Section M
Risk and Risk List

No government should ever imagine that it can always adopt a safe course; rather it should regard all possible courses of action as risky. This is the way things are: whenever one tries to escape one danger one runs into another. Prudence consists in being able to assess the nature of a particular threat and in accepting the lesser evil.

Machiavelli, Niccolo, Translated by Bull, G., ‘The Prince’, Penguin Books, 1961, p. 123.

The above quotation is a seminal statement about risk. It says that: risk does not go away. You may have put your finger on it to restrain it, but it pops up somewhere else in a different shape. This is the essence of contract strategy. How does one mould and shape the project circumstances in order to make the risks acceptable to someone else?

The project management model (see Part I, Section B Project Management Characteristics, figure I.B.1) can also be used as a risk management model. It starts with the objectives to determine which aspect will dominate the decision‐making process. Risk is uncertainty that will affect the outcome of these objectives.

Next, the means to help us ensure total scope definition are the product and work breakdown structures (P&WBS – see Part IV, Section F Scope). In developing the P&WBS, it not only helps us understand and define the scope but it also identifies our areas of ignorance – the identification of a major risk in itself. The P&WBS process thus becomes our tool for total risk identification by developing a risk breakdown structure (RBS). This is done as a project team exercise, using the diverse perspectives of the different disciplines so that there is identification within the project – a major step forward in the management of risk. The team's experience and judgement is used to categorise each work package into high‐, medium‐, or low‐risk elements; see Figure V.M.1. However, we should not forget that in this process, there is also the possibility to identify opportunities for doing something better, faster, or cheaper.

Risk assessment falls into three main components: Identification (what can possibly go wrong?), analysis (by how much will it go wrong?), and response (what can be done to avoid it going wrong, or how can we control it if it does go wrong?).

Figure V.M.1 Illustration categorising each work package into high-, medium-, or low-risk elements.

The first risk identification process should have been performed as part of the tender or proposal preparation process. The next risk identification review should be as soon as possible after the contract has been awarded. It is an ideal team‐building exercise to hold in conjunction with the client. This is not the end of the risk review process. It is a dynamic process10 since time generates risk. Consequently, the review process should be continued monthly and after key milestones or other events have been achieved.

1 Process Model

1.1

In identifying risks, even with an experienced team, there is a strong possibility that they will fail to identify all the issues. The risk checklist11 (see paragraph 3 below) acts as a memory jogger and a catalyst to the synergy of the group. It helps to generate the ‘what’ of the model, the identified risk list and the risk register.

1.2

Consequently, when choosing the ‘who,’ the people for the team (see Section Q Selecting and Building the Team, Subsection 1), consideration must be given to selecting people on the basis of who is best at managing risk. In choosing who to include in the group risk process, it is useful to have some ‘negative thinking’ people because they are more likely to identify risks.

1.3

It is probably not possible to exclude taking on major risks, such as the first of a kind, a large scale‐up, technical uncertainty, or innovation. That's what project managers are for. However, don't have two of these at once – that will guarantee disaster. If you want to use new materials, use a proven application. If you want to use a new application, use proven materials.

1.4

Each identified risk must be allocated to an ‘owner’ in order to produce a risk responsibility matrix of ‘who owns what.’ The owners remain responsible until the risk is eliminated. A risk must not be allowed to be handed over to another team member. This removes another big risk, namely, interface problems.

1.5

At the execution plan stage of the risk management model, the risk owners develop risk memos. Risk memos are response plans and options for ‘how’ to handle the various ‘what if’ scenarios and the relationships or impact on other risks. It may be useful to hold a workshop to find solutions to some worst‐case scenarios and develop plans to avoid them. Writing risk memos (one page maximum) has a number of benefits; writing things down forces one to focus and crystallise one's plans. The risk memos should be distributed to the project team for information and reviewed by management. Most importantly, they become a library of information, which can be used by other/future projects. They record and become part of the know‐how of the company.

1.5.1

Risks that are identified as high impact and severity are designated to be started at the early start date in the critical path network of the execution plan.

1.6

Use a fault tree analysis to evaluate how the risks should be managed as follows:

  1. Recognise the risks.
  2. Examine avoidance options.
  3. Manage controllable processes.
  4. Transfer insurable risks.
  5. Quantify residual risk.
  6. Set contingencies.

1.6.1

The group process of identifying the risks, step a, will have produced an extensive identified risk list, which will need to be prioritised for effective decision‐making. See subsection 2 below for the prioritising processes. The first assessment, though, may be to take no action at all about a specific risk – provided one is clear about why.

