Why the future of UXO risk assessment is quantitative articulation of residual risk, and what CIRIA already supports.

In Part 3, I argued that the duty for managing UXO risk sits with the duty holder. It cannot be transferred. The consultancy advises, the duty holder owns the residual, and the discharge mechanism is competent advice acted on.

That leaves a question I’ve been circling for three weeks and now want to answer directly: what does competent advice actually look like?

The honest answer is that the UK UXO sector has been comfortable with a level of methodological compression that doesn’t serve duty holders well. The qualitative descriptor (low, moderate, high, very high) is useful as triage, but as the operational basis for managing residual risk on a project, it is not enough. The piece that follows is about what comes next, and it should not be controversial. The methodology I am about to describe is published in CIRIA C681 Appendix A4. It has been since 2009. The sector has been slow to adopt it.

The limits of the descriptor

Parts 1 and 2 covered this in more detail, so I’ll be brief. The qualitative descriptor compresses a multi-factor risk picture, strike density, failure rate, penetration depth, post-war attrition, intrusive footprint, encounter geometry, into a single category. The reader receives the conclusion but not the inputs. Two sites with materially different risk profiles can both be classified low. Two consultancies assessing the same site can produce different descriptors based on different assumptions, none of which are visible in the output.

For triage, this is fine. For the duty holder trying to manage residual risk during construction, it leaves them with a category and no operational basis. “Low” does not tell you what to do when the design changes. It does not tell you what residual remains after mitigation. It does not give you a defensible record for a regulatory enquiry. It is the start of the answer, not the answer itself.

What CIRIA already supports

This is the part of the argument that surprises people who haven’t looked at C681 closely.

The foundational UK UXO guidance does not prescribe qualitative methods. Its glossary explicitly recognises three modes of risk assessment: qualitative, quantitative, and semi-quantitative. Its introduction notes that some clients “may prefer a more direct analytical probabilistic approach or indeed a combination” of qualitative and quantitative methods. The framework is mode-agnostic. The choice of methodology is left to the practitioner.

Semi-quantitative methods, where qualitative judgements are assigned numerical weightings and combined transparently, are the genuine middle ground: more rigorous than a category, less demanding than a full probabilistic simulation. The framework recognises and supports all three.

More significantly, Appendix A4 of C681 includes a fully worked probabilistic example. The Liverpool study uses Monte Carlo simulation to compute the probability of UXO detonation across thousands of iterations, varying pile intervals and assumed bomb densities. The methodology is published as guidance, not as an exception. CIRIA itself, in 2009, set out a quantitative method in detail and offered it to the sector as a reference implementation.

C785, the 2019 quick-reference handbook, carries the same position forward without amendment. Quantitative methods are within the framework. The framework not only permits them, it shows you how.

Established UK practice as published by CIRIA contemplates quantitative methods explicitly and provides a worked example. What has not been established is the sector convention of using them. Those are different things.

What quantitative articulation actually produces

For any duty holder reading this who wants a sense of what a quantitative residual risk articulation looks like in practice, the output rests on six site-specific inputs, all of which are already collected as part of a standard CIRIA-compliant DRA.

Strike density: the estimated number of relevant ordnance items per hectare across the site, based on bombing records, military activity records, and proximity to strategic targets.

Failure rate: the proportion of dropped or fired ordnance that did not function as intended, drawn from established empirical data for the relevant ordnance types.

Penetration depth distribution: the likely vertical distribution of buried UXO, modelled against site-specific geology and ground conditions.

Post-war attrition: reductions in the residual hazard arising from documented clearance and post-war development, with explicit treatment of cases where development may have masked rather than removed UXO.

Intrusive footprint: the volume, depth, and intensity of proposed groundworks, expressed in terms that interact with the penetration depth distribution.

Encounter geometry: the probability that a given intrusive event, such as a pile or excavation cut, intersects a residual UXO item given the spatial distributions of both.

These inputs are then combined through Monte Carlo methods, in the same logic illustrated in C681 Appendix A4. The output is a residual probability of UXO encounter for the proposed works, expressed as a central estimate, a sensitivity range showing how the figure varies under reasonable changes in assumptions, an explicit list of those assumptions traceable to their evidence base, and a statement of the conditions under which the assessment must be revisited.

None of this replaces the qualitative descriptor. The descriptor remains the headline output for triage and procurement comparison. The quantitative articulation sits alongside it, providing the operational layer beneath.

The descriptor answers the question “how worried should we be?” The quantitative articulation answers the question “what should we do about it?”

Why the sector hasn’t adopted it

This is the honest section, and it implicates everyone, including Brimstone.

Three reasons quantitative methods have not become the sector default in the UK.

Qualitative descriptors are cheaper to produce. The data collection is broadly the same, but the analytical work to combine inputs probabilistically and expose assumptions takes longer and requires different competencies. For most of the last fifteen years, the commercial pressure has been toward shorter turnaround and lower price, not toward methodological depth.

Descriptors are easier to compare in procurement. A client comparing three UXO assessments wants to see three answers in the same format. Descriptors enable that. Quantitative outputs do not compare cleanly across consultancies because the assumptions differ. The procurement process has, accidentally, rewarded methodological uniformity over methodological transparency.

Descriptors are commercially comfortable for everyone in the sector. A “moderate” descriptor doesn’t expose the consultancy to scrutiny on inputs. It doesn’t invite challenge from a sophisticated client. It is, in effect, a defensible answer to a question the client doesn’t quite know how to ask. The sector has not had strong commercial reasons to push for change.

Brimstone’s pre-quantitative work was part of this convention. We’re not pointing at others; we’re describing where we ourselves used to operate. What has shifted is the duty holder community’s appetite for more operational information. The recent high-consequence finds, on sites that were assessed competently and conventionally, have made the gap between descriptor and operational reality publicly visible. The pressure to do more is now coming from the client side, which is where lasting methodological change usually starts.

What this means for the duty holder

If the duty holder owns the residual, and the descriptor doesn’t articulate it usefully, then the methodological answer is to articulate it differently. That’s not a departure from CIRIA. It’s what CIRIA explicitly supports in C681, and what the sector has been slow to adopt.

A quantitative residual risk articulation gives the duty holder five things a descriptor does not.

A defensible figure. Something to record in the project risk register that reflects actual likelihood, not a category.

Exposed assumptions. A clear view of what the assessment is based on, so the duty holder can challenge or confirm the inputs and understand what would change the conclusion.

A basis for tolerability. A reasoned decision about whether the residual is tolerable for the works being undertaken, rather than a binary acceptance of a descriptor.

Triggers for reassessment. Explicit conditions under which the DRA must be revisited, removing ambiguity about when the live document needs updating.

An audit trail. If the duty holder is ever asked to demonstrate how they discharged their CDM duty in the event of an incident, the quantitative basis is materially more defensible than a descriptor.

Not every project warrants full quantitative articulation. For many sites, semi-quantitative methods that expose assumptions and produce weighted outputs are a defensible middle ground and a significant improvement over descriptor-only assessments. The duty holder’s job is to ensure the methodology level matches the project’s risk profile and complexity. Part 5 takes up how to do that in practice.

None of this is unique to Brimstone. Any UK UXO consultancy with the analytical capability can produce a quantitative residual risk articulation. The sector convention has been not to. That convention is changing, and it should.

The future of UXO risk assessment in the UK is quantitative articulation of residual risk. The framework permits it. The duty holder needs it. The sector has been slow to provide it. After Plymouth, that lag is becoming harder to defend.

Previous: Part 3 – Who carries the duty?
Next: Part 5 – Five questions to ask your UXO consultancy

For regular updates, project insights, and industry guidance, follow Brimstone UXO on LinkedIn, Facebook, Instagram, and YouTube.

UXO Risk Mitigation

"*" indicates required fields

Join the Brimstone Members Club

The Brimstone Members Club is more than just a mailing list – it’s your gateway to insider content, fun giveaways, company updates and an exclusive welcome discount*. Find out more

Name*
Privacy*
Marketing*
Remnant
This field is for validation purposes and should be left unchanged.