The November 2014 APMHK event covered the hot topic of ‘Maximising value to stakeholders through risk management'. The presentation was delivered by Lisa Shi, who is currently the Head of Risk Management for EC Harris (ARCADIS) in Asia. Her engaging talk was attended by over 30 members and guests at the Royal Hong Kong Yacht Club on 18th November 2014.
Lisa Shi specialises in risk and business continuity management. She has substantial practical working experience in the areas of corporate real estate, data centre, critical facilities and infrastructure projects. Lisa has been involved extensively in delivering risk management strategies for multiple industries to promote effective integration of project and operational risks through a life cycle approach. As a risk management practitioner, Lisa was well placed to share with the audience how they could maximise the to value stakeholders at key stages of a project.
Lisa firstly explained that there were lots of hidden costs from accidents, referencing 'the accident iceberg' in her presentation. She then elaborated stakeholder management vs risk management and how the former is of great importance when considering the latter. Risk management is a “systematic application of policies, procedures, methods, and practices to the tasks of identifying, assessing planning and managing risk” (APM PRAM Guide). It is a source of proven benefits. In stakeholder management, we need to understand the values and issues of stakeholders and do not misalign with stakeholders’ expectations. The stakeholder management involves the process of managing their expectations in a project, programme or activity. Meeting stakeholders’ expectations reduces the risks and mitigates the negative influence on the project.
Lisa went on to present the risk governance structure in the financial industry.
The governance structure covered the board (TB), risk management committee (RMC), asset and liability committee (ALC), and audit committee (AC), all of which were underpinned by risk management units (RMUs) and business units (BUs). At the top, the board oversees the maintenance and development of a robust risk management framework with the risk management committee, which advises the board on internal control, risk-related matters. The audit committee reviews risk-related matters against processes and procedures. risk management units, in turn, report to the risk management committee and recommend on the ways and means to manage the risk identified, including top and emerging risks. They also develop and implement risk measurement methodologies. Finally, business units report to risk management units on risk assessment and respond to risks to the business process. In essence, stakeholder management can limit the risks to stakeholders.
Lisa also highlighted three lines of defense around internal control. They were:
- internal control of the operational risks
- compliance and risk management
- internal audit.
Following that, Lisa shared with the audience the risk management process. The stakeholder management follows the steps associated with risk management. It begins with the risk identification. We must identify both threats and opportunities. We then need to analyze and measure risks, followed by risk evaluation. In risk management, it is recommended to prioritise risks based on their probability and impact on the project. It is therefore important to leverage the supporters and minimise the negative impact.
The main benefit of risk management to stakeholders is to enable the project to proceed without problems. Its 'hard' benefits include the increased likelihood of delivery of desired outcomes, facilitation of decision making, allocation of responsibility to risk owners. Likewise, the 'soft' benefits include the improved communication, and the enhanced confidence in decision making. Lisa also identified the other important 'soft' benefit as being the identification of interesting opportunities for the project. The management of stakeholders is a good tool to convert potential threats into opportunities for the project. Lisa suggested stakeholder mapping and analysis to assess the level of interest and influence of the stakeholders. To this end, an interest-influence matrix was presented.
Finally, Lisa alerted the audience to the pitfalls in risk management process, such as;
- misalignment of stakeholders’ expectations
- lack of alignment among corporate policy strategies
- lack of risk ownership
- absence of monitoring and review of risk management.
To minimise these, we need firm commitment and support, clear definition of risks and risk management process, and we need a risk facilitator to implement process.
Lisa reminded the audience that the project manager should be able to identify, analyse and control the risks associated with the stakeholders. The important thing was to be proactive, understand stakeholders’ expectations and to build sustainable relationship with them.
APM HK committee member
Lisa Shi's presentation slides are available below: