University of Adelaide · S1 2026 · FACULTY OF ENGINEERING

ENGI5003 · Professional Engineering Management

- one subject, every graph, every model, every mark
50% final exam · hurdle14 Chapters7-page Bible
Our own words - no uploaded lecturer files
Built to mirror S1 2026 · updated this semester
Chapter 4 of 8 · ENGI5003

Risk Management

This chapter is the risk management topic of ENGI 5003: how an engineering project surfaces what could go wrong, grades each threat by likelihood × impact on a 5×5 matrix, chooses a response, and records everything in a risk register. It is a near-guaranteed exam earner — expect a short-answer or scenario task asking you to score and rank risks, name a response strategy, or place a control on the hierarchy, so the method here maps straight onto marks.

In this chapter

What this chapter covers

  • 01What a risk is: likelihood + impact, inherent vs residual
  • 02The four-phase pipeline: identify, analyse, respond, manage
  • 03Identification tools: PESTLE, Risk Breakdown Structure, bowtie
  • 04The risk-statement template (event / cause / consequence)
  • 05Qualitative analysis on the 5×5 matrix (score = L × I)
  • 06Response strategies: avoid, transfer, mitigate, accept
  • 07Hierarchy of controls (Eliminate → … → PPE)
  • 08The risk register and WHS Act 2012 (SA) s22 designer duty
Worked example · free

Score and rank four site risks on the 5×5 matrix

Q [5 marks]. A campus is installing rooftop solar panels. The team lists four candidate risks. For each, grade likelihood (1–5) and impact (1–5), compute the qualitative score (L × I), read the band, and state which risk is treated first. • R1: Worker slips on a wet roof — Possible (3) × Major (4) • R2: Inverter delivery delayed — Likely (4) × Moderate (3) • R3: Minor scratch to a panel frame — Likely (4) × Negligible (1) • R4: Crane contacts overhead power line — Rare (1) × Severe (5)
  • +2Multiply L × I for each risk — score is the product, never the sum: R1 = 3×4 = 12; R2 = 4×3 = 12; R3 = 4×1 = 4; R4 = 1×5 = 5.
  • +1Read each score against the band scale (1–4 Low, 5–9 Medium, 10–14 High, 15–25 Very High): R1 = High, R2 = High, R3 = Low, R4 = Medium.
  • +1Rank by score, highest first; break a tie by the larger impact, since a severe consequence is less tolerable than a frequent nuisance — R1 (impact 4) outranks R2 (impact 3) despite the equal score of 12.
  • +1Identify the treatment priority and note R4: although Rare, its Severe impact means it cannot simply be ignored — a fatality-class risk warrants attention beyond its modest score.
Treatment order R1 (12, High) → R2 (12, High) → R4 (5, Medium) → R3 (4, Low); R1 is treated first, and R4 is flagged because severity outweighs its low frequency.
Sia tip — Sia tip: when two risks score equally, the tie-breaker is almost always the bigger IMPACT — examiners plant equal-score pairs to see if you grasp that severity beats frequency.
Glossary

Key terms

Risk (PMBOK)
An uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective. Its two components are likelihood (probability) and impact (severity).
Inherent vs residual risk
Inherent risk is the rating before any controls are applied; residual risk is what remains after controls. The aim of a response is to pull inherent risk down to an acceptable residual level.
Risk matrix (5×5)
A grid combining a 1–5 likelihood scale (rare…almost certain) with a 1–5 impact scale (negligible…severe). The product L × I gives a score read as Low / Medium / High / Very High.
Risk Breakdown Structure (RBS)
A hierarchical categorisation of risk sources, typically Technical, Management, Commercial and External, used to organise identification and the register so no source area is missed.
Bowtie method
A diagram centred on a top event: the left side lists causes plus proactive (preventive) controls, the right side lists consequences plus reactive (mitigation) controls.
Hierarchy of controls
Risk controls ranked most-to-least effective: Eliminate → Substitute → Isolate → Engineering controls → Administrative controls → PPE. Higher levels are preferred as they depend less on human behaviour.
FAQ

Risk Management FAQ

What is the difference between qualitative and quantitative risk analysis?

Qualitative analysis grades likelihood and impact on word scales (rare…almost certain, negligible…severe) and reads a band off the 5×5 matrix. Quantitative analysis attaches numbers, such as a probability times a dollar impact (expected monetary value). For most engineering projects qualitative grading is sufficient, and that is what the exam emphasises.

How do you calculate a risk score?

Multiply likelihood by impact, each rated 1–5: score = L × I. The product (1–25) maps to a band — 1–4 Low, 5–9 Medium, 10–14 High, 15–25 Very High. It is a product, never a sum, and the band (not the raw number) drives the management response.

What are the four risk response strategies?

Avoid/eliminate (remove the cause so the event cannot occur), Transfer (shift the financial consequence to a third party, e.g. insurance), Mitigate (reduce the likelihood and/or impact), and Accept (take no action on Low risks or hold a contingency reserve).

What goes in a risk register?

Each row records an ID, description, category, likelihood, impact, the inherent risk rating, the control measures, and the resulting residual risk. The register is a living document kept current through monitoring — audits, reserve analysis and reassessment.

Why is PPE the lowest level in the hierarchy of controls?

PPE (such as a harness or respirator) only works if a person wears and uses it correctly every time, so it is the least reliable, last line of defence. Higher controls — eliminating or substituting the hazard, or engineering it out — protect everyone regardless of behaviour, which is why a designer's duty under WHS Act 2012 (SA) s22 is to design out the hazard so far as is reasonably practicable.

Study strategy

Exam move

Memorise the workflow as one chain and recite it on any risk question: Identify widely (PESTLE / RBS / bowtie) and write each risk as "If EVENT due to CAUSE, then IMPACT" → score the INHERENT risk as L × I on the 5×5 → rank, with High/Very High needing controls plus senior sign-off → choose a response (avoid / transfer / mitigate / accept) → for mitigate, climb the hierarchy of controls (Eliminate first, PPE last) → record inherent → controls → residual in the register and monitor. Drill three reflexes the examiner tests: score is L × I (multiply, never add); always rate INHERENT before any control quietly lowers it in your head; and when scores tie, let the larger impact win because severity beats frequency. Practise mapping one hazard across all six control levels and translating one bowtie branch into a single register row — those are the two most common short-answer formats.

A+Everything unlocked
Unlocks this Bible + all 9 of your University of Adelaide subjects - and 1,000+ Bibles across every Australian university.
Sia - your ENGI5003 tutor, unlimited, worked the way the exam marks it
The full 7-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
Unlock the full ENGI5003 Bible + 9 University of Adelaide subjects解锁完整 ENGI5003 Bible + University of Adelaide 9 门科目
$25/mo