Risk Management in the United Arab Emirates’ Public Sector

Subject: Finance
Pages: 40
Words: 10983
Reading time:
38 min
Study level: PhD

Introduction

Risk governance strategies are evolving in line with the changing internal and external forces in an organizational setting. According to Bai (2014), the emerging technologies, increasing globalization, and advancements in various sectors of the economy have created a new platform for auditing and managing risks in modern society. The ability of the management to identify threats early enough in a given project and deal with them effectively is a critical ingredient of the success of any institution. The internal auditors must understand the primary goals of each program, the expected dangers that it may encounter, and how such risks can be managed using the available resources within an organization. Nguyen, Bhagavatulya, and Jacobs (2017) explain that risk management has become a critical concern in the United Arab Emirates’ public sector.

Over the past two decades, the government has been investing heavily in infrastructural development to promote the growth of various sectors of the economy such as tourism, trade, and hospitality among others (Ellis & Sherman 2014). Some of the mega-developments sponsored by the government include the construction of roads, rails, airports, public parks, and mega-buildings. These programs are worth billions of dirham and are fully funded by public resources. As mentioned in the literature review, most of these mega public projects have registered impressive success, but the delay has been a common problem in almost all of them (Ellis & Sherman 2014). Other challenges also exist that may affect the ability to realize the desired outcome in these important programs. Failure of such an undertaking would result in the loss of billions of dirham that would have been used in other projects.

It is the responsibility of the managers and departmental heads to ensure that each task achieves the intended goal within the stipulated time. Internal measures must be taken to identify factors that are likely to derail the progress of each program. Public projects are often audited by the Financial Audit Department (FAD), but as Abed (2014) notes, the external auditor may not influence the success of a development plan. In most cases, the external auditors’ primary goal is to evaluate how public resources were spent and to determine if those trusted with public funds misappropriated them. It means that the external auditors’ work is necessary after its completion or at the end of the financial year. Internal auditors play a critical role in defining the success of a venture because they can identify mistakes before they can have a devastating impact on a project.

As Abed (2014) states, the internal auditors not only focus on financial risks but also any other threat that may affect the overall success of a project. They start by identifying all the possible threats that may occur at every given stage before it is initiated. They then work with all the other stakeholders related to the venture to determine if any of the expected risks have occurred so that corrective measures can be taken to avert undesirable consequences. The integrated approach to risk management is vital in enhancing the success of these activities. In this section of the paper, the focus will be to discuss the outcome of the analysis primary data in light of the information that was gathered in the review of the literature.

The Existing Determinants of Risks Governance in the Public Sector

What are the existing determinants of risks governance in the public sector?

Mega public projects are always subject to numerous dangers, some of which may completely paralyze the ability to achieve the desired goals. Identifying the relevant determinants of risk governance in the public sector is critical in enhancing the success of these programs. The determinants enable the stakeholders involved in the task to come up with appropriate plans on how to counter challenges that may arise at different stages of the implementation. In the previous chapter, the existing determinants of risks governance have been analyzed to determine their relevance. The factor analysis has identified 10 latent clusters which include the following:

  • Strategy (S)
  • Risk appraisal and insight (RAI)
  • Risk management and governance (RMG)
  • Review risk development and decision (RRD)
  • Risk communication (RC)
  • Risk culture (RCU)
  • Risk appetite (RA)
  • Project success (RG)

The occurrence of negative events of projects

Internal audit

Each of the ten factors has different variables and with varying Cronbach’s alpha based on the primary data analysis. The following figure 1 and figure 2 provide further analysis of these factors and the variables.

The latent analysis cluster
Fig. 1. The latent analysis cluster

As shown in the above figure, each of the factors has different categories of determinants of risk governance. The figure below shows the number of determinants in each of the 10 latent factors, and the average weighted mean of their Cronbach’s alpha defining their relevance to the success of a public project.

The latent analysis cluster
Fig. 2. The latent analysis cluster

The first factor is the strategy with 8 determinants of risk governance with an average weighted mean of.940. It has two latent clusters of risk alignment process (SG1) and risk oversight (SG2). The strategy that is used in managing risks defines how successful a public program can be under various prevailing circumstances. According to Abed (2014), one of the most important strategies when undertaking mega public projects is change management. New technologies may emerge that can enhance the level of success of the involved activities. The entire team must be capable of switching from one strategy to another without strain. It all depends on the strategies used by the management. The strategies used in the identification, quantification, classification, and management of risks should be clear and understandable to all the relevant stakeholders. The outcome of the primary data analysis shows that the flexibility and proactive nature of the strategies must be emphasized to ensure that hazards do not create a crisis in case they occur.

Risk appraisal and insight were the second factors in the analysis, and it had 8 determinants of risk governance divided into two clusters. The two clusters include risk guidelines (RAIG1) and risk assessment process (RAIG). Once a given risk factor has been identified, the next important stage is the assessment. The first stage of risk appraisal should be done during the stage of planning. At this stage, all the possible risk factors that may be encountered in the project should be identified and thoroughly assessed both qualitatively and quantitatively. The nature of the anticipated threats should be clear to the management so that they can make informed decisions about them. The second stage of risk appraisal is conducted when they occur. Bai (2014) says that at this stage, the chief risk officer will evaluate the threats to determine their magnitude. When reporting about the hazard, the officer should explain whether its magnitude is within what was anticipated. The classification should state if the magnitude of the risk that has occurred is below, within, or above what had been anticipated. An effective appraisal helps in defining the right action that should be taken.

Review risk development and decision, with 8 determinants of risk governance, was identified as an important factor in the risk management process. It had three clusters, which include risk monitoring guidelines (RDGA), the effectiveness of assurance (RDG2), and monitoring of risk exposure (RDG3). According to Popov, Lyon, and Hollcroft (2016), the management should have a clear pattern of responding to risks under various categories. Some calculated risks may be taken after determining how they can be managed and their benefits to the firm while others have to be avoided. Having a clear mechanism upon which decisions are made enables the top managers to avoid confrontation with junior officers who may want to embrace a given dangerous activity when implementing a proposed project. The junior officers will be able to evaluate and classify risks based on the set parameters. They can then predetermine the likely decision that will be favored by the program manager or senior authorities. When a proposal is rejected based on the risks involved, they will understand the parameters that were used by the relevant authorities. Such systems improve cohesion among the team members.

