How a duty holder can recognise competent UXO advice in procurement, and why the right questions are part of discharging the duty.

In Part 4, I argued that the future of UXO risk assessment in the UK is quantitative articulation of residual risk, sitting alongside the qualitative descriptor as the operational layer the duty holder needs to manage what the framework expects to remain.

That argument has a procurement consequence. If quantitative articulation is what the duty holder needs, the procurement question is how to recognise it when commissioning UXO advice. And procurement itself is part of how the duty is discharged. Under CDM 2015, the client’s duty includes appointing competent advisors and ensuring suitable arrangements are in place. The way you ask for advice shapes the advice you get. Procurement isn’t an administrative preamble to the work; it’s where competent duty holder behaviour starts.

This piece is for any developer, principal contractor, or anyone with a CDM duty who is about to commission a UXO Detailed Risk Assessment, or has recently commissioned one and isn’t sure whether it gives them what they need. Five questions. They apply to Brimstone, to our competitors, and to any UXO consultancy you might engage. Get the answers right and you have the basis of a defensible duty holder position. Get them wrong and no amount of mitigation spending afterwards will fix what the assessment didn’t articulate properly.

Before the questions: the methodology spectrum

Part 4 established that UK UXO methodology runs across a spectrum: qualitative (descriptor-only), semi-quantitative (weighted inputs combined transparently), and quantitative (probabilistic articulation of residual risk with exposed assumptions). All three are recognised in CIRIA C681. The duty holder’s procurement question isn’t which one is “right” in the abstract. It’s which level is appropriate for the project, and whether the consultancy can deliver at that level.

For most small UK construction projects with limited UXO exposure, a competent qualitative DRA is appropriate. For mid-complexity sites with meaningful UXO exposure, semi-quantitative methods that expose assumptions and weight inputs are a significant improvement. For high-complexity projects, deep intrusive works on historically exposed sites, infrastructure programmes with long lifecycles, sites with stacked risks, the quantitative articulation Part 4 described is increasingly the right answer.

The duty holder’s first job in procurement is calibrating which level the project requires. The five questions below help with that, and they help with the harder job of recognising which consultancies can deliver at the level you’ve calibrated to.

1. What does “low”, “moderate”, or “high” mean in your methodology?

This is the question that exposes whether the consultancy has a methodology or just a vocabulary. A competent answer describes the inputs being weighed, the criteria distinguishing one category from another, and the assumptions sitting underneath the conclusion. If the answer is “we use professional judgement” without specifics, the descriptor will be unverifiable. If the answer is structured (strike density bands, failure rate assumptions, post-war attrition factors, intrusive footprint thresholds), the descriptor is anchored in something defensible.

This question also lets you ask the follow-on: “Can you produce a semi-quantitative or quantitative articulation alongside the descriptor?” The answer tells you where on the methodological spectrum the consultancy operates. Some firms can only produce descriptors. Some can do semi-quantitative work but rarely do because clients haven’t asked. A few can produce full quantitative articulation routinely. Knowing which is which is the first procurement signal.

2. What is the residual risk after mitigation, and can you articulate it operationally?

Every UXO mitigation strategy reduces risk but leaves residual. The question is whether the consultancy can tell you what residual remains and what it means for your project. A competent answer doesn’t just say “low residual after mitigation”; it tells you what specifically remains, where on the site, at what likelihood, and what triggers would change that figure.

This is where the semi-quantitative and quantitative spectrum becomes practical. A descriptor of residual risk is roughly as useful as a descriptor of inherent risk: not very. An operational articulation gives you something to record in the project risk register, something to brief site teams on, and something to revisit when conditions change. The duty holder owns the residual; ask the consultancy to give you something you can actually own.

3. Will the same person stand behind this assessment during construction?

UXO advice isn’t a one-off product. The risk assessment is a live document that has to evolve as the project does. The person who wrote the DRA needs to be available to revise it when the design changes, when something is found, or when site conditions surface new information.

