Project risk management practice: The case of a South African utility company

Project risk management practice: The case of a South African utility company

Available online at www.sciencedirect.com International Journal of Project Management 26 (2008) 149–163 www.elsevier.com/locate/ijproman Project ris...

430KB Sizes 0 Downloads 5 Views

Available online at www.sciencedirect.com

International Journal of Project Management 26 (2008) 149–163 www.elsevier.com/locate/ijproman

Project risk management practice: The case of a South African utility company Riaan van Wyk a, Paul Bowen b

b,*

, Akintola Akintoye

c

a Electricity Supply Commission of South Africa (ESKOM), South Africa Department of Construction Economics and Management, University of Cape Town, Private Bag, Rondebosch 7700, South Africa c School of the Built and Natural Environment, Glasgow Caledonian University, Cowcaddens Road, Glasgow, Scotland, UK

Received 26 October 2006; received in revised form 26 February 2007; accepted 20 March 2007

Abstract This paper documents the risk management practice of a utility company for its Recovery Plan project to address the risks of power interruptions due to a shortfall of supply and increasing electricity demand. The company’s corporate risk management process and its practice at divisional and project levels are discussed. The key role of stakeholders in risk identification, analysis, mitigation, monitoring and reporting is emphasised by the company and this drives its risk management practice. Despite the level of resources available within the company to use more sophisticated risk management tools, the company adopts simple risk management methods suggesting that a large size company does not necessarily use ‘state of the art’ risk management techniques. Recommendations for improved practice are made.  2007 Elsevier Ltd and IPMA. All rights reserved. Keywords: Risk management; Utility; Case study; Stakeholder; Electricity; South Africa

1. Introduction Risk management continues to be a major feature of the project management of large construction, engineering and technological projects in an attempt to reduce uncertainties and to achieve project success. Miller and Lessard [1] have argued why large engineering projects should be carefully managed given that they are ‘‘high stakes games’’ characterised by substantial irreversible commitments, skewed reward structures in case of success, and high probabilities of failure. In addition, they categorised the risk associated with different types of projects ranging from oil platform projects, nuclear-power projects, hydro-electric-power projects, urban transport projects, road and tunnel systems, and research and development projects. They are of the opinion that power projects possess moderate risks in so far as engineering is concerned, but are very difficult in *

Corresponding author. Tel.: +27 21 650 3445; fax: +27 21 689 7564. E-mail address: [email protected] (P. Bowen).

0263-7863/$30.00  2007 Elsevier Ltd and IPMA. All rights reserved. doi:10.1016/j.ijproman.2007.03.011

terms of social acceptability. Elkingston and Smallman [2] examined project risk management practices of British utility companies given that the utilities sector (comprising water, power, telecommunications) is associated with less predictable projects which are perceived to be riskier than day-to-day business activities. They argued that risk management is an integral part of project management in this sector; hence, most large companies put substantial resources into the management of their business risk. The current paper presents the risk management of a Recovery Plan project of the Eskom Holdings Ltd. power company in South Africa. Eskom Holdings Ltd. is wholly owned by the South African government. The company is a vertically-integrated operation that generates, transmits, and distributes electricity to industrial, mining, commercial, agricultural, re-distributors and residential users. It is also involved in the purchase and sale of electricity to and from South African Development Community (SADC) countries, comprising Botswana, Mozambique, Namibia, Zimbabwe, Lesotho, Swaziland and Zambia.

150

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

The company’s business is divided into a number of divisions: Generation, Transmission and Distribution; Resource and Strategy; Finance, Key Sales and Customers Services; Enterprises; Human Resources; and Corporate and External Relations. The group has many main subsidiaries, with the core businesses including non-regulated electricity supply industry activities, the provision of electricity supply and related services outside South Africa, the granting of home loans to employees, the management and insurance of perceived risks to Eskom, and social investment initiatives. The company’s revenue in the 12 months of the 2005/2006 financial year was R36,607m (US$4947m or £2662m)1 and employed some 29,697 persons (excluding contract and temporary workers). This paper does not add to the theory of risk management. Rather, the purpose is to document rich case study material indicating the practice of risk management and the extent to which practice and theory converge/diverge. One of the authors is currently employed by Eskom in a project management capacity, thus facilitating access to the case material presented here. The case study has been structured into four parts: Part 1 describes the corporate risk management process of the holding company. Part 2 presents the risk management process of a division of the company; the distributive division being used for this purpose. Part 3 presents the case study of a Recovery Plan project of the division to address the risks of power interruptions due to a shortfall of supply and increasing electricity demand. Part 4 documents the conclusions emanating from the study. The lesson from the case study is that a (very) large company with an appropriate level of resources may not necessarily use sophisticated risk management tools; rather, simple methods that enable the company to mitigate the risks faced by the business are adopted.

2. Corporate risk management within Eskom Holdings Ltd. Risk management within Eskom is an important and integral element of the business. Given the importance of risk management, the company has a dedicated Risk Management Committee (RMC) as one of its seven primary committees (the other committees are the Board committee, audit committee, tender committee, human resources committee, remuneration and ethics committee, sustainability committee, and executive management committee). The RMC comprises three non-executive directors, the finance director and the managing director (Generation division). The RMC is chaired by an independent, nonexecutive director. The committee is tasked with ensuring that the company’s risk management strategies and processes are aligned with best practice. It also deals with

1 Exchange rates as at 7th September 2006: R7.40 SA Rands = US$1; R13.75 SA Rands = £1.

the company’s integrated risk management strategy and processes, these embracing risk tolerance and appetite, risk accountably, major risk exposures, and emerging risk issues. Eskom practices an integrated risk management strategy and process by identifying risks and opportunities against business objectives during risk assessments throughout the organisation, from both a line and functional perspective. Risk integration between divisions and subsidiaries is reviewed by the RMC to ensure a coordinated approach to risk mitigation measures. Key risk management ‘‘buzz words’’ feature prominently in the company’s risk management process, as depicted in the company’s 186 page 2006 annual report (http://www.eskom.co.za/annreport06/). The risk prefixes that are contained in the annual report include: exposure, assessment, accountability, internal control, matrix, categories, mitigation measures, tolerance levels, categories, identification, evaluation, appetite, profile, audit, financing, issues, process, ownership, etc. A content analysis of the annual report shows that the word ‘risk’ is mentioned 206 times whilst the term ‘risk management’ is mentioned 56 times; these being explicit indicators of the importance that the company attaches to the risks to which it is exposed. Risk categories that the company faces are defined in the company’s risk matrix, and include: finance, technical, environmental, legal, human resources, information, stakeholders, regulatory and strategic. The remit of the company’s Risk Management Committee (RMC) is to ensure that Integrated Risk Management (IRM) is applied throughout the Eskom business. It reviews the risk processes and all major risks within the business and reports back to the Board. Integration between the various Eskom divisions and subsidiaries is ensured via the interaction of the different risk (or riskrelated) committees. Each division within the company handles its own Risk Management System and may have slightly different risk approaches within each of the six regions: Western; Eastern; Northern; North-West; Southern; and Central. This diversity is allowed as long as it supports the strategy and milestones set by the RMC which encourages a coordinated and common approach for the business as a whole. Eskom has adopted the Code of Practice published by the Institute of Risk Management of South Africa. In addition, it has developed its own methodology for determining the ‘value’ or weighting for specific risks faced by the company. These weightings are used to assist the organisation to better identify which risks should receive priority and also show the value of risk mitigation measures. Aligned to this valuation methodology there are risk tolerance levels for each division and main subsidiaries, together with risk appetite parameters for each functional risk area. Being a South African utility company with a wider remit for the sale and purchase of electricity from neighbouring countries, the company has identified some risks that it considers it faces. These are depicted in Table 1.

