This section highlights those risks which normally have an impact on EP field development projects. It should be remembered that additional risks may be inherent for local OU’s operation, or for the environment within which the host government operates. Risks can be internal or external. Internal ones are by definition capable of being entirely controlled by the project, whereas the outcome of external risk management is always likely to have a much higher level of uncertainty.
It is important to recognize that risks impact on other environments e.g. a fatality during an activity on a fabrication site, impacts not only the site (through the authorities closing down the site temporarily) but could escalate to project delay with, in turn, possible defaults in a supply agreement. The same fatality will also make the headlines with “Shell” included.
Figure 3.8.2 shows the sort of risks that may occur under each so-called TECOP heading and some of the traditional project-type risks are discussed in more detail subsequently.
Technical Risks
The technical risks are often those mentioned most frequently when project risks are discussed. Such risks are usually catered for by considering such topics as expectation curves for reserves, the inclusion of design margins in the definition of the facilities required plus additional time (float) in the project schedule. Value of information calculations are used to determine what benefits would be produced (for example, drilling another appraisal well) in terms of the information gained, with respect to the decisions made, relative to a specific design concept or range of concepts. Audits and peer reviews are often used to assess the magnitude of the risk, which are balanced by the potential gains that would accrue to the project.
Technology
When the use of new technology is also involved, the implications of failure usually weigh heavily and the required gain has to be significant to make the risk attractive. It is particularly important that the consequences of failure or delay in the procurement of the new technology should be fully accounted for in the project execution plan.
HSE
Due to the number of high profile and costly incidents in the safety and environmental fields, these risks are seen as some of the major ones that have to be managed by any project. EP95.000 outlines the tools and techniques that have been developed, based on the HEMP process in which hazards are identified and managed.
Economic Risks
For project economics the main financial risks are associated with cost overruns, higher Capex/Opex and failure to make the promised rate of return. Project economics can be tested against various sensitivities such as oil price and delay to schedule in discovering the implications on the financial return of the project.
Commercial Risks
Contracting
The use of contractors to provide goods and services is an area which introduces risk to a
project and requires careful management. One of the main methods of reducing risk is to pass it to a third-party who may be better qualified to assume the risk. However, there will be a cost associated with this, as the third-party will expect to be rewarded for the assumption of the risk.
The assessment of the capabilities of contractors and their selection is a key factor in managing contract associated commercial risk and will have a marked impact on the success of any project. In particular, the financial health of the contractor should be reviewed for all key contracts. The implication of a main contractor going into liquidation can be significant and should be considered at an early stage in the contractor pre qualification exercise. It should be part of the evaluation of any contractor for key project contracts. (This task is usually delegated to the Finance function, who should have the necessary skills to review the financial health of a contractor.)
Other risks associated with contractors are related to their lack of performance, which can result from their failure to fully understand the scope of work. Loss of key resources such as staff, and the inability to manage complex projects. The form of contract used will reflect the project risks with lump sum contracts being used for well defined scopes, using well proven technology. Reimbursable contracts can be used for less well defined scopes which reduce the risk to the contractor but at an increased risk to the client.
Alliance contracts have been used to permit both contractor and client to share in the risks and rewards associated with a project. The aim is to align the contractor with the overall project objectives and to solicit a higher degree of commitment and performance to ensure the success of the project. Such alliance contracts would only be used for the high value, high impact projects, and after the subject of project risk has been discussed with the contractor(s) involved.
To cover these risks related to contractor performance the inclusion of formal guarantees in the contract, which are drawn on third-parties such as banks of the parent company, can be included, as can retention of part of invoices until the project is complete. The inclusion of penalties can also be included, but these should be considered in the light of bonuses for better than expected performance.
The definition of the contract strategy for any project should reflect the risks involved and include a statement of the potential risks involved. The contractor would be expected to define how he would manage performance, quality, HSE etc. as part of any pre qualification exercise and consideration of previous performance would be a useful guide to the expected performance of a contractor.
Legal
It is a requirement that project business is conducted in accordance with the laws of the country in which the Company is operating. The terms of any concession or license agreement should be communicated to those who are required to ensure compliance, a task that should reside with the chief executive.
This can give rise to risk of conflict between different legal systems and add significant risk to the project. For example, work being done in the USA can often cause legal complications. Professional legal advice should be sought early in the development of the project execution strategy if the project has an international dimension, and a section of the PEP should be included on the legal aspects.