A competent answer names the author and confirms they’ll be reachable during construction. An incompetent answer is some version of “our delivery team handles that.” If you can’t call the person who wrote your assessment, you don’t really own the residual; you own a document and a phone number. When something happens on site at 7am on a Tuesday, the difference matters.

4. What changes would invalidate this assessment?

Risk assessments are conditional on the proposed works as described. The DRA you commissioned for an 8m basement and 15m piles may not hold for a redesign to 12m basement and 20m piles. Asking the consultancy explicitly what changes would invalidate the assessment forces them to articulate the conditions under which the conclusion holds.

A competent answer lists specific triggers: pile depth changes above a defined threshold, intrusive footprint expansions of a certain percentage, redesigns that move works below previously assumed mitigating layers, discoveries on adjacent sites. An incompetent answer is “let us know if anything changes.” The first gives you a project risk register you can use; the second gives you an ambiguity you’ll have to manage.

This is the question that turns the DRA from a verdict into a live document, which is what CIRIA C785 has been saying it should be since 2019.

5. What does this give me for my CDM duty?

This is the question many duty holders never ask, and the one that matters most. The DRA isn’t an end in itself. It’s an input to the duty holder’s discharge of the CDM 2015 duty, which under Reg 4 includes ensuring suitable arrangements for managing health and safety risks, providing pre-construction information, and verifying that the construction phase plan addresses identified risks appropriately.

A competent answer connects the DRA explicitly to the duty holder’s CDM position: “Here’s what this gives you to put in the pre-construction information. Here’s what the Principal Designer needs to coordinate around. Here’s what the Principal Contractor will need to integrate into the construction phase plan. Here’s how the residual will be managed as the project progresses, and here’s the documentation trail that supports your duty discharge if you’re ever asked to demonstrate it.”

An incompetent answer is “we’ve produced the assessment, the rest is your responsibility.” Technically that’s true. Practically it leaves the duty holder having to translate a technical document into a regulatory position alone. A consultancy that helps with that translation is materially more useful than one that doesn’t.

The procurement floor

CHAS, SMAS, and the other SSIP-recognised schemes provide a baseline assessment of contractor health and safety competence. They’re worth checking and most credible UK UXO consultancies hold one. But pre-qualification accreditation tells you the consultancy meets a generic standard, not that they can deliver the methodological depth your project needs. The five questions go above the procurement floor into the specific competence relevant to UXO risk.

What this means in practice

Two practical implications.

Ask these questions before you commission, not after. The procurement conversation is the moment where the duty holder shapes the advice they’re going to receive. After the DRA is delivered, your options narrow. Some consultancies will say they can produce a quantitative articulation if asked; very few will produce one unprompted because the commercial pressure isn’t there yet. Asking changes that.

Expect different answers from different consultancies. The five questions are diagnostic. Some firms will struggle with question one and never get to question five. Others will answer all five competently and confidently. The differences are real and they tell you something material about which firm will give you what you need.

The series so far has argued that residual risk is foundational to the regime, that the duty holder owns it, and that quantitative articulation is the methodological direction the sector should be moving in. Part 5 has been about how the duty holder applies that argument in procurement.

Part 6 closes the loop. It takes the methodology that Part 4 introduced and walks through what it looks like in practice on a representative site. The technical capstone of the series.

Procurement is where the duty holder’s intentions meet the consultancy’s capabilities. The five questions are how you make sure the meeting produces what you actually need.

Previous: Part 4 – Beyond the descriptor
Next: Part 6 – The methodology in practice

For regular updates, project insights, and industry guidance, follow Brimstone UXO on LinkedIn, Facebook, Instagram, and YouTube.

UXO Consultancy

"*" indicates required fields

Join the Brimstone Members Club

The Brimstone Members Club is more than just a mailing list – it’s your gateway to insider content, fun giveaways, company updates and an exclusive welcome discount*. Find out more

Name*
Privacy*
Marketing*
Remnant
This field is for validation purposes and should be left unchanged.