Risk management and governance is another important factor average weighted Cronbach’s alpha mean of.974. The analysis shows that it has 19 factors in two different clusters. The clusters include risk governance (RMGG1) and risk control (RMGG2). When the management decides to take specific calculated risks, Verzuh (2015) advises that there should be effective mechanisms put in place to manage them. For instance, if it is decided that an artificial island is to be constructed in Dubai, the dangers are known. One of the main risk factors in such a delicate initiative is the possible injury or even death of the workers involved in the project. The process of management involves defining the security of the workers. The team must be proactive in managing such risks by coming up with proper safety measures for all those involved in the activities as Mousavi (2015) advises. A rapid response unit should always be in place in case undesirable events happen despite the existence of safety measures.

Risk communication is another crucial factor identified in the analysis. It has 12 items in three different clusters. The clusters include risk communication (RCG1), risk documentation (RCG2), and risk coordination (RCG3). Effective communication is an integral factor in risk management. Some of the mega public projects involve numerous activities that have to be conducted by different individuals. Risks may be detected at various levels by any of the workers assigned to the venture. Once it is detected, measures should be put in place to manage them. Vinnem (2013) explains that immediate actions can only be taken if there is an effective communication platform. Junior employees should be capable of engaging their superiors whenever they suspect that there is a problem in their respective workplaces. Once the information is passed to the superiors, there should be a prompt response to investigate and ascertain its nature and what should be done to address it. The top managers should be capable of engaging the junior officers with policy recommendations on how such an issue should be dealt with in the affected department. Bai (2014) argues that when an effective platform of communication is created, it becomes easy to address issues that emerge in such projects at the right time.

The primary data collected from the respondents identified risk culture as an important factor that should be promoted when undertaking mega public initiatives. It had seven items in two different clusters. The clusters include risk culture development (RCUG1) and risk culture awareness (RCUG2). The analysis proposes the use of risk champions to promote a culture where individuals do not shy away from major initiatives because of the fear of the associated dangers. As Vinnem (2013) argues, risk management and risk avoidance are two different concepts. Risk avoidance is a cowardly approach to managing threats by evading tasks associated with feared risks. In some cases, it may not be possible to avoid these dangers. Risk culture promotes an approach where employees are able to take calculated risks, come up with measures of managing their consequences with the primary goal of achieving the high returns associated with such projects. The culture also requires the members to understand which risks are worth taking and which should be avoided based on the degree and nature of their impact, the ease with which they can be managed, and the resources needed. It also seeks to regulate risk appetite among the managers as a way of protecting the outcome.

The analysis also shows that risk appetite is a critical factor that cannot be ignored in public projects. The factor had 9 items in two clusters. The clusters are risk appetite (RAG1) and risk appetite alignment process (RAG2). Any major project cannot avoid risks. The most important thing is to find ways of managing these risks in an effective manner. However, it is prudent to ensure that only real and calculated risks are taken. The technical capabilities of the task force trusted with the ventures should be in line with the project requirements (Vinnem 2013). Project success is another important factor with three latent clusters which are efficient project delivery (RGP1), efficient risk monitoring (RGP2), and effective project risk management (RGP3). The occurrence of negative events of projects and internal audit functions are the other important factors.

Determinants of Project Success

What are determinants of project success?

The success of public undertakings depends on a number of factors. In the literature review, different internal factors of a plan were identified, and their interrelationships were discussed. In the previous chapter, the researcher identified a variety of determinants that are directly related to the success rates of public projects. According to Verzuh (2015), the rate of success of a project depends on how effectively the occurrence of negative events can be controlled within an organization. When the occurrence of negative events is minimized as much as possible, then the rate of success can be relatively high. In the analysis of primary data done in the previous chapter, it was established that determinants of risk governance are inversely proportional to the occurrence of negative events of projects. The determinants of factors of occurrence of negative events (IN) demonstrate this fact, as discussed below.

The analysis of the primary data demonstrates that cases of scheduled delays have an adverse impact on the success of a program. On the determinant ‘our organization is experiencing schedule delays’, the respondents felt that it was one of the main hindrances to project success, with a Cronbach’s alpha of.919. Schedule delays extend the time before which a project can yield the desired returns. The analysis shows that when a given set of activities is not completed as per the schedule, there may be a ripple effect on other subsequent activities. Such delays make projects worth less than the predetermined value.

Cost overrun is a negative occurrence whose impact on a project may have devastating consequences. In the analysis of data collected from the respondents, an organization experiencing cost overrun had a Cronbach’s alpha of.918, which shows how dangerous it is on a project. It occurs when the management fails to come up with proper plans for a project. Verzuh (2015) advises that before the initiation of the set activities, the budget of the project should be thoroughly evaluated, including the possible costs of managing the anticipated risks. Determining all the possible risks and developing effective plans for managing their help in eliminating cases of cost overrun.

Governance model failure to manage key projects was another major issue identified in the analysis, with a Cronbach’s alpha of.911. Successful project managers know that it is crucial to clear steps of prioritizing and managing key project activities. There should be a step-by-step procedure of what should be done once a given risk factor is identified. The management policies of addressing risks eliminate cases where different approaches are used. It is necessary to identify best practices in risk management both locally and internationally (Dempsey 2014). The management should then develop management policies and frameworks based on these best practices. Although different risk factors may need a different approach to management, the organization should know that a given standard procedure must be followed that identifies various steps in risk management.

The lack of reporting to board and executives was identified as another major area of concern in managing public projects, with a Cronbach’s alpha of.910. The analysis shows that it is important for the risk management team to maintain regular communication with the board and top executives to ensure that issues that affect the operations of the program are discussed and addressed promptly. Having someone who is primarily responsible for the delivery of the reports is critical to achieving success with a project. The officer will be responsible for analyzing various risks, their possible consequences, and how they can be managed using available resources before making the reports (Wassenaer 2017). The officer will work closely with employees who are assigned different roles within the project to ensure that issues that emerge are addressed effectively and within the right timeframe. The information sent to the executives should include possible ways in which the risk factors can be managed, the time that is needed, and the resources required. The board may also want to know the consequences of the failure or delay in addressing the issue.

