Key definitions relate to:
- Risk; | - Operating risk; and |
- Project risk; |
The concept of 'risk' is defined in many ways. The Concise Oxford Dictionary for example, provides a range of contextual variations that relate to hypothetical situations or circumstances that give rise to danger, loss or something unpleasant happening (Pearsall 1999: p.1235). Similarly, Hubbard (2009: p.8) in providing his interpretations of risk, describes risk negatively e.g. in terms of loss, disaster or other undesirable event but broadens the scope by introducing the concepts of 'probability' and 'magnitude'. Other definitions such as the one provided by Camilleri (2011: p.195) for 'project risk' also includes references to likelihood and consequence although it is different in that it introduces the possibility of risk being positive as well as negative, thus suggesting that there is an element of 'uncertainty' in achieving objectives. That description is akin to the definition favoured for this research: the "effect of uncertainty on objectives" (ISO 31000, 2009: p.1). According to ISO 31000, risk relates to all activities that an organisation undertakes (ISO 31000, 2009: p.V) and describes risk both in terms of likelihood and consequence. The 'neutral' definition offered by ISO 31000 thus embraces both 'threat' (negative) and 'opportunity' (positive) risk. However, public partner management of risk in the operational phase of PPP is discussed mainly from a threat risk perspective since the public partner's objective is primarily to defend and protect VfM outcomes that have been agreed, and should be attained, by its private partner. The connotation of 'defend and protect' is clearly against threat.
Other reasons for giving the ISO 31000 version preference is that it encompasses all organisational activities; the Standard has been adopted by the Whole of Victorian Government (Department of Treasury and Finance 2011b: p.3); and its use is encouraged by Suncorp Risk Services who provide strategic level risk management services on behalf of the New South Wales Self Insurance Corporation for government managed fund schemes for dealing with contracting risks (New South Wales Self Insurance Corporation 2010: p.14).
Operating risks are risks that relate to the inputs into, as well as the delivery outcomes of, services that are contracted-out by the government client to its private partner (Partnerships Victoria 2001a: p.68; Grimsey and Lewis 2004: p.202) in terms of requirements, costs and timing (Ng and Loosemore 2006). Put more simply, operating risk arises from the likelihood of occurrence of events occurring that could prevent services from being delivered as planned (Loxley and Loxley 2010: p.35). Again, this definition embraces only the negative implications of operating risks.
'Risk management' is a method that can be used by managers to recognise, scrutinise, assess, treat and then monitor those risks that could impinge upon the realisation of defined goals from strategic, operational, financial and / or compliance-related issues (Victorian Auditor-General 2007b: p.1) - and clearly contributes to the "demonstrable achievement of objectives and improvement of performance" (ISO 31000, 2009: p.7). Effective risk management also entails good knowledge management practices so that risk learning is maximised.