2008 PMI Global Congress Sydney: ICT Program Risk Management: Asian High-Profile Mega Project Success Stories
Published : 3 March 2008, PMI Global Congress Sydney, Australia
This presentation leverages on the speaker’s years of experience in managing high Profile, Complex, Mega Projects in the Asia Pacific region as Program Director, Project Manager, Chief Engineer, and System Integration and Testing Manager for the successful completion of the multi billion US dollar Kuala Lumpur Malaysia, Inchon Korea, Shanghai Pudong, Guangzhou Baiyun international airports, and the soon to be completed, Olympic 2008 related program, Beijing Capital Airport Terminal 3 .
Traditionally, airports have been operated in an environment where the airport IT system is disintegrated. Information created by the different departments is shared or exchanged through conventional means. For example, calling a meeting, using a telephoneor fax, sending a memo, exchanging computer diskettes, etcetera, which is inefficient and prone to errors. Alternatively, these five International Airports in Asia Pacific adopted the concepts of the Airport Operational Database (AODB) and systems integration of the above mentioned disintegrated IT systems, allowing information to be communicated and exchanged seamlessly, improving efficiency, competitiveness and strengthening the bottom line.
SK starts his presentation by providing a comparison between the Best Practices in the PMI’s PMBOK(r) Project Risk Knowledge Area, versus the tools and techniques he used to identify and analyze Project Risks using the Nine High Impact Risk Areas Matrix, mainly Scope, Scheduling, Resources, Market Factors, Technical Challenges, Logistic, Roles & Responsibilities, Budget & Commercial, and Acceptance Criteria.
SK discusses the challenges which arose during his work in identifying and responding to various Risk Categories such as Project Life Cycle Risks, Technology Related Risks, and Environmental Risks. He will give real life examples, such as how a similar risk identified in Kuala Lumpur can not be responded to using the same response plan used in Shanghai, and an example of how multiple risks identified in Guangzhou, China had been merged and mitigated effectively using a single risk response plan. He will demonstrate to you how his advice to a Beijing Olympic 2008 Related program, the Beijing Capital Airport project, to use multiple risk response strategies to a single high impact risk identified during project initiation managed to convert threat to opportunity and introduced mega savings.
SK also discusses the hottest pressing issues, the do’s and don’ts, challenges and constraints in implementing Project Risk Management across different project environments, and how these can be linked to stakeholder risk attitude, budget, and when and how the risks are identified. Interesting enough, there are few risks identified but can not talk about them officially.
SK ends his presentation by sharing the lessons learned and priceless experiences gathered, some of which may have come a bit too late for him. He will share some new ideas and tips how to measure the effectiveness of the Project Risk Management in his previous projects, and what he intends to improve. Hopefully, SK can impart some secrets of success of how effective Project Risk Management helped the successful completion of these mega projects.
The presentation ends with some new ideas and tips he has used to measure the effectiveness of Project Risk Management in these projects, and share some thoughts and his personal lessons learnt which he will adopt if he is offered the opportunity to do a sixth airport project.
ICT PROGRAM RISK MANAGEMENT:
ASIAN HIGH-PROFILE MEGA PROJECT SUCCESS STORIES
CONTEXT OF RISK MANAGEMENT CASE STUDIES
Firstly, the author (SK) starts with case studies on five international high profile, complex and mega projects in the Asia Pacific, followed by a revisit to the PMI PMBOK Risk Management knowledge area. Secondly, SK provides a comparison between the best practices in the PMI PMBOK® Guide Project Risk Knowledge Area, versus the tools and techniques he used to identify and analyze project risks using the Nine High Impact Risk Areas Matrix, namely Scope, Scheduling, Resources, Market Factors, Technical Challenges, Logistic, Roles & Responsibilities, Budget & Commercial, and Acceptance Criteria. Thirdly, SK illustrates that multiple risks can be managed using a single risk response and, conversely, that a single risk may be reduced via multiple risk responses. SK also shares his experiences in which 20% of the total project costs for Beijing Olympic 2008 Related Program was saved by exploiting a POSITIVE risk.