The lack of control over the phases of the project, with a Cronbach’s alpha of.914, is a negative event whose occurrence may have a serious impact on the success of a project. When handling a mega public project, each of the phases should be defined in clear terms. The individuals involved in each phase, the time needed to complete the phase, and the resources that should be provided must be stated. Tight control of each phase is needed to ensure that the next phase can be initiated within the set timeline (Verzuh 2015). When the management lacks control over the project phases, it becomes possible to realize the set goals. Vinnem (2013) argues that such occurrences show a sign of limited planning in the project. It is also an indication that those trusted to manage the activities lack the leadership skills needed to coordinate and control the workforce.

The existence of unresolved issues and disputes can have a devastating impact on a major public project. The analysis of the primary data assigned this factor a Cronbach’s alpha of.914. Issues and disputes in public projects may emerge because of unlimited consultation. According to Dempsey (2014), government agencies are always expected to consult widely with the public and other relevant stakeholders to address all the conflicting interests that might exist. The support of all the relevant stakeholders is necessary to avoid possible litigation or sabotage by people who feel aggrieved when the project is implemented. Sometimes it may not be possible to meet the needs of everyone in the manner they would desire. In such cases, an effort should be made to reach a common ground. There should be a compromise that everyone is comfortable with before starting the project.

The lack of independent monitoring of progress, which had a Cronbach’s alpha of.910, was another major issue that was identified in the analysis. A project should have an internal auditing mechanism that focuses on identifying risks as soon as they emerge so that they can be addressed promptly. However, sometimes it may be necessary to have an independent monitoring system to monitor the progress of the project. The internal auditors will be kept active because of the knowledge that an internal auditor will also review the work. Sometimes these internal auditors may help in identifying major issues which may affect the overall success of the project but were not identified by the internal auditors. In public projects, the independent auditors may report to the head of the department or any other relevant governmental authorities in case corrective measures are necessary.

An organization experiencing failure to achieve its business objectives is one of the major negative events with serious consequences for the success of a project. The analysis of primary data shows that it had a Cronbach’s alpha of.913. Public projects are always costly. They are undertaken to help in addressing specific issues within the country as defined in the objectives. When a given initiative fails to meet the set objectives upon completion, it is a sign that the resources spent have been wasted. The opportunity cost could be huge if it was a major project that took years to complete and consumed millions of dirham in the process. Wassenaer (2017) says that the inability to achieve business goals is a sign of poor auditing. It is an indication that the project manager and the entire team did not take time to ensure that all activities are undertaken as per plan. Other issues include past project failures and loss of opportunity costs. Table 1 below identifies the occurrence of negative events that may have serious consequences for the success of a project.

Table 1: Occurrence of Negative Events

Research Question What are determinants of project success?
Hypothesis HA1: Determinants of risk governance are negatively related to the occurrence of negative events of projects.
Results The ANOVA analysis results indicate that:
The analysis shows that determinants of risk governance reduce chances of occurrence of negative events in a project. Understanding and embracing these determinants in public projects limit the occurrence of risks.
Researcher Observation The analysis of primary data and information collected from the sampled respondents strongly suggest that determinants of risk governance reduce the incidence of negative events.
• The respondents stated that schedule delays may have a significant impact on the public project. It may raise the cost of a project if urgent measures are not taken to manage it.
• The information collected from the secondary sources is supported by the primary data. The lack of control over the projects phases may have serious consequences for a project.
• The existence of unresolved issues and conflicts may have a serious impact on a project. It may create disunity among the concerned stakeholders.
• The inability to control project phases is an undesirable occurrence that should not be tolerated. It is a sign of lack of proper leadership.
• Project managers should always do everything within their powers to avoid cost overrun.
Conclusion The alternative hypothesis HA1 (p>0.05) was accepted for various determinants discussed above (IN1, IN2, IN3, IN4, IN5, IN6, IN7, IN8, IN9, IN10)

Audit Function Tasks in Managing the Risks in the Public Organisations

What are the audit function tasks in managing risks in the public organisations?

Internal and external auditing of public organizations is crucial in enhancing the rate of success of public projects. The review of the literature, conducted in the previous chapter, strongly suggests that internal auditing is critical in ensuring that a range of functions is conducted using the planned resources and within the right time. Unlike external auditing that often comes after the end of the program or annually, internal auditing is more regular and focuses on identifying risks at the earliest stage possible and addressing them to enhance the success of a given initiative. In public projects, given risk factors that go undetected or are ignored have serious consequences on the overall performance of a project. The analysis of primary data has identified various audit functions in managing risks in public organizations.

The existence of an internal audit process to implement a formal risk management program was one of the important factors that enhance the success of public projects. It had a Cronbach’s alpha of.943 based on the analysis of primary data. The respondents noted that having an internal audit process is necessary for creating a formal risk management program. According to Dempsey (2014), having a formal risk management program creates a clear pattern of managing risks in an organizational setting. It outlines what stakeholders should do every time they encounter risk patterns. A clear channel of communication is developed that enables the affected individuals or departments to coordinate with other departments to ensure that the risk is managed effectively.

The existence of a whistle-blowing mechanism, with a Cronbach’s alpha of.96, is one of the most important audit functions in public programs. In mega public projects, cases of theft of public resources can take place at different stages of implementation. Theft may occur at the highest level of management, among the mid-managers, or at the lowest level of management. Vinnem (2013) notes that not everyone is often involved in such cases of theft. When misappropriation of public resources happens among the top managers, reporting such cases becomes a complex process. Those who should receive such reports and act upon them are the ones involved in the theft. It means that internal auditing may be jeopardized by those in power. In such instances, whistle-blowing becomes the only way of addressing fraud and mismanagement of public ventures.

Public projects should have mechanisms through which employees, irrespective of their managerial positions within the firm, can report cases of theft or mismanagement to external stakeholders without facing victimization from colleagues or senior managers. When such platforms are created, everyone involved in the management of public ventures will know that they are not above the law. They will know that their actions can be exposed to the public and they can be subjected to disciplinary actions by higher authorities. Whistleblowers should be offered the most secure platforms for sharing their concerns. In case it is impossible for a whistleblower to hide his identity, mechanisms should be put in place to ensure that their personal security and the security of their job are assured.