Organizational
Business conduct and control
The business principles of the Shell Group are described in the booklet, “Statement of General Business Principles”, which should be read by all project staff in conjunction with the relevant local OU policies. Paragraph 4 deals with Business Integrity:
“Shell companies insist on honesty, integrity and fairness in all aspects of their business and expect the same in their relationships with their contractors and suppliers. The direct or indirect offer, payment, soliciting and acceptance of bribes in any form are unacceptable practices. All employees are required to avoid conflicts of interest between their private financial activities and their part in the conduct of company business.”
Financial risks
These relate to the control of the money flow into and out of a project or company. There is a need for an auditable trail to ensure funds are used correctly and in line with the delegated authorities within a project. The roles of business controls and tender board procedures play an important role in defining the level of risk to which a project may be exposed.
The project manager has to decide:
- what level of financial authority delegation for effective management of the work
- breakdown structure
- what value of contract will require tender board approval
- who approves variations and to what value
- who approves invoices and confirms the work has been completed
Clearly all these points need to be defined before a project starts. Most companies will have a “Manual of Authorities” which list the levels of authority; company procedures usually set out the remainder of the control system. It may be necessary to seek modifications to these documents to cover the particular requirements of the project. Control of the financial systems associated with a project are usually achieved by periodic audits of the system and procedures by third parties.
Political
Reputation
With the development of the “Global Village”, the activities of one part of a multinational company can have a
direct impact on other parts of that company.
For major projects that have a high profile, the potential impact on the rest of the company needs to be assessed.
The popular sport of “multi-national bashing” is seen as a good way for various single issue pressure groups to get their message across, given their inability to influence governments (the French nuclear testing in the Pacific and the Brent Spar episode).
The linking of a project to one of these issues by a pressure group is difficult to foresee and even more difficult to develop a strategy to deal with.
It should be noted that the Group have in place a Group Crisis Management Manual, specifically to manage crises or issues that have reputation damage potential.
The project manager’s sponsor should be consulted in the first instance if there is the slightest concern on Group Reputation. Group Crisis Management adopts the principle of over reaction and stand down to ensure effective management in the early stages of the developing crisis.
Stakeholders
Stakeholders are also a potential source of project risk. Stakeholders can have both negative and positive interests in the project for what ever reason. Their stake need not be financial. It may not even mean they are necessarily interested in a positive outcome of the project.
The management of the stakeholder in a project is an important issue for large and high profile projects. Care should be taken at the outset of the project to list all possible stakeholders and to identify the nature of their particular stake in the project, and to revisit the issue as various milestones are achieved.
Stakeholder risks are usually dealing with the softer issues associated with people’s perception. These cannot be addressed simply by placing the technical details in front of people. The careful explanation of risks and the simple fact that the risk may have been recognized and contingencies are in place, may assist the project in obtaining, if not the support of the more negative stakeholders, at least their tacit approval to proceed with the project.
Management of risks
Identify
Quantify
Develop Response
Control
Identify
There are essentially four methods of identifying risks that could be used by a project:
• reference to previous projects
• reference to experts in a particular field
• use of regular brainstorming to determine associated project risks
• judgement of the opportunity project manager or engineer
Quantify
Having identified them, the consequences of these risks have to be assessed. There is no exact science in quantifying consequences, other than in some technical areas. Perception is often the key issue.
This element of perception is more difficult to handle, and is an area which requires a clear plan as to how it is to be dealt with. Listing the risks associated with a project and developing contingency plans is a way to deal with a problem before it becomes a major issue. It allows potentially serious problems to be mitigated earlier by reducing the consequences, should the risk reduction and management measures fail.
Project teams must assess the impact of a risk becoming a real event:
If the product of probability times RIV (Risk Impact Value) fails to satisfy a defined tolerability level, then some form of risk reduction measures are required.
Develop Response
Risk response development entails defining responses to threats. Considered responses and recommendations to address threats may fall into out of four categories:
- Take-Accept the fact that some risks cannot be avoided or that their severity and/or likelihood may not be reduced to zero.
- Transfer-Instigate effective risk transfer or risk sharing agreements.
- Treat-Response required for active treatment of major risks.
- Terminate-Avoid risks by ceasing a particular activity.
The Risk Management Plan shall include the project risk register (figure 3.8.4) that lists all identified risks under the TECOP headings ranked by their ability to affect the success of the project. The actions needed to minimise the risk must be considered and included on the register.
Control
Control entails monitoring the risk and executing the risk management plan. The risk register should be examined and updated regularly. When risks are no longer a threat they should be closed out.
The project manager will be required to demonstrate that all risks have been identified and are being managed throughout the projects duration. The systematic appraisal of events and their consequences, in particular the identification of those whose consequences are unacceptable – no matter how low the probability, provides any project with a highly valuable vehicle for managing risk.
No project can be completely risk free, but risks can be managed to ensure that they are kept to a tolerable level.