Background Image

Our references

Project Risk Analysis
Quantitative Risk Assessment
Risk Management Training
QRA Training
Schedule Risk Analysis
Air Liquide
QRA Training
QRA on projects
RM Processes & Tools
Monte-Carlo Risk Assessment
Bayesian Risk Assessment
Enterprise Risk Management for small/medium sized companies.
Quantitative Risk Assessment and Simulation Tools (Farming, Business Plan, Projects)
Risk Management training
Domaine du Tariquet
Enterprise Risk Management (wineyard)
Heurtey Petrochem

Enterprise Risk Management
Top-Risks and Opportunities
Porfolio Risk Analysis
Project Risk Analysis
Project Risk Management Plan

Enterprise Risk Management
Top-Risks and Opportunities
Porfolio Risk Analysis
Project Risk Analysis
Project Risk Management Plan
QRA Training
Nenuphar wind
Risk Management (Start-up  - Floating Offshore Wind)
Quantitative Risk Assessment (Capex; Opex; LCOE)

Our partners

Innovation, Management Systems and tools for small/medium size companies. 

Palisade is the maker of the world's leading risk and decision analysis software, @RISK and the DecisionTools Suite.

Designed by the project risk experts that brought Pertmaster™ to market, Safran Risk delivers advanced quantitative risk analysis in an intuitive user interface, interoperable with Primavera P6, Microsoft Project and Safran Project.
Vose Software
Software systems for quantitative risk analysis and management.
Designer of decision aid software packages, world leader in Bayesian networks for data mining.
Antelope provides a simple, pragmatic and integrated Risk Management System  (Risk appetite, risk register, risk library, Montecarlo simulation...).

Site Map


Contact us

See below form or

Phone : +33 3 61 05 71 15
Fax : +33 3 51 08 17 11
Address: 56, rue de Piètre 59249 Aubers - France


Risk Management

For Business and Projects.

PragmaRisk is a risk management consultancy company that provides services and support covering Enterprise Risk Management (ERM), Project Risk Management and Quantitative Risk Assessment (QRA).

Our core-approach is business and project orientated. We are committed to developing efficient practices, suited to each context: from small-medium-sized enterprises to the world's leading, multinational corporations.

The company's key focus is the engineering and construction sector, with clients including  Technip, Alstom, Air Liquide, SBM, CB&I, Heurtey Petrochem, Prosernat...  

It has delivered ERM implementation and improvements, Risk Analysis, QRA and Training across Europe, North America, the Middle-East and Asia.

PragmaRisk helps clients to develop risk management best practices, both qualitatively and quantitatively, at corporate and project levels. This includes project's risk profiling, mitigation plans, portfolio analysis and risk Data Mining (which helps organisations collect and structure data so that it benefits their ERM programme).

It also carries out Monte-Carlo simulation to quantify the risks and uncertainties inherent in the execution of a projet (cost & delay), and advising on contingency funding and budgets.


Project Risk Management

Being coherent and effective.

For a company in “project” mode, every deal is a step towards success.  The Project Risk Management approach starts at the first steps towards a project and continues throughout each of its phases: feasibility study, tender, execution and operation.

To be effective, the method must be adapted to each phase of the project (i.e. issues, timing and resources), while remaining, on the whole, similar.  This permits a company to structure information in the same way and facilitate, for example, the passage from the pre-project phase to the operational phase or to use and interpret historical data.

To be coherent, the approach must be “shared” between all of the ongoing affairs, even if the projects are often very different in nature (size, scope, technology/market, contract…).

In order to obtain an overall view of what is in play, it must combine these two approaches:

  • Qualitative: what are our objectives?  What are the main threats to achieving this objective?  What are we doing?  Have we done it?
  • Quantitative: what is the impact of these risks on our forecasts/commitments (costs, deadlines and margins)?  Are we objective?