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163 Table 1 A list of key risks faced by the company Key risks 1. Regulatory risk that encompasses the need for clear regulatory framework and adequate price increases to ensure long-term sustainability 2. Future capacity, where the following needs to be addressed: a. The availability of capacity in the long-term b. The impact of new capital projects on the overall business c. The ongoing ability to maintain consistent supply d. Aging plant and increasing plant performance indicators 3. Debt management of small power users 4. Non-technical energy losses where the theft of conductors results in the lack of supply of power and the potential for injuries to the public 5. The ability to respond to changes in the industry arising from the proposed new Electricity Supply Industry in South Africa while meeting the shareholder’s objective for the company 6. Shareholder relationships with the focus on the ability to manage the different expectations of the shareholder and government departments in terms of Eskom’s business objectives 7. Information security, management of the outsourced information technology service contract, lack of skills and resources, and information technology business continuity management 8. Availability of the skills required for the future business needs including skills retention, training and succession planning. The impact of HIV/AIDS is also addressed as a component of this key risk area

3. Risk Management System within the Distribution Division Given that each Division and each region within the company handles its own Risk Management System, risk management within the Distribution (Western Region) Division forms part of the responsibilities of the Business Planning and Integrated Risk (BPIR) Committee which is led by the BPIR Manager. BPIR is therefore a subcommittee of the Regional (Western) Executive Committee (REC). BPIR duties focus on a holistic business planning and integration function, which includes all associated risks. The REC appoints the members and chairperson of the BPIR committee, who, in return, report back and advise on all Region’s business risk-related matters. Membership of BPIR consists of REC members, subject matter experts and other Eskom officials. They manage the entire Risk Management Process at regional level and include issues around process deadlocks and emergency preparedness. The BPIR committee meets once a month and has identified the following attributes of its approach to the overall Eskom Integrated Risk Management (IRM):  assists with business decision-making as more information becomes available from the risk process being executed;  facilitates learning from and incorporating lessons from the past;  allows for an external view on matters which could lead to more issues being identified;

151

 provides for integration between the different functional departments leading to the optimal addressing of risk issues;  allows identification of any opportunities arising from the matters at hand;  ensures focus on objectives, keeping in line with the regional objectives and those set by the Risk Management Committee at Board level;  ensures a proper audit trail for all risk-related matters: the origin, owner, actions decided upon and taken, and progress;  assists with decision making, by providing input into the continuous business planning which is also a function of this committee;  very importantly, it strives to protect against any impact to the region’s financial results and image; and  meets the requirements of the King II2 report. 4. Case study of the Western Cape Recovery Plan project One of the projects of the Western Region Distribution Division is Eskom’s Recovery Plan for the Western Cape. The project was developed to address the current risk of power interruptions due to a shortfall of supply and increasing electricity demand during the winter period. To understand the reasons for the shortfall in supply, it is necessary to understand how the Western Cape is supplied with electricity and the existing constraints surrounding this. The Western Cape requires up to 4250 MegaWatt (MW) of power supply daily over peak periods during the winter months. This is supplied from four power stations that provide a combined total of 4780 MW as follows: 2 · Nuclear reactors at the Koeberg Nuclear Station (900 MW · 2) Coal power stations in Mpumalanga Palmiet hydro-electric pump station Steenbras hydro-electric pump station Total

1800 MW 2400 MW 400 MW 180 MW 4780 MW

However, there are peak periods in this region when there is a surge in power consumption and these usually occur between 5am and 8am, and 6pm and 8pm during week days as shown in Fig. 1. During routine maintenance on Unit 1 at the Koeberg Nuclear Station in late 2005 serious damage was done to the generator and its cooling system for this Unit. How2 The King Reports on Corporate Governance (King I and King II), published by the King Committee on Corporate Governance, aimed at promoting the highest standards of corporate governance in South Africa. More specifically, the King I Report dealt with financial and regulatory aspects of corporate governance and, in addition, advocated an integrated approach to good governance in the interests of a wide range of stakeholders. With the publication of the King II Report, in terms of which risk management received official consideration for the first time in South Africa, companies are now required to audit risk exposure on an annual basis and disclose it to their shareholders. In addition, King II acknowledged that a company’s activities are more than profit to shareholders, embracing economic, environmental and social aspects.

152

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

Fig. 1. Demand for electricity as shown in the peak periods.

ever, the nuclear reactor was not affected. The time for repairing the generator and cooling system was set for at least three months from January 2006. The repair programme was focused on minimizing the period for Unit 1 to be out of service. This meant that various options had to be considered which included obtaining replacement parts (i.e. stator and rotor), acquiring spare parts, and repairing the damaged parts. The dismantling of the Unit 1 generator is considered a slow process due to the cool down period required (5 days) and separation of the rotor and stator (10 days). After the assessment of the extent of the damage, it was decided to start repairs to the stator and rotor and obtain a spare rotor from a company in France. This particular company had been the original advisors to the Koeberg plant some 20 years ago. During this time, Koeberg Unit 2 continued to provide the required electricity to the Western Cape. However, a number of power interruptions were experienced during the month of February 2006 due to a variety of reasons, including: 1. Unit 6 of the Kendal Power Station in Mpumalanga tripped causing a large fluctuation on the National Network. As a safety precaution, Koeberg’s Unit 2 was removed from the grid and placed in a controlled shut down. After the stabilisation of the network, it took Unit 2 about a week to start up and increase generation to full capacity. Due to the shortage of supply during this period, load shedding (controlled black-outs) were required and implemented. Public opinion was vociferous in its condemnation of Eskom.