1.6.2

Avoiding options in step b are: to reduce, alter, or adjust a risk or to design it out. Alternatively, transfer the risk to someone with better skills (subcontracting) or share the risk with someone who has greater capacity for dealing with the risk (not necessarily a joint venture – the ‘joint and several liabilities’ may be increasing the risk).

1.6.3

Managing controllable processes in step c involves a variety of planning and monitoring disciplines: safety, quality, and execution planning, and so on.

1.6.4

If the impact of a risk is too severe, then consideration should be given to transferring the risk (step d) to an insurance company. Trying to eliminate risks in steps b and c is important since it reduces the number of risks to be considered for insurance and hence the cost of premiums. Plot severity (cost impact) against probability and use the following guidelines:

  1. Low severity, regardless of probability, should be absorbed into the estimating and pricing evaluation. It is not cost effective to transfer these risks since the high probability means that the insurance premium will be high.
  2. Medium severity risks should only be transferred if it is cost effective. However, the top end of the medium risk range with high probability may be uninsurable.
  3. High severity risks with low probability should be insured where possible. Their possible impact on the company is just too disastrous. Their low probability means that the cost of the insurance premium is relatively low. The high probability, high risk, is uninsurable.

1.6.5

Quantifying the residual risk (step e) in financial terms is totally dependent on historical data and experience.

1.6.6

Step f is deduced from step e and emphasizes the importance of the fault tree process because it reduces the contingencies (see Section E Estimating and Contingency, subsection 5). Consequently, it sets one's competitive edge.

1.7

The last part of the risk management model ‐ the ‘where’ are we – is to review the status of the risks at a regular risk review meeting. This is much more forward‐looking and pro‐active than a progress meeting that is primarily looking backwards.

1.7.1

The risks listed on the risk breakdown structure (see Figure V.M.1 above) should then move from their initial column of, say high risk, to medium risk and then to low risk and eventually disappear as they are conquered by the project.

2 Prioritising Risk

2.1

You could jump to the final stage of the prioritisation process to produce a final risk register. However, this would miss the intermediate steps that make the team really understand the issues.

2.2

The first step in prioritising the vast number of risks produced by the group identification process is to classify them (using historical data, experience, or the gut feeling of the group) for severity or impact. The impact should be assessed as the maximum likely. It can be viewed from the perspective of capital cost, schedule, and safety, as well as operability or operating costs.

2.2.1

It is unnecessary to use more than three categories for this initial assessment: high, medium, and low.

2.3

The next step is to grade the risks for probability: Certain/high probability – 3, undecided/medium probability – 2, and uncertain/low probability – 1.

2.4

There can be so many identified risks that it is difficult to see the wood for the trees. In this case jump to the last step and rank the prioritising process by introducing a time factor: a time scale within three months – 3, four to six months – 2, and beyond six months – 1. If these durations seem long relative to the length of the project, reduce them proportionately, but do not increase them for longer projects.

2.4.1

Select those with the highest number for: impact X probability X time. Evaluate them for: immediate action, development of contingency plans or for transfer to others, or insurance (see Figure V.M.2). During a risk seminar (or team building) this can be a sub‐group exercise and should take the third step, in paragraph 2.5 and 2.6 below, into account.

Figure V.M.2 Box illustration of evaluating the probability for immediate action, development of contingency plans or for transfer to others, or insurance.

2.5

The sequential third step is to examine how difficult they would be to manage or the effort required to resolve them using: difficult to manage – 3, reasonable manageability – 2, or easy to manage – 1.

2.6

Having addressed the urgent ones in paragraphs 2.4 and 2.4.1, we can now give time to the remainder and prioritise them (see Figure V.M.3) by plotting risk (Probability X Impact/Severity), against manageability or effort required. Tackle them in the order of 1 – high risk/low effort, 2 – low risk/low effort (get them out of the way) in order to deal with; 3 those left over from 2.4 and 2.4.1 – high risk/high effort. Finally, when you have time, 4 – low risk/high manageability effort. In team building, or a risk seminar, these are tackled in subgroups before sharing/discussing the results with the whole team.

V.M.3 Box illustration of plotting risk against manageability or effort required, in the order of 1 - high risk/low effort, 2 - low risk/low effort, 3 - high risk/high effort, 4 - low risk/high manageability effort.

2.7

The final step is to produce the final risk register using all four criteria and the rankings already defined of 3, 2, and 1, namely, Probability x Impact x Manageability x Time. This produces a maximum risk coefficient of 81, requiring immediate attention.