Traditionally, risk registers are the go-to tool for risk management.  Experience, however, has shown that there can be several problemsProblems encountered when using the risk register as the primary (sole) project risk management tool. with this.

We have developed an alternative for our clients, which respects the ISO requirements and is built first and foremost around the risk profile for a project.  The approach can be used for both small and medium-sized companies and larger groups.

It promotes a view of the bigger picture while providing an opportunity to analyse risks at the level required for critical subjects and develop a risk management plan which is relevant at every step:

  • Make the best choices during the feasibility phase (strategy, technical aspects),
  • Support negotiations in the pre-project phase (i.e. contracts),
  • Improve the direction and execution plan for the project,
  • Secure and optimise the operational phase.

This approach also facilitates the quantitative approach (statistical and probabilistic indicators) by distinguishing what results from firstly the risk of the matter, and secondly from the appetite for risk (i.e. commercial competition and aggressive pricing).  Thanks to this, it is possible to put costs and schedule into perspective and take into consideration the changes in the project’s risk profile, which will be increasingly clearly defined throughout the duration of the project.





Risk Management


Risk threatens the objectives of any organization: project , company, corporation and local authorities.

Risk Management is a global approach focusing on all the objectivesTypical objectives of a company handling projects. of an organization (however, Industrial Risk management is mainly focused on safety and environmental aspects)

It allows a company to define and implement a strategy for securing these objectives.

At a corporate level, Risk Management is called Enterprise Risk Management (ERM).

It can be applied at project level, where the objective is to secure the execution plan. 

It is a global approach, tackling every type of risk.Typical risk-categories in engineering and construction..

It is a structured and continuous process with 4 Key steps.

  • Risk & Opportunity identification
  • Criticality assessment to focus on key issues and success drivers.
  • Definition, implementation and monitoring of mitigation plans
  • Monitoring through reviews, management charts and key performance indicators.


Quantitative Risk Assessment (QRA):

Quantifying risk means expressing the likelihood and potential extent of budget overruns and schedule delays. This is particularly crucial to having a comprehensive overview of risks.


"ISO 31000:2009, Risk management – Principles and guidelines", provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector.  




Enterprise Risk Management

Risk Management Policy

ERM is clearly a highly valuable tool in running a company - it embraces all of its objectives, highlights challenges and focuses people on developing strategies to secure the future of the company.

For a company working in project mode, the success of each project is a priority; the core approach of 'Enterprise Risk Management' is then project orientated.

See Portfolio Risks

See Project Risk Management

However, it also deals with numerous other cross-functional issues impacting all of its activities (i.e. HR, QHSE, IT, Technology, Market trends, Reputation...). A mature Risk Management approach should therefore be able to focus on these and feed its medium-term strategy:

  • What are our main Risks and Opportunities ?
  • What changes need to be made to secure and boost our growth ?


 See Top-Risks and Opportunities

Finally, it is also essential to develop a quantitative approach to risk, to continuously resource and improve the approach to ERM (Data Mining, statistical & probabilistic methods).

See Quantitative Risk Assessment

PragmaRisk helps clients to develop risk management best practices, both qualitatively and quantitatively, at corporate and project levels.

From small-medium–sized enterprises to the world's leading, multinational corporations, we have the solutions to suit the time and resources you want to dedicate to it. We are committed to continuously developing the most simple and effective Risk Management approach.





Portfolio Risks

Risks Concentration / Diversification

With regard to ongoing projects, snapshots of Portfolio Risks are essential to ensure risks are well diversified. They allow you to identify areas where risks are concentrated and focus the company on developing business strategies to improve the situation in the medium-term.

These are also valuable dashboard-tools, providing an over-arching picture of projects & risks in an efficient way, for ongoing projects as well as for prospects.

The ERM responds to simple questions:

  • On any given project, what are the main risk drivers and how do you mitigate these?

see Project Risk Management

  • Which projectsSnapshots of Projects with regard to their risk profile.
    Horizontal axe: Physical progress of projects
    Vertical axe: Risk levels (likehood of overruns - accuracy of margin forecast)
    The size of the bubble indicates the project value from a turnover perspective.
    are at Risk ? 


