Large infrastructure projects suffer from significant undermanagement of risk throughout the life cycle of a project, as the management of risk isn’t properly accounted for in their planning.
The World Bank estimates that a 10 percent rise in infrastructure assets directly increases GDP by up to 1 percentage point. Insufficient or underdeveloped infrastructure presents one of the biggest obstacles for economic growth and social development worldwide. In Brazil, for example, development is constrained by narrow roads, a lack of railways in the new agricultural frontiers, and bottlenecked ports, all of which are unable to meet the transport needs of a newly wealthy consumer mass.
Infrastructure projects are high on governments’ agendas, and the infrastructure-development and investment pipeline is huge. The current global project pipeline is estimated at $9 trillion, one-third of it in Asia. India is expected to spend some $550 billion on large-scale projects over the next five years, half of which will be in the energy and utility sectors (Exhibit 1). Developed economies also have significant infrastructure plans. The United Kingdom, for example, has identified an infrastructure pipeline of over 500 projects that is worth more than £250 billion.
However, major infrastructure projects have a history of problems. Cost overruns, delays, failed procurement, or unavailability of private financing are common (Exhibit 2). The final cost of the much-anticipated Eurotunnel between the United Kingdom and France, for example, was significantly higher than originally planned, while the Betuwe cargo railway linking the Netherlands and Germany came in at twice the original €2.3 billion budget and more than four times the original estimate. Nor are these problems confined to the past. Today, the construction of Kuala Lumpur’s new airport terminal, for example, is facing huge cost overruns and significant delays following frequent design changes.
In our view, most overruns are foreseeable and avoidable. Many of the problems we observe are due to a lack of professional, forward-looking risk management. Direct value losses due to undermanagement of risks for today’s pipeline of large-scale projects may exceed $1.5 trillion in the next five years, not to mention the loss in GDP growth, as well as reputational and societal effects.
Large infrastructure projects suffer from significant undermanagement of risk in practically all stages of the value chain and throughout the life cycle of a project. In particular, poor risk assessment and risk allocation, for example, through contracts with the builders and financiers, early on in the concept and design phase lead to higher materialized risks and private-financing shortages later on.
Risk is also undermanaged in the later stages of infrastructure projects, destroying a significant share of their value. Crucially, project owners often fail to see that risks generated in one stage of the project can have a significant knock-on impact throughout its later stages.
The structuring and delivery of modern infrastructure projects is extremely complex. The long-term character of such projects requires a strategy that appropriately reflects the uncertainty and huge variety of risks they are exposed to over their life cycles. Infrastructure projects also involve a large number of different stakeholders entering the project life cycle at different stages with different roles, responsibilities, risk-management
capabilities and risk-bearing capacities, and often conflicting interests. While the complexity of these projects requires division of roles and responsibilities among highly specialized players (such as contractors and operators), this leads to significant interface risks among the various stakeholders that materialize throughout the life cycle of the project, and these must be anticipated and managed from the outset.
And because infrastructure projects have become and will continue to become significantly larger and more complex, losses due to the cost of undermanaged risks will continue to increase. This will be exacerbated by an ongoing shortage of talent and experience—not only are projects more complex, but there are also more of them, which will create demand for more effective and more systematic approaches and solutions.
Surprisingly, the risks of large infrastructure projects often do not get properly allocated to the parties that are the best “risk owners”—those that have a superior capability to absorb these risks. This can result from a
misunderstanding or disregard on the part of governments of the risk appetite, for instance, of private investors who are sensitive to the kinds of risks they accept and under what terms. Providers of finance will often be
the immediate losers from poorly allocated or undermanaged risks. Even in public-private-partnership (PPP) structures, private-risk takers and their management techniques are introduced too late to the process to
influence risk management and allocation, and therefore they cannot undo the mistakes already embedded in the projects. One crucial consequence is an increase in the cost of financing PPP projects and a greater need
for sovereign guarantees or multilateral-agency support. In the end, however, society at large bears the costs of failures or overruns, not least in the form of missed or slowed growth.
