The parties involved in a project can affect the amount of risk by:

• the level of influence they have over events, and

• the level of information they have about the present and the future.

Approach to risk management

The typical approach to management of risks involves the following activities:

1. Identification: determining what risks exist during the project lifecycle

2. Evaluation: assessing potential impact of the risks identified

3. Mitigation: addressing the risks/uncertainties identified by way of contract, insurance, etc., to the extent possible

4. Allocation: the remaining risks are allocated to the entity most suitable to manage the risks

Influence relates to the power that parties have to create action and determine outcomes. Influence can come from delegated Authority, such as a public entity which has certain powers granted to it under law, or from good management and organisation, or from specific knowledge.

Information is directly related to risk. It is precisely because we usually don't have all the information that we can't predict future outcomes for certain. When we have better information we are better able to foresee and reduce risk.

The public and private sectors are different in the types of influence and information that they have. This means they can control risks in different ways and are better at controlling some risks and not as good at controlling others.

For example:

The public sector has certain powers and advantages in the process of land acquisition that mean it is sometimes better suited to this task and to taking the associated risks.

By contrast, the private sector is exposed to competitive pressures that force it to establish improved management practices. It is also often the technology leader. This means it may be better suited to managing the design and construction risks.