  • How do Risk driversExample of project risk drivers.
    Each project risk profile can be consolidated in a snapshot of the project portfolio and highlight risk concentrations.
    Risk drivers need to be selected by each company depending on the kind of risks usually faced by the business.
    concentrate or diversify the portfolio in ongoing projects, as well as prospects


  • Is this acceptable? What is our Risk appetite in the short-medium term? What changes need to be made at a corporate level? 

Top-Risks & Opportunities

Monitoring action plans

For a company in project mode, cross-functional risks impact all activities and projects, and cannot be handled efficiently at project level.

These risks and opportunities require a change-management approach at company level, to secure its growth in the medium-term.

The ERM approach identifies and assesses these, and allows you to focus on critical ones. It provides a concrete, common and global way to monitor company risks and opportunities.

Key parts of the business (services/department/branch etc.) have a role to play in securing and enhancing company growth, and ERM enhances it particularly well around certain core values: team work, creativity, pragmatism and determination.

Periodically (i.e. monthly or quarterly), the company’s senior management meets for an overall risk review, to support and take decisions.

Here is an example of a Top-Risk sheetRisk description and ownership. Development and monitoring of the risk mitigation plan.describing a risk in more detail and making it possible to monitor whether the risk mitigation plan is being implemented effectively.

Here is an example of a Risk dashboardOverall view of risks and status of their mitigation plans., providing a global view of risks and the progress of mitigation plans.


Below are some examples of risks / opportunities for each business area:

Human Resources: Retention and succession of key-people, psychosocial risks

QHSE: Industrial Safety, Environmental pollution, Security of people/goods/assets

Ethic: Compliance, Reputation

Legal: Responsibilities, Liabilities, Laws/Codes/Rules, Insurances, Guarantees

Financial: Cash flow, Payment Risk, Currency Risk, Fiscal Risk

IT: Continuity Plan, Cyber crime

Business & Technology: Diversification, R&D, Acquisitions

Operations (Engineering, Procurement, Fabrication, Construction, Sub-contracting): Framework agreements, Partnerships, Internalisation, Schedule-sequence optimisation, cost-savings


QRA - Principles and methods on projects

How do you consider uncertainties in a budget or cost estimate?

Quantifying risk means expressing the likelihood and potential extent of budget overruns and schedule delays. This is particularly crucial to having a comprehensive overview of risks.

Our methods are inspired by techniques used in major international industrial projects and can be incorporated into Enterprise and Project risk management tools.

They differ from the methods used in banking / insurance in that they use an operational approach intended for running a company or project and making decisions. They are not focused purely on the result (level of cover, expected margin …) but rather on the operational capacity to mobilize the people involved (inside and outside the organization) in order to influence the result.

In practice, Quantitative Risk Assessment (QRA) helps to answer the following questions:

  • How do you consider uncertainties in a budget or a cost estimate?
  • How do you define a provision for risks (contingency), specifically taking into account the risk profile of a given project?
  • How do you account for a given risk appetite and remain competitive ?
  • How do you monitor a contingency level for the entire project lifecycle?


The objective of contingency recommendation and monitoring is to account for the many uncertainties when planning budgets in order to determine the amount of contingency fund that should be added to the original budget, or to check whether what has been allowed to date in enough.

The definition of contingencyWhile Allowances are related to “completeness” of the definition of the known scope, Contingency is related to estimate “accuracy” and the risk of undertaking the project.

Contingency is a specific allocation of resources (money, people, time, etc.) added to the estimate for uncertainties due to an evaluation of the possibility, probability, risk and consequences of events which can cause overrunning the base estimate.
 and how to estimate it are among the most controversial topics in cost engineering.  While there is consensus among cost engineers on what contingency is, there is much less consensus on how to estimate it.

In general, there are four methods

  • Expert Judgment: contingency is simply expressed as a % of the budget / cost estimate based on experience and expertise;


  • Predetermined Guidelines: a common approach is to establish a table of contingency values and ranges to be applied by the company. A scoring mechanism sometimes takes into account the specific features of the project and risk profile.

See dedicated section

  • Simulation Analysis  (ie: Monte-Carlo) : this method combines expert judgment with an analytical model that is then used in a simulation routine to provide probabilistic output. Monte-CarloMonte-Carlo model: inputs (ranges) and outputs (distribution of likely results; risk drivers) simulation is a computerized mathematical technique that performs a project simulation numerous times to calculate a distribution of likely results and analyse main drivers influencing these results.

See dedicated section

  • Parametric Modeling: A parametric model is based on an algorithm (for instance, a Bayesian network) that employs historical feedback data.


One method is not better than another - each has advantagesQRA Methods : advantages and drawbacks. Developing and implementing alternative approaches lets you take advantage of each method while you cross-check them.


Monte-Carlo simulation

Cost & Schedule integrated approach

PragmaRisk performs integrated cost and schedule QRA.  This is done throughout the life of a project, which can run over several years.


In line with guidelines from the Engineering and Construction Risk Institute (ECRI), this approach can be illustrated as follows:


Common and seemingly simple occurrences can have detrimental effects on the budget.  For example, a construction project over-running means that equipment and manpower must be hired for longer, while costly schedule recovery plans (such as working at night) may be required and contractual damages for delay applied.

Project scheduling is usually undertaken with Microsoft Project and / or Primavera, and PragmaRisk’s Monte-Carlo @Risk Excel model bridges both, using inputs as required to account for the potential project risk and its related cost.  Models account for the cost estimate / budget sensitivity aspects, but also the risk / opportunity events (contractual, sourcing, technical, etc) that can affect the execution plan of the project.


Inputs to the Monte-Carlo model


For most projects, PragmaRisk models the risks related to the budget and schedule overrunning, taking this integrated approach because cost and time are interdependent, and result in the most indirect costs.

Typical inputs to a Cost and Schedule Integrated QRA include:

  • Simplified Cost Breakdown Structure (CBS), showing how much is expected to be spent on each element of a project.


  • The sensitivity of key costs.  For example, procurement of industrial equipment and materials depends on the market conditions for raw materials and prices can change by the time purchase orders are placed.   When historical data is available, some probability density functions (that determine previous patterns) can be derived and exploited.


  • Simplified Schedule. This is the plan of a project’s key constituent tasks, showing those that are critical to the process, with sensitivity / range analysis of their durations and the way these are linked (ie the knock-on effect that each has on the other).


  • List of risks / opportunities that could impact the project.  Ideally these are taken from a specific risk analysis performed on the project, combined with historical information of similar projects.


  • Risk mappingA detailed screening of the risk register ensures issues have not been omitted. At the same time, to avoid uncontrolled cumulative effects, it must be factored in that several risks might impact the same individual cost item or scheduled task. For example, construction productivity risk might combine several individual risks: labour characteristics, site accessibility and congestion issues, weather condition-window issues, revamping and existing infrastructure constraints etc. These are usually identified and addressed separately from a risk management point of view. ensures consistency and analyses the interdependencies between the inputs in order to ensure no important correlations are missed and to avoid ‘double dips’ and omissions. 


Monte-Carlo model outputs


Running a Cost and Schedule Integrated QRA, our Risk Manager typically first identifies the probability of meeting the estimated budget if there is no contingency fund.  This will depend on how the budget has been calculated, with factors such as estimator practices, company culture and the aggressiveness of assumptions influencing the figure
The probability curves shows the distribution of likely actual costs
- Probability of meeting the budget without contingency
- Contingency level required to meet a given Risk appetence.