Private sources of investment are becoming increasingly scarce. Banks have weak balance sheets and are under severe regulatory pressure to avoid or limit long-term structured finance. Many are either reducing or
exiting their infrastructure-financing businesses. Other potential “natural owners,” such as pension funds and insurance companies, either have regulatory constraints or are still in the early stages of considering direct
investments and building up the necessary expertise.
This helps to explain why the dominant financing solution to deliver infrastructure projects is through budget-financed public-procurement processes. It is striking to see that—in the absence of private-sector
management techniques and private-sector risk takers—public-infrastructure sponsors seldom apply stateof-the-art risk- and project-management tools and techniques, despite the knock-on consequences of being
seen to “lose” public money during a time of increasingly constrained public budgets.
In effect, a larger volume of riskier infrastructure projects, managed by public servants who lack of risk- and project-management skills and resources, seeks funding from a market with lower financial supply and a
significantly lower risk appetite among providers of both public and private financing.
This is not to argue that the public sector lacks any risk-management capabilities. In fact, many public-sector processes are very sophisticated, but they are geared toward ensuring transparency itself and avoiding the
reality or appearance of misconduct and do so at the expense of effectiveness, efficiency of the process itself, and operational and execution risk-management objectives. As a result, the seeds of many project failures are
sown in the early stages of development, when a poorly designed project-delivery approach or ill-considered procurement decision can lead to delays, higher costs, and ultimately diminished returns.
A more comprehensive approach to risk management would address the key issues facing all parties and stakeholders involved in a project throughout its life cycle, including project originators and sponsors, that is, governments
and public entities, tackling both perceived risk, and financing gaps. In the remainder of this paper, we set out how good practices in project structuring and risk management can radically improve outcomes in big infrastructure
projects. We explain what a comprehensive “through the life cycle” risk-management approach requires.
We also outline the benefits of, and processes involved in, effectively implementing a risk-management capability.
Good risk-informed project management requires the following:
- a comprehensive conceptual framework that introduces risk management across the value chain and highlights the most critical issues and design choices to be made
- a strong set of practical approaches and tools that help governments and companies make these design choices and manage risks more proactively and thus more effectively
- an implementation framework that effectively introduces and ensures the application and execution of discipline in day-to-day business, starting in the beginning of the design phase all the way through the
life cycle of a project
Project risk across the infrastructure life cycle
Proper front-end project planning is all about shaping the project’s risk profile so it can be managed during execution, and execution is all about aggressively mitigating the risks that emerge. The key is to know what risks are inherent to a project and what degree of freedom you have to shape the risk profile before you commit the bulk of your funds; you must also have skills in place to prevent the remaining risks from getting out of control. Then you can discuss what skills and processes are needed during front-end planning versus execution. In practice, they are quite different.
There is an inherent conflict between the aspiration to limit the number and volatility of potential future (interface) risks and the need to maintain flexibility to respond to unforeseen changes over the life cycle of a project. The fact that risks can materialize in later stages, but have actually been caused in earlier stages under different responsibilities, requires an end-to-end risk-management view, as opposed to a siloed, individualized process-step responsibility. There is a clear need for strong risk-management processes from the outset and for these to be applied and continuously developed throughout the life of the project.
A state-of-the-art risk-management approach for infrastructure projects needs to reflect the peculiarities of the business. A good starting point is to undertake a forward-looking, life-cycle-oriented risk assessment and to generate insights into the root causes of identified and potential risks at the beginning of the project—in the project-origination and design phase. A true understanding of stakeholders’ capabilities and willingness to take on and actively manage certain risks—the risk-ownership structure—and the respective allocation and pricing of these risks would be a logical next step. In addition, strategy and risk-related processes need to be strengthened, and the governance and organization—as well as the risk cultures—of all stakeholders need to be enhanced.
The involvement of risk-taking private-financing perspectives early on, for example, as applied in a PPP, can ensure a more professional and disciplined approach to strategy, risk and project management, and deal structuring.
To improve the successful provision of infrastructure projects, whether through PPPs or public procurement, all stakeholders across the value chain of an infrastructure project need to be subjected to rigorous private-sector risk-management, risk-allocation, and financing due diligence. They should also be required to contribute to the effective implementation of risk-management and mitigation capabilities across the life cycle of the project.
