Given the transport and population growth challenges facing many Australian and international cities, there continues to be large investment in various transport solutions. This includes road, rail, aviation and maritime sectors.
Investment in these large projects is essential to the success of our communities and the lives of all Australians. And, appropriate infrastructure and the procurement of fit-for-purpose plant and equipment in a timely and cost effective manner is critical to Australia’s continuing growth.
However, a number of these projects fail to deliver.
There are many reasons cited including:
- Lack of clear links to strategic outcomes
- Lack of effective stakeholder engagement
- Lack of senior management support
- Specialist groups within an organisation operating in silos
Interestingly, one of the most common difficulties across projects seems to rest around an exclusive reliance on the Risk Management Standard (ISO 31000) as the basis to manage project risk.
For high consequence, low likelihood events (the potential ‘project show stoppers’) the Standard itself fails the test. The reason is simple; it is risk (likelihood and consequence) based not criticality (consequence) based.
Like our courts, criticality based assessments ignore the likelihood side of the risk equation initially.
If the event is considered credible and could prove fatal to the project, it is a potential project showstopper and must be dealt with up-front.
R2A presents this paper as a summary of the project due diligence methodology we've used over the last two decades and has been applied to projects ranging from $10M to $2.5B. In all cases, no unanticipated issues arose, and relevant precautionary and contingency plans were in place to effectively manage the issues that did arise.
The attention on large projects, especially government projects, which rely on public funding, is increasing. The public is demanding transparency and accountability by those responsible to ensure projects deliver promised outcomes.
Accountabilities and responsibilities associated with an organisation’s business as usual activities are laid down in their organisational governance arrangements. However, seldom does an equivalent framework exist to govern the development of projects.
Project governance is one of the key factors often cited as to why projects fail. This is because the project framework is not contextually sound and aligned with the project’s critical success outcomes (the desired and expected outcomes). Project activities that don’t align with the project’s strategic objective mean there is a misdirection of resources to the more likely risk issues rather than potentially catastrophic project show stoppers.
For projects to be successful, in terms of both project performance and project delivery, they require a contextually sound, robust and transparent project governance structure and effective risk management processes. Project governance responsibilities include:
Such governance obligations are being increasingly met using the concept of due diligence. Due diligence is a legal concept. It represents an aspect of moral philosophy, that is, how the world ought to be and how humanity should behave in order to bring this about. It is forensically tested with the advantage of hindsight.
Legally due diligence seems to manifest itself in at least two ways:
- As a defence against negligence in common (case) law, and
- In statute law, especially for fiduciary concerns, environmental issues, and more recently, health and safety matters.
Due diligence has been a primary defence against the tort (or wrong) of negligence in the common law. In this context, what constitutes due diligence in Australian case law has been established by the High Court of Australia. It basically means that a reasonable person in the same position (reasonable in the eyes of the court which has the advantage of 20:20 hindsight), would have undertaken certain procedures and processes to ensure that on the balance of probabilities, the undesirable occurrence shouldn’t have happened. Conceptually, the overall situation is perhaps best summarised by Chief Justice Gibbs of the High Court of Australia:
Where it is possible to guard against a foreseeable risk, which, though perhaps not great, nevertheless cannot be called remote or fanciful, by adopting a means, which involves little difficulty or expense, the failure to adopt such means will in general be negligent.
Turner v. The State of South Australia (1982) (High Court of Australia before Gibbs CJ, Murphy, Brennan, Deane and Dawson JJ).
With regards to legislation, there are a number of examples of due diligence including:
- Commonwealth Corporations Act (2001)
- Model Work Health and Safety Act/s (2011)
- Rail Safety National Law Act/s (2012)
- NSW Protection of the Environment Act (1997)
Projects conceptually have an interesting risk profile as shown in Figure 1 below.
At the time the project is commissioned, someone, often a government minister, has made promises of what the project will achieve.
The task of the project manager is then to deliver that project on time, within budget and to specification.
Therefore, project managers complete downside risk assessments from a promised upside risk position. However, this is often outside the context of the project’s overall performance objectives.
FIGURE 1: PROJECT RISK PROFILE
One of the most common difficulties across projects seems to rest around an exclusive reliance on the Risk Management Standard (ISO 31000) as the basis to manage project risk.
For high consequence, low likelihood events (the potential ‘project show stoppers’) the standard of itself fails the test. The reason is simple; it is risk (likelihood and consequence) based not criticality (consequence) based.
Like our courts, criticality based assessments ignore the likelihood side of the risk equation initially.
If the event is considered credible and could prove fatal to the project then it is a potential project showstopper and must be dealt with up-front. It should take into consideration the whole life of the project from concept to operation and maintenance.
