Using Risk Information to Enhance Partner Relationships

We use Risk Management as a way to reduce uncertainty and complexity in our projects. Yet, despite all our efforts, do we still find it an effective means to collaborate with our partners? In this first of several short articles, Will Foulds of Redstone Risk Ltd looks at one way in which we can use risk management to enhance working relationships with partners.

The truth is, if we’re honest with ourselves, that risk management as a discipline does not seem to have significantly advanced in the last few decades. We live in a very different world to that of 1995, or even 2005 for that matter. We conduct our lives in different ways; we no longer access information in the manner in which we used to; we communicate is hugely different ways. Information, technology and data are all around us, yet we find that the same old ‘traditional’ methods of risk management are routinely rolled-out to assist modern day projects. We simply don’t seem to make best use of this technology, data and people around us.

In a presentation I recently delivered at the APM Benefits Management Summit 2017, I explained how project partners become motivated by different things, to the detriment of the project. The example I gave was of a major Defence project, where the Customer (the Front Line Command) and the Contractor over time will have different and competing strategic intents; the former becomes more interested in the objectives (maintaining UK military capability) and the latter more interested in the outputs (that’s how they get paid).

When you mix differing procedures, emotions and perceptions you create a mismatch, which leads to a ‘fog’. This fog prevents us from really understanding what outcomes we want, and importantly what shared benefits we are, collectively, looking to achieve.

The fog consists, in my opinion, of three key elements: Uncertainty, Complexity and Barriers.

Uncertainty will exist by definition (it’s a project!) as there’s a lot we can only predict; complexity can take many forms – it could be technical, organisational, cultural – and barriers are simply things that slow effective business down, such as ineffectual processes. We find that the combination of uncertainty and complexity makes it far harder for project partners to see a common benefit; the combination of complexity and barriers simply make it harder for us to collaborate. This is where risk management comes in to play; we use it as a means to understand complexity, reduce uncertainty and get people talking to each other.

Before you start to think I’m against all this, I’m not. As I put it at the conference, “I am a risk person”; I am a huge advocate of what is a fascinating subject – much more fascinating than many would think – and a real powerhouse in the project world when used effectively. Recent advancements, such as ISO 31000 have been excellent in getting risk management discussed and into a format that we can begin to adopt, but equally we’ve found it too often has become the meeting that is first dropped by staff when times get busy. Why is this?

I simply don’t think people have felt any significant value from their risk management processes.


We talk about risk processes being “joint”; that “we’re going to have a joint risk register”, and “risks will be linked to assumptions and benefits” to name but a few phrases no doubt many of you have heard, or even used, before. The essence of joint working is excellent and much encouraged, but the first problem I see is that we almost pretend it’s a way of ensuring that the totality of risk is being managed. It almost certainly won’t be; for example, what is the incentive for the contractor in presenting all of its risk data to the customer? Also, just by calling our process joint does not mean that we actually collaborate effectively together; it normally means we hold some risk review meetings in the same room. Yet, we begin to convince ourselves that we are collaborating, that we can therefore manage risk effectively.

Secondly, many data repositories are quite dull these days. How many meetings have you been to where you’ve watched someone typing a series of risks in a spreadsheet whilst 90% of the audience sit and watch them do it. No wonder the risk review meeting is the one people try to drop out of if they can. Risks are stored in a linear, static format, often not revisited until after a bid has been won/lost or project has changed to such extent that the data is meaningless anyway.

In recent projects I have been involved in, we have wanted to get greater benefit from our risk management process, but at the same time encourage partners to collaborate more effectively, understand more of the collective benefits they are working on together and attempt to make better use of existing risk data held in spreadsheets.

As shown above, we found that visualising our risks created far greater engagement and depth of understanding across the partners. It made you wonder why we have been so long to come around to this idea. We all have smartphones, so why is the project management industry seemingly quite late to the party? The next generation of project managers will not think like a Microsoft Excel spreadsheet; they will think in rich pictures, colourful graphics and interactivity with some sort of device.

By means of an example, we used a tool called Sharpcloud to visualise three main risk elements. Note, these Sharpcloud screenshots are for illustrative purposes only, rather than use real client data.

  • Discrete to Systemic Risk Relationships – many systemic risks in a risk register do not adequately show their relationship to other more discrete items. For example, a register highlighting a risk of “labour relations” cannot adequately represent its effect or relationship to more discrete risks such as “fragility of supplier X” and “change in working time regulations in 2018”. Using a graphically rich format, we can instantly see the effect of systemic risks, traditionally hard to visualise, across its constituent parts. This significantly focusses attention and saves management time spent managing a systemic risk – and simply gets people talking.
  • Linking Benefits to Risks – Yes, risk is defined as the effect on objectives, but how many of us assess them against our benefits? Normally it’s not many (although at the APM conference it was more than I thought, perhaps not surprising at a benefits management summit). A project exists to deliver a benefit. Normal approaches in a risk register will link a benefit to a risk, or vice versa, and that’s it. Using an interactive tool, we can see how a series of risks are linked to a single benefit. This may sound trivial, but if we can focus attention to the few risks that genuinely will affect key benefits the project is looking to deliver, and focus limited management resources in the right places, then that has to be a good thing.
  • Assumptions – I was taught that “assumptions are the larval state of risks”. In certain contract situations, such as in generating a Target Cost, accurate understanding of assumptions is critical as it underpins the price. Many traditional approaches have gone through an assumptions log and written the ID no. from that log against a risk in the register. In fact, I perceive assumptions as the ‘pre-cause’ of many risks, where the actual cause of a risk is not necessarily what is written in the Cause box, but actually an assumption we’ve made that is unfounded or gone wrong. In this way, we’ve used risk visualisation to look at the risk, and work backwards (much like in a risk bow-tie diagram) to understand what controls have we put in place, what causes are there and what underpinning assumptions have led to these causes? We have found this to be especially useful when looking to engage with Assurance functions, as we can demonstrate the direct link between a contractual assumption and the way in which a risk is priced. Using the traditional method is was almost impossible to demonstrate this.

So, what have I learnt from this? I consider the benefits to have been:

  1. Shared ‘mental models’ between the Customer and the Contractor
  2. Generation of dialogue, with a much more engaging story to tell
  3. Helped break through the fog of uncertainty, complexity and barriers
  4. Enabled Assurance to understand risk pricing more confidently
  5. Uses a format we all use today (i.e. smartphone interface)

Before I finish it’s important to stress that this is just scratching the surface of risk visualisation and how to enhance partner relationships, yet from my experience this has proven well worth the investment. This is not a replacement for a good risk process – that is vital as you need the framework and the information – but a different way to view the results of the risk process and collaborate going forwards to update it.

Ultimately, if it gets partners talking and working together more effectively, that’s got to be good surely?

You can view more information on this topic and the APM Benefits Management SIG here.

William Foulds

Will is the Owner and Managing Director of Redstone Risk Ltd and is a trusted advisor to senior leaderships teams within the defence, nuclear and construction sectors. Will has over 20 years' experience as a risk management professional, is a Fellow of the Institute of Risk Management and holds an MSc with distinction in Risk Management.