From there it can be determined how much contingency budget is required to ensure the required level of ‘risk comfort’.  This is expressed as the percentage likelihood of not overrunning the cost estimate.  For the purpose of budget, when projects are in their early stages, most companies use percentile 50%.  This is the median value, and is regarded as a realistic forecast that also avoids ‘killing’ projects before they have been studied sufficiently (Class 5 to Class 3 as per AACE cost estimate classificationSource: AACE Cost Estimate Classification System – Recommended Guideline 18R-97 guidelines).

When the scope of work and risks are better defined and understood, percentilesPercentile ‘P80’ indicates that there is an 80% chance of being on or below budget, while a P60 shows a good degree of confidence and a P50 is ambitious but realistic about the budget being met.  Pricing aggressively, for example to win a contract for strategic reasons, might see a P30 figure. 70% or 80% are traditionally used.  By this stage, companies are committed to success and wish to secure their financial forecast. However, an engineering and construction contractor bidding for a new project must make its tender competitive, and might price aggressively (while ensuring this is consistent with its own ‘strategy’ and ‘risk appetite’). 

The amount of contingency selected for the project will depend on its risk profile, but also on the contractor’s ’risk appetiteUsing a Monte-Carlo approach does not predict what will actually happenUsing a Monte-Carlo approach does not predict what will actually happen, but it applies reasoning under conditions of risk and uncertainty. However, because of the nature of risk this does not always produce satisfactory results.  While some researchers try to remove ‘unknown risk events’ and ‘black swans’ via their QRA models, PragmaRisk focuses on the operational aspects of a project and the need to accept working with uncertainty.  A project outcome that falls outside the contingency figures forecast is regarded as a learning opportunity to analyse whether a different approach should be taken in future., but it applies reasoning under conditions of risk and uncertainty so that these two key aspects to be distinguished

Finally, the main uncertainties and risksTop-Risk drivers affecting the budget of the project can be outlined. This allows mitigating action to be taken to reduce risks where possible.  It also provides a complementary view to the usual ‘Top-Risks’ identified by qualitative risk analysis.  This increased coherence between qualitative and quantitative risk management provides a wider view of the project and related risks.

Risk Profiling

Exploiting feedback data to build some contingency guidelines.

Monte Carlo simulation is not the only method with which to determine and monitor contingency.  In some circumstances, for example if time or the resources available are limited, or for projects undertaken by small to medium sized companies, a detailed ‘risk register’ and / or Monte Carlo risk analysis are usually not feasible because no dedicated resource or risk manager is available.

In these instances, an alternative, ‘parametric’ approach can easily and efficiently provide a risk profile for each new proposal or project using both qualitative and quantitative risk management information. PragmaRisk uses statistical tools (ie: Palisade’s StatTools) to analyse the historical data for portfolio projects and produce typical overruns / contingency consumption curves in line with a project’s specific risk profile.

In such context, Qualitative risk management uses a scoring mechanism to profile projects based on key risk driversThese include the country where it is to be carried out and the context in which the client operates there, contractual and financial terms, complexity and technology challenges, the basis of the estimate / proposal preparation (for example, whether the contractor has had enough time to research constituent costs), the aggressiveness of cost and schedule assumptions, execution plan sourcing and subcontracting constraints.

See Project Risk Management section: Project Risks profiling


From a quantitative perspective, the parametric approach provides a view that complements the traditional ‘expert judgment’ contingency recommendation method.  This tailors typical contingency curves built from a statistical tool, using the accounting project risk profile and current context (ie: the risk drivers, physical progress, etc).

Advanced analysis of feedback data enables the relationship between the qualitative risk profile of projects and their financial performance to be determined.  Details examined include the extent of overruns as a function of a project’s physical progress (ie: to flag accuracy issues), the overall effect of each risk driver and the correlation between them.


Probabilistic methods: other applications

When Risks and Uncertainty drive...

Monte-Carlo simulation is known to be a valid approach from a Cost Engineering perspective with regard to contingency monitoring.