Assessing risks across a project’s life cycle can be a powerful way of making it more resilient and ultimately more profitable for all of the participants across the value chain. This approach shares many elements with enterprise-risk-management (ERM) processes that are common in other sectors. Exhibit 3 provides an example of a generalized ERM framework.
Several concepts derived from ERM are applicable for infrastructure:
- Forward-looking, through-the-life-cycle risk assessment: management focus on a proactive, forward-looking business-oriented performance dialogue on risk and return
- Risk ownership and strategy: a conscious optimization effort to protect and create value by allocating risks to the best risk owners across the life cycle, including an explicit reflection of the respective risk appetite of these risk owners, for example, private financiers
- Risk-adjusted processes: risk management as an institutionalized capability, integrated into important processes such as business-case planning, as well as through explicit risk processes like monitoring, control, and mitigation, with all stakeholder parties involved across the life cycle of the project
- Risk governance: risk management as a priority on top management’s agenda, reflected in responsibilities and organizational design, for example, through an independent view on risk
- An explicit and effective “risk-return culture” within the control functions, but especially with project managers and in the project-execution force
Importantly, ERM is not a purely administrative “checking the box” exercise that aims only to create regulatory or board compliance. ERM is meant to connect the boardroom, where important risk-relevant decisions are made, to the engine room of risk managers, where a lot of relevant information and insight needs to get produced.
Effective risk management in infrastructure projects
Typically, as noted earlier, many projects fail because of choices made in the early stages of development. A poorly designed project-delivery approach or the wrong decisions about procurement can also lead to delays, higher costs, and diminished returns. Project risk management has to be a core element
of project selection, planning, and design, and it has to be continuous across the entire life cycle of the project. For each stage of a project, there are some common questions:
- Forward-looking risk assessment: which risks is the project facing? What is the potential cost of each of these risks? What are the potential consequences for the project’s later stages as a result of design choices made now?
- Risk ownership: which stakeholders are involved and which risks should the different stakeholders own? What risk-management issues do each of the stakeholders face, and what contribution to risk mitigation can each of them make?
- Risk-adjusted processes: what are the root causes of potential consequences, and through which risk adjustments or new risk processes might they be mitigated by applying life-cycle risk-management principles?
- Risk governance: how can individual accountability and responsibility for risk assessment and management be established and strengthened across all lines of defense?
- Risk culture: what are the specific desired mind-sets and behaviors of all stakeholders across the life cycle and how can these be ensured?
Phase 1: Selecting, planning, and designing projects
Governments initiate the vast majority of infrastructure projects. This creates natural tension because delivery times for projects typically run beyond the election cycle, meaning that any future payoff might accrue to political opponents. In addition, governments are often reluctant to spend money at the outset, preferring to appear thrifty even if there will be far higher costs later on. Often efforts are hampered by the lack of an overarching infrastructure strategy, but many other factors can lead to individual projects being plagued with problems. These include incorrect forecasts and assumptions (for example, on demographics, demand, prices, revenues, capital expenditure, or operating expenditure), a limited understanding of market dynamics, and lack of willingness to plan for volatility and adverse scenarios. Overestimating revenue and growth potential while underestimating risk results in badly designed projects that deliver lower-than-expected returns or, in the worst case, a project that must be canceled or abandoned after significant up-front investment. The Oedo subway line in Tokyo, for example, earned revenues much more slowly than anticipated due to massive delays in delivery and overly optimistic forecasts.
Other challenges include poor planning and management of future interface risks, caused by early-stage decisions regarding project structures and design. For example, the highly praised HSL-Zuid high-speed rail-line PPP in Netherlands (which was named PPP Deal of the Year in 2001) later incurred a 43 percent cost overrun as the original “particularly appetizing risk profile” of the deal included the breakup of the project into three separate subprojects, causing significant interface risks that were only identified, and were then poorly managed, after the deal was closed. Crucially, the risk appetite of developers, contractors, and private investors, who are essential in later stages of the project life cycle, is often
not taken into account.