The existence of internal audit as an assurance task has been identified as another important factor, with a Cronbach’s alpha of.974. The government and members of the public always want an assurance that their resources will be spent responsibly and without any major embezzlement. The only way of giving the assurance is to have a robust and uncompromised. Members of the public need an assurance that internal auditors will not be tempted to collude with program managers or other relevant authorities to steal public funds. A degree of independence should be exhibited among the internal auditors. Dempsey (2014) explains that although internal auditors are expected to work closely with managers to ensure that the goals and objectives of the project are realized, they should be allowed some form of independence that allows them to report to external authorities in case internal systems of managing risks are compromised. Under normal circumstances, the auditors should make internal reports to the managers or other relevant internal authorities. However, when no proper action is taken internally, mechanisms should exist for them to contact relevant higher authorities for corrective measures to be taken. The goal should always be to protect public resources from wastage or theft. The auditors should also ensure that those assigned specific tasks have the right skills and experience to deliver on their promise. Any weakness should be addressed effectively and within the shortest time possible.

The analysis of primary data shows that another important audit factor is the existence of guidelines for board/audit committees’ oversight. Having the position of chief risk officer was identified as being critical to the success of public ventures. The existence of audit committee oversight is equally important, especially when handling mega public initiatives. Auditing a public project is a complex and multifaceted process that cannot be trusted by one individual. The competencies of various workers, the use of assigned resources, and the time spent engaging in related activities, the level of technology involved, the effectiveness of coordination among departments or teams, and how well the outcome of the project is aligned with departmental goals are some of the factors that require regular auditing. Having an oversight committee will ensure that these tasks are centralized and conducted in a coordinated approach. Each of these areas of auditing may require experts, but they should report to the board chairperson who will then find a way of communicating with the relevant authorities for appropriate actions to be taken. Dempsey (2014) explains that the audit committee may be appointed by the head of a government department to work closely with the project manager, but to exercise some degree of independence whenever necessary.

The existence of the process for risk culture audit had a Cronbach’s alpha of.939, which makes it one of the most important audit functions in an organizational setting. It is impossible to avoid risks when undertaking public ventures because some of them are subject to natural forces. That is why many organizations are embracing a risk culture when undertaking major projects. They appreciate the fact that risks can occur at any time and that the most important success factor is how they are mitigated. However, Dempsey (2014) warns that when embracing the risk culture, care should be taken to avoid negligence, complacence, and any other practices that may make employees ignore dangers associated with different threats. Risk culture audit is meant to ensure that employees understand the need to make a quick and effective response to risks instead of ignoring them. The auditor will promote a culture of quick response to any form of threat that may affect the progress of a project, from the onset to the final stage when it is ready for the handover.

The analysis of the primary data shows that one of the most important internal audit functions is to provide assurance through written audit reports over the entity-wide risk management process. The factor had a Cronbach’s alpha of.834. Internal audit reports are often used by external auditors to evaluate and understand the activities undertaken by various stakeholders in a given venture. Having them in written format makes it possible to store them for future use. According to Zhu, Pickles, and He (2017), having such reports informal writing is critical when undertaking long-term projects that can last for over three years. The reports help in determining the pattern of risks and how they can be addressed should they occur in the future. The management can revisit the records and review how similar risks were addressed in the past, and the outcome of the strategies applied. Using such information, it is easy to come up with new improved strategies that can yield a better outcome than the previous strategies. A written record is further proof that actions that every stakeholder takes will be taken into account and that every individual will be held responsible for their decision. For any mistake or misappropriation of resources that happens within the organization, there will be records to help in tracing the responsible individuals so that appropriate actions can be taken.

The development of organizational policies for risk management processes is a crucial internal audit function. As Wassenaer (2017) observes, different risk factors may require different approaches to ensure that they are managed in an appropriate manner. The risk that arises from the misappropriation of public resources may require a different approach from that used when addressing threats associated with natural disasters. Coming up with relevant policies that guide the process of risk management is needed to ensure that there is a uniform way of dealing with risks. The policies should ensure that there is a uniform way of dealing with dangers as enshrined in the organizational culture. Sometimes it may be necessary to categorize risks based on their nature and impact on the firm.

The management can then develop a plan on how each category of risks can be managed to avoid their negative consequences. Public projects may be short or long-term. Short-term programs may last for a few months while long-term investments can take as much as five to seven years to be completed. When handling short-term ventures, departmental policies of risk management should be applied. It means that if the project is taken by the Ministry of Transport, policies used by the ministry in managing risks should guide the strategies and activities carried by the firm. On the other hand, if the ministry has a long-term program that may last for several years, it may be appropriate to allow the manager and the entire team to develop policies that are specific to the venture.

The analysis shows that participation in setting an organization’s risk appetite is another important internal audit function. It had a Cronbach’s alpha of.833 based on the analysis of primary data. The concept of high risks-high returns often applies in public projects (Dempsey 2014). Some risky undertakings may have high returns if they are managed properly. On the other hand, ventures with low or no risks may have limited returns. It is common to find cases individuals assigned to manage specific projects are tempted to take high-risk activities hoping to get impressive profits. Having a team of highly ambitious managers in a given program is beneficial. They will not fear taking risks or embracing change as long as they are assured of an impressive outcome. However, some risks may be too dangerous to be embraced in organizational projects.

Governmental organizations may need to set a risk appetite to ensure that every risk taken is properly calculated to avoid massive organizational loss. This requirement will ensure that unnecessary risks are avoided in major undertakings. According to Wassenaer (2017), mega public projects should avoid two categories of risks. The first category includes risks whose occurrence may have a crippling effect on the progress of the initiative. Another category of risks is those that bring negligible benefits to the firm. A project should not be subjected to unnecessary risks whose benefits may not be consequential. The factor seeks to ensure that appetite for risks should be regulated when undertaking public ventures. When planning to take a major risk, it may be necessary to consult with the top management unit of the firm. Table 2 below is a summary of these factors.

