Chapter 7: Risk
1.1. The Scottish Government Risk Management Guide defines risk as:
"anything that can impede or enhance our ability to meet our current or future objectives ...."
1.2. All projects contain risks that may affect their cost and quality and the time taken to complete them. Risk is present through the whole life of an asset from inception through to deconstruction and must be actively and effectively managed throughout. Analysis allows us to identify risks and opportunities and use both to ensure project success and maximise the potential of the asset.
2.1. Risk stages. Risk management is the process of identification and assessment of risk and opportunity followed by the production, and implementation, of an action plan to manage it. The Scottish Government Risk Management Guide sets out five key steps to effective risk management:
- Identify risks
- Assess risks
- Address risks
- Review and report risks
- Communicating and learning.
2.2. Risk appetite. It is important to understand the risk appetite, that is the levels of risk the organisation is prepared to accept or not accept in delivering its objectives. As stated in the Scottish Public Finance Manual, the concept may be looked at in different ways depending on whether the risk being considered is a threat or an opportunity:
- When considering threats, the concept of risk appetite embraces the level of exposure which is considered tolerable and justifiable should it be realised. In this sense it is about comparing the cost (financial or otherwise) of constraining the risk with the cost of the exposure should the exposure become a reality and finding an acceptable balance;
- When considering opportunities, the concept embraces consideration of how much one is prepared to actively put at risk in order to obtain the benefits of the opportunity. In this sense it is about comparing the value (financial or otherwise) of potential benefits with the losses which might be incurred (some losses may be incurred with or without realising the benefits).
Quick Guide 4 of the Scottish Government Risk Management Guide provides further guidance on assessing risk appetite.
2.3. Lifecycle stages. The phases of a built asset, which are set out in Chapter 1, are: Planning - Development - Implementation - Operation - Decommissioning. Operation and Decommissioning, although not normally part of the project period, should still be included for the purposes of the project risk assessment and management. All risks must be identified and managed at the earliest possible point and this will usually mean doing so at the very start of the project period including for the operations and decommissioning phases. Each phase should be assessed and managed for risk individually and as part of the overall lifecycle; this will be an ongoing process throughout the project life and beyond.
2.4. Risk factors. PESTLES (Political, Economic, Social, technological, Legal, Environmental and Security) provides a useful breakdown of risk areas for assessment.
2.5. Stakeholders. All stakeholders are different and risks will have different impacts on each. For example, a specific factor is likely to impact differently on a political stakeholder than it would on a contractor even though the phase and the circumstances which cause the risk are the same. Similarly, consideration of the political heading for a political stakeholder, for example, will be likely to result in different risks being identified during each of the lifecycle phases.
2.6. Whilst risk can be managed, minimised, shared or accepted, it cannot and must not be ignored. It is unrealistic to expect that systematic risk management will remove all uncertainties, but pro-active risk management which is fully integrated into the day-to day management of the project and the asset can reduce the impact of uncertainties and improve the likelihood of a successful project outcome and asset life cycle management. It must though, be actively managed and reviewed regularly to ensure that the plan remains valid.
3.1. As noted above, the Scottish Government Risk Management Guide provides guidance on managing risk generically across any situation, whether in the project setting or in core operations. This guidance is, however, only accessible through Scottish Government intranet pages. For contracting authorities that would benefit from an introduction to the range of considerations which apply in risk management, the HM Treasury Orange Book Management of Risk - Principles and Concepts may be a useful source of guidance.
4.1. Effective and proactive risk management is essential to the successful delivery of projects, it informs the conduct of all outputs, outcomes and phases of the planning, delivery and operation and must be afforded appropriate resource and priority.