What is meant by project risk and compliance? Having spent 20 years in a project environment, either doing process engineering work or managing projects, I’ve realised that every decision taken within a project carries an element of uncertainty that needs to be guided by some sort of policy. In certain instances the level of uncertainty is small, and clear policy guidelines are in place. It’s the inverse of these instances that generate unwanted anxiety for which the use of risk management methodologies offers some comfort.
I’m often asked at what stage in the project timeline one should apply a specific methodology, so for that reason this article will focus on this aspect, rather than elaborate on the many and varied methodologies that exist.
Firstly, let’s think about compliance. This is a big word, sometimes brandished about like the sword of Damocles, but what does it mean in a project situation? Let’s start by asking a simple question. Which side of the road do you drive on? One quickly realises that by following the country policy, drivers get along with fewer risks of accidents. Compliance is the result of adhering to an accepted policy or set of guidelines. One may ask if no policy exists, can one still comply? From experience I’ve found that the only way to deal with this circumstance is to gather the affected parties and come to an agreement on a policy to be followed, in order to achieve a particular outcome.
On a daily basis we are exposed to policies and guidelines, some of which govern much of what we do. Some examples are:
The company: dress code, working hours, presentation of financial results, etc.
The environment: emission limits, noise, etc.
Safety: Occupational Health and Safety Act and others.
The Occupational Health and Safety Act (OHSA) and Mines Health and Safety Act (MHSA) provide good basic requirements for workplace safety. They also provide mechanisms for recording and reporting incidents in the workplace.
Now having these policies in place is usually not enough to ensure a successful project. This is because situations or design issues may arise that require special precautions to ensure safety of operations, protection of equipment or minimal environmental exposure. Situations where the risk of the exposure to an undesirable outcome is uncertain need to be thought about in greater detail to ensure compliance. This in turn gives rise to risk management techniques where the systematic approach can be represented by the flow chart shown in Figure 1.
These techniques have been found to be useful in the following circumstances:
The introduction of new or novel technology.
Sensitive political, legal, social, environmental, contractual or safety issues.
The overall project timeline usually defines the stages at which different kinds of risk assessment become relevant. There are many risk scenarios that can beset a project, notwithstanding these, the principle areas of focus would be, in no particular order:
- Project cost: Identify the drivers of this risk and have a contingency plan.
- Project timeline: Interrogate the sequence of events and what drives the critical path.
- Quality of supply and workmanship: clearly defined specifications and QCP management.
- Conformance: Can the work be done safely, with managed environmental impact and within the ambit of the law.
I’ve consolidated the above along a typical project timeline, indicating the timing and emphasis that is placed on the type of risk as a project proceeds. This is by no means exhaustive, but should act as a guideline to a more complex subject.
A summary table showing how this can be achieved is shown in Figure 2. Some noteworthy points include:
A considerable degree of effort is expended before the start of the detailed design phase. Much of this effort focuses on ‘external’ risks to the project.
Project closeout not only deals with demobilising the project team and handing over to the client any ongoing contractual obligations, but also the convening of a ‘lessons learned’ session, where key risks that arose during execution are discussed and documented. These ‘incidents’ are then compared with company targets: lost time injuries, no fatalities and other execution monitored statistics, for example.
A number of risk assessment methodologies are available. The need (or not) for a particular assessment will be identified by conducting the Hazop 1 to 6 as a starting point.
The lifecycle of a process plant is different to a project. In the case of a plant, the risks associated with decommissioning, dismantling and restoring the site need to be considered.
It is important to bear in mind that the application of a Risk Management methodology will not remove all risk from a project. Its principle aim is to ensure that risks are identified and mitigated effectively. An acceptable mitigation is sometimes an iterative process as indicated by the reverse arrows in the illustration of Figure 1. It is also imperative that by applying the risk management techniques early in the conceptual and design stages of a project, the greater opportunity exists for elimination of the risk altogether.