Table 2: Audit Function Tasks

Research Question What are the audit function tasks in managing risks in the public organisations?
Hypothesis HA2: The relationship between the determinants of risk governance and project success are moderated by the Internal Audit Function.
Results The results from ANOVA indicate that:
The analysis shows that internal audit functions define the relationship between the determinants of risk governance and project success.
Researcher Observation The findings made from the analysis of data primary closely relate with the information obtained from the review of the literature.
• The respondents feel that it is important to take risks when undertaking public projects because sometimes it is almost impossible to avoid them.
• The respondents believe that internal audit functions are critical when defining risks that should be taken and which should be avoided. Some risks may be too dangerous to embrace while others may have a negligible impact, making them irrelevant in public projects.
• It is important to classify risks based on their nature, sources, and impact before coming up with appropriate approaches to dealing with each category.
• The results of the analysis strongly suggest that management of risks should be a multi-stakeholder undertaking. Everyone should feel that they have a role to play in their identification and management.
• Management of risk appetite is important when undertaking public projects. Project managers and other relevant authorities should know the limit beyond which they should not go when taking risks.
• Optimal utilisation of financial resources requires an adoption of the risk-based audit. Auditors should analyse risks that an organisation seeks to embrace to ensure that the returns will be worth the risks.
• Individuals trusted with managerial positions in public projects should promote a culture where employees are sensitive to risks. Employees should be able to detect and report risks within their areas of jurisdiction within the shortest time possible.
• In mega public projects, it is necessary to have an audit committee that can coordinate effective management of risks.
• Whistle-blowing should be encouraged among employees assigned to undertaken various tasks in public projects. Systems and structures should be put in place to facilitate whistle-blowing as a way of fighting fraud.
Conclusion The alternative hypotheses HA2 (p>0.05) was accepted for these factors (S8, RMG8, RMG12, RRD4, RCU5, RG20, RG26, IAF5, IAF7, IAF9.)

The Association between Risk Governance and Project Success

What is the association between risk governance and project success?

When conducting analysis, it was important to establish the relationship between risk governance and project success. In the literature review, it was determined that the success of a given initiative is affected by risk governance strategies that are embraced when undertaking public programs. One of the most important factors that were established was completing the set activities on time and using the assigned resources. It had a Cronbach’s alpha of.985, which is one of the highest in the analysis of primary data that was conducted. One of the most important stages of idea evaluation before a program is implemented is financial analysis. Wassenaer (2017) argues that the stakeholders often evaluate the benefit of the projects by comparing the investment needed and the financial outcome of the activities.

The benefits expected from a given venture, such as a new road network, are often started based on the time the activities are expected to be completed. As such, it is crucial to ensure that the project is completed within the desired time to achieve the set goals. All the risks that may lead to an extension of time should be eliminated within the shortest time possible. One of the consequences of delays in completing the set activities in time is the increase in costs. When the cost of the project is increased, its value that is based on the financial benefits drops. The respondents stated that the problem of delays and inflation of the budget are common problems in public programs. Addressing such challenges increases the level of success of public projects.

Improvement of the understanding of key risks and their wider implication is another success factor, with a Cronbach’s alpha of.985 based on the analysis of the primary data. Every public project is subject to numerous risks. Some of these risks may be caused by natural forces while others come as a result of mismanagement, economic environment, or sabotage. The degree of these risks on the success of a given venture varies. This factor emphasizes the need to understand key risks and areas within the project that they are likely to affect. Individuals trusted with the management of these public programs should have a comprehensive understanding of various risks and their implications. The knowledge will be needed to know risk factors that need urgent management and those that can be addressed in the course of project implication. Wassenaer (2017) explains that in many cases the relevant individuals need some form of training. They need to be empowered to understand and classify risks based on various factors pointed out in the above section. Their understanding of the risks influences the approach they take in addressing the issues.

The primary data analysis shows that the issuance of consolidated reports of disparate risk at the board level is an important factor of project success. It had a Cronbach’s alpha of.985. Every risk factor that occurs in various organs of project management is often reported to the board of committee responsible for the management of risks. In many cases, these risks are unrelated or dissimilar. However, it is important to come up with a consolidated report of all of these risks before sending it to the project manager or other senior authorities within government departments. In the consolidated report, every risk factor should be critically evaluated. Dempsey (2014) argues that in such a report, the cost of addressing the risk should be plotted against the cost of their impact when they are ignored. Strategies needed to address the risk and the resources that should be availed must be stated in the consolidated report. Such a comprehensive report is needed by the top managers when making their decision on the approach that should be taken. They will know risk factors that cannot be ignored based on the resources needed and the consequences that they have on the project.

Sharing projects’ risks across departments or sections was another critical factor of success, with a Cronbach’s alpha of.985. Some of the public ventures done by different government departments are related in different ways. For instance, an initiative of constructing a new road network that is undertaken by the Ministry of Infrastructure Development and the construction of a delicate bridge that has to be done by the Ministry of Defence share a lot in common. Both projects can be affected by natural forces such as heavy downpours, flash floods, and limited water supply. They can also be affected in a similar way by factors such as inflation, shortage of construction materials, and misappropriation of funds. Instead of spending a lot of resources managing these risks in the two projects independently, Wassenaer (2017) advises that they can be managed from a united front. It means that managers working on the two ventures will form a single task force to deal with similar problems in the same organization. The strategy helps in cutting the cost of operation. It also makes it possible to pool together a team of highly specialized employees to deal with these risks in the best way possible. This approach not only saves money for the government but also increases the rate of success of public projects.

The outcome of the analysis of primary data shows that increasing of the management’s focus on the key success factor in public projects. It had a Cronbach’s alpha of.985. Program managers play a critical role in ensuring that the vision set by the departmental heads is realized. As a project manager, one has to ensure that all activities are properly coordinated and relevant reports are made to the program manager or other senior managers. Risk management is just one aspect of the many activities that project managers have to undertake. It is not possible for the managers to spend most of their time identifying, evaluating, and managing risks that the projects may face. Most of the time is spent in policy formulation and coordination of the implementation tasks (Dempsey 2014). Having a functional unit that is responsible for risk audit creates more time for the managers to focus on other important issues in the project. The unit will evaluate the risk and come up with possible alternatives for addressing the problem based on expert advice from the relevant officers. The manager will only be presented with the set alternatives for the purpose of approval or consultation with other relevant authorities.

Having fewer surprises and crises was identified as another important risk-based factor that facilitates the success of public projects. It had a Cronbach’s alpha of.985. It may not be possible to avoid risks in any public venture, especially the major public projects. However, they should not come as a surprise. Rausand (2013) explains that when a risk factor surprises the project management unit, it limits the ability to respond in an effective manner. It means that the management had not carefully planned for the possibility of its occurrence, and therefore, measures to deal with it were not put in place. Risks that come as a surprise often cause a crisis when managing a project. If it is a major risk factor with far-reaching consequences, it may bring panic among individuals who are required to respond to it in an effective manner. When these people panic, it reduces their capacity to respond to the risk factor in time and with the required focus. According to Burtonshaw-Gunn (2016), a crisis that comes as a surprise is a sign of limited preparation amongst the stakeholders. Before starting a project, the manager, the chief risk officer, and other individuals in the managerial and decision-making positions are expected to outline and analyze all the possible risks. Measures on how to deal with each of these risks should be stipulated before initiating the project. When these risks occur, the management will be adequately prepared to deal with them. They will not come as a surprise and they may not cause a crisis because of the existence of the management plan.