A life-cycle risk-management approach involves making decisions using a risk-based perspective. Specifically in the earliest design and planning phases of a project, this may require a conscious effort to identify, assess, and, ideally, quantify the risks the project will be exposed to across its life cycle. This includes reflection on potential adverse circumstances and scenarios (for example, stress testing). In large subway constructions, for instance, the risks of geological obstacles, environmental challenges, and future customer numbers and behaviors can and should be explicitly taken into account as drivers of volatility of project construction and future cash flows. A life-cycle approach demands the alignment of people and management toward a more risk-conscious set of processes.
Each individual project should use a stage-gate approach to ensure that projects do not progress without key deliverables being completed. Using predefined risk-register templates enables this to progress smoothly. Private financial discipline should be used in planning, designing, and structuring projects even before private investors are involved, helping to adjust incentives and penalties so that they are matched appropriately—and applied—to each relevant party.
The primary objective is to create a transparent and flawless decision-making process to select the investment that best achieves assigned targets under the global mandate of the sponsor. This is a major
challenge. Too often projects are “gold plated” or overdesigned for the commercial opportunity, resulting in too much complexity and a lack of economic viability. Sponsors need to adopt a realistic commercial
approach from the outset, making sure the project can meet its defined needs and is designed so that it also meets its target costs. Potential future interface risks would be identified early on in the process, and
the required resources and skill set to manage those risks would be factored into any decision taken with respect to alternative project structures. It should be clear from the outset how any new project fits in to
a wider strategy. For example, a project for a new airport should form part of an overall national strategy for transport.
State-of-the-art forecasting techniques should be applied, helping to avoid common problems such as overdesign, mismatched capacity and demand, or misjudgment of interdependencies with other projects.
The project can be evaluated using adverse scenarios, stress tested, and set up with the appropriate monitoring and reporting processes. An economic model that integrates time risk, cost risk, and uncertainties can be deployed to produce a clear business case and range of expected financial returns. In this regard, it is crucial to consider potential private-sector requirements early on (both technical and financial).
During front-end planning, there are several key risk levers to pull:
- conceptual design (what you’ll ask the contractors to design and build)
- the procurement model (how you select contractors)
- contracting model (under what terms the contractors work)
- the project-management model (how you will manage the contractors to deliver the project)
All of the business-case evaluation falls under conceptual design, but success in the end is all about the interface between the owner and the contractor. Projects can go wrong for lots of other reasons (for example,
a road is being built over contested ground or a natural disaster occurs), but most are addressed through force majeure. Escalation in the cost of labor or materials is something that good planning should account for and
falls under the procurement and contracting models.
Phase 2: Procurement and contractual design choices
Public procurers, such as governments and their respective ministries, as well as public-private collaborations such as PPP units, developers, and contractors are the main stakeholders for this stage of an infrastructure
project. They often fail to select the optimal risk-return ownership structure ahead of the procurement stage, making it difficult to adjust or reassign risk or responsibility once the project has commenced. The risk appetite
of private players is frequently neglected or poorly understood and there is limited transparency of risk cost,risk ownership, and risk-return trade-offs.
Procurers frequently select the wrong strategy, disregarding or misjudging the ability of private-sector players to control certain risks. It is extremely complex and costly to reverse a tender process once launched, as the
United Kingdom found to its cost over the tender of a contract to run one of its main train routes in 2013.
A failure to allocate risk to the right parties and to anticipate potential problems—such as sourcing bottlenecks—causes cost overrun and significant time delays. For example, the London Jubilee line extension
incurred a 42 percent cost overrun in part through a failure to anticipate future risks.
Again, a life-cycle risk-management approach can help to mitigate these significant risks. There should be an early focus on optimal risk-ownership allocation, including a clear knowledge of alternatives, and early
application of risk management before any procurement decision is taken. Funding and financing sources should be aligned early on so that future means of funding support, such as tolls, taxes, or fares, are matched
with the proposed financing, such as bank loans, bond proceeds, or equity investments. The risk profile of the funding source needs to be appropriate for the proposed finance.
Stakeholders are advised to identify risks and value drivers, such as delays or increases in material prices, from the outset and decide who will be responsible for each of these. This provides a mechanism to drive contractor
behavior and ensure ongoing accountability.
