ABCs of KMFeatured StoriesKM in project-based & temporary organisations

KM in project-based & temporary organisations: Part 6 – Using a risk causation model to capture and transfer knowledge

This article is part 6 in a series of articles on knowledge management (KM) in project-based and temporary organisations.

Previous parts of this series of articles have discussed “lessons learned” approaches. These facilitate learning from mistakes or difficulties with the aim of preventing such problems from occurring again within the same project or in future projects.

However, as previously highlighted, lessons learned processes may not have effectively captured learnings from everything that has gone wrong because both management and staff can be reluctant to share “bad news.” Furthermore, lessons learned can be captured but then not accessed or effectively used in future projects. Importantly, there are also numerous other factors that can derail a project beyond things that have previously gone wrong.

A proposal put forward in a newly published paper1 in the Journal of Civil Engineering and Management has the potential to overcome these shortcomings. In the paper, Zhu and colleagues propose a “risk causation model” to capture and transfer project knowledge. The research was carried out in the context of international construction projects, but has wider application. Indeed, I have previously successfully used a similar “risk library” approach in a major environmental program.

This part of the series (part 6) discusses the risk causation model, and the next part (part 7) will look at the risk library approach and how it relates to the risk causation model.

Risk causation model

The risk causation model for international construction projects is shown in Figure 1.

Risk causation model for international construction projects
Figure 1. Risk causation model for international construction projects (source: Zhu et al, 2022).

The first two components are international construction project and situational variables. They label the critical characteristics of the project system in which risk occurs. Hence, decision-makers can retrieve similar projects or situations in the extensive repository according to these two components:

  • “International construction project” is designed for primary retrieval of similar projects. It is divided into four parts and records the basic information of the host country, partners, contractor, and construction project.
  • “Situational variables” is a set of quantitative indicators designed for further retrieval of similar situations. The selection of the situational variables is based on a retrieval algorithm, with the variables related to the host country quantified according to various global indices. For example, government stability refers to the Global Economy political stability index.

The third component – risk path – illustrates the propagation chain of potential risks. Risk path consists of sources, events, and consequences, indicating three stages of risk occurrence:

  • “Source” refers to the starting point of the occurrence of the risk path. It affects the probability of event occurrence through adverse change and force majeure. Adverse change implies a negative change from the initial conditions of the project system, such as adverse change in restrictions for foreign companies. Force majeure is the occurrence of a sudden unexpected event that causes problems in a project, such as a pandemic or an earthquake.
  • “Events” can be described as increases or decreases in performance indicators, such as quantity, productivity, quality, and time. Figure 1 shows four examples of such events.
  • “Consequences” result from each risk event. In general, the occurrence of a risk event is inevitably caused by one or more risk sources, and one risk source may lead to the occurrence of one or more risk events. The event will have impacts on the outcomes of the project. For the four example events in Figure 1, the consequence is cost loss.

The components immediate causes, response measures failures, and organizational factor are designed to investigate the risk occurrence scenarios from the perspective of management. They are used to determine the effectiveness of response measures to the risk occurrence:

  • “Immediate causes” answers these questions: Why the risk source occurred, why the source led to the event, and why the event led to the consequence. That is to say, immediate causes refer to the high-risk acts or conditions that let the risks develop from source to event and then to consequence. High-risk acts can be influenced by high-risk conditions, and personal factors may also cause high-risk acts.
  • “Response measures failure” is the reason why response measures failed to prevent the immediate causes, namely, the identified failure that causes high-risk acts or situations. The risk response measures are divided into three categories. Prevention measures decrease the probability of occurrence of the source, pre-event measures respond to the source to lower the severity of the events, and post-event measures reduce the impact of the event on the project cost. When a risk occurs, the response measures will be systematically reviewed to determine whether measures were lacking, whether the selected measures were sufficient to control the risk, or whether the selected measures were inadequately executed. In this way, appropriate recommendations can be made to improve the risk response measures.
  • “Organizational factors” can be understood as the latent factors that lead to the failure, such as poor risk culture and informal procedures to conduct risk response activity. This component encourages the organization to accept the responsibility to implement self-changes to respond to the risks rather than lay the blame upon personal factors or coincidence. By not laying blame upon personal factors, the organization encourages managers and staff to openly share what could otherwise be considered “bad news.”

