of environmental clearances, number of natural resources and people affected)

Going by the project categorization base laid by (Sanatana, 1990) and (Safa, 2013), for this study, construction projects can be categorized for Indian context based on the level of risk management maturity required with respect to the nine project characteristics mentioned above. The following categorization includes varying levels of detail yet have some overlap taken into consideration- Category I Megaprojects that requires detailed planning and execution over a very long term (more than 3 years) or in multiple stages over the years and whose budget exceeds 1000cr. It includes government and national institutions, which have an enormous economic, social, and ecological impact, with the location of site or the very high level of engineering-technological complexity involved in it. Examples of such projects are Navi Mumbai International Airport, Chenab Bridge, Atal Tunnel, High-speed rail projects, Smart cities mission etc.

Category II Large projects that share same features as Category-I but are unique and require complicated management and implementation systems. The investment in this category of project involves more than 500cr and requires long term planning and execution (more than 2 years). These types of projects involve numerous contractors, specialists, and consultants, and the most

advanced technologies are used. Examples of such projects are large scale road and highway development project, railway projects, renewable energy projects, oil and gas pipelines, Sagarmala project etc.

Category III Complex projects that required middle level planning and execution with a short timeframe (1-3 years) with a budget between 100cr to 500cr. These projects are not unique and involve familiar problems which are not complicated. Most industrial projects and many public works are categorized as complex with medium technology that are mostly established.

Category IV Basic and normal projects that are less than 100cr in budget and require a shorter timeframe (1.5-1 year). These projects are carried out with measurable targets, with planning cum technical specifications completed prior construction and those which can be handled by a single general contractor with classic technology.

While category I and II seem to overlap, both classes of projects are significant and require careful planning and execution. Megaprojects are typically larger, more complex, and have a more profound impact on the economy and society. Large and unique projects, while substantial, are often more focused on specific goals or regions and may involve less groundbreaking technology.

FRAMEWORK TO ASSESS RM CAPABILITY OF CONSTRUCTION ORGANIZATIONS

Review of Past Framework

(Perrenoud, Lines, & Sullivan, 2014) used a two-page template in their request for proposal for evaluating the Risk Management Plan of each contractor on a scale of 1 to 10 and thus, recommend that clients evaluate contractors ability to manage risk during the selection process based on the qualitative results to partner with higher performing contractors. As part of RMP, the contractors were directed to identify and prioritize risks for the project and to provide their risk-response plan, which was evaluated by a committee consisting of an average of four owner representatives. But the RMP score was considered for 25 of 100 points in the best-value adopted. (Cheaitou, Larbi, & Housani, 2018) in their paper gave a method to select the most appropriate contractor based on set of criteria such as technical capability, financial stability, risk, safety, etc. The proposed decision-making framework uses a combination of MCDM and fuzzy logic theory and consists of three stages. In its second stage, five common risks encountered in construction projects were adopted to make a fuzzy logic-based evaluation of the probability and impact of each risk factor by asking each bidder to give an individual evaluation of the probability and impact separately. This evaluation was taken into a bi- objective optimization model to take into account of both cost and risk related to each contractor in order to select the optimal contractor(s) and determine the quantities of work to be allocated to each selected contractor. In the study conducted to establish appropriate tender evaluation criteria and weightings for a risk-oriented tender evaluation system by (Ismail, Sun, & Bowles, 2021), 15 major risk factors were identified and tender evaluation criteria were determined from the evaluation of SOP documents of developers in order to map the various tender evaluation criteria with identified project risk factors from level 3 of risk breakdown structure. Then, a questionnaire survey was carried out to evaluate the criticality of significant risk factors and the effectiveness of the evaluation criteria to mitigate those risks. The survey results helped to define a list of criteria

IJERTV14IS040324

(This work is licensed under a Creative Commons Attribution 4.0 International License.)

to be included in the intended tender evaluation system. Further, AHP-GDM was used to establish weights for different criteria.

From the above discussed models to incorporate evaluation of risk management capability of contractor in tender evaluation, it can be seen that the authors attempted to come up with a way to evaluate contractors with the help of a set of identified risks and their analysis of probability and impact, which is not only subjective to each contractor based on his capabilities but also can be manipulated by the contractor. Thus, using this method combined with other criteria to evaluate contractors does not give the most capable contractor. Additionally, using a model with too many evaluation criteria, as mentioned in (Ismail, Sun, & Bowles, 2021) (Pati, Rastogi, & Paul , 2022) might reduce the number of bidders who bid for the project. The main factor to be noticed is the fact that a list of a limited number of risks is used for the evaluation done, which not only ignores many other risk factors to be considered but also ignores the project type, or in fact even the project specific risk factors to be considered in order to evaluate the bidders for each specific project or work package.