2. Flash-overs between transmission lines due to high pollution from veld fires and unexpected fog caused various power lines to trip; interrupting the power flow from the north and forcing Koeberg’s Unit 2 to remove itself from the grid once again. This led to more load shedding to manage the power shortage. This served only to increase public condemnation. Another risk was identified from the scheduled refuelling of Unit 2 which was scheduled for March 2006. However, the repairs to Unit 1 had to be completed in time so that Unit 2 could be shut down for approximately two months to complete the refuelling and routine maintenance procedures. In normal circumstances both units would then have been ready to provide power for the winter months. The rotor from France was only expected (and delivered) during April 2006 and the repairs to the local rotor and stator were still underway at that time. It was impossible to remove Unit 2 before Unit 1 was repaired as there was no means to provide for the shortfall in electricity supply. The economic impact of the February power outages was estimated to be in excess of R500 million (about US$68m or £36m) and was subject of discussion at provincial and national governmental levels. To remove Unit 2 from the grid would immediately mean a shortfall of another 900 MW and would force further load shedding to occur with its associated economic impact. The Western Cape Recovery Plan was an effort to do the following: (1) explain the electricity supply problem; (2) forecast the power demand and expected shortfall for the winter months; (3) provide the timelines for Koeberg

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

An Eskom Recovery Team was established which was headed by the Managing Director of the Transmission Division. The team structure is shown in Fig. 2. The team reported into a bigger operating model made up of various stakeholders headed by the Energy Risk Management Committee (ERMC) as shown in Fig. 3. The Eskom Recovery Team (ERT) met at least once every two weeks where progress on the Recovery Plan was given. The feedback was consolidated and forwarded to the Integrated Recovery Team and finally to ERMC. A weekly status

Unit 1 to be repaired and Unit 2 to be refuelled; (4) identify all risks that could impact on the project plan; (5) develop mitigating actions for the identified risks; (6) identify other energy saving options to minimize the impact of the shortfall; (7) provide load shedding principles and guidelines; and (8) provide stakeholder and communication guidelines. This plan was a combined effort between Eskom, the City of Cape Town (electricity department) and RED ONE (the recently formed regional electricity distributor). National Recovery Sponsor Transmission Managing Director

Regional Recovery Sponsor Recovery Programme Manager

Western Region General Manager

Western Region Risk Manager

Recovery Programme PMO

Load Shedding Streamlead

Corporate Communications & Stakeholder Manager

KSACS Streamlead

Corporate Communications/ERD Streamlead

DSM Streamlead

Customer Services Streamlead

WR Communications & Stakeholders Streamlead

Grid and National Control Streamlead

Human Resources Streamlead

Koeberg/Generation Streamlead

Corporate Finance Streamlead

Eskom Enterprises Streamlead

Other Corporate Functions

Corporate Spokesperson

Key PMSO – Programme Management Office DSM – Demand Side Management ERD – External Relations Dept. WR – Western Region

Fig. 2. Team structure for the Western Cape Recovery Plan project.

Dept of Public Enterprises

Dept of Provincial &Local Government

Provincial Government

Dept of Minerals & Energy

Municipal

Eskom Holdings Energy Risk Management Committee Eskom Executive

Eskom Recovery Team

ERMC Recovery Team

Integrated Recovery Team

153

Municipal Recovery Team

RED1

Other Stakeholders

Fig. 3. Stakeholder structure for risk management of the Recovery Plan project.

154

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

report was also compiled by ERT and published internally within Eskom and externally to the general public. 5. Risk management of the Recovery Plan project There are typically five stages associated with risk management, namely: (1) risk management planning, (2) risk identification, (3) qualitative and quantitative risk analysis, (4) risk response planning, and (5) risk monitoring and control [3]. However, Edwards and Bowen [4] state that the process of risk management should include evaluation and reporting and they have as a result categorised the process of risk management into nine stages: Identification; Classification; Allocation; Analysis; Response; Recording; Monitoring; Control; and Evaluation. Chapman [5] identified nine phases of the generic risk management process (RMP), comprising: define; focus; identify; structure, ownership; eliminate; evaluate; plan and manage. Practically, however, it is possible to classify all these stages into a four-stage risk management cycle: risk identification; risk analysis; risk response; and risk reporting. The risk identification stage includes classification and allocation, while risk reporting includes monitoring, control and evaluation. The risk management practice of the Recovery Plan project within the Eskom integrated risk management protocol is presented below along the lines of this four-stage framework. 5.1. Risk identification (and classification and allocation) of the Recovery Plan project The role of stakeholders in the RMP is emphasised by Loosemore et al. [6]. According to them, effective and frequent involvement of stakeholders at all stages of the RMP will ensure that more risks are identified and commitment obtained in managing them. Stakeholder management becomes very critical in the risk identification process given that they can have conflicting interests and the risks identified could be biased towards those interests or limited to their own experiences. The possibility that the stakeholder mix could change over time also has an impact on project objectives and its associated risks. Furthermore, stakeholders might be unable to express their objectives clearly or limit the sharing of valid information due to confidentiality or inter-stakeholder politics. Hence, they have suggested that the risk manager or risk management service provider should encourage stakeholders to balance their objectives with one another, be flexible where possible, and understand the pressures and background under which objectives are created. It is generally accepted that companies with organic structures allow for more creative and imaginary approaches to identify risks, though it is still easier for mechanistic structured companies to implement those approaches [4]. This is because the latter could provide backing in the form of authority sources, addressing possible resistance. Hence, companies’ management should be committed to the risk management process, identifying leaders with a strong personal passion for the subject.

The classification of risks creates a common framework for grouping risks, although different cultures could classify the same risk differently. Edwards and Bowen [4] suggest two primary categories for classifying risks: Natural and Human Risks. Natural risks are those from systems ‘‘beyond human agency’’ which include risks from weather, geological, biological and extraterrestrial systems. Risks from human systems are more difficult to categorise due to their overlapping nature. These include risks from social, political, cultural, health, legal, economic, financial, technical and managerial systems. Baber [7] refers to internally and externally generated risks. The Project Management Institute [8] classifies risk into internal and external. Examples of internal risk in project development are issues relating to labour, materials, site conditions, cash flow, etc., while external risks include governmental regulations, vandalism, sabotage, environmental factors, market forces, inflation, etc. It is generally accepted as a good risk management practice that a risk should be allocated to the party who can best manage it that risk. To avoid duplication it is suggested that continuous investigations are undertaken during the process of risk management to ensure that another stakeholder has not already taken up the control of a risk [6]. Eskom, in general, is very risk aware and has invested considerable resources into this project management practice within the company. Many processes are in place to identify and manage potential risks in its various functional areas. Within its Distribution Division the foci of operations are customer services, engineering (safety standards – occupational safety and health requirements); finance; human resources; information management; and commercial. All of these functional departments are represented on the BPIR Committee where risks are raised and managed. At this level risks are categorized as follows: finance; technical operation and performance; legal audit and compliance; people; strategic acquisitions, divestitures and projects; strategy; transformation; pricing; regulatory (NER); stakeholders; information; subsidiaries, associates and joint ventures. In this particular case, the main reason for the inadequate supply capacity to meet the needs of the Western Cape within the normally envisaged risk possibility of a loss of generation at Koeberg was aggravated by decisions by central government that limited the capacity of Eskom to build new power stations or transmission lines. Arising from the White Paper on Energy Policy [9], government decided it was necessary to proceed with ‘the unbundling of Eskom’s generation and transmission groups’ and ‘separate the power stations into a number of companies’ to ‘create the opportunity for private sector and Black Economic Empowerment investment opportunities in the generation sector’. Later, the Intergovernmental Fiscal Review [10] stated ‘The ESI restructuring involves three key aspects: the sale of 30 per cent of Eskom’s generating capacity to private investors, with a black empowerment equity stake of at least 10 per cent of capacity; the separation of Eskom into several generation clusters and a sepa-

