The number was right. Nobody checked the list.
Twenty-four weeks ago, in the middle of an article about the contingency on a $1,000,000 job, we put a table on the screen. Five risks. A probability against each one. An impact in dollars. A column of expected values that added up to $51,400.
We compared it to the number the 5% rule had produced — $47,553 — and pointed out that the two landed in almost the same place. One of them by accident.
Then the article moved on, and that table was never checked again.
Look at it once more.
Everything in the right-hand column is arithmetic. Multiply, add, done. You can audit it in about thirty seconds and it will always be right, because multiplication is always right.
Everything in the left-hand columns is a judgement. Somebody decided there were five risks and not fifty. Somebody decided the rock was 40% and not 70%. Somebody decided it was worth $60,000 and not $95,000.
We don't know who any of those people were. Their names aren't on the table, and by the time the number reached the tender it had stopped looking like an opinion at all.
We audited the arithmetic and called it a risk analysis.
An output has an input
A contingency isn't a number you calculate. It's a number you inherit.
Every technique in Cost & Cash Week 5 — the expected values, the drawdown rules, the line the project manager can't cross — all of it operates on a list that already exists. Give it a good list and it produces a defensible number. Give it a bad list and it produces exactly the same kind of number, with the same decimal places, and no warning label.
That's what makes it dangerous. The arithmetic doesn't degrade when the input does. It just keeps working.
So the whole of this track hangs on a question we skipped: where does the list come from?
Five lines, and a file with forty questions
Go and open the tender file for this job. Not the estimate — the file. The queries you raised during the tender period and the answers the client sent back, or didn't.
On a job this size there will be somewhere between thirty and fifty of them. Here's one:
Query 14 — Please confirm the extent of rock in the pile bores. Borehole logs supplied for five locations only.
Answer — Contractor to satisfy himself as to ground conditions.
That's not a query. That's a risk, dressed as an administrative document. It was in your own file, in writing, with a reference number, before anybody priced the job.
Now go through the rest of the file the same way. Query 9 asks whether the client has the wayleave for the site access road. Query 22 asks which of the reinforcement drawings are for construction and which are still marked for tender. Query 31 asks who is providing temporary power before the substation is energised.
Three more risks. None of them are on the register.
Then do the same to the drawing register — count how many drawings are still at revision B when you're pricing a job that starts in six weeks. Then the subcontract enquiries, where the gaps between two packages are the things neither subcontractor priced. Then the programme, where every activity with a duration somebody guessed is a risk with a number already attached to it.
Nobody had to brainstorm the rock. It was in the borehole log the whole time.
A register is not a form
Here's the thing most people get wrong about a risk register, and it's the reason so many of them are useless.
A risk register isn't a form you fill in because the quality manual says so. It's the list of things that can take money out of this job, in order of how much they can take, with a name against each one.
One is written to be filed. The other is written to be used.
If it's a form, it gets filled in at tender stage, saved to a folder, and opened again nine months later when somebody asks for it in an audit. Five lines is plenty for that. Five lines takes twenty minutes.
If it's a decision list, it has to be complete enough that nothing large is missing, specific enough that you can tell when one has happened, and owned by somebody who can actually act. That takes a week, and it's the cheapest week on the whole job.
The five-line version cost twenty minutes and produced $47,553.
The coin flip nobody chose
We said this in a single line and walked past it.
The probability that $47,553 covers what actually happens on this job is 49.5%.
Read that again slowly. The contingency is a coin flip. Slightly worse than a coin flip. And that's before you account for the fact that the list it was built from has five lines on it, on a project where the tender file alone raised forty questions.
Nobody chose 49.5%. Nobody sat in a room and decided this company was willing to run a one-in-two chance of eating the overrun out of a margin that — as Week 22 showed — is $48,163 on the whole job. It's just what fell out when a five-line list and a 5% rule happened to agree with each other.
That's not a risk appetite. That's a coincidence with a dollar sign in front of it.
Where the missing ones go
There's a comfortable assumption buried in all of this, and it's worth dragging out.
If a risk isn't on the register, people tend to imagine it lands somewhere soft. It doesn't. A risk you never wrote down has no contingency attached to it, because contingency is only released against named risks — that was the rule in Cost & Cash Week 5. So when it happens, the money comes out of the next thing down the line.
The next thing down the line is the margin.
On this job the margin is $48,163. The rock alone, if it turns up, is $60,000. One unnamed risk of that size doesn't dent the contingency, because the contingency was never sized for it. It eats the entire profit on a million-dollar contract and asks for twelve thousand more.
That's the real cost of a five-line register. Not a compliance failure. A job that works for a year and hands back nothing.
Practical insight
Do this on your own current project, this week, and it takes an afternoon.
Open three documents side by side: the risk register, the tender query log, and the drawing register. Read the query log line by line, and every time an answer comes back as contractor to satisfy himself, to be confirmed, or by others, write that line number down. Then count how many drawings are still marked for tender, preliminary, or revision A.
Now compare that list to your register.
The gap you find is not a paperwork problem. It's the difference between the contingency you're carrying and the contingency you need — and it's already been written down, by you, in a file you've had since before the job started.
And if you come up empty, don't relax. A thin query log doesn't mean the job is clean. It usually means nobody asked.
Key takeaways
✔ A contingency is an output. The risk register is its input, and nobody audits inputs.
✔ The arithmetic in a risk analysis is always correct. That is exactly why it hides a bad list.
✔ On this job the register had five lines and the tender query log had roughly forty entries.
✔ Risks aren't brainstormed into existence — they are already written down in borehole logs, query answers, drawing revisions and subcontract gaps.
✔ “Contractor to satisfy himself” is not an answer. It is a risk being transferred to you in writing.
✔ An unnamed risk has no contingency behind it, so it comes out of the margin — $60,000 of rock against $48,163 of profit.
✔ $47,553 gave this project a 49.5% chance of being covered, and nobody ever chose that number.
What's coming next
Cost & Cash taught you where a project's money comes from and where it goes. This week we went back to the one number in it that was never checked: the list underneath the contingency.
Next week we go and find the rest of them. Not by sitting in a room with a whiteboard — by reading the documents that already exist on every construction project, in the order that finds the most risk for the least time. The borehole log, the query register, the drawing status, the subcontract scope gaps, the interface matrix.
When we do it properly on this job, five lines become twenty-two.
Enjoyed this lesson?
Join with Google to get each new lesson the moment it's published — and help me see which topics matter most to you. No spam, one email a week, unsubscribe anytime.
Already following on LinkedIn works too — this is just for the weekly email.