David Kelly: I worked in private sector risk management – we need to talk about Grenfell


David Kelly, who has worked in project management for more than 40 years, explains how risk is really assessed

I HAVE been involved professionally in project risk management for decades. My interest is not just professional, I lost one of my curling team on Piper Alpha. That was not an accident.

There are no accidents, only choices.

My opinion might sound a little extreme, but we live in extreme times. I want to consider it with reference to the horrific event in Grenfell Tower in London.

What was the risk management process for the refurbishment project that seems to have gone so horribly wrong?

READ MORE – Ben Wray: The victims of Grenfell deserve more than resignations – here’s what we should do

What is the risk management process for all public service contracts in Scotland? 

Are these in the public domain?

Ever since the series of choices which led to the disaster on the Piper Alpha platform more than 25 years ago, the industry I work in has had an ever more rigorous approach to project risk management. 

Let me be clear, this is not because we are nice people. Corporations killing people, at least in the first world, is spectacularly bad business. Don’t buy one of a few lies I want to dispel in this rant, that “you can’t put a value on peoples lives” – oh, yes you can, just ask BP following its choice to appoint a completely inappropriate organisation to drill for it in the Gulf of Mexico. 

I have no professional contact with the so-called public sector. I do get the impression that more often than when I was a bairn, project management consists of doing the job as cheaply as possible and outsourcing responsibility AND accountability (thanks, Gordon). 

I hope we hear much more about that disgraceful conjunction as the scandalous tale of Grenfell Tower unfolds. I would love to be proven wrong about this. 

Visit our donate page to help us fund two new reporters

Managing the risk in projects is not difficult. Many, not all, industries are following the same formal path we adopted in oil and gas. It should be compulsory. 

Why doesn’t everyone do this? My cynical view is that it exposes what risks have been accepted and the financial decisions that were made not to mitigate them. Of course, in the private sector these could be considered commercially sensitive – not all the risks that are being considered are health, safety or environmental. 

But when we are building housing, or schools, or hospitals the public surely has a right to know what standards were used and what decisions made. The idea that this is too complicated for the public to follow is disgraceful. Let me describe in outline the simple process involved.

A group of people involved in the engineering of the project gather together and collectively describe a list of what could go wrong. While managing the risks is not hard, assessing them can be. We need our best people for this, and often an external facilitator is used. 

The net needs to be cast as wide as possible as we want to encourage input outwith the usual corporate hierarchy. We typically categorise these risks, say into health and safety, schedule or commercial. We then put a cost impact against those risks if they occur. 

READ MORE – Yvonne Ridley: How the Grenfell inferno exposes class division and rage in Tory Britain

Next, we assess the percentage chance that each risk might occur. When you multiple the impact by the percentage, we have a score for the risk. So far the mathematics involved is base 10 multiplication. That is as fancy as it gets. 

Before we go any further, this brings me to lie number two – that somehow this process might be too complex to explain to people. Why would we not want to explain it? Because it is too expensive? Yes, it is expensive. So is car insurance, so is preventive medicine.

Or because we don’t know how to assess the risks properly? Yeah, great. Let’s do a project where we can’t assess the risks. Or could it be because the contract says we don’t have to? That’s why we don’t do it, but we know how to sort that.

Or could it be the worse case scenario – we pay lip service to risk assessment, and if we published the results, the game would be up?

Now, we need to assess the cost of mitigating each of those risks. Let me imagineer an example.

There are no accidents. Just choices. There are processes available to help us make the right choices. These processes can and should be transparent. It is not hard maths. It is hard politics. 

Let’s imagine the project is refurbishing accommodation. The risk is that the cladding on our multi-story building might catch fire. It might then kill 50 people. Our company would never work again, costing the balance sheet. 

There’s a total cost impact of, say, £100m. (A pause here. I have just put a value on each person’s life in that building. This is not outrageous, every doctor, every health board administrator, every politician does this every day. That it is kept secret and not for public discussion – now THAT is outrageous.)  The chance of it happening is one in a thousand. Therefore, our risk score is £100,000. 

Now we examine the list and calculate the mitigation cost of some, probably not all, of the risks. In our example, let us pretend the cost of fire proof cladding is an extra £5,000. 

I think practically the whole of the population of the UK can understand the process and arithmetic so far. It is the next bit that is the secret, not-for-public-consumption bit. 

We now need a budget for each of the categories that we divided the risks into. We need a budget for safety. Politics, IMNVHO, is just a fancy way of allocating budgets. What is the budget for safety?

READ MORE – Grenfell figures reveal social housing shortage amid glut of empty luxury property 

What risk assessment procedures were in place for the Grenfell Tower refurbishment project? What was the budget for the mitigation of safety risks? I do not think I am invoking psychic powers to suggest the answer to these two questions might be none and zero. 

If there was a formal risk assessment it should be a public document, for what possible reason would it not be?

There are no accidents. Just choices. There are processes available to help us make the right choices. These processes can and should be transparent. It is not hard maths. It is hard politics. 

What we need is more red tape. The sort that saves lives.

Picture courtesy of TJStamp

Look at how important CommonSpace has become, and how vital it is for the future #SupportAReporter