This is followed by a discussion of the challenges that arise during these projects in various capacities. Some of them may be similar in all projects, such as ‘project politics,’ whereas some are unique, such as developing a system without the end user involvement. SK also discusses the hottest pressing issues, the do’s and don’ts, challenges and constraints in implementing Project Risk Management across different project environments, and the way these can be linked to stakeholder risk attitude, budget, as well as when and the method through which the risks are identified and managed. SK ends his presentation by sharing the lessons learned and some priceless experiences gathered, some of which may have come a bit too late for him. SK will impart some secrets of success regarding how effective Project Risk Management was in contributing towards the successful completion of these mega projects.
FIVE HIGH-PROFILE MULTI-BILLION MEGA PROJECTS IN ASIA
SK has been involved in the following projects:
Kuala Lumpur International Airport Project: System and Testing Manager, part of Project Management Consultancy team
Inchon International Airport Project, Korea: Project Advisor, part of System Integrator beginning of the project and as External consultant appointed by the Gov. of Korea
Shanghai Pudong International Airport Project, China: System Engineer, Chief Engineer, Project Director, part of System Integration Team
Guangzhou International Airport Project, China: Project Consultant , part of Client Representative
Beijing Olympic 2008 related Program, Beijing Capital Airport, China: Airport Project Management Specialist, part of Airport Authority Planning Team
All of these five projects have the characteristics below in common:
- Profile: Everyone knows about it, talk about it, and make money out of it. Projects such as these attract the attention of scores of people. Anything positive about these projects can give the Prime Minister and the politicians a chance to make this project into a political milestone, whereas anything negative will definitely capture the attention of the medias and call for the involvement of the Anti-Corruption Agencies.
- Business: These projects have a high contract value. The lowest amount invested was US$ 1.7 billion, while the highest was US$ 4 billion. The source of project funding has very much determined the procurement process and how the program, projects or sub-projects was tendered out had a direct link to the first level of Work Break Down Structure (WBS)
- Scope: Multiple products and services are identified and assembled into a complete solution. No individual or team can create the entire product, and no individual project manager can oversee the entire project directly. Multiple subproject efforts are required.
- Execution: Complex coordination system and procedures involved. With an extensive implementation timetable, high expectations, and a tight schedule, we could not afford to fail. Project transparency has also been a challenge in all of these projects.
- Technical: The technical aspect the project often requires a high-degree of different types of expertise. It may also require different set of rules of guidelines.
THE TRADITIONAL AIRPORT SYSTEM ENVIRONMENT
Traditionally, airports have operated in an environment where the airport IT system disintegrates information created by different departments, and is shared or exchanged through conventional means. For example, calling a meeting, using a telephone or fax, sending a memo, exchanging computer diskettes, etc., are inefficient and prone to errors. Alternatively, these five International Airports in Asia Pacific adopted the concepts of the Airport Operational Database (AODB) and systems integration of the above mentioned disintegrated IT systems, allowing information to be communicated and exchanged seamlessly, hence improving efficiency, competitiveness, and strengthening the bottom line.
THE INTEGRATED AIRPORT SYSTEM ENVIRONMENT
An Integrated Airport System (FIDS and BGS, air-traffic control tower to SMS or Internet information) creates a platform that allows information created by different departments such as the Baggage Handling System, the Airlines Reservations System, Security System, Departure Control System, as well as the check-in counters and aviation telexes, etc., to be exchanged or shared in a timely and more efficient manner. This consequently reduces the information error rates, improves customers’ satisfaction and cuts down operational costs, which eventually translates into an overall increase in competitiveness and promotes the airport’s business growth.
The cheapest Integrated Airport System cost around US$ 60 million, while the most expensive cost up to US$ 200 million.
In an Integrated Airport System, the IT Department at Airport Authority typically works as the client responsible for the capturing of requirements and managing the procurements and contractors, whereas the airport operator plays the role of end user who provides the requirements for the airport and prepare to take over the system. Finally, you will find the Master System Integrator, a few System Integrators, Contractors, Subcontractors, and Consultants for various organizations participating as well.
TOP 3 CHALLENGES & RISKS
Assuming you are going to be involved in one of these five mega projects, what are the issues, risks, and challenges you might face that you can identify?
