A version of this article by Dr Stephen Grey, Associate Director, was published originally in Corporate Risk, Vol. 5, No. 4, April 1998.
The private sector’s appreciation of risk in large projects is becoming increasingly mature within the professional project management community, although it is not hard to find leading figures who will still deny that the subject requires any explicit attention. Where private capital is used to fund public services, this awareness is less well established and many of the issues at work have yet to be properly exposed, let alone understood.
As the boundaries between public and private infrastructure become blurred, managers in each sector are having to deal with unfamiliar pressures and constraints intruding from what used to be the other side of the fence. Commercial organisations are increasing the attention they devote to community concerns, public relations and politics, while trying to deal with what are for them relatively long pay back periods. At the same time as this, public bodies are grappling with demands to place their operations on some type of commercial footing, extracting payments from users and justifying investments in financial terms.
This turmoil and change takes place against a background of unremitting pressure to improve performance in all types of enterprise, public and private. Around the world, shareholders’ demands for increasing returns show no sign of abating and the squeeze on public spending and public sector efficiency is embraced enthusiastically by governments of all persuasions.
Either one of these phenomena, changes in the environment or pressure on performance, would increase the risk associated with large projects. The effect of the two issues together is to raise the stakes for all those responsible for delivering such projects. People are being asked to take on increasingly demanding targets while coping with unfamiliar issues and processes.
The Melbourne OneLink project, which will integrate ticket sales and validation for trams, trains and busses in a privately funded public service, has left an interesting trail of press and media reports in its wake, suggesting that it has fallen foul of this difficult environment. An ambitious technical requirement has been tackled with a hybrid body involving the Public Transport Corporation (PTC) and three major commercial enterprises.
OneLink involves changes in staff working practices, the provision of new equipment at rail stations, on busses and on trams, as well as a major software systems implementation. In different circumstances the debate surrounding the delays which have beset the project would have focussed on the technical complexity of the task. However, in the public arena at least, attention has centred on the contract and its management by the State Government.
It will be some time before the public learns what went on behind the scenes with OneLink, but it seems clear that problems arose which had not been fully anticipated in the project’s plans. Much of the debate appears to have stemmed from misunderstandings about the nature of the project. While everyone knows broadly speaking what to expect from traditional contracting arrangements, recent developments have left both providers and purchasers with few meaningful precedents to fall back on for guidance.
When the UK entered into the private funding of public services, with what are called Private Finance Initiatives (PFIs), risk was at the centre of the discussion. There was a strong expectation that PFIs would allow the public sector to deliver services without risk. It soon became clear that the nature of risk and its role in commercial operations was very poorly understood in the public sector.
Under the PFI banner, and the urgings of senior government figures, there were many examples of naïve attempts to pass all risks to contractors. This included risks that only the public sector could influence, such as changes of government policy and the effects of industrial disputes between public sector staff and their employers. There was at least one attempt by a public authority to have an IT supplier take responsibility for the potential effects of terrorist bomb damage to office systems. What should have been a simple insurance matter became entangled in a bidding process that was already complicated by the novel nature of the commitments and remuneration it entailed.
It did not take long for the true nature of risk in a commercial environment to be felt. The first issue to come to the fore was the supposedly obvious fact that risks have to be balanced by rewards, a mechanism which has not operated very strongly in the public service until recently. This was closely followed by the fact that the cheapest way to handle most risks is to place them with those who have the capability and the authority to control them, and sometimes that will mean leaving them in public hands.
Just recently in Australia, moves to contract out job placement services from the Commonwealth Employment Services appear to an outsider to have come to grief on the differences between expectations and understanding in the public and private sectors. The magnitude of this gap is itself a major source of risk which rarely appears to attract the attention it deserves.
Public sector projects need not involve private sector capital to present significant risks. The Victorian State Government’s enthusiasm to mark the anniversary of Australia’s Federation with a large development in the city centre, the Federation Square, has triggered a major exercise for the PTC, the Jolimont Rationalisation Project. To enable the Federation Square works to proceed, the PTC are undertaking substantial changes to their Jolimont yard, east of Flinders Street station. With an immovable completion date, a high degree of political and public interest in the job, and complex interactions with the surrounding construction works, not to mention the effect of moving staff and facilities from the city centre to suburban sites, the project could be regarded as risky.
In recognition of both the implications of failure and the complexity of the project, risk management was addressed explicitly as part of the planning and control process. A risk assessment exercise with the project’s management team shortly after its initiation, followed by a major review some way into the project, ensured that the main risks were understood and action initiated to manage them. It also gave the project management team a concise and effective means of explaining the risks they faced to PTC senior management. This has paid off in the project meeting its targets. Perhaps the best test of its success to date is the fact that it has received relatively little media attention, and the little it has received has been positive.
Risk management often has to deal with complex issues, but the process itself, as it is set out in the Australian Standard AS4360, is not particularly difficult to follow. With the appropriate expertise, risk management on major projects need not present any problems for a professional team who understand what they are doing. The biggest barrier is usually a lack of interest and a failure to realise that it will not just happen without direct attention.
There is no single set of features which will indicate whether a project is likely to be at risk, but there are some fairly reliable warning signs. Many of these are all too common in large public sector projects. Among the issues which should always be considered are the commercial environment in which a project will be executed, the number and complexity of its interaction with other projects or programs, and the level of risk management experience within the organisation responsible for its execution.
Anyone moving into a new commercial environment will face unfamiliar and unpredictable conditions. However, it is surprising how often the fact that new rules and expectations are at work passes unnoticed until something goes wrong. Even when an organisation recognises the fact that it is entering new territory, its best efforts can come to grief due to events beyond its control. The more interactions there are with other lines of work, each driven by their own priorities, the more chance there is that a project will be disrupted by at least one of them.
On the whole, organisations which have become familiar with risk in projects and developed processes to handle it, are better placed to deal with any type of risk, even if it arises from an entirely new source or situation. The inner workings of a risk management process itself are relatively straightforward, even if the issues it has to deal with are complex.
The Australian Standard sets out a logical sequence of thought from understanding what is at risk to deciding what to do about it. Starting with the context in which a project is to be executed, its objectives and how they are to be measured, the process goes on to identify and evaluate the risks to those objectives, and leads in the end to strategies for treating those risks. Nothing can make a challenging project simple, but surprises can be avoided by paying explicit attention to risk, and the confusion so often stemming from poorly organised attempts at risk management is by no means inevitable.
The fundamental issue underlying all this of course is the point we started with. Risk management will only be effective if it is taken seriously and given explicit attention. Support from the top and a commitment to make realistic allowances for uncertainty are essential prerequisites. A sound process, as set out in the Australian Standard, will make the difference between cost-effective and inefficient risk management, but it will have little effect if the people with the ultimate control over budgetary and schedule commitments are reluctant to take it on board.