APPLICABLE PROJECT CATEGORIES

As per the project categorization mentioned previously it can be understood that project category IV (basic and normal) has the least requirement of risk management among the four. The basic risk management capability required from the bidder for category IV projects can be assessed for the Indian context based on the existing criteria such as financial strength, experience in simiar works, performance on ongoing works and quality of ongoing works. Thus, leaving out category IV, the framework would focus on other project categories of I, II and III which require additional criteria of evaluation based on risk management due to the increasing complexity, challenges and uniqueness of the projects.

FRAMEWORK

Based on the list of possible parameters or questions in Table 2 with which each of the identified dimensions can be assessed, it is possible to further narrow down the parameters for which evaluation criteria can be objectively defined based on available documents in order to assess the bidders risk management capability. The result of the analysis to objectively define evaluation criteria for the possible parameters narrowed down the list to 12 parameters, out of which 6 can be used as pre-requisite parameters and 6 can be used as scoring parameters. Pre-requisite parameters are the ones that are considered essential for a bidder to be eligible for the project and relate to the fundamental requirements that, if not met, would render the bidder incapable of undertaking the project. Additionally, these pre-requisite parameters are ones for which it is not practical to assign scores due to their binary nature, i.e., either the bidder meets the requirement or they dont. Thus, these parameters help in streamlining the evaluation process, save time and resources by rejecting unqualified bidders who do not meet these criteria. Scoring parameters are the ones that allow for comparative evaluation between different bidders based on criteria with assigned scores and often relate to the technical, commercial and qualitative aspects of a bid. Further, Table 3 explains the parameters, its evaluation criteria and the documentation required for the pre-requisite parameters to be used in the framework and

Table 4 explains the same for the scoring parameters to be used in the framework with a base reference of SOP for CPWD Works Manual 2022.

‌Table 3 Pre-Requisite parameters in the framework for Assessment of Risk Maturity Levels (Author)

‌Table 4 Scoring parameters in the framework for Assessment of Risk Maturity Levels (Author)

Based on the evaluation criteria defined for the scoring parameters in Table 4, it can be understood that each one of the evaluation criteria (ECi) would have to be given a weightage/score based on which it can be marked and the sum of the score of all the scoring parameters should add up to 100, i.e., EC1 + EC2 + EC3 + EC4 + EC5 + EC6 = 100. Additionally, the weightage/score of each evaluation criteria may or may not differ based on the project category for which the risk management capability of a contractor is to be assessed. For this purpose, the variance across evaluation parameters in framework would have to be analyzed among different project categories. This would mean that if there exists variance, then each one of the evaluation criteria could have a range of weightage that can be assigned to, based on the project category. Also, this sum of the scoring of 100, is only from the assessment of risk management capability of a contractor and would have to be combined with other evaluation parameters such as price, schedule duration, past performance ratings, value-added ideas, etc. in order to select the most capable contractor for the project.

SURVEY – FINDINGS AND ANALYSIS

Questionnaire

For the purpose of checking the variance across evaluation parameters among project categories I, II and III, a questionnaire survey was floated to collect insights from professionals in the industry regarding the importance of each pre-requisite and scoring parameters. Questionnaire was developed with two main sections. The first section aimed at capturing the general details of the professionals. The respondents were asked about their job and company profile along with the type of projects their company specialize in and finally the project category under which the projects they specialize in fall. In the next section, each of the 12 parameters as mentioned in Table 3 and Table 4 were presented to the experts, for which they were asked to rate the importance of each parameter on a Likert scale of 1-5, where 1 means least important and 5 means extremely important. A total of 200 survey questionnaires were sent out to construction industry professionals and total of 97 complete questionnaires were returned, representing a response rate of 48.5%, which was more than the norm of 30% with most questionnaire surveys in the construction industry (Akintoye, 2000). Out of these there were 36, 30 and 31 responses respectively for complex, large and megaprojects category.

ANALYSIS

The data obtained were categorizedbased on the project categories as described above and then was analyzed using SPSS software initially for outliers using Mahalanobis Distance test and was found that the none of the p-value of the right-tail of the chi-square distribution were <0.001, thus indicating that there exists no multivariate outlier data. Therefore, no data needs to be removed and can be used to further processing. Followed by this, the data was tested for normality with Shapiro-Wilk test on SPSS software. It was found that the p-value of all data were <0.05, indicating the data does not follow normal distribution and thus, required non-parametric tests for further analysis.

In order to check if the weightage/score of each evaluation criteria differ or not differ based on the project category for which the risk management capability of a contractor is to be assessed, the variance across the medians of importance of evaluation parameters in framework would have to be analyzed among different project categories. This would mean that if there exists no significant variance, then each one of the evaluation criteria could have the same weightage/score for all project categories. Conversely, if there exists variance, then each one of the evaluation criteria could have a range of weightage that can be assigned to, based on the project category. As per the results from test for normality, it is evident that the data follows a skewed distribution and requires a non-parametric test of Kruskal-Wallis test for the purpose mentioned above. In this test, H0 Null hypothesis would be that the medians of all the groups are same, i.e., there does not exist any variance in the importance of evaluation parameters across different project categories and H1 Alternative hypothesis would be that the medians of all the groups are not same, i.e., there exists variance in the importance of evaluation parameters across different project categories. The Kruskal-Wallis test concluded all the values of asymp. significance >0.05, thus it fails to reject the null hypothesis. Therefore, it can be concluded that weightage/score of each evaluation criteria does not differ based on the project category for which the risk management capability of a contractor is to be assessed and remains equally important for all project categories.

CONCLUSION

The study on the development of a Risk Maturity Model for construction organizations underscores the critical need for effective risk management practices in the construction industry, particularly in the Indian context. Construction projects, by their very nature, are complex and subject to numerous risks that can impact timelines, budgets, and overall quality. Through comprehensive literature study with empirical evidence, it has been explained how establishing prequalification criteria without taking risks into account leads to unrealistic evaluation of contractor capability and the selection of contractors who are just marginally qualified. Further, this study goes on to review how the existing pre-qualification models do not consider risks while deciding prequalification criteria to access contractor capability. In order to address these issues from the perspective of client, this research has provided a comprehensive framework to assess the risk management capabilities of construction organization during bid evaluation, addressing both organizational and project-level settings.

A key contribution of this study is the framework's applicability across diverse project categories, ranging from simple to highly complex megaprojects with increasing level of complexity and risk management capability required in each project category. This study then goes on to formulate a framework for assessing contractors risk management capability as part of bid evaluation using a set of pre-requisite parameters and supporting documentation which are mandatory to move to on to the scoring parameters which comprises of objectively well-defined evaluation criteria to evaluate the bidders with the help of supporting documentation. Before proceeding to complete the framework by assigning score to the scoring parameters based on which it can be marked, it was necessary to verify whether score of each evaluation criteria differ or not differ based on the project category. From the survey analysis it was concluded that weightage/score of each evaluation criteria does not differ based on the project category for which the risk management capability of a contractor is to be assessed.

This study does not dwell upon the proportion in which this framework is to be taken on the overall evaluation of the bids. Also, it does not go into the topic of how the organizations can improve their risk maturity. It also does not cover the impact of size and age of the organization on its risk management maturity level, which is a less studied upon topic. These mentioned limitations can be taken up for further research and study.

REFERENCES

Akintoye, A. (2000). Analysis of factors influencing project cost estimating practice. Construction Management Economics, 18(1), 77-89.

Baccarini, D. (1996). The concept of project complexitya review. International Journal of Project Management, 14(4), 201-204.

Bk, S., & Jedynak, P. (2023). Risk Management Maturity: A Multidimensional Model. New York: Routledge – Taylor & Francis group.

Caiadoa, R. G., Lima, G. B., Nascimento, D. L., Neto, J. V., & Oliveira, R. (2016). Guidelines to Risk Management Maturity in Construction Projects. Brazilian Journal of Operations & Production Management 13(3), 372-385.

Chapman, C., & Ward, S. (2012). Project Risk Management – Processes, Techniques and Insights.

John Wiley & Sons, Ltd., Second Edition.

Cheaitou, A., Larbi, R., & Housani, B. A. (2018). Decision making framework for tender evaluation and contractor selection in public organizations with risk considerations. Socio- Economic Planning Services.

CMMI, P. T. (2010). CMMI for Development, Version 1.3. Carnegie Mellon Univ, p. 482. Coetzee, G. P. (2013). The Risk Maturity of South African Private and Public Sector Organisations.

South African Journal of Accountability and Auditing Research, Vol 14, 45-56.

Crispim, J., Silva, L., & Rego, N. (2018). Project risk management practices: the organizational maturity influence. International journal of managing projects in business.

Das, K., Khursheed, S., & Paul, V. K. (2025). The Impact of BIM on Project Time and Cost: Insights from Case Studies. Discover Materials, 5:25. DOI: https://doi.org/10.1007/s43939-025-00200-2.

Das, S., Rastogi, A., & Kumar, D. K. (2021). Applicability of Risk Assessment Tools and Techniques for a Construction Project. Journal of Research in Infrastructure Designing, Volume 4(3), 1-18. DOI: 10.5281/zenodo.5956022.