The concept is shown in Figure 2 below.
FIGURE 2: PROJECT DUE DILIGENCE VS PROJECT RISK MANAGEMENT
Another common cause of ineffective project risk management for large projects is that each of the disciplines/project groups often undertake risk assessment activities in their own silos without regard for the high level project performance objectives.
Each specialist group comes to an internalised understanding of what is important.
Senior management therefore receives pieces of the puzzle but not within a unified framework.
Common mode and common cause issues can also be overlooked using this bottom up silo approach as shown in Figure 3.
FIGURE 3: BOTTOM UP SILOS MISS COMMON MODE FAILURES
Project due diligence provides a transparent argument as to why the critical success outcomes for the project will be achieved. It ensures there are no foreseeable project show stoppers within a project’s scope and that all reasonable practicable precautions are in place for any issues of concern that remain.
Project due diligence ensures projects succeed in both performance and delivery by encouraging the project team to look back from the desired project end-state (achievement of the critical success outcomes of the end users) to focus on those critical threats that will affect project outcomes.
FIGURE 4: PROJECT DUE DILIGENCE SEQUENCE
This top-down approach of identifying all project end state critical success outcomes allows clients’, partners’ and other stakeholders’ expectations to align. It is particularly valuable in identifying enhancements during planning stages to ensure that no foreseeable project show stoppers are encapsulated in the project’s scope and that tenderers are specifically advised of significant identified residual risk issues that need to be addressed in their submissions.
The key is to ensure all stakeholders for the project are clearly identified and are effectively engaged and communicated with at the appropriate stages during the project. This ensures that the ultimate project requirements are explicitly confirmed and their risk issues are being effectively managed.
The process typically involves three tasks:
- Functional Vulnerability Analysis.
Determine the issues that can critically impact on both project performance and project delivery. The process identifies the critical project performance vulnerabilities by defining the critical success outcomes for the project and credible threats to which it is exposed. Vulnerabilities are characterised as minor, moderate or critical (show stopper).
This provides a completeness check to ensure that no significant threats and vulnerabilities will be overlooked during the project.
- Zonal Issues Completeness Check.
This is zonal risk ‘completeness’ assessment undertaken by examining each major element in its geographic, community and environmental context. It identifies site specific issues.
- Bottom Up Discipline Reviews.
These are completed as required for specific issues and design disciplines whilst making continuous reference back to the higher level studies. This ensures such detailed technical reviews remain contextually sound and transparently connected to the identified overarching issues.
The following diagram represents the three key steps.
Criticality refers to the assessment of the credible worst-case outcome for a known credible threat. It does not consider the likelihood component and is therefore not a direct measure of risk in the usual way risk is defined. It simply asks the question, if it did happen, how bad can the outcomes to the project be?
A vulnerability assessment provides a completeness check to ensure that no significant threats and vulnerabilities have been overlooked. This approach also has the advantage of permitting the identification of superior risk control practices that may exist including elements of best practice.
A vulnerability matrix developed in a workshop is one of the most successful means of obtaining consensus on the relative importance of vulnerabilities. However, this can only be a successful approach if the workshop membership present in the room has the best available knowledge. That is, a group of persons with the greatest understanding of the various threat scenarios.
Critical to Australia’s continued growth is the delivery of large infrastructure projects and the procurement of fit for purpose plant and equipment in a timely and cost effective manner.
For projects to be successful in terms of both project performance and project delivery, they require a contextually sound, robust and transparent project governance structure and an effective project risk management process.
These two elements combined demonstrate project due diligence.
Project Due Diligence involves keeping everyone’s eyes focused on the prize and ensuring no one loses sight of the overall objectives of the project.
Specifically, the approach does not use the risk based approach of the risk management standard as this is logically unable to positively demonstrate due diligence for the critical, rare potential project show stoppers, the issues of greatest concern and difficulty for senior decision makers.
R2A’s process that has been outlined in this paper ensures the organisation has confidence in the project risk management process and will ensure that the project is right the first time resulting in a successful outcome.
Founded in 1996, R2A is a team of qualified and experienced engineers who deliver completely independent due diligence advice on critical risk issues. This ensures decisions are effective and meet safety and legal requirements.
R2A helps organisations across Australia and New Zealand resolve the risk and safety issues they can't afford to go wrong, and communicate the solutions clearly throughout your organisation.
If you'd like to learn more about the due diligence methodology outlined in this White Paper
R2A runs regular two-day Engineering Due Diligence workshops in partnership with Engineers Education Australia, as well as tailored in-house briefings for organisations.
Or you can contact us direct to discuss your specific due diligence needs.