2.7.1

The risk coefficient is tabulated first on the risk register, followed by the description of the risk and then the action time factor so that it is easily seen and updated and followed by the other criteria; see Figure V.M.4. One's views of probability, impact, and manageability may change as work on the project progresses. As indicated above, time generates risk. They may need to be adjusted in the register, but time should be changed and the risk coefficient updated before each risk review meeting.

V.M.4 Tabular illustration of the risk coefficient tabulated first on the risk register, followed by the description of the risk and then the action time factor and followed by the other criteria. One's views of probability, impact, and manageability may change as work on the project progresses.

2.7.2

Repeating this process on a monthly basis means that eventually all risks rise to the top of the list (and the project manager's attention), due to the changing value of time.

3 Risk List

An attempt has been made to list the main risk groupings/categories in the order of high impact but low probability to low impact, high probability.

3.1 Political and Economic

  1. War – revolution – civil disorder
  2. Political uncertainty – elections due
  3. Economic downturn
  4. Changes in law, imposition of decrees
  5. Changes in specific legislation – financial/social security
  6. Corruption
  7. Currency restrictions
  8. Changing boardroom politics
  9. Customs or export restrictions
  10. Requirement to use local organization
  11. Constraints on available labour
  12. Demographic changes
  13. The Greens and/or other minority interest groups
  14. Protesters at the site gate
  15. Impact of failure: on clients, on company reputation, on suppliers, or subcontractors
  16. Requirements for permits – approvals
  17. Planning permission

3.2 Environmental

  1. Pollution – contaminated water
  2. Waste treatment
  3. Public enquiries
  4. Regulations
  5. Preservation/conservation/reinstatement
  6. Minority interests
  7. Demographics
  8. Archaeology/artefacts.

3.3 Legal/Contractual

  1. Direct liability
  2. Liability to others
  3. Unlimited liability – Never, ever, agree to this!
  4. Local laws and codes
  5. Legal differences between countries of execution
  6. Conditions of contract: liquidated damages, changes to accepted risks
  7. Failure to sign contract
  8. Insufficient tendering time
  9. Joint venture

3.4 Financial

  1. Interest rate changes/fluctuations
  2. Inflation rate change
  3. Exchange rate fluctuation
  4. Availability of foreign exchange
  5. Availability of client funds
  6. Cash flow of client
  7. Repatriation of funds
  8. Loss due to default – contractor/sub/supplier
  9. Contractor cash flow – late payments
  10. Adequate payment for variations
  11. Local and national taxes
  12. Credit worthiness of contractor
  13. Cost of legal decision
  14. Insufficient insurance
  15. Tender validity extension
  16. Tender bonds unfairly called
  17. Fixed price overruns – man hours/equipment/bulk materials
  18. Contract budget significantly different from tender figure

3.5 Estimating/Costs

  1. Budget cut significantly from original estimate
  2. Estimate out of date due to late project start
  3. Insufficient basic data or detail
  4. Low level of confidence in estimating data
  5. Lack of confidence in elements of estimate
  6. Over‐optimism.

3.6 Planning and Control

  1. Urgency
  2. Inadequate planning: at tender stage or during project
  3. Complex logic
  4. Schedule significantly reduced from original targets
  5. Client planning system to be used
  6. Subcontractors/manufacturers to use unfamiliar planning or reporting tools
  7. Unable to forecast events for long project

3.7 Project Team/Personnel

  1. New project manager. No experience with project type or contract
  2. New project team – many new people new to company
  3. Organizational – interfaces/communication/responsibilities
  4. Key personnel not managed/worked on similar project or contract before
  5. Lack of project manager's or team's business experience
  6. Key personnel not available
  7. Personnel in new positions
  8. Lack of continuity of personnel from previous projects
  9. Significant training requirements
  10. Availability of key personnel
  11. Limited resources
  12. Personnel available only part time
  13. Reliance on key personnel or external expertise
  14. Personnel require training
  15. Lack of team spirit
  16. Responsibilities not clearly defined
  17. Specialists'/architects' egos and other egos!

3.8 Design/Technology

  1. New/unfamiliar technology, process, or equipment
  2. Insufficient development time
  3. Incomplete design scope
  4. Evolving scope due to technical uncertainty
  5. Availability of information
  6. Availability of Users for involvement in early phases
  7. Innovative application
  8. Level of detail required and accuracy
  9. Lack of confidence in basic data/project assumptions
  10. Appropriateness of specification
  11. Likelihood of change
  12. Interaction of design with construction
  13. Non‐standard details
  14. Non‐standardisation of suppliers
  15. Level of quality control
  16. Reliance on external expertise
  17. New hardware or new software
  18. Complex or a lot of software
  19. Changes to or updating of software required
  20. Unfamiliar systems, interfaces with other systems