It is vital to ensure that required expertise in planning, structuring, and so on is brought in early on, and that due diligence is conducted on contractors before selection. The project owner’s ability to manage the contract
must be assessed and strengthened if necessary.
The life-cycle risk-management approach and early focus on optimal risk-ownership allocation are as important for budget-financed public-procurement projects as they are for PPPs involving private investors.
Because governments take financial risks in public-procurement structures, they should structure their investment and manage their risks as private investors do. This could clarify their knowledge and application of
available alternative risk-allocation models (for example, outsourcing of operations and maintenance activities), but could also result in a changed approach to how public funds are “allocated” within the government. For
example, the ministry of finance or another relevant ministry could consider acting as a lender and charging a risk premium for public funds to discipline those using the funds, such as other ministries or public authorities.
Phase 3: Construction delivery
Asset owners and financiers are the stakeholders in the construction delivery phase insofar as this relates to engineering and construction (E&C) contractor monitoring. E&C contractors are responsible for on-time,
on-budget, and on-quality delivery and financing.
Problems often arise because E&C contractors either fail to meet their contracts, resulting in cost overruns, delays, and defects, or are only able to perform their contractual obligations at the cost of significantly reduced
profitability of their business. Poor original planning and performance management of resources and cost is one of the key drivers of this failure, and this is compounded in many cases by a failure to identify potential
issues early in the process. Moreover, there is often a focus on the management of individual contracts, which means that the portfolio effects of multiple contracts at the enterprise level are overlooked.
Further, there is often a disconnect between contractual obligations and transparency about a contractor’s ability to deliver. Management of the relationships between clients, suppliers, and subcontractors can be
haphazard, and often this comes back to poor contractor selection and management in the early phases. A consequence can be cost and budget overruns, and these can have a significant impact on a broader economy. Delays to the opening of Hong Kong airport, for example, resulted in a loss of more than $600 million
to the economy.
A life-cycle approach can alleviate many of these issues. Owners need to design appropriate metrics and processes to measure contractor performance. This should be translated into a proper documentation and log
system for tracking progress that allows the owner to get the information they need to manage the contractor effectively. This could include a detailed monthly schedule, with measureable key performance indicators
(KPIs) linked to the contract. Financial risk should be managed and an incentive system established through milestone payments and daily contractor-compliance monitoring. Professional standards of information
storage and flow should be ensured through clear rules on how information should be handled and the interaction required and expected between owner and supplier. Any slippage from contractual obligations
can be planned for within an overall portfolio of obligations and contracts. Often it is helpful to designate a dedicated project risk manager and team with overarching risk responsibility. For each package or area of
a project, clear risk owners need to be identified, and daily site meetings should be held to assess progress against targets, slippage, and potential problems.
In summary, during project execution, the key risks for the sponsor or developer are related to contractual default, claims, keeping public political stakeholders aligned, and monitoring for any mismanagement by the
contractor. The interface with the contractor is therefore the critical element. However, this phase is all about mitigating risks, and the ability to influence the magnitude of these risks is smaller than during planning.
Phase 4: Asset operation
Finally, operation is the least complicated phase because you have a steady-state system where good operational practices can address many of the issues. In this phase of a project, asset owners and financiers
are the stakeholders insofar as this relates to operation and maintenance (O&M) contractor monitoring, while O&M contractors are responsible for ensuring on-time, on-budget, and on-quality service delivery and
financing. In reality, they often fail to meet contractually agreed-upon KPIs for service quality or availability, resulting in delays and increased costs. This can be because incorrect design specifications do not meet
contractors’ requirements or because of poor forecasting around service load, maintenance cycles, or operating expenses. An inability to adjust to a changed commercial environment through changes in contract
terms can also be a factor.