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

rate transmission company; and the introduction of an electricity market, which will ensure competition between the different electricity generators. These reforms will begin during the course of 2003.’ The central government had taken responsibility to manage the investment decisions of the supply industry, and it was only in late 2004, with looming insufficient capacity, that the decision was made to return the responsibility for electricity sufficiency to Eskom [11]. Thus, Eskom was constrained by external forces in its ability to respond to identified risk. Most subsequent risk was a consequence of this external risk. The identified risks are usually assigned to the BPIR Committee members for mitigation. Although the committee members remain accountable, they could subsequently delegate the risk mitigation actions and management to relevant staff within the establishment. The Eskom Recovery Team panel of experts responsible for addressing the Western Cape Recovery Plan project comprised senior managers drawn from the following departments and/or divisions: National Recovery Sponsor (this is represented by the Managing Director of the Transmission Division who has overall accountability for executing the Recovery Plan); Regional Recovery Sponsor (represented by the General Manager of Distribution – Western Region); and Programme Manager (Risk Manager – Distribution (Western Region), responsible for driving the Recovery Team from a project and risk management perspective). Other functions represented on the panel are Project Managers and Consultants; Load Shedding stream, Demand Side Management stream; Grid and National Control stream, Koeberg stream (represented by the Production Manager for Generation – Nuclear Cluster – who is responsible for all activities happening at the Koeberg Nuclear Power Station, i.e. repairing of Unit 1, shutting down of Unit 2 for refuelling, and managing the output capacities of the separate units); Eskom Enterprises stream; Key Sales and Customer Services stream; Customer Services stream; Human Resources stream, Finance stream; Other Corporate Functions (Managers from Legal, Audit and Security at corporate level); External Relations Department stream; and Communication and Stakeholder stream. This is a comprehensive stakeholder panel to ensure that no function within Eskom that may contribute to the solution to resolve the risks associated with the Recovery Plan project is left out. This panel compiled an extensive list of risks and mitigating actions based on their individual expertise and input from their respective teams and business environments. Some risks were identified based on previous experience, whilst others were based on documented rules and regulations (especially in the nuclear environment). The panel also identified risk ownership and reporting mechanisms around these risks as shown in Table 2. Many of the risks listed in Table 2 have arisen as a result of the mitigation strategies for others. For example, the risk of not being able to supply the demand for electricity (Risk No. 20) is mitigated by Demand Side Management (DSM) initiatives like providing an exchange programme

155

for Compact Fluorescent Lamps (CFLs).3 Provision of enough lights (Risk No. 23) and the public’s take-on of the programme (Risk No. 21) became additional risks to manage as a result mitigating Risk No. 20. In addition, there were a couple of unidentified risks which arose as time went by: (i) a faulty valve at Koeberg was discovered after Unit 1 was returned to service; (ii) a pinhole leak was discovered in Koeberg Unit 1, though it posed no threat to operations; and (iii) a problem with the electrical supply boards at Koeberg was discovered which forced Unit 1 to shut down after it had been recommissioned. The risk identification matrix (Table 2) also indicates whether Eskom or the City of Cape Town (or both) is responsible to action the risks. The relevant Recovery Team’s members are identified as accountable for particular risks and they are able to delegate such risks to the relevant staff as appropriate. Despite the involvement on the panel of various stakeholders in the risk identification, classification and allocation processes, certain shortcomings became apparent, including: (1) a weak relationship between Eskom and the City of Cape Town (the two key ownerships – internal and external respectively – of the various risks) leading to each blaming the other and miscommunications to the public, i.e. customers; (2) lack of an integrated Recovery Plan between the different stakeholders (probably due to an excessive number of members on the panel); and (3) the risks were not necessarily categorised according to Eskom standards i.e., they were grouped according to the business areas identified for the Recovery Plan (i.e., Load Shedding, Koeberg, Communication, etc.). The excuse given for these shortcomings in the risk management process at the identification stage is the crisis situation under which these risks were identified. 5.2. Risk analysis of the Recovery Plan project It is important for perceived risks to be evaluated, decomposed, and subjected to some form of assessment in order to understand the magnitude of the risks facing the organization [4]. The assessment method, which should be appropriate for the risk and organisation, should measure the risk severity to determine what management action and priority to apply. Risk analysis relies on a qualitative and/or quantitative approach. It is, however, suggested that quantitative risk analysis should only follow on qualitative risk analysis, where the latter has exposed important risks which could be analysed with reliable data and where numbers will make logical sense and could be interpreted sensibly [6]. Qualitative risk analyses could, in many cases, be sufficient to assess the magnitude of risks, although such analysis is subjective and subject to errors of judgement. To 3

Eskom initiated a schemed whereby the public were encouraged to exchange their conventional light bulbs for less electricity-consuming CFLs – at no cost to the consumer.

156

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

Table 2 Risk identified for Western Cape Recovery Plan project Risk no.

Description

Allocated to Eskom

1 2 3 4 5 6 7 8

Collapse of aging infrastructure due to frequent switching Inability to stick to load shedding schedules Insufficient numbers of authorized staff for manual switching operations Poor operational communications Poor communications with public Inability to soften impact Dependency on standby plant and equipment Normal maintenance and refurbishment/expansion work will be impacted by the abnormal state of the networks, resulting in maintenance backlogs, failure to complete projects, etc. Electricity staff burn-out will result in low efficiency, increased risk of accidents and equipment damage Potential commissioning delays in the recovery of Unit 1:  Potential for commissioning delays due to the rotor from France not being identical to the one removed to Rosherville  Another reason for commissioning delays could include stator bar failure during stator repair  Past records indicate that delays in unit start-up following an outage are quite common Koeberg: Unexpected tripping on the turbine-generator set Koeberg: Controlled shutdown due to operational constraints Delayed return of a Koeberg unit after a trip. Potential commissioning delays of Unit 2 Logistics of transporting the generator equipment on time Unavailability of Palmiet hydro-electric supply  Due to limited opportunities to restore dam levels, Palmiet could be constrained in terms of power output.  Potential plant failures could also limit the full output of Palmiet. Failure of some transmission equipment has in past resulted in partial or total blackout of the Cape. Transmission Lines and substations  Fires  Fog and mist Total Blackout Inability to supply the demand of electricity Extent of consumer adoption of energy efficiency measures less than expected Verbal and physical abuse of implementers Project delays caused by time required to acquire equipment (Compact Fluorescent Lamps (CFL’s), gas cylinders, etc.)

