WHAT IS REQUIRED FOR A SUCCESSFUL EPC PROJECT?
Risk management is a key factor behind a successful EPC project. This means having the right structure and effective communication in place as well as establishing a robust risk policy.

Developing an effective risk management strategy has become much more difficult in recent years. This is because of changed market situations and the increasing complexity of investment projects. This makes it even more critical to carry out the right assessments. Risk management means dealing with a challenge or threat before it becomes a crisis. This makes it one of the most vital yet demanding tasks in project management.

WHAT CAUSES SO MANY EPC PROJECTS TO FAIL?
Risk management for large-scale, technical projects often lacks a holistic approach that aligns all the standardized processes and systems needed to manage them with the organization, its risk culture, and capabilities. “In a number of audits, we have carried out during these projects, we have consistently found that technical projects fail because an integrative approach wasn’t taken,” says T.A. Cook’s Darko Peraic.

Here are the three common mistakes organizations make:

1. Risk Management Is Not Institutionalized.
Risk management doesn’t have a fixed position within an organization’s strategy. Although there is a strong desire to optimize and learn from risk management, as an independent unit that ensures effective monitoring of risks throughout an organization, it’s often missing. As a core competency, however, it should be clearly visible within an organization’s structure.

In the banking and insurance industry, risk managers maintain an independent position. Yet, with technical projects, this task typically falls to the project manager. Due to the multitude of other tasks he or she must contend with, however, a project manager is often overwhelmed, particularly on large projects. Monitoring and controlling risks is a full-time job in large investment projects and needs to be treated as such.

Yet, companies are reluctant to invest in risk management systems and the necessary structures or resources required. The longer-term costs for projects that aren’t successfully completed, though, far exceed those initial investments in terms of quality, time, and budget. Only if risk management is embedded at the appropriate organizational, hierarchical, and strategic level, can it be fully effective, and deliver the best outcomes and benefits.

2. Fear Of Talking About Past Mistakes.
To better assess and manage project risks, organizations need to understand what drives that risk. To achieve this, the first step should be to establish a communication channel on the topic, for example, holding risk management workshops for all the relevant departments. “In practice, we often see significant deficiencies when it comes to initiating discussion around the topic of risk, and related positive and negative experiences,” explains Peraic. “At the same time, much could be learned from this. This is where many companies miss out on great opportunities.”

Rather, organizations need to analyze past projects and what caused goals to be missed. These factors are often rudimentarily documented in a final report, but they aren’t consistently examined in greater depth and improved upon for the next project.

In addition, mistakes are often only analyzed internally. External stakeholders are rarely involved. Unfortunately, it’s the exception that partners strengthen and help each other to develop further. Errors are all too often not analyzed objectively, but viewed from an emotional perspective, while certain areas are almost taboo. Rather than correcting the person who made the initial error, the mistake itself must be rectified. It’s also crucial to foster an open culture that is tolerant of errors.

3. Some Risks Are ‘Holy Cows.’
When looking at typical risks for technical projects, the focus is often on:

• commercial conditions;
• technical requirements and their control;
• time;
• contract types, including performance and contract design of contractors,
  their systems and processes, as well as qualifications and procurement
  (material and competent external companies);
• political and environmental risks or events due to force majeure.

Each contractor has its own DNA, with both strengths and weaknesses. When identifying risks, it’s essential to critically analyze internal organizational weaknesses too. Whether a capital-intensive and complex technical project can achieve its goal also depends on the corporate culture. This involves asking the following questions:

• What is our core competency? What do we do well? And what don’t we do well?
• Do we have the right people in place?
• To what extent is independence encouraged?
• Who makes the key decisions and how consistently are they made?
• How well do our interfaces function?

The human factor, in particular, can become a major risk. Project success is achieved not only with mature processes, but, more importantly, with competent people to carry it out. That’s why organizations need to look closely at the required skills for the positions that must be filled from within its own ranks, such as the project manager and their staff.

“It’s astonishing how many companies delegate strategic projects to project managers without making sure that they have the necessary skills to do so,” says Peraic. “Many factors characterize a good project manager, including team management, risk management, leadership, negotiation skills, and conflict management.” “These,” he continues, “are fundamental building blocks for goal-oriented project implementation. So, a project manager must not only be a good engineer, he/she must also be able to see beyond this area. The project manager is the captain who gets the tanker safely to its destination, navigating the storms, and the person the crew looks up to.”

