Amongst all the existing management tools Managers rely on to succeed, Risk Management may be the one that is taken less advantage of within the infrastructure sector, including the water infrastructure sub-sector. At Agenda 21500, we believe that Risk Management provides companies with many benefits, which at a project level and in the short term will lead to keeping client confidence and adjusting to both budget and schedule, and in the medium and long term provides a significant competitive advantage.
The persistent underutilization of risk management in infrastructure and water projects
Like most of the many management standards worldwide, Risk Management became globally widespread after being published in 2009 by the International Organization for Standardization (ISO). However, despite being considered by the ISO of enough importance for a complete and detailed standard (ISO 31000) to be developed, and for many companies to be implemented, its relevance in most of them across the globe is still in my opinion not reaching mid-relevant levels.
The tangible benefits of a risk management system
The benefits of having a Risk Management culture are not only highlighted within ISO 31000, but are also known worldwide and, what is more important, accepted and proved by top managers and boards at small and medium-sized companies as well as large multinationals. Better risk identification and control, threat anticipation, better resource allocation, enhancing decision-making, encouraging proactive management, improving results and stakeholder confidence, are some of the advantages a company can obtain from effectively implementing a Risk Management System (RMS).
Carrying out a persistent communication effort is paramount for everyone within the company to understand the new process and its benefits
Considering the enormous benefits the application of Risk Management may bring, it is hard for me to understand why Risk Management is not considered a must by many companies, and thus incorporated into their processes and culture. Moreover, it is unfortunately common that with an RMS in place, most companies do not capture all its benefits; not to speak about companies which have implemented an RMS to be just used as a commercial tool.
Overcoming challenges to embrace effective risk management
Several reasons come to my mind to understand and explain such circumstances, but there are two I’ve identified as the most common and at times misleading. On the one hand, the fact that the ISO 31000 standard is non-certifiable, which has been seen by many as a sign of a second-level standard, and hence not worth the effort to invest time and allocate resources to develop and implement an RMS. On the other hand, what I’ve reckoned to be a non-written belief that risks have been dealt with by managers for years, therefore modifying the status quo when addressing risk management is not considered. Inconceivably, not being certifiable has been an argument I’ve often been explained to ground the lack of need to implement an RMS, as if not having the obligation to might be a powerful reason not to hold to something which will provide benefits. Also, not modifying the way risk management has been approached so far (whatever this means) makes no sense given the accepted reasoning that the main driver to get different results is doing things differently.
Time and resources must be invested and mobilized to some extent when implementing an RMS. However, the cost-benefit analysis of putting in place an RMS within a company happens to be quite unbalanced to the benefit side once the RMS is accepted and the processes are followed. Of course, depending on the level of complexity that is desired for the RMS, the investment may be higher and therefore the effect on the benefits may take longer to appear, since communication with the people and the implementation of the processes will require more time, hence the learning curve will simply be delayed.
Our team possesses a wealth of experience in Risk Management, enabling us to provide world-class services at an international level
Luckily, ISO 31000 is a generalist standard aimed at being easily applied to any area within a company, even for those for which risks have been analyzed for decades and have their own in-house methods, such as those to deal with quality and environmental risks. In addition, from the simplest to the most powerful, there are many computerized tools in the market which may be acquired to help throughout the risk management process. However, to get started, an in-house spreadsheet may be good enough to be able to classify and establish risk treatment strategies to be taken into consideration and carried out by the relevant managers.
Implementing an effective risk management system: a step-by-step guide
Implementing an RMS only requires the following four simple steps, which are the key to a successful implementation: obtaining top management commitment and support, developing a brief process, deciding on a robust risk management tool, and communicating the process across the company. It is well known that having the top management’s support is crucial when it comes to introducing a change within a company and that not getting it represents the first step to failing to obtain the desired benefits. Regarding the process to be defined, it is my opinion to keep it as simple as possible, since a straightforward process will facilitate its compliance. The risk management cycle is self-explanatory (identification, assessment, treatment, monitoring, and controlling) so there is no need to complicate it. To be consistent in this simple approach, the process must be clear and concise and consist of a minimum set of short documents. Also, the tool to be chosen to follow the risk management process must be as simple as possible; it just needs to allow to identify, assess, rate and establish treatment. Lastly, carrying out a persistent communication effort is paramount for everyone within the company to understand the new process and its benefits. Among all, effective communication is the key to success; “effective” means ensuring that all team members understand not only the important benefits that an RMS may bring but also the relevance of properly addressing Risk Management to achieve such benefits.
Now, the no-certifiable condition of ISO 31000 provides the advantage that should an RMS be implemented, there is no obligation for it to be applied to all projects across the company starting on day one. Contrary, it can be used progressively, hence starting at one project and subsequently to others so that the RMS can be tested and adjusted. Therefore, the company can choose the pace at which the RMS is applied to more and more projects.
At Agenda21500, we are fully aware of the transformative benefits that risk management can bring to infrastructure projects. Our team possesses a wealth of experience in Risk Management, enabling us to provide world-class services at an international level. These services encompass a broad spectrum, including consulting to assist our clients in implementing or redefining their Risk Management Systems (RMS) and taking on leadership roles within project teams. We offer support at every critical stage of a project, from the tender phase to post-award activities such as construction, handover, and even the operation and maintenance period. So far, the company has helped several clients develop risk assessments and risk management plans and has led the Risk Manager role for a relevant project in Europe.