9 10

11 12 13 14 15 16

17 18

19 20 21 22 23

overcome the disadvantages associated with qualitative risk analysis, some quantitative attributes can be incorporated making it a semi-quantitative risk analysis. This can be done by assigning predetermined values to the probability and impact which will result in more precise estimates of risks as shown in Table 3 [4]. Table 3 Predetermined values allocated to probability and impact of risk factor Probability

Predetermined Value

Impact

Predetermined Value

Rare Unlikely Possible Likely Almost Certain

0.10 0.30 0.50 0.70 0.90

Insignificant Minor Moderate Major Catastrophic

5% of cost 10% of cost 20% of cost 40% of cost 80% of cost

X

X X X

City of Cape Town X X X X X X X X

X X

X X X X X X

X X

X X X X X

Of course, different organisations will assign different values for semi-quantitative risk analysis which will take their risk attitude and exposure into account. An organisation could also assign different values for different projects. According to Edwards and Bowen [4], whether organisations use quantitative or qualitative risk analysis methods, decisions could still be based on emotions and ‘gut-feel’ rather than on the results generated by the application of risk analysis techniques. Risks of various natures and magnitudes could arise from the different areas of the Distribution business within Eskom (Customer Services, Engineering, Finance, etc.). Hence, the BPIR Committee has produced a qualitative analysis rating and description protocol to be applied to risk management within the establishment as show in Table 4. Based on the rating and the description protocol,

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163 Table 4 BPIR Committee qualitative analysis rating and description Rating

Descriptor

Probability 1 3 5 7 10

Adverse event will not occur Highly unlikely that the event will occur Event can occur Highly likely that the event will occur Adverse event will definitely occur

Impact 1 3 5 7–9 10

Ignore – event is negligible Minor – financial loss or injuries Significant – loss of business, significant financial loss, loss of jobs, some fatalities Severe – loss of business opportunities, major financial loss, many job losses and fatalities Catastrophic impact on Eskom or the business entity

157

the BPIR Committee is able to decide how the risks will be ranked and prioritised (Table 5). A semi-quantitative approach is also used to evaluate Eskom projects, where probability is indicated as a possibility percentage of a risk occurring and impact as a Rand value which relates to the percentage cost impact of the specific project. The product of the probability and impact is then used to determine the ranking of the risk. Quantitative risk analysis is mostly applied in the business areas of the company where they are more applicable, e.g. finance and commercial issues where investment risks need to be considered. A qualitative risk analysis method was adopted for the Recovery Plan project, based on the expertise of the Recovery Plan team and lessons learnt from previous less serious crisis projects. Quantitative analysis is applied for transmission load factors whilst impact and probability ratings,

Table 5 Qualitative risk analysis of the Recovery Plan project risks Risk no. 1 2 3 4 5 6 7 8

9 10

11 12 13 14 15 16

17 18

19 20 21 22 23

Description

Impact

Probability

Collapse of aging infrastructure due to frequent switching Inability to stick to load shedding schedules Insufficient numbers of authorized staff for manual switching operations Poor operational communications Poor communications with public Inability to soften impact Dependency on standby plant and equipment Normal maintenance and refurbishment/expansion work will be impacted by the abnormal state of the networks, resulting in maintenance backlogs, failure to complete projects, etc. Electricity staff burn-out will result in low efficiency, increased risk of accidents and equipment damage Potential commissioning delays in the recovery of Unit 1:  Potential for commissioning delays due to the rotor from France not being identical to the one removed to Rosherville  Another reason for commissioning delays could include stator bar failure during stator repair  Past records indicate that delays in unit start-up following an outage are quite common Koeberg: Unexpected tripping on the turbine-generator set Koeberg: Controlled shutdown due to operational constraints Delayed return of a Koeberg unit after a trip Potential commissioning delays of unit 2 Logistics of transporting the generator equipment on time Unavailability of Palmiet  Due to limited opportunities to restore dam levels, Palmiet could be constrained in terms of power output  Potential plant failures could also limit the full output of Palmiet Failure of some transmission equipment, have in past resulted in partial or total blackout of the Cape Transmission Lines and substations  Fires  Fog and mist Total blackout Inability to supply the demand of electricity Extent of consumer adoption of energy efficiency measures less than expected Verbal and physical abuse of implementers Project delays caused by time required to acquire equipment (CFL’s, gas cylinders, etc.)

H H M M H M H M

M M H M M M H M

M

H

H

L

H H H M L H

M L M L L M

Very high

L

H

L

Very high M H

L M M

M H

L M

158

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

based on high, medium or low ratings, are allocated to the risks identified for the project. Priority was given to all risks that could impact on either the restoration of the power supply or the reduction of electricity demand – these being regarded as the main project objectives. As the Recovery Plan was implemented and time moved on, risks were re-assessed and updated accordingly. For example, as the repairs to Koeberg Unit 1 were progressing, the risk of not synchronizing it to the grid was lowered accordingly over time before Unit 2 had to be shut down for refuelling. A quantitative risk analysis method was used to determine the Western Cape power load and its associated risks. Table 6 depicts the load forecast in comparison with supply and the associated predicted shortfall. By using this analysis, the Recovery Team was able to compile various risk scenarios pertaining to the possibility of power supply interruptions as shown in Table 7. By using these scenarios, the expected amount of load shedding could be determined as shown in Table 8. Based on this information, load blocks could be designed to manage the amount of load to be shed. Load blocks for different areas were aggregated to determine the required load to be shed. There was a different load block for every two hours that load shedding was required

Table 7 Risk scenarios for power supply interruption Base Case

Scenario 2

Scenario 3

Scenario 4

One Koeberg Unit Two Palmiet Units Tx system intact

No Koeberg

One Koeberg Unit Two Palmiet Units Tx system contingency

No Koeberg

Two Palmiet Units Tx system intact

No Palmiet Unit Tx system contingency

– to ensure that one geographical area was not interrupted for longer than two hours at a time in terms of an undertaking to the general public. The project adopted a combination of qualitative, semiquantitative and quantitative methods risk analysis depending on the task to be tackled as one would expect. However, certain shortcomings arose from the analyses. In essence, the analyses were as only as good as the data that were used. For example, the load forecast indicated that the week of 5th June would be the period when load shedding could be the worst (i.e. with a 376 MW shortfall). It happened that this week was one of the warmest weeks of the early winter, which of course increased the factor of uncertainty. Nonetheless, it is assumed that the mitigat-

Table 6 Predicted loading and electricity supply for Western Cape

13-Mar-06 20-Mar-06 27-Mar-06 3-Apr-06 10-Apr-06 17-Apr-06 24-Apr-06 1-May-06 8-May-06 15-May-06 22-May-06 29-May-06 5-Jun-06 12-Jun-06 19-Jun-06 26-Jun-06 3-Jul-06 10-Jul-06 17-Jul-06 24-Jul-06 31-Jul-06 07-Aug-06 14-Aug-06 21-Aug-06 28-Aug-06 04-Sep-06 11-Sep-06 18-Sep-06 25-Sep-06 a b c

Load Forecast

Tx Limita

Koebergb

Palmiet

Customer interruptabilityc

3967 3954 3969 4036 3952 4054 4003 4043 4094 4223 4202 4103 4276 4267 4207 4261 4191 4128 4261 4130 4151 4156 4201 4204 4146 4174 4067 4056 3948

2400 2442 2484 2526 2568 2610 2652 2694 2736 2778 2820 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400 2400

900 858 816 774 732 690 648 606 564 522 480 900 900 900 900 900 900 900 900 1800 1800 1800 1800 1800 1800 1800 1800 1800 1800

400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400

200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200 200

Tx limit is the transmission limit on electricity import from the North. 2800 MW is the absolute maximum. Koeberg’s Unit 2 output was reduced over time to delay its shutdown for refuelling. Customer interruptability are those agreements with larger power users to use self generation over peak periods.

Predicted shortfall before DSM 67 54 69 136 52 154 103 143 194 323 302 203 376 367 307 361 291 228 361 670 649 644 599 596 654 626 733 744 852

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

159

Table 8 Load shedding based on the risk scenarios Month

Peak load expected (MW)

Customer interruptability (MW)

Load to be shed in MW Base case

Scenario 2

Scenario 3

Scenario 4

March April May June July August September

3969 4054 4223 4276 4261 4204 4174

200 200 200 200 200 200 200

69 154 323 376 361 – –

569 654 823 876 861 804 774

969 1054 1223 1276 1261 1204 1174

2069 2154 2323 2376 2361 2304 2274

% of Peak load to be shed

Up to 9%

Up to 20%

Up to 30%

Up to 56%

ing actions to minimise load shedding is adequate when unexpected shortfalls do occur. In this instance plans were prepared for the forecasted shortfall in power supply, but it never materialised. This means that forecasting could be inaccurate the other way around as well, i.e. a shortfall of power supply when it is not expected. However, it is assumed that even if this should happen, the necessary mitigating plans will kick in regardless.

risk (i.e. to reduce risk); (2) tolerate risk (i.e. to retain risk); (3) terminate risk (i.e. to avoid risk) and (4) transfer risk. Eskom policy is to provide financial backing to a set of a certain risk decisions. For example, it does not have external insurance cover for its motor vehicle fleet and would stand in for any claims or repairs that are required in that regard. This is because the company considers that insurance premiums on its vast number of vehicles will be much more costly than the occasional cost when a fleet risk does occur. In addition, because the company is continuously in the public eye, it prefers to address insignificant risk (tolerate insignificant risk) to improve its corporate image. For example, the company continuously endeavours to minimise pollution from its coal stations although the emission levels are well within acceptable regulatory levels and specifications. The company, however, will prefer to share or transfer some project risks to a project partner or third party on a high magnitude value project. Table 9 shows the various mitigating actions that the Recovery Plan project team applied in their attempt to reduce the impact and probability of the risks identified and analysed by the team. The table shows that Eskom carries most of the risks by treating and tolerating them. Although it is difficult to comment on the validity of the selected mitigating actions, the response options that Eskom took shows the level of its capacity to absorb massive financial impacts of risks given that the Demand Side Management risk mitigation initiatives alone amounted to R230 million (about US$31M or £17m) while the total Recovery Plan project was estimated at R1.2 billion (about US$162M or £87m). An amount of R645m was spent during the crisis period. The remainder of the budget is planned for work previously unplanned, to be undertaken in terms of the lessons learned and to prevent similar situations arising in the future e.g. a line re-insulation project. Timelines are until 2011. Part of the Demand Side Management risk mitigation strategic was television broadcasts to the public using colour codes to mitigate the risk of poor communication risk with the public. Unfortunately, an anomaly was created by using the same colour scenarios on television for load shedding purposes and the Power Alert campaign. The Power Alert campaign used colour code scenarios to inform

5.3. Risk response of the Recovery Plan project The aim of risk response should be to minimise the magnitude of the risk or in the case of an upside risk, to maximise its opportunity and benefits [6]. Nonetheless, organisations can decide not to respond to a risk, because, for instance, existing controls are adequate to minimise a threat or where there is a high probability that the risk will disappear in the future. It could also be that risks are so insignificant that nothing needs to be done about them. An organisation’s risk attitude and exposure will guide this decision or it could be that the cost/benefit result of any action is actually negative. It does not, however, mean that these insignificant risks should be denied or forgotten. Rather, they should be continuously monitored to determine if any of the underlying circumstances have changed which might require a different risk response. Public perception and/or legislation could force an organisation to respond to a risk even if it is insignificant [6]. This is particularly relevant when it comes to public health issues. For example, any type of radioactive contamination of the environment will create a public expectation for the organisation to attend to the risk or legislation will force radioactive materials to be handled in a (more costly) certain manner even if the risk probability and impact is extremely low. Forms of risk response are risk reduction, transfer, avoidance and retention, or a combination of these. An organisation will apply these responses based on its risk attitude and cost/benefit results aiming towards the ‘‘as low as possibly reachable’’ risk that is left and then assigning the proper level of management to it [4]. One of the BPIR Committee’s remits was to ensure that the appropriate response was assigned to mitigate risks based on Eskom’s risk response nomenclature: (1) treat

160

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

Table 9 Risk responses strategies for the Recovery Plan project Risk no.

Description

Mitigation

1

Collapse of aging infrastructure due to frequent switching

2

Inability to stick to load shedding schedules

3

Insufficient numbers of authorized staff for manual switching operations

      

4

Poor operational communications

5

Poor communications with public

6

Inability to soften impact

    

7

Dependency on standby plant and equipment



8

Normal maintenance and refurbishment/expansion work will be impacted by the abnormal state of the networks, resulting in maintenance backlogs, failure to complete projects, etc. Electricity staff burn-out will result in low efficiency, increased risk of accidents and equipment damage

 

9

 

10

Potential commissioning delays in the recovery of Unit 1:  Potential for commissioning delays due to the rotor from France not being identical to the one removed to Rosherville  Another reason for commissioning delays could include stator bar failure during stator repair  Past records indicate that delays in unit start-up following an outage are quite common







11

Koeberg: Unexpected tripping on the turbine-generator set

 



 12

Koeberg: Controlled shutdown due to operational constraints

 



 13

Delayed return of a Koeberg unit after a trip

 