The analysis of primary data also emphasizes the need to put more focus on the efficiency of project phases, with a Cronbach’s alpha of.985. The ability to implement the activities successfully and without waste is critical when undertaking public projects. It is possible that mechanisms are put in place to eliminate any form of theft of public resources in a given venture. However, Rausand (2013) warns that wastage of resources is just as dangerous to the success of a public project as theft. Cases where structures and constructed only to be demolished because of lack of proper coordination or minimal supervision can have a serious impact on the progress of a project. A lot of time and important resources are wasted in such futile undertakings. Waste of resources may also come in the form of giving priority to tasks that are less important to the success of an initiative and ignoring fundamental issues in the project. Burtonshaw-Gunn (2016) advises that managers must know how to prioritize tasks when assigning resources. The primary focus should be on the fundamental activities that must be completed at every stage of a project lifecycle. Other issues and activities that are less important can be ignored or addressed after the completion of critical tasks. The managers should also avail resources that are needed and avoid cases of oversupply. When workers are presented with excess supply, caution to use them economically is often lost. They are tempted to misuse these resources knowing that there is more than enough in store.

The capability to take on critical risks in order to get greater rewards is another risk audit factor that defines the success of a project. In the analysis of primary data, it had a Cronbach’s alpha of.985. Some programs are subject to numerous and dangerous risks. However, their returns are impressive. The government of Dubai has initiated some projects with high risks in the recent past. One of them was the construction of Palm Island, the largest manmade island in the world (Burtonshaw-Gunn 2016). Such a megaproject had not been implemented anywhere in the world at that time, which meant that it was not possible to embrace best practices. The managers, the engineers, and all the technocrats involved in the project had to come up with an original plan and implement it with military precision. The team knew that risks were plentiful, in the ventures, but the returns were impressive. They studied all the possible risks in the project and came up with a careful plan on how to manage them. A quick response was one of the key factors in enhancing the rate of success of the project. Currently, the island is one of the leading tourists’ sites in the country (Agola & Hunter 2016). It has boosted the tourism industry in the country. When taking greater risks, Munier (2014) cautions that proper mechanisms must be put in place to deal with every threat that may emerge at different stages of implementation.

The reassurance of adequate evaluation of risks is another risk-based factor of success based on the analysis, with a Cronbach’s alpha of.985. The departmental heads are always responsible for the approval of megaprojects before they can be initiated. It is normal for these officers to be presented with numerous proposals of different projects, each with varying costs and benefits. The fundamental factor that defines whether a plan will be approved is its relevance to the department. The top managers will evaluate how well the proposed project will improve systems and activities within the department. Another critical factor is the benefits of the project vis-à-vis the associated costs. When evaluating the proposal to identify those that should be approved, the senior officers always consider the rewards those that promise the highest returns at the lowest costs (El-Karim, Elnawawy & Abdel-Alin 2017). However, it is important to note that the occurrence of risks can significantly inflate the cost of a project and reduce its returns. As such, reassurance of adequate evaluation of risks is crucial for the top managers to help them in their decision-making processes. They need to be assured that other than the stated possible risks there will be no other risk factor that may cause panic in the project. They also need an assurance that the plan set to deal with the probable risks (including the proposed time and resources needed) is accurate enough to avoid cases where more resources will be requested.

The level of success of public ventures is subject to the effective management of independent risks. It had a Cronbach’s alpha of.985. Most of the risk factors that occur in a project have a ripple effect, especially if they are not addressed in time. For instance, when a foundation slab takes longer than expected to dry up and solidify because of a weather pattern that was unexpected, other construction activities will be delayed. Munier (2014) observes that project managers are always keen on addressing such risks first before any other. Although doing so is important, it does not mean that independent risks should be ignored. A risk factor may not have any significant impact on other activities in the initiative, but failure to address it may have far-reaching consequences. The project manager and chief risk officer, working with other relevant stakeholders, should be keen on identifying these risks and addressing them within the right time.

According to Lowe (2015), one of the most important factors that should never be ignored when dealing with risks in a project is the management of stakeholders’ expectations. This factor had a Cronbach’s alpha of.985 based on the analysis of primary data that was conducted in the previous chapter. When implementing a public project such as the construction of a new road network, different stakeholders may have varying expectations. The government’s desire will be to have a new durable road that will improve the flow of traffic at the lowest cost possible. Members of the public will desire a road network that enables them to reach various places within the city in an efficient way. Some of the stakeholders’ expectations may be unrealistic. Members of the public may expect a highly sophisticated road network with underpasses, overpasses, and other modern designs that eliminates intersections and roundabout. They may be expecting superhighways with several lanes to eliminate traffic jams. However, they may not understand the fact that the resources set for the project may not facilitate the construction of such an ambitious initiative. The manager, either directly or through the appointed spokesperson of the project, should communicate with all the stakeholders about what to expect. They should be informed about the available resources for the project, the expected outcome, and the benefits it would have (Harris, McCaffer & Edum-Fotwe 2013). Managing their expectation helps in eliminating or at least reducing their dissatisfaction with the venture once it is completed. It ensures that the delivered outcome of the project is as close as possible to what was expected.

A continuous reporting of the key risks dashboard to board and executives was identified as another important success factor, with a Cronbach’s alpha of.985. In many cases, the board will demand effective implementation of activities of the project within the stipulated time. They need to be informed about the challenges that the manager and his team are facing in the process of implementing the set policies and tasks. Some major risk factors will need their urgent attention, especially if they have a direct impact on the budget and the set timeline. Such risks should be reported as soon as they are identified to ensure that they are involved in solving them. Other risks may be inconsequential and can be managed easily by the project manager and his team. Lowe (2015) argues that such risks should also be reported while the process of solving them is in progress. The project manager will explain the risk to the board of directors and what is being done to address it. Making regular reports of these risk factors enables the board to have full information about the progress of the project. They can make recommendations on how to deal with the issues based on the prevailing forces within the government department. Table 3 below is a summary of the factors discussed above.

