Guidance notes - Managing risk

The purpose of risk analysis in developing the PSC is to evaluate project risks in terms of their effects on the outcome. The outcome can be financial or non-financial, e.g. being able to avoid, or not, a severe water shortage, or the loss of life. In all cases, however, the driving factor is the need to improve understanding of risk. Risk may or may not be quantifiable, but it is an important consideration. This section examines how risk analysis can be turned to practical use as a foundation for risk management.

Risk management describes the process for formulating management responses and policies to reduce and control the identified risks. Risk management will not remove all risk from a project, but is aimed at ensuring that risks are efficiently managed and consequently ensuring that the impact of risk is minimised.

The benefits of risk management are, for example:

•  to facilitate informed and systematic decision making;

•  to minimise the consequences of risk; and

•  to give an improved understanding of the project through identifying the risks and thinking through response scenarios.

Project risk management is a continual process of risk review, analysis and management planning. It is intended that the PSC forms an integral part of this process at every stage of the PPP process.

The key objective of risk management through the PPP project lifecycle is the achievement of project objectives, including value for money outcomes.

The risk valuation and management process can be usefully compared to the typical management decision-making process which takes place on a regular basis within any organisation. To resolve any problem it is first necessary to recognise the problem, understand it, evaluate options for addressing the problem and finally implement the chosen solution.

Risk analysis simply involves a recognition of a formal process of identification of all material risk issues, establishing (where possible) the likely impact on the project, establishing a course of action to deal with the risks, implementing the proposed responses and monitoring their success.

With this in mind, it is important to note that risks do not disappear when transferred to a private party through a contractual mechanism. From government's perspective, the PPP approach provides a means for government to mitigate the financial effects of risks to which it would otherwise be exposed. However, risks are only mitigated to the extent of the:

•  private party's ability to control risks (management quality)

•  private party's ability to accept risks (credit quality)

•  jurisdiction's ability to rely on the private party (contract quality).

From a risk management perspective it is also important to remember that overall project risk generally remains unchanged during the procurement process, unless:

•  risks are removed;

•  risks are reduced; and/or

•  risks are created.

In this respect, one of the outcomes of the project risk quantification process is the formulation of the risk register which records all of the data from the risk workshop including some outline of risk management strategies identified.

A risk may turn out to be difficult to assess for one of two reasons. First, there may be very little knowledge about a particular variable simply because the data has not been collected in a useable form. For example, the most appropriate expert may not have been consulted or the relevant empirical data may not have been collected. Second, there may be too many genuine uncertainties in the system, and therefore the environment is too complex to make any long term predictions, e.g. fluctuations in the weather or the inflation rate in 20 years time. An analysis of risk can add value by highlighting risks that can be more accurately assessed by conducting further research.

In this case, we have simply used the uncertainty and risk analysis to direct effort into increasing our knowledge of the risks, rather than mitigating them. So how can risks be reduced?

In essence, the only way to mitigate, or control risk is by taking positive management action. A fundamental feature of the PSC is the risk identification and valuation process. The final stage of identifying risk management strategies should also form part of the process. A risk analysis model, for example, can be used to:

(a) direct the hedging of risks, for example by informing a structured approach to interest rate management, during both the procurement and contract management stages of a project

(b) evaluate whether it is in the financial interest for government to transfer an insurable risk to the private sector. Here the cost of taking out insurance can be determined, and the two scenarios of either transferring it out or not doing so can be compared in terms of their likely value.

An important feature of example (a) is that it recognises that risks (or at least their financial consequences) are only transferred to the private sector once a contract has been negotiated and signed. It is important to recognise that during the procurement phase of a project no risks have been transferred to the private party and therefore all risks reside with government. Although the PSC tends to deal with project risks that will be retained and/or transferred under a PPP approach, it is very important that the risk identification and risk management planning also takes account of risks that may crystallise during procurement.

Typically the types of risk that fall into this category include:

•  interest rate movement prior to financial close;

•  planning approval;

•  land issues and acquisition; and

•  environmental issues.

It is recommended that risk management strategies for dealing with these and other procurement risks start to be addressed at an early stage in the process. Taking each of the risk types above in turn, risk management strategies could include government:

•  purchasing an interest rate hedge. (Any strategy for handling interest rate movements or the purchasing of any other financial products to mitigate against risk should be discussed with the relevant Treasury and/or Finance departments.);

•  obtaining a planning approval or alternatively seeking to share this risk with the private sector through a Project Development Agreement (see Risk Allocation and Standard Commercial Principles);

•  identifying and purchasing the site prior to tender; and

•  coordinating Commonwealth and jurisdiction approvals and, under certain circumstances, assuming the risk of delay in obtaining the requisite approvals.

It is also important to recognise that government is an active party to a PPP contract and actions taken or not taken, as the case may be, can result in government unwittingly taking back risk or even creating risks it did not think existed. It is, therefore, essential that contract management planning starts during the procurement process. This must also include the identification and management of risks.

For further guidance on risk and contract management, refer to the complete set of National PPP Guidelines material, in particular Risk Allocation and Standard Commercial Principles guidance. As the hospital project in this worked example is only an example project, the detailed risk management planning that is necessary (and outlined in the guidance notes on risk management above) has not been carried out and documented in the PSC guidance material.

This section of the PSC report should include a discussion of risk management planning and strategies for handling risks at each stage in the project lifecycle including:

•  during the bidding process;

•  in final negotiations with a preferred bidder;

•  between contract execution and financial close; and

•  during contract management.

It is important to see this section of the PSC report as a foundation for risk management. Specific risk mitigation strategies should be identified and recorded. Risk management planning for handling the key risks to which government is exposed should be recorded in this section of the report.