PROGRAM LIFE CYCLE CHALLENGES / RISKS
There are several common challenges that can be found in these projects’ life cycle.
Challenges / Risks in the Initiating Stage
They are Politically Motivated:
At the initiating stage, like it or not, most of these high-profile mega projects are politically motivated. The amount of investments involved (billions of dollars), its impact to environment and societies, the national pride you feel when you see a new airport in a country – or what I call the national “debt” and “shame” in the case of the project’s failure – are just a few elements that lead to the politicians’ involvement in the initiating phase of the project. Some countries are able to pull it through within two to three years but some may still argue in the cabinet or the city hall about the needs and justification for a new airport, which typically costs US$ 1.5 billion to US$ 4 billion!
There is Poor Planning:
Before KLIA, a typical green field usually requires seven years to go from its planning to its opening. Because of external dependencies, namely the Commonwealth Games, the entire project team had to deliver the new KLIA in less than the usual time (around 3.5 years). A creative and (never done before) fast tract approach had to be adopted. For example, before we could complete a full planning session, we had to execute on whatever we had decided in the still on-going session. Of course, this resulted in re-works, wastage, and massive coordination issues later.
There are Unknowns and Uncertainties:
The concept of Total Airport Management System (TAMS) was introduced to KLIA without any reference site. This means that no one else had ever done it before. The so-called subject matter experts in fact may just “talk” about the theory with a lot of if-then-else and assumptions to protect their so-called “professional” image. Everyone in the project team (including themselves) knew that there was always a big gap between the theory and its execution!
There are Stakeholders’ Interests:
An example of this is when the Shanghai Airport received borrowed money from the Japanese Government on the condition that most of the contracts will be awarded to Japanese-based contractors as a first right of refusal.
Challenges / Risks in the Execution Stage
At peak, more than 10,000 unique people are involved in the construction of the infrastructure. The Airport System will have 40 different teams, randing fromm 200 to 700 project team members at highest. Four to seven levels of subcontracting is not uncommon. 800 meetings were conducted at KLIA and 500 meetings were conducted at Shanghai just to resolve technical issues. Capturing and managing meeting minutes was a big job in itself.
One critical political pressure faced by all project team members in KLIA was to be able to complete the airport which would have usually taken seven years to complete, but was completed in three and a half to four years in order to showcase one of the world’s masterpieces to the medias, visitors, and athletes who came to KL to participate in the Commonwealth Game in 1997.
Of course, there are more challenges and risks that the team faced throughout the course of these projects. To know more about these, please do not hesitate to contact the author for more details.
We are to know that one of the nine knowledge areas in the PMBOK Framework is called Risk Management, but SK will discuss here about the six processes (i.e. Risk Management Planning, Risk Identification, Risk Qualitative Analysis, Risk Quantitative Analysis, Risk Response Planning, and Risk Monitor and Control) in the Risk Management knowledge area.
Different projects have to practice risk management according to how the stakeholders feel comfortable or how they understand it. Indubitable, this brings in endless arguments and discussions on how risk identification should be conducted. The definition of risks, issues, challenges, and facts would also be confused with ambiguity.
Nevertheless, the nine high-impact risk areas identified through real-life project experience will be highlighted in the following section.
HIGH-IMPACT RISK AREAS
The nine consolidated High-Impact Risk Areas are:
- Market Factors
- Technical Challenges
- Roles and Responsibilities
- Budget and Commercial
- Acceptance Criteria
Who Is Doing Risk Management and Why Are They Doing It?
When Do They Do It?
Both sellers and buyers spend a few months, if not years, to identify all the possible risks they can envision. It wasn’t ‘practical’ to have all risks centralized in a single register as what some theories and textbooks taught us to do; rather, each player had their own risk register. If all the identified airport system related risks could be consolidated, it could amount up to three thousand risks altogether across a three-year timeframe.
Why Do They Do It?
Sellers perform risk identification during bidding phase because they are willing to forego the deal if it is not a viable opportunity, as this is typically a kind of deal which can make you famous, profitable, or drive you to bankruptcy should you fail to deliver it! Otherwise, why bother to assess?