Doloi, H. (2009). Analysis of pre-qualification criteria in. Construction management and economics, 27 (12), 12451263.

El-Sawalhi, N., Eaton, D., & Rustom, R. (2007). Contractor pre-qualification model: State-of-the- art. International Journal of Project Management, 25, 465474.

Goel, A. (2016). Understanding pre-qualification preferences of public clients in traditional and design-build procurement systems. International Journal of Procurement Management, Vol 9, No. 6, 684-701.

Hillson, D. D. (1997). Towards a Risk Maturity Model. The International Journal of Project & Business Risk Management, Vol. 1, No. 1, 35-45.

Hopkinson, M. (2011). The Project Risk Maturity Model: Measuring and Improving Risk Management Capability. Farnham, UK: Gower Publishing, Ltd.

Hopkinson, M., & Lovelock, G. (2004). The project risk maturity model assessment of the U.K. MoDs top 30 acquisition projects. Paper presented at PMI® Global Congress 2004 EMEA, Prague, Czech Republic. . Newtown Square, PA: Project Management Institute.

Hoseini, E., Hertogh, M., & Bosch-Rekveldt, M. (2019). Developing a generic risk maturity model (GRMM) for evaluating risk mangement in construction projects. Journal of Risk Research, 24(7), 889 908.

Hwang, B., Zhao, X., & Toh, L. (2014). Risk Management in small construction projects in Singapore: Status, Barriers and Impact. International Journal of Project Management, 32:116-124.

Isaka, T., Yoneda, W., & Koga, T. (2017). Proposal on Hybrid Risk Evaluation Model (HREM) for bidding decision in international infrastructure project. Journal of Advanced Mechanical Design, Systems and Manufacturing, 11(5).

Ismail, M. R., Sun, M., & Bowles, G. (2021). A risk-oriented tender evaluation system for construction projects in Malaysis. Engineering, Construction and Architectural Management, Vol 27 Issue 7, 1887-1907.

Iyer, K. C., Kumar, R., & Singh, S. P. (2019). Understanding the role of contractor capability in risk management: a comparative case study of two similar projects. Construction Management and Economics.

Jia, G., Ni, X., Chen, Z., Hong, B., Chen, Y., Yang, F., & Lin, C. (2013). Measuring the maturity of risk management in large-scale construction projects. Automation in Construction, 34, 56-66.

Judson, L., & Paul, V. (2022). Known Uncertainty Factors Affecting Building Construction Project Cost. NICMAR – Journal of Construction Management, Vol. XXVII, No. 4.

Judson, L., & Paul, V. K. (2022). Critical Uncertainty Factors Impacting Building Construction Projects in India. Civil Engineering and Architecture, Vol. 10(5), 1854-1863. DOI: 10.13189/cea.2022.100512.

Khursheed , S., Sharma , S., Paul , V., Alzubaidi , L., & Israilova , D. (2024). Review of the Factors Inducing Delay in Construction Project Material Management. E3S Web Conf. Volume 563, 2024. International Conference on Environmental Science, Technology and Engineering (ICESTE 2024), DOI: 10.1051/e3sconf/202456302044.

Khursheed, S., Sharma, S., Paul , V., Al-Farouni, M., & Charos , Y. (2024). Forecasting Delays and Budget Overruns Resulting from Material-Related Factors . E3S Web Conf. Volume 563, 2024 International Conference on Environmental Science, Technology and Engineering (ICESTE 2024), DOI: 10.1051/e3sconf/202456302045.

Loosemore, M., Raftery, J., Reilly, C., & Higgon, D. (2006). Risk management in projects, 2nd Edition. New York: Taylor and Francis.

Mafakheri, F., Breton, M., & Chauhan, S. (2012). Project- to-organization matching: An Integrated risk assessment approach. International Journal of Information Technology Project Management, 3(3), 45-59.

Mafakheri, F., Breton, M., & Chauhan, S. (2012). Project-to-Organization Matching: An Integrated Risk Assessment Approach. International Journal of Information Technology Project Management 3(3), 45-59.

Moza, A., & Paul , V. (2024). Critical Delay Factors Affecting Construction Project Performance

– A Contemporary Perspective. European Project Management Journal, 14(2), 40-56, DOI: 10.56889/fwfq7392.

Moza, A., & Paul , V. (2024). Critical Success Factors Affecting Project Success in Construction Projects: A Contemporary Indian Perspective. Journal of Project Management, Vol. 9, 183-

196. DOI: 10.5267/j.jpm.2024.5.003.

Moza, A., Paul, V. K., & Solanki, S. K. (2022). Evaluating Project Complexity in Construction Sector in India. Journal of Engineering Research and Sciences, 1(5), 198-212.

