It has taken the global financial meltdown to fully expose major flaws in risk management.
It’s no surprise then that we’re witnessing something of a resurgence of interest in risk management as a critical business activity. Heightened investor and regulatory scrutiny, combined with additional reporting requirements to satisfy increasingly concerned shareholders, company boards and non-executive directors, are forcing many companies to re-evaluate their attitudes to risk and the procedures used to manage them.
So what is risk and can it be avoided? Risk has any number of definitions but in simple terms can be adequately described as ‘uncertainty of outcome’. It might be argued that in business the term ‘profit’ is a misnomer. Perhaps it ought to be replaced by the more accurate phrase ‘return on risk’.
The construction industry is all too familiar with risk. It has a chequered history of cost overruns, delays and disputes. These have prompted professional advisors to the sector to develop a range of techniques to seek to mitigate the adverse impact of risk on project delivery. They are similar to the techniques applied to many other businesses.
The real question, however, is, are these techniques appropriate, or even adequate to the particular challenges faced by the construction industry? Sir Alan Cockshaw, Chairman of HPR who has held a number of other senior roles including chairmanships of AMEC and English Partnerships, Director of CapitaLand Limited in Singapore and also past President of the Institution of Civil Engineers, once remarked “The key issue on any project is where is it today, because unless you know where you are now you cannot possibly accurately forecast the outturn. It is amazing how often the parties to a project do not truthfully know where it is. This is a fundamental requirement whether the organisation is a funding or equity provider, contractor or developer, or indeed any stakeholder in the project. The need for that understanding of where a project is today applies whether at commencement, in the middle, at the end, or after completion of a project.”
Construction projects, in addition to the often inherent political, economic, legal, and social issues, always have a matrix of contractual, financial, commercial, technical, programming and scheduling, and management and organisational risks. These risks are also unique to each project. Defining where a project is today requires the ability to consider all these risks in combination in the context of the various participants’ corporate objectives and the project deliverables being demanded, and differentiating those risks which are truly fundamental to project success and failure.
The examination of these various matters invariably identifies inconsistency in project documentation, uncertainty in responsibility and liability, lack of clarity in management and decision making, and incomplete and/or incorrect status reporting. This combined with a lack of understanding of a participant’s corporate objectives which can (and often do) change over time, most likely manifests in a lack of a clear ‘completion and out-turn strategy’ and ultimately to returns below stakeholder expectations.
The risk assessment which would then follow from this, and the risk register which is then developed, can focus attention and allocate management responsibility not only to those risks in isolation but as each is, or might be, impacted by any combination of the others. The resultant required risk management approach has to be methodical, but it need not be overly sophisticated. It must never be prescriptive, but always flexible.
The conditions of contract play an important role at this point but must be examined carefully to identify how risks are apportioned. Standard forms generally apportion risk equitably between the parties, with clauses that have been developed to cover just about every eventuality. Complex or unique projects may require a bespoke contract, which can move the responsibility of risk more on to one party or the other.
In all of this, however, it must be remembered that the conditions of contract are but one piece of the jigsaw and have to be read in the context of specifications, drawings, programmes, and importantly the prevailing factual circumstances. For some participants the same risks will be viewed differently because, for example, there are different corporate drivers, or there are associated contracts into which they have entered. In PFI/PPP type procurement models there is the added issue of having to consider all the risks also in the context of the terms of the financing arrangements with lenders.
Insurance is a further way to mitigate risk, and is obligatory under many forms of contract. The contract will identify which party is to provide insurance cover, and the minimum level of such cover. Critical, however, is that insurance does not remove any party’s liability for what they are obliged to do and almost certainly there will, in any event, be significant areas of risk excluded by the terms of any insurance policy. Premium costs are rising and it is important that the cover provided is consistent with that demanded by the contract. Premiums can be mitigated by levels of excess to be paid by the policy holder in the event of a claim, but the frequency of claims and likely costs of excesses should feature in the risk assessment conducted at the outset.
Risk management must be an integral part of organisational and decision making processes. Those companies which took their eye off the ball during the good times are now learning that it costs less to assess and manage the future than it does to deal with the consequences of the past. But to manage the future requires the clear understanding of the present. There is no question that companies that manage their risks better than others will enjoy a significant competitive advantage in a market that is becoming increasingly competitive. Creating greater clarity of where a project is today is a fundamental cornerstone of risk management, and to providing greater certainty in project out-turns; it also enhances significantly the chance of stakeholders meeting their business objectives and having a greater knowledge of where threats and opportunities lie.