Challenges When Doing Risk Management
There are challenges for us as sellers to perform proper risk identifications because of limited access to information (customers may be reluctant to share information, or they may not have the information needed), wrong assumptions and constraints introduced, sometimes by the customers themselves or by an external party which is beyond the customers’ control.
For example, in four out of the five airports SK has been involved in, the government refused to announce who will be the end user and operator of the airport until six months before the airport’s opening. We were therefore capturing the system requirements with an assumption that the old airport operator will be engaged again for the new airport! It is therefore evident that political power struggle and commercial interest at their highest peak can cause delay in announcing the ultimate operator in four out of the five airports. We are dealing with what we call ‘real time risks,’ in which our decisions for the project could be rejected easily the moment the real airport operator comes onboard.
Some examples for our discussion are found below:
Area 1 : Scope
Risk 1 : Program scope may be too large or complex for a non-negotiable deadline.
Area 4 : Technology
Risk 4.1: Program Deliverables may not meet Life and Mission Critical Specification
Area 6 : Schedule
Risk 6.1: The ICT Program may be delayed because of others.
Area 8 : Commercial
Risk 8.2: New currency exchange policy may be introduced by the government.
CASE # 1: MITIGATE MULTIPLE RISKS VIA SINGLE RESPONSE
Instead of the conventional way responding to one risk with one response, it is also possible to mitigate multiple risks via a single response.
For example, in this case study, there are three risks identified in the project:
Risk 1.1: Program scope may be too large or complex for a non-negotiable deadline.
Risk 6.1: The ICT Program may be delayed because of others.
Risk 4.1: Program Deliverables may not meet Life and Mission Critical Specification.
Nevertheless, these risks were efficiently dealt with using only one risk response, which was building an integration lab. Investment was put into the construction of a mini airport, which enhanced testing methodologies and also allowed activities usually done at site to be brought forward to the lab.
Consequently, three significant benefits were obtained through this Risk Response strategy:
Benefit 1: Major construction delay has minimum impact on software and integration activities; IT software testing can still proceed despite major construction delays.
Benefit 2: Troubleshooting was made easy in Lab in comparison to doing it at Site; Requirements Validation and Verification can be performed at Lab as much as we like to.
Benefit 3: The airport enjoyed a smooth opening, supported by a stable Integrated Airport System.
The end result was that three out of the five airports managed to open with a stable Integrated Airport System.
However, only three out of the five airports were mentioned here; WHAT HAPPENED TO THE OTHER TWO?
CASE # 2: EXPLOIT SINGLE RISK (OPPORTUNITY) VIA MULTIPLE RESPONSES
Background: The Chinese RMB has been pegged to USD for years. In 2005, SK participated in a project planning session conducted by a customer. A major concern (which can hereby be distinguished as a ‘risk’) that has been identified was that the RMB could be UNPEGGED against the USD during the three years implementation program. The customer believed that the RMB would go from RMB8.10 to RMB7.5 over the 3 years period if the UNPEGGING ever took place.
Even though the risk identified here is only one, it could be mitigated via multiple responses.
Risk Response 1: Avoid risks by encouraging contracts to be signed in the Chinese RMB Currency.
Risk Response 2: Delay as late as possible during project implementations the procurement of items that must be purchased in currencies such as the USD.
Risk Response 3: In order to enhance the customer/buyer bargaining power, we centralize the procurement of as much items as we can, and introduce buy-local-product policies.
As a result of these risk responses, we enjoyed two benefits:
Benefit 1: There was a reduction of costs by 8%.
Benefit 2: By buying local products, the risk in currency exchange was also avoided.
It is therefore evident that responding to a single risk through multiple responses not only decreases said risk, but it could also bring more benefits to the project.
ISSUES AND CHALLENGES
There are also issues and challenges that may arise during the process of risk identification.
Issue 1: Lack of complex program or project management knowledge and practical risk management experiences.
- “Paper Talk” – They may have the experiences, but do not implement them.