3.9 Implementation/Fabrication/Installation/Construction

  1. Construction manager not involved in the early design phase
  2. Delay in possession of facilities/site
  3. Failure of equipment
  4. Availability of equipment and materials
  5. Weather
  6. Quality/availability/productivity of people, both manual staff and management
  7. Full time or part time working
  8. Industrial relations
  9. Absenteeism – sickness
  10. Suitability/availability of bulk materials
  11. Supply of manufactured items
  12. Quality/availability/productivity of subcontractors
  13. New methods, systems, or procedures
  14. Unusual safety issues
  15. Late design changes
  16. Failure to maintain productivity
  17. Failure to fabricate/construct to specification
  18. Poor workmanship
  19. Poor ground conditions. Do not accept unknown ground conditions!
  20. Relationship of contracting parties
  21. Liaison with public authorities
  22. Wastage, theft, or damage to materials
  23. Errors or omissions in material take‐offs or bills of quantity
  24. Communications with project team
  25. Delay in design information
  26. Poor manufacturers' drawings
  1. aa. Access problems/restrictions
  2. bb. Damage during transport – storage
  3. cc. Damage during installation/construction
  4. dd. Traffic violations/congestion charges

3.10 Setting to Work/Commissioning/Start up

  1. Failure to meet process guarantees
  2. Failure to meet schedule
  3. Inadequate mechanical completion tests/system tests
  4. Not involving commissioning personnel and/or operators early
  5. Test packs not started early enough
  6. Availability of client user personnel

3.11 Plan for some of the worst risks, and then you will be better able to cope with a worse than the worst risk!

4 People and Risk

4.1

It can be argued that the biggest risk of all is the people not performing their work correctly or effectively. The majority of the risks listed are the fault of people failing to perform a study, an analysis, or an investigation, or failing to train staff to have adequate skills and so on.

4.2

On the whole project managers are optimists. So remember that over‐optimism will lead to under‐estimation of cost and time and even to the risk themselves.

4.3

Projects don't seem to go wrong because of the big risks, despite the fact that there is limited ability to control them. Perhaps this is because people give them a great deal of attention. Projects go wrong because of the multitude of high probability, low impact risks, despite the fact that we have total ability to control them as part of the design, procurement, and construction work process. Work at them more.

4.4

People tend to be risk takers when dealing with a loss and risk averse when dealing with a gain.

5 Country Risk Assessment

5.1

Ideally a country risk assessment will be specific to an enquiry for a particular prospect that the business development people have in mind. It needs to be thorough since it should form part of the documentation for the approval‐to‐tender request.

5.1.1

For a client, much of the information will have been assessed prior to the feasibility stage when evaluating the market for their product.

5.2

The introduction to the country report will provide general data about the country: population, economics, rate of inflation, parliamentary system, culture, religion(s), and language(s). See also Section O, Site Checks. Most of this preliminary data can be obtained from financial institutions.

5.3

Credit rating of the country. Check with the national insurers:

ECGD – A British government organization
NCM – A private Dutch company
COFAS – A private French company
EXIM – A U.S. government department
HERMES ‐ A private German company
SACE ‐ Italian joint stock company
JBIC ‐ Japanese public financial institution and export credit agency

5.4 Other information more focused on doing business in the country is as follows:

  1. The legal system, is it: English, European, or socialist? What are the rules for establishing a joint venture? What are the formalities for registering a local branch?
  2. What are the direct and indirect taxes – national and local taxes and taxes on goods and services (VAT equivalent)? What personal taxation will apply to expatriates? A word of caution: we asked the tax people what we should do with regard to the importation of goods on a project in A*****a. We followed their advice. However, just as the project was coming to an end, we received a tax demand. We responded, “But, we followed your advice.” They replied, “Yes, but we were wrong, and because you haven't paid the taxes you are subject to a 100 per cent fine as well!”
  3. Details about the banking system and about the transfer of funds to and from the country. What are the rules for establishing a local bank account? When we came to closing our bank account on the same project as b above, we were not allowed to transfer the balance back home.
  4. Methods of doing business: will it be necessary to establish a local company? Will a local partner, consultant, or agent be required? What local subcontractors are available? Are there any minimum rates of pay? We learnt that in one country, you never got paid the last payment. Consequently, you have to adjust your payment schedule to take this into account!
  5. Goods and services: obtain a list of restricted goods. List materials and services that are available locally. What duties are payable on imports?
  6. Employment of staff and labour: on what basis can expatriates work in the country? What are the employment conditions for local staff and labour? Will religious practices or restraints affect productivity or absenteeism? What is the industrial relations scene, and are there established trade unions?

Notes

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset