const setUpStickyHeader = () => { let header = document.querySelector("#header"); toggleHeaderStickiness = () => { if (window.scrollY > 0) { header.classList.add("sticky-header"); } else { header.classList.remove("sticky-header"); } } window.addEventListener("scroll", toggleHeaderStickiness); } window.addEventListener("DOMContentLoaded", setUpStickyHeader); const setUpBurgerMenu = () => { console.log("burger menu setup initiated..."); let burger = document.querySelector("#primary-menu-trigger"); let fries = document.querySelectorAll("#primary-menu > ul") const toggleFries = () => { console.log("fry toggling initiated..."); for (var i = 0; i < fries.length; i++) { console.log("enter the fry loop..."); var fry = fries[i]; if (fry.classList.contains("show")) { fry.classList.remove("show"); console.log("showed fry ", i); } else { fry.classList.add("show"); console.log("hid fry ", i); } } } burger.addEventListener("click", toggleFries); } window.addEventListener("DOMContentLoaded", setUpBurgerMenu); // This opens the search bar window.addEventListener("DOMContentLoaded", function(){ document.querySelector("#top-search-trigger").addEventListener("click", function(){document.querySelector("body").classList.toggle("top-search-open")}) }); // The body tag has to have this for the right header styles to get applied, and since we can't edit the body tag directly through Divi, this is easier than editing theme files... window.addEventListener("DOMContentLoaded", function() { document.querySelector("body").classList.add("stretched"); })


Risk Management is Often the Weak Link


Engineering Procurement and Construction (EPC) projects are the pinnacle of the process industry. These projects are characterised by their technical complexity, with a range of interdisciplinary and intercultural teams working across multiple interfaces. They also entail a huge amount of time and cost pressure. Increasingly more companies are becoming aware of these challenges, however, they often fail to complete projects on time and budget. Why?


What is required for a successful EPC project?

Risk management is a key factor behind a successful EPC project. This means having the right structure and effective communication in place as well as establishing a robust risk policy.
Developing an effective risk management strategy has become much more difficult in recent years. This is because of changed market situations and the increasing complexity of investment projects. This makes it even more critical to carry out the right assessments. Risk management means dealing with a challenge or threat before it becomes a crisis. This makes it one of the most vital yet demanding tasks in project management.

What causes so many EPC projects to fail?

Risk management for large-scale, technical projects often lacks a holistic approach that aligns all the standardised processes and systems needed to manage them with the organisation, its risk culture and capabilities. "In a number of audits we have carried out during these projects, we have consistently found that technical projects fail because an integrative approach wasn’t taken," says Darko Peraic, project manager at consulting firm T.A. Cook Consultants. Here are the three common mistakes organisations make:

1) Risk management is not institutionalised

Risk management doesn’t have a fixed position within an organisation's strategy. Although there is a strong desire to optimise and learn from risk management, as an independent unit that ensures effective monitoring of risks throughout an organisation, it’s often missing. As a core competency, however, it should be clearly visible within an organisation’s structure.

In the banking and insurance industry, risk managers maintain an independent position. Yet, with technical projects, this task typically falls to the project manager. Due to the multitude of other tasks they have to contend with, however, a project manager is often overwhelmed, particularly on large projects. Monitoring and controlling risks is a full-time job in large investment projects and needs to be treated as such.

Yet, companies are reluctant to invest in risk management systems and the necessary structures or resources required. The longer term costs for projects that aren’t successfully completed, in terms of quality, time, budget, however, far exceed those initial investments. Only if risk management is embedded at the appropriate organisational, hierarchical and strategic level, can it be fully effective, and deliver the best outcomes and benefits.

2) Fear of talking about past mistakes

In order to better assess and manage project risks, organisations need to understand what drives that risk. To achieve this, the first step should be to establish a communication channel on the topic, for example, holding risk management workshops for all the relevant departments. "In practice, we often see significant deficiencies when it comes to initiating discussion around the topic of risk, and related positive and negative experiences," says Peraic. "At the same time, much could be learned from this. This is where many companies miss out on great opportunities." Rather, organisations need to analyse past projects and what caused goals to be missed. These factors are often rudimentarily documented in a final report, but aren’t consistently examined in greater depth and improved upon for the next project.

In addition, mistakes are often only analysed internally. External stakeholders are rarely involved. Unfortunately, it’s the exception that partners strengthen and help each other to develop further. Errors are all too often not analysed objectively, but viewed from an emotional perspective, while certain areas are almost taboo. Rather than correcting the person who made the initial error, the mistake itself must be rectified. It’s also crucial to foster an open culture that is tolerant of errors.

3) Some risks are 'holy cows'

When looking at typical risks for technical projects, the focus is often on:
- Commercial conditions;
- Technical requirements and their control;
- Time;
- Contract types, including performance and contract design of contractors, their systems and processes, as well as qualifications and procurement (material and competent external companies);
- Political and environmental risks or events due to force majeure
Each contractor has its own DNA, with both strengths and weaknesses. When identifying risks, it’s essential to critically analyse internal organisational weaknesses too. Whether a capital-intensive and complex technical project can achieve its goal also depends on the corporate culture. This involves asking the following questions:
- What is our core competency? What do we do well? And what don’t we do well?
- Do we have the right people in place?
- To what extent is independence encouraged?
- Who makes the key decisions and how consistently are they made?
- How well do our interfaces function?