- “Copy & Paste” – In order to meet the Management’s requirements, they simply copy and paste risks identified from another project to their current project, which may not be entirely relevant (the two projects may be completely different from one another, so there will be different risks involved).
- Project Visibility – This is best described by the notion that “I can’t see everything in the project unless someone tells me.” The problem with Project Visibility is that other people may be reluctant to share the risks or tell negative things because it may make them look foolish. Furthermore, sharing risks may also ‘rock the boat.’
- Transparency – Different stakeholders may have different commercial interests, which lead to risks associated with their preferred contractors to not be allowed to be highlighted. Consequently, this could result in extensive cover-ups.
- Politics & National Pride – People generally do not want to hear negative things. Furthermore, there are typically a lot of political organizations involved in the project, and the project team may not always know how to overcome the “Paper Talk” risk.
Issue 2: There are also issues and challenges that can be found at the Organization Level.
- Investment – Organizations may be reluctant to invest money for the project. For example, going back to Case # 1 mentioned earlier (“MITIGATE MULTIPLE RISKS VIA SINGLE RESPONSE”), the remaining two airports that failed to open on schedule was due to the organizations’ reluctance to fork up the money to invest in building the integration lab.
- Complex Stakeholders Relationship – Stakeholders may share a complex relationship due to conflicting interests. Moreover, along with conflicting interests, they may hence also have different priorities.
In conclusion, there are always issues and challenges that arise in the process of risk identification. Nonetheless, all the risks identified in this section of the article will never be found in the Risk Register. This is where experience makes us very valuable, because it is something that no one can take away from you.
“BEEN THERE, DONE THAT!”
COMPLEX STAKEHOLDERS RELATIONSHIP
Stakeholders can be categorized into six different categories:
- End User
- Product Vendor
- Prime Contractor
Each of these stakeholders have different so-called needs and “urges” in their pursue for power and political schemes. If you have power, you are able to manipulate responsibility, accountability, and control to your advantage.
However, in order to gain power, the stakeholders play politics, and when they play politics, there are always scandals, conspiracies, and crises involved. Along the line, there always people so naïve as to get caught in the scandal, those who are aggressively pursuing their own political agenda, and those who are sensitive about the political situation.
To know more information about the Complex Stakeholders Relationship, please refer to other articles by SK.
SK has faced people with the following characteristics during Risk Identification. These are the challenges faced when identifying a real risk.
- YOU KNOW WHAT YOU KNOW – E.g.: The IT Security experts know exactly the security specifications required for the project.
- KNOW WHAT YOU DON’T KNOW – E.g.: The IT Security experts do not know the type of construction materials required to meet the project requirements.
- DON’T KNOW WHAT YOU SHOULD KNOW – E.g.: The system administrator does not know what version of operating system he is installing.
- DON’T KNOW WHAT YOU DON’T KNOW – E.g.: None of the project team members have experience in building airport systems before. (If they simply do not know how to build an airport system, how can they ever tell you the risks?)
- DON’T KNOW WHAT YOU DON’T KNOW, BUT YOU PRETENDED THAT YOU KNOW – E.g.: A sales person who has never done an airport system before and has no knowledge of airport integrations is telling the programmer how to write software which complies to aviation requirements.
- THOUGHT YOU KNEW IT, BUT YOU DON’T – E.g.: All trials cannot be performed unless you have an approved test plan. I thought you knew it, but you don’t.
SK hopes this article can impart some of the lessons learned in implementing Risk Management in your future projects. Bear in mind that there is no a “One Show Fits All” solution; even when you are facing the same situation, with almost the same risks as those identified in this article, your response(s) must adjust to the size, complexity, experience, and skill level of the stakeholders.
Last but not least, SK would also like to impart the difference between effective Risk Managers and effective Crisis Managers. If you have an effective Project Risk Manager in place, it will very likely not be noticed, as it is part of the project plan and is usually driven by team effort.
On the other hand, Crisis Managers are called in if your projects are in deep trouble or in crisis. His or her contributions are obvious and individual-based. Most importantly, a crisis manager’s role is never planned in any projects.
Who would you rather be, a hero who saves a project from a crisis or an effective risk manager?
IFT01_ICT Program Risk Management