As a first step, project owners can reduce and better manage these risks by outsourcing O&M monitoring to avoid in-house restructuring and to allow for the replacement of poorly performing contractors. A design or
construction interface with the O&M contractor should be planned and managed early on and the long-term implications of today’s design choices evaluated. State-of-the-art forecasting techniques should be applied
and KPIs planned under adverse scenarios, including stress testing. Ongoing monitoring and reporting should be established, and the project should allow for operational flexibility by focusing on KPIs rather than
The benefits of life-cycle infrastructure-risk management: A case study
In 2011, a major transportation-asset operator and developer embraced a life-cycle approach to managing its large project pipeline (Exhibit 4). Top management committed to reduce its risk-related provisions by one-third;
better risk management was identified as a core driver of profit and loss, value creation, and competitiveness.
At the outset, there was a lack of a single risk definition or risk taxonomy across projects, project stages, and departments. In addition, there was no systematic formulation of how risk management added value
to the company, for example, in deriving risk-management objectives from a corporate value framework, or demonstrating how risk management could lead to better decisions. The organization’s focus was on
the mitigation of project-schedule and cost overruns, but not on risk optimization.
This meant there were disconnects throughout the project stages; design requirements were often not understood in the construction phase, for instance, leading to expensive changes in specifications and orders.
There was no streamlined risk-governance model headed by an overarching risk committee or divisional risk committees, and some ambiguity surrounded risk ownership with regard to who was responsible for risk at the
project or portfolio level and in migrating risk ownership across project stages.
Further, the organization’s existing risk-management tools were not implemented effectively. There were strongly siloed views of risks and risk-management activities across departments and a lack of riskmanagement
standards across projects, meaning project managers could shape project risk management to their own preferences. This was compounded by a lack of effective compliance or management of consequences when things went wrong. Reactions to changed circumstances tended to be slow, as if risk was only really considered at the beginning of a specific project. There was little discussion of root causes and risk events and no clarity on how continuous risk management could add value and enhance motivation.
Improvements to the existing approach were viewed as something that would require extra effort and time and bring the risk of failure.
Senior management decided to embrace a systematic step change to enhance institutional risk-management capabilities, from daily employee practices and behaviors to mind-sets and corporate culture. An integrated life-cycle approach was put in place to address many of the problems outlined above.
Management needed to formulate a clear business case for the value of risk-management activities and to devise a risk strategy that was tightly linked to the business. The appropriate transparency on risk cost and the key drivers and sources of risk then had to be established, along with a much clearer understanding of what risk-management levers and instruments were available. Having established this at the top of the organization, it was then vital that effective risk-management governance, organization, and processes were put in place and that a strong risk culture and awareness was driven throughout the organization (Exhibit 5).
Reliable and transparent communication is vital to the success of any project, so it was crucial that an improved system of communication was put in place between top departmental teams involved in any infrastructure project. This enabled cross-divisional cooperation and ensured alignment of goals and processes. Proper interaction with, and performance tracking of, contractors was established to help monitor and evaluate risk on a timely basis, and there were clear directions from the top of the organization to operating levels that cascaded risk-management awareness downward. This approach also required on-site “shop floor” risk transparency to be further advanced, as well as a move from ad hoc reactive risk mitigation to proactive risk anticipation.
Exhibit 6 shows how far reaching this effort was across the organization; it involved people processes, management practices, governance, approval processes, and day-to-day behavioral norms at every level.
The infrastructure sector significantly undermanages risks and lacks professional risk management. While undermanagement of risk happens across the whole value chain, poor risk management during early conceptual planning and design phases, mostly under the responsibility of public project sponsors, has a particularly negative impact on governments’ and private developers’ ability to achieve the hoped-for improvement of infrastructure services.
Even if the involvement of private-sector risk takers, for example, investors and lenders in PPP projects, means that certain risk-management capabilities are applied later on in the process, they are not able to undo earlystage
mistakes. Poorly designed and planned projects lead to significantly higher financing costs and too often even to the inability to mobilize private-sector financing and risk allocation completely. In the absence of private financing and risk sharing, budget-financed public-procurement structures continue to undermanage risk throughout the entire life cycle of the project, leading to even higher rates of project failure and poor results.
Professional risk management can not only significantly improve results in public procurement processes; it can also attract and mobilize additional private financing. Given the scale and scope of emerging infrastructure projects, there is a strong case for embracing risk management throughout the life cycle of individual projects and also at the portfolio level.