Q&A on Infrastructure risk management
Interviewed by: Gareth Byatt, SiG Committee member and IRM Ambassador; Principal Consultant, Risk Insight Consulting
Gareth: In 2018 you moved from the UK to the Middle East. I’d like to start by asking you what you see as some common challenges that infrastructure works and projects face around the world, and how the application of good risk management can help infrastructure teams to overcome some of these challenges.
For example, I recall a paper by the management consultants, McKinsey, a few years ago, in which they talk about how, historically, infrastructure projects have a history of problems (whether cost, schedule, procurement, financing or something else) and they propose a more integrated approach to managing infrastructure risk. Is this a common challenge anywhere?
Darren: When it comes to risk management on infrastructure projects, I typically see common challenges grouped around the following two themes (either individually or both together):
2. Integrated and effective project controls.
With regard to governance (especially across organisational interfaces), this is mainly about ‘the right people, making the right decisions at the right time’. Irrespective of our role or profession within any infrastructure project, we will all acknowledge that poor governance, especially across intra- and inter-organisational interfaces, is one common challenge to maintaining momentum and focus against the project’s objectives.
However, to enable good governance we need good data and information, which brings me onto the second common challenge I encounter. Often, we will come across projects where there is a lack of investment in, or focus on, having an integrated and effective project controls function. The consequence is that, even when the project does want to make a critical decision, the required data and information, may be not available, may be presented in disjointed way or may even be inaccurate.
As a risk professional, part of our role and responsibility is to:
- Understand the governance of our projects, especially when and how key decisions are made and what risk-related information we can provide to support these decisions.
- Work with our peers across the other project controls disciplines to make sure we provide a timely, coherent and verified set of data and information to support these decisions.
It can be frustrating for us, as sometimes the above requires patience and compromise, but ultimately it is key to us helping the project to be successful. The difficult part is resisting the temptation to focus on risk management in an introverted way, at the expense of what the wider project needs.
Gareth: Darren, picking up on one of the challenges that infrastructure projects face, you’ll recall the December 2017 for the Institute of Risk Management (IRM) quarterly magazine, Enterprise Risk, which discussed the challenges of dealing with stakeholder perceptions of risk.
This article describes how it is challenging to get people’s perceptions and expectations to manage risk aligned on infrastructure projects, and yet understanding the perceptions of a wide array of stakeholders is an important element of managing an infrastructure project well. I wondered if you have seen and used any good techniques for understanding and responding to stakeholder perceptions of risk, and whether this differs across different geographies.
Darren: As outlined in our Enterprise Risk article, I agree that managing stakeholder perception of risk on infrastructure projects is a very difficult task.
As we all know, infrastructure projects can often present particular challenges due to their scale, complexity and/or lengthy timescales.
So, before we even throw in the variable of differing geographies, as risk professionals we face a challenging task of trying to make sure that when the project makes key, risk-based decisions that we have properly taken the many (often differing) stakeholder perceptions into account.
In that context, I wouldn’t claim that I have seen or used any particularly successful techniques, but I would offer up the following considerations from my (sometimes painful) personal experiences over the years:
- Acknowledge that it may not be practicable, or even appropriate, to include every individual stakeholder perception in your analysis, so consider grouping your stakeholders into differing types – a point highlighted in the Enterprise Risk article.
- Consider how you intend to incorporate these perceptions of risk into your analysis and decision-making; for example, will you use these perceptions to directly inform your formal quantitative risk assessments or perhaps simply use them as narrative for any key outputs.
- Accept that (even though it can be frustrating) some stakeholder perceptions of risk have to be taken into account within your analysis and decision-making, even when you know these perceptions are not supported by the data.
Irrespective of the approach we adopt, we have to appreciate that our involvement of stakeholder perception will never be perfect, as we often have to operate within the constraints of time, available resources and access to these stakeholders.
Gareth: The IRM Infrastructure Risk Special Interest Group had a busy year in 2018, with events in various parts of the UK. I wondered if there are any points which you would like to highlight, from your own experience.
Darren: These free events, which are organised and facilitated by the IRM Infrastructure SIG committee members, are a great opportunity to have a two-way conversation with risk professionals on the matters that we deal with on a day-to-day basis.
Of the areas discussed in various events, one that is close to my heart is that of embedding risk management into business as usual; in the words of a former colleague, so that it becomes ‘a heartbeat, not a bolt-on activity’.
We all strive for this and, whilst the other project management/controls disciplines are also pursuing the same aspiration, I genuinely think that the risk profession has made great strides in recent years to bring risk, and in particular uncertainty, management into the core of decision-making within infrastructure projects.
However, we should always be wary of complacency and not ‘over selling’ or over-complicating risk management, which ties in with some of the other areas raised. In particular, we have to acknowledge that sometimes the culture of the organisation, and even our own competencies as risk professionals, mean that we have to delay or set realistic timescales against proposed improvements to how risk is managed. Often, what is intended to be a well-intentioned improvement, can undermine the previous hard work to embed risk management.
Gareth: I’d like to focus now on the topic of team culture, and the impact it has on how an infrastructure team takes and manages risk. I personally look at culture as being holistic, just calling it “culture” rather than referring to a “risk culture”. I tend to find that people interpret risk culture in different ways (whereas terms such as “safety culture” are easier to define).
There is a lot of evidence that culture is a fundamental element of being able to take and manage risk well. I wondered if you had any examples or observations of where culture can and does make a significant impact.
Darren: Over recent years, I have worked for, and with, people and organisations from a wide range of geographical regions and cultures. Whilst we sometimes fall into the trap of categorising culture and behaviours according to where people are from, their role in a project, etc. I now generally accept that whatever project we work within there will always be a diversity of thought and behaviours.
Therefore, the paradox is that whilst on one hand, as risk professionals, we strive for a consistent risk culture, on the other hand a diverse risk culture can sometimes promote diversity of thinking.