Table 3: Association between Risk Governance and Project Success

Research Question What is the association between risk governance and project success?
Hypothesis HA2: Determinants of risk governance are positively related to a project’s success
Results The results from ANOVA indicate that:
The determinants of risk governance are positively related to project success.
Researcher Observation The findings made from the analysis of data primary show that various determinants of risk governance affect the success of a project.
• Delivering projects on time and within the set budget was identified as one of the most important success factor in public projects.
• The respondents believe that understanding of key risks and their wider implication is a critical risk-based audit task. It explains the approach that the affected stakeholders will take in managing risks.
• The analysis emphasises the need to issue consolidated reports of disparate risk at board level. The reports will help in identifying the patterns of different risks in a given project and the best strategy that should be used in addressing them.
• Different government departments are encouraged to share risk management practices as a way of improving efficiency and cutting down associated costs. Similar or related projects in different government departments can have a single risk management team.
• The top managers should focus more on key issues that affect the strategic goals of the project. Having a team of risk management experts enables the top managers to worry less about various risks and focus more on other important issues within the project.
• The risk management team, working closely with other relevant authorities, should ensure that the project is subjected to few surprises and crisis.
• Efficiency in all the phases of programme management is a critical success factor. The findings of the study show that the ability to implement the projects successfully without waste defines how well the set goals can be achieved.
• Although risks are undesirable, they cannot be avoided when undertaking various projects. Sometimes taking greater risks may yield greater returns.
• The board or senior managers should be continuously informed about the progress of the project and risks that may affect its success. Their input should be taken into consideration when addressing the risks.
Conclusion The alternative hypotheses HA3 (p>0.05) was accepted for these factors (RG1, RG2, RG3, RG4, RG6, RG7, RG8, RG9, RG11, RG12, RG14, RG18, RG19, RG22, RG23).

Rating the Importance of Determinants of Risk Governance

What is the significance of rating the importance of the determinants of risk governance?

Determinants of risk governance vary in their intensity and the manner in which they affect the progress of a project. Other than the classification of risks, it is also important to rate them in their order of significance to the venture. The analysis of primary data points out the importance of rating the determinants as a way of informing the decision of the project manager and his team. The existence of a process for alignment of risk profile with business and capital management plan was identified as a major factor, with a Cronbach’s alpha of.930. It is essential to ensure that risks are profiled, and their alignment with the business and the available resources stipulated in clear terms. It should be clear to the stakeholders how the management of such a risk would yield a given magnitude of benefits to the firm. The financers will understand how and why their resources will be spent in managing such risks.

The existence of a mix of qualitative and quantitative risk assessment criteria is an important factor when rating the importance of the risk factors. The factor had a Cronbach’s alpha of.966. Qualitative analysis facilitates a clear description of the risk. It includes a description of the nature of the risk, the possible sources, and its qualitative impact on the progress of the project. The qualitative analysis will help in identifying the stakeholders involved in managing the risks and the benefits that shall be realized if it is done within the right time. On the other hand, the quantitative analysis explains the financial implications of the risks. It will explain the statistical implications of the risk and reasons why urgent measures have to be taken to manage it. One of the most important areas of statistical analysis of risks is their financial consequences if they are ignored or if they are not managed at the right time. The decision-makers need to know how a given risk factor may reduce the financial benefits of the project in case it is not arrested as per the guidelines provided by the chief risk officer and his team. The other important area of statistical analysis of risks is the financial impact of addressing the risk. The management will need to know how addressing a given risk will increase the budget of the project beyond what was planned.

The existence of a control framework calibrated in line with risk appetite is another factor in the analysis that confirms the importance of rating the importance of determinants of risk governance. The analysis of primary data shows that it had a Cronbach’s alpha of.966. Having a team of risk management experts, headed by a chief risk officer, maybe an assurance to the management that emerging risks will be managed efficiently and within the right budget and time. However, Frynas (2015) warns that the overconfidence in the ability of the team to manage risks may push it too far into embracing risks that may have crippling consequences. Having a calibrated framework for managing risk appetite is very important in enabling the project management team to avoid dangerous risks. After rating a given risk factor, it will be assigned a specific value. The control framework will have calibration with clear instruction of the stage of the risk and whether or not it is worth taking. In the calibration, there will be a point beyond which any risk should not be taken however lucrative it may appear to be. In such cases, the management will not be left in a dilemma on whether to take the risk or not. The framework will issue a clear warning on why it should be avoided, and the seriousness of the consequences in case the warning is ignored.

It is also clear from the analysis that the existence of guidelines for quantification of tolerance for loss or negative events is an important factor, with a Cronbach’s alpha of.969. Loss and negative events may be unavoidable and sometimes even necessary to ensure that everyone remains alert in the entire lifecycle of a project. Before the initiation of a project, the possibility of occurrence of these risks and negative events is always outlined, and the financial implications are stated. However, that does not mean every risk that is identified should occur. Vinnem (2013) observes that the expectation is always to ensure that most of the risks are avoided because their causes are already known. When one major risk is followed by another, then the financial burden may be unbearable to the department sponsoring the project. The tolerance for the loss or occurrence of negative events should have a limit. First, if these negative events keep occurring at the initial stages of the implementation, Frynas (2015) advises that the best decision is to halt the program and conduct further analysis of why they keep occurring before continuing with the activities. In case these undesirable events start to occur when the project is nearing its completion, it may force the team to continue with the activities, but a thorough investigation should be conducted on how to manage these risks to avoid further loss. There should be a clear guideline that states how much of a risk a project can withstand.

The primary data analysis shows that the existence of a process for risk identification, assessment, and prioritization (with a Cronbach’s alpha of.972) is necessary for enhancing project success. The process should start with identifying the risks and doing the assessment. Then the next stage is prioritization. As discussed above, prioritization of risks is critical in knowing what should be done and when. The factor is closely related to the need to have a process for identification and monitoring key risk indicators, which has a Cronbach’s alpha of.972 based on the primary data analysis. The risk indicators will act as warning signs about the risks that should be given priority. The indicator will not only show the risk factor that needs to be addressed at any given time but also the consequences that they may have in case they are not managed properly.

