1 For all projects, purchasers should maintain from the start of the procurement stage an assessment of the inherent risk of late delivery, and analyse before signing contracts the sensitivity of their business cases to major slippage and cost overrun.
2 Risks identified should be registered, assessed for impact and probability, assigned to a risk manager and used as a basis for subsequent management and contingency planning. Closed risks should be retained in a closed risk register and reviewed at regular intervals for "re-incarnation". Risk identification must be an ongoing activity, as new risks will occur throughout projects.
3 Departments should appoint a permanent "risk scrutineer", independent of the project team and ad hoc input from consultants, to monitor how the project is handling risks and to report to senior management at regular intervals. This is a feature of the PRINCE 2 project management system widely used in government and in the private sector.
4 Contracts with suppliers, including Private Finance contracts, require detail and clarity about the reporting obligations of suppliers to support risk management and contingency planning by the purchaser. Contractual obligations must be underpinned by a recognition on all sides of the need for openness, extending beyond oral reporting to sharing their risk management documentation.
5 The project illustrates the importance of being able to clarify, quantify and allocate responsibility for risk very clearly if the Private Finance approach is to be a suitable contractual model. In the case of IT development projects in the public sector, this is particularly difficult. Ministers and officials cannot transfer responsibility for the overall service for which they are legally responsible and accountable to Parliament. Some risks, such as the delivery of benefits payments, on which many people depend, are too great for private sector suppliers to absorb and departments therefore must retain a direct interest and involvement in how the service is to be delivered.
6 It is vital that all bidders, and if necessary their parent companies, are clear about the extent of risk transfer proposed by the purchasers at the start of procurement rather than towards the end. Purchasers must ensure that the extent of risk transfer they propose is viable, and must evaluate the extent of risk that they retain. Difficulties in this area can result in the loss of otherwise valid bids.