I’ve been doing some much-needed professional development by finally getting properly up to speed on NEC3.  This is what was formerly known as the New Engineering Contract – like BAA the letters don’t stand for anything anymore – which was designed to simplify the way construction projects were commissioned and managed.  NEC3 is the most recent version and I have been involved in quite a number of projects which use it.

The idea of NEC3 is that it is not just a contract, it is a way of life.  The idea is to recognise that a contract is not primarily a legal document, it also describes what the parties to the undertaking are going to do, including how they are going to behave.  Thus NEC3 aims to promote good practice and cooperation in project management: this will follow naturally from doing what it says.

This is achieved by setting out some clearly defined concepts and processes.  (Readers of my recent posts on definitions and standards will see where I’m coming from here.)  For example one is the Activity Schedule and another is an Approved Programme.  This has to be updated and agreed regularly between the parties so that active project planning is an inevitable result of contract compliance.  If you think that’s good practice, then you’ve got it.

So naturally the NEC3 has something to say about risk management.  The key terms here are Risk Register, Early Warnings, Risk Reduction Meetings and Compensation Events.

Compensation Events are the mechanism which replaces (the emotive terms) claims and variations.  They allow the client (aka the Employer) to accept responsibility for some change which the parties agree is necessary to meet current circumstances.

This agreement is achieved in Risk Reduction Meetings where the changed circumstances are discussed, options to deal with them considered and the best way forward – for the project as whole – identified.

Changes in current circumstances are flagged through Early Warnings which, as the name suggests, have to be given as soon as they are apparent – by either party and without, at the warning stage, any implication or acceptance of responsibility.

And of course the Risk Register contains a record of issues which might require a Early Warning to be generated.

So, a nice little risk management process which saves you the trouble of reading ISO31000.  (Reading the whole NEC3 contract is less painful than tackling the standard, being clearly and concisely written and clearly relevant.)  But there’s a slight cloud in the otherwise blue sky.

I’ve always felt that the role of the Risk Register is not very clear.  In my experience – big projects – there is generally a requirement to do some pretty high powered risk management according to ‘best practice’, and so leading to the giant risk registers we all hate so much.  This is usually driven by the client and accepted by the more sophisticated contractors.  After all it is generally the contractor who is putting his life on the line on big contracts so why would he not want to manage risk?

But I digress: one day I’ll write up the whole sorry risk-in-bidding-for-work lecture I have. The relationship of the ‘best practice risk management risk register’ to the contract Risk Register is not very clear.  I now think that is because the NEC authors had in mind that the contract Risk Register would be a very limited affair.  Broadly speaking it would include only those issues that each party would want to inform the other of and which would be likely to develop into an Early Warning.

In fact the textbook I’ve been reading takes the step of calling it the ‘early warning Risk Register’.  Note the careful use of caps.  You could rationalise this as the risks which are quite likely to happen – something completely different from the big risk list which includes all kinds of relatively fanciful, low probability events.

Building on this, Jon Broome, the author, has a delightfully sceptical view of risk management.  He must be a Clouds of Vagueness reader.  He attributes its weakness to two things – failure to implement the planned controls (who knew?) and over-sophistication.  I think the latter is pretty much what I describe as over-emphasis on process at the expense of content and a natural approach to managing risk.

In his ‘overview of a practical process’ Broome has the client running a ‘best practice’ risk list, what he calls the ‘Employer’s project risk log’.  But he does not have anything analogous run by the contractor whereas in my experience it is the contractor who takes the lead.  The contract Risk Register is updated every few months from (a) emerging contract-specific risk in this and (b) more major long-term risks in the early warning Risk Register.  This last is just the list of Early Warnings and Broome contradicts himself slightly in that this is not the contractual document but just a list of warnings.  To be fair he thinks this should be the contractual document in any future NEC4.  What’s more he would revert to the previous term Early Warning Meetings to replace Risk Reduction meetings.  With this proposal, ‘best practice’ risk management would be left out of the NEC which even I don’t think is necessarily a good idea.

But the important thing for this discussion is that the contract Risk Register contains emerging risks, that is, risk that are starting to materialise, or to use alternative jargon, where the KRIs are hitting triggers.  Which potentially bears on the topic I’m currently interested in: risk performance.

The key element here is Early Warnings.  Unlike, say, Compensation Events, this is not a purely contractual concept.  In line with the philosophy that NEC3 embodies good project management practice we can see that Early Warnings should be regarded as a component of good risk management practice.  But you won’t find it, or any equivalent in ISO31000.  Perhaps we should.  I’ve posted a bit more about this on the LinkedIn group on risk management.

The bigger topic is how NEC3 can recognise the full panoply of working together to promote better futures on projects at the expense of worse ones.  Leaving aside all the debate about what constitutes good practice, we need to rationalise the idea of emergent risks.  Broome also uses the words ‘risks that are looking more like certainties.’  So what’s missing is the idea that the parties can also work together to reduce likelihood as well as consequence: let’s stop risks from emerging.  It seems to me that the NEC needs both the Early Warnings and a formal recognition of the need – where appropriate – for formal risk management.  Maybe the intention of the NEC3 authors was to get these two for the price of one, but, like Broome, I don’t think it quite works.

One final quibble with Broome’s picture is that he does away with risk analysts (other than as a mechanism for clients with more money than sense to spread it around a bit).  I have an obvious worry about that, but I’m not sure how he expects contractors to price risky jobs, or how he expects clients to have the money to pay for the steady flow of Compensation Events he – rather oddly – seems to see as the inevitable result of a well-run NEC contract.