Project Management Institute

On The Lookout

Cyberattacks, Geopolitical Flux, Disruptive Tech, Don't Get Blindsided

BY SARAH FISTER GALE

ILLUSTRATION BY ERIC CHOW

image
image

ISTOCKPHOTO

Uncertainty is the new normal.

A combination of market volatility, political turmoil and innovative tech has upended the global economic landscape and disrupted long-standing business models. And cyberattacks have compromised corporate reputations, with more than 4 billion data records stolen globally in 2016, according to a report from Risk Based Security.

Although these threats aren't new, their compounded effects are hitting the risk register harder than usual. Most C-suite executives believe the magnitude and severity of risks is greater in 2017 than it has been in previous years, according to a report by Protiviti and North Carolina State University's Poole College of Management.

In a post-Brexit world, companies in the United Kingdom will need to consider new risks across their project portfolios, says John Greenwood, PMP, founder of Grand Unified Consulting in Southampton, England. If separation from the European Union hinders the availability and mobility of talent from other nations, for instance, that could make it difficult to staff big projects within currently estimated timescales and costs. Plus, new import and export rules could lead to new tariffs and additional time spent clearing customs regulations related to securing or delivering equipment and materials.

Projects across Europe could be similarly impacted, as nationalist leaders in Italy and the Netherlands push their own populist movements. And in the United States, President Donald Trump is promising to slash environmental protections and eliminate climate change regulations despite global political support for these rules. That could free U.S. project owners to opt out of some pollution controls and make the pursuit of fossil fuel-driven projects more appealing in the short term. But how long will those plans remain profitable? If a new party or administration takes over and puts regulations back in place, those once-lucrative plans could be much less realistic.

“All of these political events can have consequences on project planning,” Mr. Greenwood says. From the initial business case to the final governance gate, project managers must look at the broader picture. Anticipating political, economic, social, technological, legal and environmental risks can help project teams defend against external threats—and create proactive mitigation plans.

image

“All of these political events can have consequences on project planning.”

—John Greenwood, PMP, Grand Unified Consulting, Southampton, England

image

PHOTO BY JEFF GILBERT / ALAMY STOCK

Brexit supporters demonstrate outside Parliament in London, England.

An unpredictable business environment forces project managers to make a lot of assumptions about what might happen next, as it's not possible to cover every risk by simply padding the budget, says Stuart Shaw, legal counsel and vice president of risk management and dispute resolution for global construction and engineering firm Black and Veatch, Overland Park, Kansas, USA. “There will be so much contingency you won't be able to win the project.”

Instead, project plans need to precisely outline who is responsible for every task and who will cover the cost of financial risks that can't be controlled, such as tariffs, currency fluctuations, inflation or new regulations. This is especially important for projects that will last longer than the current political cycle, as they face more uncertainty from external political, social and regulatory shifts, Mr. Shaw says.

“Many large power projects have a schedule duration between two and four years,” he says. “A lot of things can happen in that period of time, and that risk gets factored into escalation and contingency.”

For instance, Black and Veatch is working on a project in Indonesia where the approval to proceed was given more than four years after the original contract was awarded. The project is now scheduled to close more than nine years after its costs were originally estimated, Mr. Shaw says.

image

“If you never push the envelope, you may get a low rate of failure, but you won't see a lot of payoff either.”

—Scott Hine, U.S. Department of Energy, Washington, D.C., USA

“To set the platform for a successful project, the pricing was valid for a defined and limited period of time and was reopened multiple times as the project evolved,” he says. “To keep the work advancing through delays, we also negotiated and received cash payments along the way under limited notices to proceed.”

This type of proactive approach also can help teams embrace certain unavoidable risks—and the opportunities they bring, says Scott Hine, director of the Project Management Coordination Office for the U.S. Department of Energy's Office of Energy Efficiency and Renewable Energy, Washington, D.C., USA.

image

ISTOCKPHOTO

image

“By planning ahead, we will have created an empowered workforce with the necessary technical skills to plan, design, build, operate and maintain future projects.”

—Stuart Shaw, Black and Veatch, Overland Park, Kansas, USA

Mr. Hine notes that since the Recovery Act stimulus package passed in 2009, when his department was simultaneously put in charge of hundreds of clean energy projects across the nation, the department has gotten a lot more comfortable exploring the upside of project risk.

“In the past, people were afraid to even talk about risks, but now they recognize it is not something to be afraid of,” he says. “They see that we can use it to our advantage when making decisions on ROI.”

That might mean investing in several R&D projects knowing that some may not deliver all of the intended results, or supporting a high-risk innovation effort that has huge potential benefits. “If you never push the envelope, you may get a low rate of failure, but you won't see a lot of payoff either,” Mr. Hine says.