14

Potential commissioning delays of unit 2



Identify ‘problem’ areas Reduce switching? Repair/replace Redesign blocks with larger margin of safety Use scenarios Train, authorize additional switching personnel Arrange load blocks such that most switching can be done via SCADA (remote) Share info with ESKOM Dedicated phone lines Implement communications strategy Increase fault reporting centre, better routing of calls DSM, ripple control, better shedding schedules, communication strategy Critical allocation of available plant and equipment to support key installations Facilitate that most of these activities continue Create an understanding, through good communication with consumers, for these activities Arrange load blocks such that most switching can be done via SCADA Limit need for overtime Better planned switching schedules. Dual shift system for ops centre The strategy is to TREAT the risk: Inspections have occurred in France and actions taken to mitigate this difficulty. Further inspections will occur once the rotor arrives on site. The project team is monitoring the situation closely and pro-actively taking actions to minimize the risk The strategy is to TREAT the risk: The project team is monitoring the situation closely and pro-actively taking actions to minimize the risk The strategy is to TREAT the risk: Production Manager role assigned (24/7) focusing on current and future activities to minimize any risks The strategy is to TREAT the risk: Communicated to applicable Transmission staff The strategy is to TREAT the risk: Worker instructions for stretchout operations have been developed and implemented previously. Production Manager role assigned (24/7) focusing on current and future activities to minimize any risks The strategy is to TREAT the risk: Production Manager role assigned (24/7) focusing on current and future activities to minimize any risks The strategy is to TOLERATE the risk since it is not deemed significant The strategy is to TREAT the risk: Communicated to applicable Peaking staff The strategy is to TREAT the risk: Production Manager role assigned (24/7) focusing on current and future activities to minimize any risks. The number of PTs will be minimised The strategy is to TREAT the risk: Production Manager role assigned (24/7) focusing on current and future activities to minimize any risks The risk strategy is to respond only once informed since no foreknowledge is possible The strategy is to TREAT the risk: This is due to physical properties of the core at this stage in its operation and cannot be changed The risk strategy is to respond only once NNR communicate a concern since no foreknowledge is possible The strategy is to TREAT the risk: Production Manager role assigned (24/7) focusing on current and future activities to minimize any risks

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

161

Table 9 (continued) Risk no.

Description

Mitigation

15

Logistics of transporting the generator equipment on time

16

Unavailability of Palmiet  Due to limited opportunities to restore dam levels, Palmiet could be constrained in terms of power output  Potential plant failures could also limit the full output of Palmiet Failure of some transmission equipment, have in past resulted in partial or total blackout of the Cape Transmission lines and substations  Fires  Fog and mist

 The strategy is to TREAT the risk: A team in France comprised of Eskom, Alsthom, EdF and French customs representatives are working to ensure that the departure of the rotor from France remains on track. It is confirmed that the SA Navy ship, the SAS Drakensberg, will be used to expedite transport. This will cut approximately one week off the shipment time. The ship will be tracked on a daily basis. A dedicated logistics team is currently working on customs and port arrangements as well as transportation from CT Harbour to Koeberg. In addition, recovery of the Koeberg rotor currently being repaired at Rosherville is being pursued in parallel to the shipment of the EdF rotor  Not captured

17 18

19

Total Blackout

20

Inability to supply the demand of electricity

21

Extent of consumer adoption of energy efficiency measures less than expected Verbal and physical abuse of implementers Project delays caused by time required to acquire equipment (CFL’s, gas cylinders, etc.)

22 23

viewers of what the immediate situation was and to request them to take certain actions. For example, a green scenario on TV meant ‘‘No action is required’’, although for load shedding purposes up to 9% of load could be shed at any time. The red scenario requested users to switch off multiple appliances and power points (e.g., from electric heating to unnecessary lighting); this also meant up to 30% load shedding. The 30% load shedding meant one third of the Western Cape could sit in the dark; this was a very considerable risk! There was lack of correlation between the severity of the TV alert program and what the actual situation was. It worked out well nonetheless, as very few inter-

 Not captured  Fires: Extension of the fire protection agents (FPAs) to other areas. FPAs are for fire management, and include local fire departments, policing forums and civil society  Fog and Mist: Re-insulation of the lines – Replacing glass with silicon composite insulators (short-term – focus on key lines and projects to focus on all coastal lines)  Regional Control will be directed by National Control  There will be direct communication between Eskom’s Regional and National Control with City of Cape Town’s Control Centre  The Emergency Operating Centre (EOC) will be responsible for communication with the Regional Crisis Centre  If the EOC is not yet active the Regional Control Centre will alert the Regional Crisis Centre (Required is only one contact person to avoid sidetracking the Control Centre from doing switching)  The emergency will further be managed as per the ESKOM procedures do restore power supply to affected areas in the Cape  All communication with ESKOM will be through the EOC  All external communication about the blackout will be through the Regional Crisis Centre  Initiate various Demand Side Management Programmes. This will include:  CFL exchange  Self generation  Gas conversions  Voluntary conservation  Subsidising electricity efficient devices  A diverse range of projects will be pursued. Successful projects will be accelerated to make up for projects with lower success  Implementers will work in teams and will avoid ‘hot spots’  Procurement processes will be streamlined as far as possible

ruptions took place during the time that interruptions were expected – except for an unexpected fault at Koeberg which forced Unit 1 to be shut down. Although all the crisis plans were in place and the principles of the Western Cape Recovery Plan were immediately applied, it could not avert controlled blackouts in the City and surrounding areas as a result of fault at Koeberg Unit 1. The main problem, however, with the mitigation strategies employed was that many of the strategies were implemented too slowly; this was apparent for the Demand Side Management initiatives and for communication and stakeholder management.

162

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

5.4. Risk reporting (recording, monitoring, control and evaluation) of the Recovery Plan project It is considered good practice for risks to be recorded in a risk log or register database system [12] after they have been identified and assessed. This is to facilitate the monitoring, control and evaluation of the risks. Each risk should be uniquely identifiable (using a risk number/code), indicating: the description; the type of risk; the assigned risk owner; and the applicable risk response and mitigation action. It is important that the frequency of monitoring the risk and the method of reporting are pre-decided very early in the risk process [4]. At the same time, mode(s) of communicating the risks to relevant staff and external stakeholders must be introduced [6]. According to Loosemore et al. [6], the greater the risk the more senior management should become involved. This is also important where risk response implementation is likely to meet with resistance, particularly where resources (funds and people) are redirected from other projects or functions to mitigate risks [6]. Monitoring and controlling of risks will highlight the urgency of the Risk Management System and make risks more obvious to identify. It also increases risk awareness and therefore reduces risk magnitude as more information becomes available; and it should also allow risk knowledge/lessons learnt to be captured for future project use [4]. The BPIR Committee has the oversight responsibility of all the risks within the Western Region Distribution Division business. One of its main objectives is to integrate these risks and assess how one risk could impact on, or create, another. It also identifies the risk impact on the other regions, divisions and/or subsidiaries. It aims to make the business more risk-aware and encourages the inclusion of risk management processes in the normal business processes. The BPIR Committee suggests that risks be reviewed annually for those where the exposure is long term and could have an impact on long-term business objectives. Monthly reviews are done, however, to keep the RMS dynamic and up to date. Ad-hoc risk analyses are undertaken in the case where changes occur that could have a negative (or positive) impact on the business. For project development, the Committee suggests that risk analysis and monitoring are undertaken at three stages: concept phase; before implementation; and when there are significant changes/problems during implementation. The risks on the Recovery Plan project were recorded, continuously monitored, and regularly reported to the Committee and to the various stakeholders involved in the project with lessons learnt incorporated into the feedback process. Nonetheless, the initial Recovery Plan report did not indicate all the risk analysis results on impact, probability and mitigating actions. This was noted and remedied just in time to ensure that these omitted information did not impact on the management of the risks.