The human factor, in particular, can become a major risk. Project success is achieved not only with mature processes, but, more importantly, with competent people to carry it out. That's why organisations need to look closely at the required skills for the positions that must be filled from within its own ranks, such as the project manager and their staff.
"It is astonishing how many companies delegate strategic projects to project managers without making sure that they have the necessary skills to do so. Many factors characterise a good project manager, including team management, risk management, leadership, negotiation skills and conflict management," says Peraic. "These are fundamental building blocks for goal-oriented project implementation. So a project manager must not only be a good engineer, but must also be able to see beyond this area. He's the captain who gets the tanker safely to its destination, navigating the storms, and the person the crew looks up to."  
But it's not just the culture and personnel that are critical. In-house systems, processes and, above all, organisation of the project, with its capabilities and resources, are also subject to risk. Therefore, it’s vital to regularly analyse and scrutinise each component.


Processes and methods

Some tools have been developed for risk management, but there’s often a lack of instruction and defined processes, which, in turn, means that often they aren’t adopted properly and don’t serve their purpose. Thus, there must be clearly defined guidelines for their use that should be adapted to new situations.

"Surprisingly, we experience time and again that risk processes are not recorded," says Peraic. "What is needed is a binding reference work that provides orientation for all employees involved and creates an equal understanding within the team."
As a result of lack of direction, the following stumbling blocks continually occur:

1) Insufficient risk identification

Successful risk management starts straight away. The more time spent observing and identifying risks, the more scope there is to successfully mitigate against them. Risks affect everyone within an organisation. Risk management often fails because of a lack of communication. Because the term risk has negative connotations, often organisations tend to avoid the topic. However, they need to be dealt with openly as part of the corporate culture. Employees must be actively involved in identifying risks and sensitised to the handling of those risks. Often, employees from within the operation have a completely different perspective on potential threats, so their experience is invaluable.

Creative techniques have proven their worth in identifying risks, as they support new viewpoints and stimulate thought processes. With the Delphi method, for example, experts are interviewed independently of one another. Brainstorming without thinking about barriers, i.e., giving free rein to ideas, can also produce alternative, but equally key perspectives.

As a basic, identified risks need to be described in a meaningful way and clearly classified  according to topic categories. A self-explanatory description enables clear communication with stakeholders, and countermeasures to be planned and put in place. An identified risk’s description should also be clearly understood by those members of the project team and stakeholders not present during the risk analysis.

2) Poor risk description and assessment

In addition to describing the risk and its impact, the causes should also be clearly outlined. The more emphatically the impact is detailed and, above all, quantified in figures, including project, duration and costs, the more likely senior management are to take notice and proactively address the risk. Even if, in practice, evaluating the probability of occurrence and severity is done in the form of a matrix,  thought gathering shouldn’t stop, because this process costs much time in the working group. Only after determining the final risks, should this be done. When prioritising and working through the risks, there is also often a danger of getting bogged down in the minutiae of multiple identified risks.

It makes sense, as a first step, to focus on the internal risks that can be directly influenced by the team. Then look at factors such as the difficulty of implementation. This way, the risks can be put in a sensible order so that they can be worked through more easily. There is also often a lack of a clear strategy on how to manage risks. Are they to be avoided, mitigated, transferred to third parties or simply accepted? Therefore, a matrix of results needs to be produced which makes subsequent reponses easy to understand and action.

3) Low control and tracking

During the project’s lifecycle, a risk management process should be continuously maintained. This means that identified risks and the progress of defined measures should be routinely recorded and evaluated. At the same time, new, additional risks must be continually borne in mind and assessed according to defined procedures.   


New communication systems as the basis for effective risk management

Increasingly large, highly-technical megaprojects present a host of new project management challenges, especially in communication. EPC projects, with their various internal and external stakeholders, and subcontractors, are already considered extremely complex to implement and are, therefore, particularly demanding. Thus, communication is a key priority. Lack of communication is one of the main reasons for failed projects. If agility and flexibility are missing too, the chances of success also decrease considerably.
Communication using IT-enabled systems, both within the team and with partner companies, can often be significantly improved. Real-time communication is critical to project success, whether team members are in neighbouring offices or in different geographical areas.

"Communication is often linear," explains Peraic. "This, however, is often not enough in a digitally-networked world, where the key to success is functioning teamwork. Many companies have not given much importance to the topic of communication and co-operation, but this must change fundamentally in the agile working world." However, new forms and channels of communication are emerging. For example, the exchange of information is increasingly taking place in networks. Communication is also becoming more open and agile. Project risks can also be identified much earlier. "If you regularly ask those affected and involved in a project, you will become aware of problems much quicker and can react accordingly," says Peraic.

"Lack of communication is one of the main reasons for failed projects. If agility and flexibility are missing too, the chances of success also decrease considerably."


Conclusion: Risk policy is the key success factor

Effective risk management is one of management’s most important tasks in determining the success of technical projects. Risk management combines various actions, all of which must be considered equally important and integrative. More mature organisations have implemented a risk policy for dealing with risks. Their risk policy not only comprises a defined process toolbox, but also the organisation and its members, as characterised by an open risk culture and the appropriate framework.







Darko Peraic

Darko Peraic is a Senior Manager and an expert for CAPEX and STO projects at T.A. Cook Consultants. The MBA graduate has over 20 years of experience as a consultant with a focus on the sustainable implementation of Asset and Operational Excellence. His portfolio includes Capex and STO management, maintenance, and OEE optimizations. Together with his clients, mainly from the chemical and petrochemical industries, he develops customized programs that sustainably increase profitability.