It is also clear from the information obtained from the sampled respondents that the existence of a risk heat map and dashboard that indicates risk portfolio is also necessary for the success of public projects. On the one hand, it is necessary to avoid a single risk that has a crippling impact on the initiative. On the other hand, it is equally dangerous to take numerous risks on a single venture because their combined impact may have a similar undesirable impact. A risk heat map and dashboard show the number of risks already taken in a single project and their combined impact. The top management will know whether it will be possible to take other risks or not. The heat map acts as a warning to the management when the risk appetite is exceeding the capability to manage them. Hashemi et al. (2013) state that the heat map should not be ignored because when making decisions on new risks that should be embraced. Table 4 below is a summary of these factors.

Table 4: Significance of Rating the Importance of the Determinants

Research Question What is the significance of rating the importance of the determinants of risk governance?
Hypothesis HA2: There is a significant difference in rating the importance of the determinants of risk governance
Results The results from ANOVA indicate that:
Rating of the importance of the determinants of risk governance is important in enhancing project success.
Researcher Observation The analysis of primary data outlines the importance of rating of the determinants of risk governance based on their importance
• It is important to ensure that there is a process for alignment of risk profile with business capital and management plans.
• The analysis of data shows that the existence of financial crisis impact drives helps project managers to make informed decisions.
• The respondents believe that the existence of both qualitative and quantitative risk assessment criteria is a critical success factor. It facilitates a comprehensive analysis of risk based on its source, nature, and impact.
• The study shows that it is important to have a control framework calibrated in line with the risk appetite. The framework will facilitate decision-making process by indicating risks that can be taken based on the degree of their impact.
• It is necessary to have a quantified guideline for tolerance of loss and negative events. The management should have a limit beyond which risks and negative events in a given project cannot be tolerated in a single public project.
• The primary data also emphasises the need to have a framework of identification, assessment, and prioritisation of risks. The framework will ensure that the assessment of risks is done in a standardised manner.
• An effective internal communication system is another factor that the respondents believe may influence the success rate of a project. Junior employees should find it easy to communicate with the top managers and vice versa.
• Having a risk heat map and dashboard was also noted to be an important determinant of programme success. The map helps in examining the risk portfolio and the ability to embrace other risks in a single project.
• The capacity of a project to embrace risks may vary depending on varying external factors. It is important to have a mechanism for determining the current capacity before taking new risks.
Conclusion The alternative hypotheses HA4 (p>0.05) was accepted for these factors (S3, S9, RAI5, RAI9, RAI10, RMG15, RMG16, RC6, RC10, RA1, RA3).

Summary

This chapter provides a comprehensive discussion of risk governance strategies that can enhance the success of public projects. Thirteen factors have been discussed in this section. They include strategy, strategy, risk appraisal, and insight, risk decision and process implementation, risk governance, review risk development and decision, risk communication, and risk culture. Others include financial and technical capacity, risk appetite, ownership, risk-based audit project success, the occurrence of negative events, and internal audit function. Each of the 13 items is critical, but internal auditing comes out as one of the most critical functions when managing risks. Internal auditing in public investments involves a number of activities. First, it ensures that resources assigned to the projects are used effectively and for specific reasons. Cases of misuse of resources should be identified as soon as possible and corrective measures taken. Theft of these resources should be reported and punitive actions taken against those found culpable. The second area of auditing involves evaluating the capabilities of the workers assigned to undertake various tasks. Their skills and experience should be in line with the expectations. Any gap between the required skills and employees’ capabilities should be addressed. Internal auditing should also involve making frequent reports about the progress and milestones in the project. Of interest will be to determine whether the progress made is in line with the expectations set in the plan. If any activity is running behind schedule, internal auditors should be able to explain the reasons behind such delays.

Reference List

Abed, A 2014, United Arab Emirates yearbook, Trident Press, London.

Agola, N & Hunter, A 2016, Inclusive innovation for sustainable development, Palgrave Macmillan, Basingstoke.

Bai, Y 2014, Subsea pipeline integrity and risk management, Gulf Professional Publishing, London.

Burtonshaw-Gunn, S 2016, Risk and financial management in construction, Routledge, New York, NY.

Dempsey, C 2014, Castles in the sand: a city planner in Abu Dhabi, McMillan, London.

El-Karim, M, Elnawawy, O & Abdel-Alin, A 2017, ‘Identification and assessment of risk factors affecting construction projects’, HBRC Journal, vol. 13, no. 2, pp. 202-206.

Ellis, J & Sherman, D 2014, Coastal and marine hazards, risks, and disasters, Wiley & Sons Publishers, Hoboken, NJ.

Frynas, J 2015, Global strategic management, Oxford University Press, Oxford.

Harris, F, McCaffer, R & Edum-Fotwe, F 2013, Modern construction management, Wiley-Blackwell, Hoboken, NJ.

Hashemi, H, Mousavi, M, Moghaddam, T & Gholipour, Y 2013, ‘Compromise ranking approach with bootstrap confidence intervals for risk assessment in port management projects’, Journal of Management in Engineering, vol. 29, no. 4, pp. 12-35.

Lowe, M 2015, Business information at work, John Wiley & Sons Publishers, Hoboken, NJ.

Mousavi, S 2015, ‘An application of stochastic processes for analysing risks in highway projects’, Advanced Computational Techniques in Electromagnetics, vol. 15, no. 1, pp. 17-25.

Munier, N 2014, Risk management for engineering projects: procedures, methods, and tools, Springer, New York, NY.

Nguyen, H, Bhagavatulya, G & Jacobs, F 2017, ‘Risk assessment: a case study for transportation projects in India’, International Journal of Application or Innovation in Engineering & Management (IJAIEM), vol. 3, no. 9, pp. 1-12.

Popov, G, Lyon, B & Hollcroft, B 2016, Risk assessment: a practical guide to assessing operational risks, McMillan, London.

Rausand, M 2013, Risk assessment: theory, methods, and applications, Wiley, Hoboken, NJ.

Verzuh, E 2015, The fast forward MBA in project management, Wiley & Sons Publishers, Hoboken, NJ.

Vinnem, J 2013, Offshore risk assessment, John Wiley & Sons Publishers, Hoboken, NJ.

Wassenaer, A 2017, A practical guide to successful construction projects, Routledge, New York, NY.

Zhu, S, Pickles, J & He, C 2017, Geographical dynamics and firm spatial strategy in China, Springer, Berlin.