PragmaRisk has also developed similar applications using probabilistic methods (Monte Carlo simulation, Bayesian Network etc.) in a wide variety of fields.

Financial / cost engineering:  Forecasting turnover, workload or treasury on a probabilistic basis and monitoring these quarterly at company level

Weight control in offshore industry, which is essential as it impacts constructability and naval stability

Logistics: determining the surface required for layout / store materials

Weather risk in construction : factoring in days that, due to adverse weather conditions, will not be workable on offshore projects

Power production: factoring in the many uncertainties that determine the power that can be produced and sold.





Profiling Project Risks

What are the main risks in a business deal?

To establish a risk profile for a project, it is first necessary to set out a questionnaire or an analysis table in order to identify risks and categorise projects according to their risk level.

This analysis table uses a project risk mapping approach; we talk about an RBS or Risk Breakdown Structure.  It is then possible to organise the risks into broad categories (Contextual, Contractual and Financial, Costing, Technical, Operations, QHSE…).

The questionnaire helps identify what the main risks are, the areas in which there is little direct control, what is unusual, what is not known at the time of the analysis, what is still uncertain or susceptible to change.  The scope of the questionnaire is established according to the nature of the projects, the maturity of the company in terms of Risk Management and project control, the time and resourcesIt is obvious that most small and medium sized businesses will not be able to assign a Risk Manager to their projects and affairs.  Even for large companies, the resources allocated to the project depend first and foremost on the size of the job.  So what is the best way to manage risk without a Risk Manager?  By keeping it simple and effective… that it wishes to dedicate to risk management...

The questionnaire must contain at least a few dozen questions.  Certain companies push it to one or two hundred criteria in order to cover most issues.

Here are a few examples of risk criteriaCountry risk classification: it is possible, for example, to use the OECD classification to assess the political risk and stability of the country where the project is located.

Project size: the company sets out the total amount, above which a deal is considered “unusual”.

Scope: the scope of a project is a source of risk (e.g. for a construction project: engineering, procurement, manufacturing, construction, commissioning and start-up).

Penalties for delay: according to their amount and how they are applied.


This questionnaire must be a resource that can monitor the project during the feasibility and pre-project phases, and all through its completion.  It must provide the tools needed to take into consideration the changes in the risk profile.

A “Risk Mitigation” module lets users perform an in-depth analysis, develop certain subjects and set out a project strategy in response to the risks identified in order to minimise the probability that they arise and/or their impacts.

See Project Risk Analysis and Management Plan


This can also be combined with characteristic quantitative elements (budget, forecast, available provisions for risks, physical progress, project duration, reported delays…) in order to establish a link between this profile and its performance, constitute a database and feed the ERM  approach over time to achieve quantitative results.

See Quantitative Risk Assessment - Parametric profiling


The compilation of “risk profiles” at a project portfolio level offers companies the building blocks to create a tracking system for risk concentration, set out a diversification strategy and monitor its effects over time.

See Portfolio Risks

Risk analysis & management plan

Be focused and pertinent.

When embarking on an in-depth risk analysis, starting with a project risk profile base can save time and rapidly home in on the most important subjects.  Essentially, this means prioritising the biggest risks and opportunities.

A brainstorming session with the project team is an opportunity to complete the identification process.  Alternatively, a brief interview with the people involved in the project, both within the company and especially outside it (client, partners, critical suppliers or sub-contractors), can be a useful solution.

Another area for consideration is to re-immerse oneself in the issues encountered during similar deals by speaking with those with experience of them.  It is one of the Enterprise Risk Management’s tasks to document and structure the risk archive as the documents are created.

For critical subjects, a concise risk sheetexampleis a good way of focusing on the issues.  It can be used to track the strategic treatment plan’s progress.

A recap in the form of a dashboardexample will provide an overall view of the “Project” risks and their action plans’ progress.




You can download our brochure hereunder: