Irrespective of the risk quantification technique used on a project, the sources of risk must first be identified.
The risk identification process is potentially the most important and useful part of the risk valuation analysis. It brings considerable benefits in terms of understanding the project and its problems, as well as provoking thought about the appropriate management response to risks, including optimal risk allocation between parties.
The identification of risks is best done using a brainstorming session. Good practice in brainstorming sessions is not described here and it is recommended that agencies seek expert facilitation of the risk identification and quantification (often forming part of the terms of reference for the financial adviser).
The purpose of the brainstorming should initially be solely the identification of risks, with no risk quantification at this point. Quantification of risks is a complicated process and care must be taken to ensure that experts form their own views after some consideration of the identified risks in the context of the reference project and the raw public sector comparator.
The aim of the brainstorming session is to identify the 'material risks' (those risks that could have a significant cost impact (when considering the probability of the risk occurring in combination with the likely cost of the occurrence). There is a danger that the group dynamics at the risk identification workshop may give rise to a conformism of point of view, resulting in a simplification of treatment and underestimation/ overestimation of the level of risk. This is particularly the case if risk quantification is done without sufficient preparation and forethought, and too early in the process. The identification of risks is less prone to these problems, and the creative benefits of group work early in the development of the public sector comparator outweigh the dangers.
Those who might be involved in the identification and quantification of risks include:
(a) 'core' service operational managers and stakeholders
(b) departmental stakeholders
(c) the Department of Infrastructure and Planning and Queensland Treasury representatives
(d) project managers
(e) Technical Consultants, such as architects and design engineers
(f) financial and legal advisers
(g) the risk analyst.
A list of risks to which the project may be exposed is a useful tool help structure the brainstorming session. The risk management supporting document provides a useful starting point for developing this list.
The concepts of 'risk' and 'outcome' are often misunderstood. The key differences between these terms are as follows:
• An outcome is a consequence of a risk such as 'delay', 'cost overrun', 'under-performance'; and
• A risk is an event that causes the consequence, such as 'failure to grant a right of way', 'poor ground conditions', 'material defect'.
Accordingly, 'construction cost overrun' is not a risk, and therefore should not appear on the risk register. Instead, a construction cost overrun should be identified as a consequence of certain risk events.
The output from this stage should be incorporated into a risk register that must include, as a minimum:
• risks identified and categorised for ease of reference (individual risk identification tags can also prove useful for future reference)
• a preliminary risk allocation
• identification of a 'risk expert' for each risk whose role is to further refine the preliminary risk analysis in terms of description, consequence, and numerical risk estimates in the following stages of the risk quantification process.
During risk allocation, regard should be given to the risk allocation principles contained in the risk management supporting document. Queensland Government's public private partnership policy is committed to optimal, rather than maximum, risk transfer. Consequently, the identifiable risks of the project should be quantified and allocated to the party best able to manage them. If a risk is to be retained by government, it is classified as a 'retained' risk. If the private sector would be better placed to manage the risk, the risk is classified as 'transferable'. Note that retained risk will be added back to the partnership model to ensure comparability with the public sector comparator.
Specialist commercial expertise will be required to support collation of the risk estimates, facilitation of the risk workshops and the risk modelling process.