Mu, S., Chen, H., Chohr, M., & Peng, W. (2013). Assessing risk management capability of contractors in subway prjects in mainland China. International Journal of Project Management.

Öngel, B. (2009). Assessing Risk Management Maturity: A Framework for the Construction Companies. Dumlupinar Bulvari No: 1, Cankaya Ankara, Turkey.

Pati, A., Rastogi, A., & Paul , V. (2022). Multi-criteria Contractor Selection Framework for Indian Construction Projects. International Journal of Advanced Technology in Civil Engineering, Vol. 2, Issue 3, Article 2, DOI: 10.47893/IJATCE.2022.1081.

Perrenoud, A., Lines, B. C., Savicky, J., & Sullivan, K. T. (2017). Using Best-Value Procurement to Measure the Impact of Initial Risk-Management Capability on Qualitative Construction Performance. American Society of Civil Engineers.

Perrenoud, A., Lines, B., & Sullivan, K. (2014). Measuring risk management performance within a capital program. Journal of Facilities Management, Vol 12 Issue 2.

Proença, D., Vieira, R., & Borbinha, J. (2017). Risk Management: A Maturity Model Based on ISO 31000. IEEE 19th Conference on Business Informatics (CBI).

RMRDPC, R. M. (2002). Risk management maturity level development. (http://www.pmi- switzerland.ch/fall05/riskmm.pdf) (May 14, 2007).

Royer, P. S. (2002). Project Risk Management: A Proactive Approach. Management Concepts – Project Management Essential Library.

Safa, M. (2013). An Advanced Construction Supply Nexus Model. Waterloo: University of Waterloo.

Safa, M., MacGillivray, S., Davidson, M., Kaczmarcsyk, K., Haas, C., Gibson, G., & Rayside, D. (2015). Classification of Construction Projects. International Journal of Civil, Environmental, Structural, Construction and Architectural Engineering Vol:9, No:6, 721- 729.

Salawu, R. A., & Abdullah, F. (2015). Assessing Risk Management Maturity of Construction Organisations on Infrastructural Project Delivery in Nigeria. Social and Behavioral Sciences 172, 643-650.

Sanatana, G. (1990). Classification of construction projects by scales of complexity. International Journal of Project Management, 8(2), 102-104.

Semaan, N., & Salem, M. (2017). A deterministic contractor selection decision support system for competitive bidding. Engineering, construction and architectural management,(1), , 61- 77.

Serpell, A., Ferrada, X., Rubio, L., & Arauzo, S. (2015). Evaluation risk management practices in construction organizations. Social and Behavioral Sciences 194, 201-210.

Shenhar, A., & Dvir, D. (1996). Toward a typological theory of project management. Research policy, 25(4),, 607-632.

Siqueira, J. (2005). O Modelo de Maturidade de Processos:Como Maximizar o Retorno dos Investimentos em Melhoriada Qualidade e Produtividade.

Walewski, J., & Gibson, G. E. (2003). International Project Risk Assessment: Methods, Procedures, and Critical Factors. Austin, Texas: Center Construction Industry Studies.

Wang et al., T. (2016). Relationships among risk management, partnering, and contractor capability in international EPC project delivery. Journal of management in engineering, 32 (6), 1-10.

Wibowo, A., & Taufik, J. (2017). Developing a self-assessment model of risk management maturity for client organizations of public construction projects: Indonesian context. Procedia Engineering 171 ( 2017 ) 274 281.

Yadav, P. S., & Paul, V. K. (2023). Investigating the Determinants of Construction Project Complexity Impacting Project Success: An Indian Perspective. International Journal of Construction Management, Vol. 24(16), 1760-1770. DOI: 10.1080/15623599.2023.2295609.

Yadav, P., & Paul , V. (2023). Project Complexity Management: Research trends and the Way Forward. International Journal of Indian Culture and Business Management, DOI: 10.1504/IJICBM.2023.10062064.

Yazid, A., Abdullah, A., & Hussain, M. (2014). A Review of Infrstructure project risk management.

International Business Management , 8(6):342-347.

Zhao, X., Hwang, B., & Low, S. (2013). Developing fuzzy enterprise risk management maturity model for construction firms. Journal of Construction Engieneering and Management., 139, 1179-1189.

Zou, P. X., Chen, Y., & Chan, T.-Y. (2010). Understanding and Improving Your Risk Management Capability: Assessment Model for Construction Organizations. Journal of Construction Engineering and Management, 854-863.