But it’s not just the culture and personnel that are critical. In-house systems, processes and, above all, organization of the project, with its capabilities and resources, are also subject to risk. Therefore, it’s vital to regularly analyze and scrutinize each component.

PROCESSES AND METHODS
Some tools have been developed for risk management, but there’s often a lack of instruction and defined processes, which, in turn, means that often they aren’t adopted properly and don’t serve their purpose. Thus, there must be clearly defined guidelines for their use that should be adapted to new situations.

“Surprisingly, time and again, we find that risk processes are not recorded,” notes Peraic. “What is needed is a binding reference work that provides orientation for all employees involved and creates an equal understanding within the team.”
As a result of lack of direction, the following stumbling blocks continually occur:

1. Insignificant risk identification.
Successful risk management starts straight away. The more time spent observing and identifying risks, the more scope there is to successfully mitigate against them. Risks affect everyone within an organization. Risk management often fails because of a lack of communication. Because the term risk has negative connotations, often organizations tend to avoid the topic. However, they need to be dealt with openly as part of the corporate culture. Employees must be actively involved in identifying risks and sensitized to the handling of those risks. Often, employees from within the operation have a completely different perspective on potential threats, so their experience is invaluable.

Creative techniques have proven their worth in identifying risks, as they support new viewpoints and stimulate thought processes. With the Delphi method, for example, experts are interviewed independently of one another. Brainstorming without thinking about barriers, i.e., giving free rein to ideas, can also produce alternative, but equally key perspectives.

As a basic, identified risks need to be described in a meaningful way and clearly classified according to topic categories. A self-explanatory description enables clear communication with stakeholders, and countermeasures to be planned and put in place. An identified risk’s description should also be clearly understood by those members of the project team and stakeholders that aren’t present during the risk analysis.

2. Poor Risk Description And Assessment.
In addition to describing the risk and its impact, the causes should also be clearly outlined. The more emphatically the impact is detailed and, above all, quantified in figures, including project, duration and costs, the more likely senior management are to take notice and proactively address the risk. Even if, in practice, evaluating the probability of occurrence and severity is done in the form of a matrix, thought gathering shouldn’t stop, because this process costs much time in the working group. Only after determining the final risks, should this be done. When prioritizing and working through the risks, there is also often a danger of getting bogged down in the minutiae of multiple identified risks.

It makes sense, as a first step, to focus on the internal risks that can be directly influenced by the team. Then look at factors such as the difficulty of implementation. This way, the risks can be put in a sensible order so that they can be worked through more easily. There is also often a lack of a clear strategy on how to manage risks. Are they to be avoided, mitigated, transferred to third parties, or simply accepted? Therefore, a matrix of results needs to be produced to make subsequent responses easy to understand and action.

3. Low Control And Tracking.
During the project’s lifecycle, a risk-management process should be continuously maintained. This means that identified risks and the progress of defined measures should be routinely recorded and evaluated. At the same time, new, additional risks must be continually borne in mind and assessed according to defined procedures.

NEW COMMUNICATION SYSTEMS AS THE BASIS FOR
EFFECTIVE RISK MANAGEMENT
Increasingly large, highly technical megaprojects present a host of new project management challenges, especially in communication. EPC projects, with their various internal and external stakeholders, and subcontractors, are already considered extremely complex to implement and are, therefore, particularly demanding. Thus, communication is a key priority.

Lack of communication is one of the main reasons for failed projects. If agility and flexibility are missing too, the chances of success also decrease considerably. Communication using IT-enabled systems, both within the team and with partner companies, can often be significantly improved. Real-time communication is critical to project success, whether team members are in neighboring offices or in different geographical areas.

“Communication is often linear,” says Peraic. “This, however, is often not enough in a digitally-networked world, where the key to success is functioning teamwork. Many companies have not given much importance to the topic of communication and co-operation, but this must change fundamentally in the agile working world.” However, new forms and channels of communication are emerging. For example, the exchange of information is increasingly taking place in networks.

Communication is also becoming more open and agile. Project risks can also be identified much earlier. “If,” as Peraic advises, you regularly ask those affected and involved in a project, you will become aware of problems much quicker and can react accordingly.”

CONCLUSION: RISK POLICY IS THE KEY SUCCESS FACTOR
Effective risk management is one of management’s most important tasks in determining the success of technical projects. Risk management combines various actions, all of which must be considered equally important and integrative. More-mature organizations have implemented a risk policy for dealing with risks. Their risk policy not only comprises a defined process toolbox, but also the organization and its members, as characterized by an open risk culture and the appropriate framework.♦ ♦ ♦