Zhu and colleagues contend that the risk causation model has these useful characteristics:

  1. It inherits the concept of multiple-causation and links the response measures to the risk path by considering the failure of response measures as another cause of risk propagation. Each time a risk occurs, decision-makers are encouraged to review the selected response measures, determine the failure, and conduct modifications to prevent similar risks. In this way, the selected response measures and their effectiveness can be captured and stored in the model, hence avoiding the loss of knowledge for risk response.
  2. The situational variable component is included as a category for the effective retrieval of similar projects and situations. It makes it easier to transfer risk-related knowledge from one project to others since decision-makers can identify potentially relevant content through similarity between projects or situations.
  3. It emphasizes the impact of organization failures on the propagation of risk path and promotes further self-examination on organizational factors. This is conducive to a summary of key risk experiences from the perspective of organizational learning.

Risk review process and repository

The risk causation model couples a risk management process with a risk repository through the risk review structure shown in Figure 2.

Risk management process
Figure 2. Risk management process (source: Zhu et al, 2022).

Risk review is defined by Zhu and colleagues as “the formal review when risks occur that captures key risk experiences for improving risk management for the current and future projects.” This has obvious parallels with lessons learned processes, but is much more comprehensive.

Risk review aims to facilitate feedback of risk-related knowledge both within and between projects:

  1. Generally, the risk manager will monitor the occurrence of risks, namely whether there is an occurrence or change of a particular set of circumstances during the life cycle of a project. When a certain risk occurs, risk review procedures should be activated to collect relevant information on the risk occurrence scenarios, examine the effectiveness of response measures, and make needed changes to the measures, hence achieving improvement of risk management at the current project level.
  2. Meanwhile, it encourages further summarization of key risk experiences that have a certain general relevance for future projects and identification of organizational factors. It improves risk management at the organization level by transferring such knowledge to the organizational risk repository,

Zhu and colleagues propose a formal procedure to review risks in the risk causation model, as shown in Figure 3.

Formal procedures to review risks based on the risk causation model
Figure 3. Formal procedures to review risks based on the risk causation model (source: Zhu et al, 2022).

The first step is to identify situational variables. The second step is to describe the risk path. The next step is to analyze the immediate causes at three stages. Subsequently, the relevant measures to deal with such immediate causes are listed, and the failure of the selected measures can be respectively identified.

The existence of selected measures and the execution of these measures must be checked to determine why the prevention measures failed to prevent the occurrence of the source, pre-event measures failed to intervene in the event, and post-event measures failed to decrease the impact of the event.

Moreover, whether the deviations contribute to the occurrence of the risk path must be ascertained. If no relevant measures are existing in the response measures, then “lack of measure” failure is presented. If relevant measures exist, then the deviations between the selected measures and actual measures will be evaluated. If actual measures are the same as selected measures and the risk path still occurred, then there is “inadequate measures” failure.

In case of execution deviations, the adequacy of the selected measures is subsequently evaluated. If the deviations between the selected measures and actual measures contributed to the risk path, then there is an “inadequate execution” failure. When the deviations did not contribute to the risk path, there remains “inadequate measures” failure.

Finally, the investigation will focus on making changes to the failure measures to avoid the recurrence of the risks within the same project. As required, it should also determine the organizational factors and evolve the risk repository to help prevent the same risks from occurring in future projects.

Next part (part 7): The risk library approach and how it relates to the risk causation model.

Header image source: Alvaro Reyes on Unsplash.


  1. Zhu, F., Hu, H., & Xu, F. (2022). Risk causation model to capture and transfer knowledge in international construction projects. Journal of Civil Engineering and Management28(6), 457-468.
Rate this post

Also published on Medium.

Bruce Boyes

Bruce Boyes ( is a knowledge management (KM), environmental management, and education professional with over 30 years of experience in Australia and China. His work has received high-level acclaim and been recognised through a number of significant awards. He is currently a PhD candidate in the Knowledge, Technology and Innovation Group at Wageningen University and Research, and holds a Master of Environmental Management with Distinction. He is also the editor, lead writer, and a director of the award-winning RealKM Magazine (, and teaches in the Beijing Foreign Studies University (BFSU) Certified High-school Program (CHP).

Related Articles

Back to top button