A CLOSER LOOK

As they grapple with increasing uncertainty, many companies have adapted their project and risk management processes by adding training, establishing project management offices (PMOs), and creating more robust risk management frameworks and governance teams.

Mr. Shaw says Black and Veatch has started looking at risks earlier in the project planning process and taking a portfolio view of risks when assessing individual projects. For example, if the same subcontractor has contracts with five different projects in the portfolio, the risk management team needs to consider whether that company can handle all of the work. Individually, each contract might only be worth US$100,000, which wouldn't raise red flags. But together, that business would be handling a half-million-dollar scope that touches multiple clients. “Managing that kind of supply chain risk is a key part of our risk management approach,” Mr. Shaw says.

Black and Veatch also factors reputation risks into this process, including issues that could affect public opinion of a project and its owners, such as the perception of whether the sponsoring organization is investing in the community or taking advantage of it.

“You need to have open discussions with clients about what those risks are and what approach you will take to address them,” he says.

Mr. Shaw points to the Kusile megaproject, in which Black and Veatch is assisting utility company and project owner Eskom in building six 800-mega-watt coal-fired power plants in South Africa, as a prime example of this process in action. When the US$12 billion, 12-year project is completed in 2020, it will be the largest power station of its kind in the Southern Hemisphere. But along with meeting deadlines and delivering business value, Eskom wanted to enhance the capabilities of its own work-force as well as South African suppliers and subcontractors. It hired from the local talent pool, provided comprehensive job and safety training, and created a culture of knowledge transfer for local workers. “There is always more value in a project when we can leave a legacy at the end,” Mr. Shaw says.

So Black and Veatch worked with Eskom to incorporate a skill building and knowledge transfer program into the project plan. Team members at the former company worked very closely with local staff to ensure they had the necessary knowledge and skills to execute current and future projects. This program also helped Black and Veatch and Eskom manage cost and schedule risks. Without the program, the community would have lacked the specialized talent needed to manage a project of this magnitude, and managing it entirely with expats would have been prohibitively expensive, he says.

“By planning ahead, we will have created an empowered workforce with the necessary technical skills to plan, design, build, operate and maintain future projects.”

SHIELDS UP

Managing and mitigating uncertainty and volatility often must start at the top. That's why Gilles Vez, risk manager in the PMO at Banque Cantonale Vaudoise (BCV), Lausanne, Switzerland, joined the company in 2016: He set up a risk management program and guided the company in developing a PMO process. “It was a major change for the organization,” he says.

A key component of the new process he is establishing at BCV is a governance framework for tracking projects and developing a deeper understanding of risks prior to project approval. “We can never avoid risk, but we can manage it by following best practices and setting quality gates,” he says.

And in an age where everyone carries the internet in their pockets, any snafu or misstep captured by the public can be shared instantly with the world. So organizations should also have an escalation plan to help them manage any reputation risks that are realized, says Mr. Hine.

“You need processes in place to elevate these kinds of events to leadership as quickly as possible,” he says. “You don't want to be the one getting a call from senior leadership asking why they weren't informed when you were aware of the issues.” PM

image

“We can never avoid risk, but we can manage it by following best practices and setting quality gates.”

—Gilles Vez, Banque Cantonale Vaudoise, Lausanne, Switzerland

The Top 5 Risks of 2017

According to Protiviti and North Carolina State University's Poole College of Management, these are the biggest risks keeping project owners awake at night.

1  Economic concerns. Seventy-two percent of executives ranked international and domestic economic conditions as a significant risk, making it the leading concern for 2017.

2  Regulatory changes. Sixty-six percent of executives rated regulatory change and heightened regulatory scrutiny as having a significant impact on their organizations. For long-term projects that must adhere to specific regulations, these changes can directly impact the cost and viability of project plans. It's the first time in five years this wasn't the top concern.

3  Cybersecurity. Concerns about cyberattacks rank among the top five risks for all sizes of companies surveyed. This is particularly concerning for IT project leaders, who must balance innovation and ease of use with the need for protecting data from security breaches.

4  Speed of innovation. The rapid rate of innovation is a growing concern: 2017 is the first year this risk has ranked among the top five. This is particularly challenging for project teams that base their ROI on being first to market with a new innovation.

5  Identity protection. A spike in data breaches has put privacy and identity theft on the top five list for the second year in a row.

This material has been reproduced with the permission of the copyright owner. Unauthorized reproduction of this material is strictly prohibited. For permission to reproduce this material, please contact PMI.

Advertisement

Advertisement

Related Content

Advertisement