6. The Western Cape electricity crisis aftermath The National Electricity Regulator South Africa (NERSA) decided to formally investigate the incidents at Koeberg’s Units 1 and 2 which occurred during November 2005. These incidents are not discussed in this report, but were also due to a switching fault and flash-overs between transmission lines due to high pollution from veld (grass) fires.4 At the time only one unit was generating power as the other unit was off line due to maintenance being carried out. NERSA, however, found that Eskom was negligent in terms of maintenance procedures. It identified faulty protection systems and found Eskom in breach of its license conditions. At Koeberg it found deficiencies in its configuration management, non-conformance to procedures and ill-discipline in certain areas. The Regulator indicated that, if found guilty, Eskom could be fined up to R300 million.5 Eskom contested the NERSA report and responded that not all incidents indicated negligence or a breach of license conditions. It emphasised that the nuclear safety regulations, as set by the National Nuclear Regulator (NNR), have never been violated. Eskom has, however, acknowledged that there were oversights regarding some of its practices and procedures.6 The damage done during the January 2006 maintenance on Unit 1 (as per the report) was caused by a bolt left behind in the generator. At the time a concern was raised because the bolt was of another type than those used in the generator. Three investigations took place: one by the police and the security services including the National Intelligence Agency, one by the National Energy Regulator, and a third by Eskom itself. Originally it was thought that the unit could have been sabotaged, but these fears were laid to rest after the investigations were completed and the cause of failure ascribed to human error.7 Some of the key lessons learnt include:8  The Western Cape is vulnerable to power supply issues – ensure mitigation plan is in place at all times.  Ensure support from all operations to allow plant personnel to focus on the problems at hand.  Streamline the communication process to be less cumbersome and time consuming.  Co-ordinate all communication with government across all three tiers.  Need to know and be sensitive to the direct and knockon impact on customers and the Economy. 4 http://www.fin24.co.za/articles/economy/display_article.aspx? Nav=ns&lvl2=econ&ArticleID=1518-25_1836685 (20/10/06). 5 http://www.mg.co.za/articlePage.aspx?articleid=280838&area=/ breaking_news/breaking_news__business/ (15/9/06). 6 http://www.mg.co.za/articlePage.aspx?articleid=281096&area=/ breaking_news/breaking_news__business/ (15/9/06). 7 http://www.southafrica.info/what_happening/news/erwin_koe berg180806.htm (20/10/06). 8 061004_Exco Board_Presentation_Close-out Report_RvW2.ppt. Internal Eskom document, unpublished.

R. van Wyk et al. / International Journal of Project Management 26 (2008) 149–163

 Ensure protection of Key Industrial Customer loads (within limits).  Prioritise load shedding based on upfront determined principles.  Publish Load Shedding schedules a week in advance and stick to these since businesses plan operations around them.  Restore confidence in the electricity industry, i.e. build/ sustain reputation and corporate image.  Media education and relationship building.  Identify multiple levels of risk and perform adequate risk management.  Understand the impact and importance of various levels of crisis communication and messages being sent out. 7. Conclusions The objective of this paper was to document the process of risk management used by a utility company for managing risks associated with its projects. The paper has reflected on the theory and practice of risk management by presenting risk management of the Recovery Plan project of the Distribution Division of Eskom Holding Ltd in South Africa. The company’s risk management system policy allows for total risk integration between divisions, regions and functional departments. The company ensures that a risk management process forms part of its strategy and develops a company governance structure to implement and maintain the process. However, potential risks and opportunities are identified within its various business divisions, departments and functions. Risk accountability is implemented at the company, divisional and project levels by assigning risks to the members of the risk management team to ensure that mitigating actions are implemented. The progress of risk mitigation is tracked on a regular basis. However, certain shortcomings are evident in the risk management process of the company. These shortcomings include: an excessive number of stakeholders that are represented on the risk management panels and committees; an inability to stick to the overall company risk management process at a time of crisis; and loose implementation of the company’s risk management system across its various divisions and business functions. Lack of integration of external and internal stakeholders (in this case, Eskom and the City of Cape Town) is another shortcoming of the risk management system, as was the associated risk communication to the public and key customers. The company has access to and uses different techniques of risk management, suggesting that there is congruence between the theory and practice of risk management by the company. However, the company adheres to a very simple risk management process that enables it to carry out its business functions. The com-

163

pany’s use of quantitative risk analysis is very limited, although it has the resources to use more sophisticated types of analyses to assist in its RMS. This tends to support Elkington and Smallwood’s [2] view that the current process that this utility company uses for risk management is weak. Although this is a utility company with more attendant risks compared with the risks levels and factors faced by other industries, there is no evidence that the company utilises more sophisticated risk management tools. Rather, the company strategy was to raise risk awareness within its business supported by high level governance structures and to ensure that risk management is an integral parts of business activities. Risk management activities take place at different levels within the company. Future research could meaningfully be directed at establishing the effectiveness and efficiency of this multilevel risk management strategy. Acknowledgement The authors are indebted to Professor Trevor Gaunt, Department of Electrical Engineering, University of Cape Town, for his valuable input concerning external forces initially constraining Eskom’s ability to respond to identified risk. References [1] Miller R, Lessard D. Understanding and managing risks in large engineering projects. Int J Project Manage 2001;19:437–43. [2] Elkingston P, Smallman C. Managing project risks: a case study from utilities sector. Int J Project Manage 2002;20:49–57. [3] Taylor H. Congruence between risk management theory and practice in Hong Kong vendor-driven IT projects. Int J Project Manage 2005;23:437–44. [4] Edwards PJ, Bowen PA. Risk management in project organisations. Elsevier: Butterworth Heinemann; 2005. [5] Chapman C. Project risk analysis and management – PRAM the generic process. Int J Project Manage 1997;15:273–81. [6] Loosemore M, Raftery J, Reily C, Higgon D. Risk management in projects. 2nd ed. Taylor and Francis; 2006. [7] Baker RB. Understanding internally generated risks in projects. Int J Project Manage 2005;23:584–90. [8] Project Management Institute. A guide to the project management body of knowledge (PMBOK), 2000 ed. Newton Square, PA: Project Management Institute; 2000. [9] Department of Minerals and Energy (1998) White paper on the Energy Policy of the Republic of South Africa (p.55), available at http://www.dme.gov.za/pdfs/energy/planning/wp_energy_policy_ 1998.pdf (accessed on 11 May 2007). [10] National Treasury (2003) Intergovernmental Fiscal Review, Chapter 12: Electricity (p.230), available at http://www.treasury.gov.za/documents/ifr/2003/chp12.pdf (accessed on 11 May 2007). [11] Phasiwe, K. (2004) Power-Station Plans Pique Foreign Interest. Business Day, 27 October, available at http://allafrica.com/stories/ 200410270280.html (accessed on 14 May 2007). [12] Patterson FD, Neailey KA. Risk Register Database System to aid the management of project risk. Int J Project Manage 2002;20: 365–74.