Element 6: Shared Risks

The aim of this information sheet is to assist Commonwealth officials at the Specialist and Executive levels understand:

• the benefits of managing shared risks
• a process for managing shared risk
• practical tips to manage shared risks.

This information sheet provides guidance to entities seeking to develop or formalise their approach to shared risk. It outlines how to manage shared risks by incorporating processes to manage shared risk within existing risk management arrangements.

Shared risk includes risks that extend across entities and potentially the community, industry, international partners and other jurisdictions. In large, complex entities, shared risk can exist within the entity as well as between them.

Although they will differ in scale and nature, shared risks have a number of distinguishing characteristics.

• A shared risk may have no naturally apparent owner. Unlike simpler risks, no one entity may be able to manage the risk on their own. Shared risks often require a network of distributed responsibilities and relationships.
• Shared risks can have complex causes, and can be influenced by the actions (or inaction) of a range of participants in different ways.
• Should a shared risk be realised, they can affect different organisations in different ways, and can have complex and widespread impacts.

The growing use of collaborative approaches by government such as through shared services public-private partnerships and inter-agency task forces means that shared risk is becoming more prevalent.

Management of shared risk requires ongoing communication between entities to accept and manage these risks effectively. Many entity processes to manage shared risk are often informal (discussions and consideration), rather than formal (risk assessments or risk frameworks - including risk registers that identify the shared risks). Depending on the context of the body of work and its complexity, there can be more benefits associated with more formal processes in managing shared risk. These benefits include:

1. Greater ability to identify and manage challenges

Management of shared risk requires stakeholder collaboration and agreement in order to effectively control the risk. The effective management of shared risk requires ongoing communication between entities sharing the risk to agree on how best to manage complex scenarios. The shared risk process serves as a mechanism to flag dependency and the need to collectively monitor and manage risk more closely.

2. Clarity and understanding of risk drivers

Managing shared risk can pose some challenges. Different entities may view the same risk differently due to different objectives. In some complex situations, their measures for success in managing the risk may even differ too. In these instances, issues may arise due to conflicting interests, resulting in a lack of coordination to manage the risk.

To addresses these issues, shared risk identification processes can provide entities with a more structured way to understand the risk and how best to manage it together to meet both of their objectives. Working together to manage the risk creates efficiencies by consolidating effort between entities and ensures all control activities are identified, allocated and managed by the entity best placed to manage them. Other than the efficiencies, sharing the management (as distinct from ownership) of one common risk can enable streamlined assurance and effective governance.

The aim of this information sheet is to assist Commonwealth officials at the Specialist and Executive levels understand:

• an example of how to effectively manage shared risk within typical public sector operations and programs
• the benefits that exist when an entity is able to successfully manage and mitigate shared risks, such as the effects of the COVID-19 Global Pandemic
• the value of focusing on risk culture and capability as a means to successfully combat the difficulties associated with shared risk
• potential processes and preventative measures that can be put in place to manage shared risk, and
• how to collaborate with other stakeholders that share the same risk in order to form a management approach

This information sheet provides guidance to entities seeking to develop or formalise their approach to shared risk. It outlines Western Sydney Airport Co’s strategy for managing shared risks and demonstrates how they were able to implement processes within their existing risk management arrangements that enabled them to negotiate the challenges that they were presented with. This case study also evidences the way in which an entity can prepare itself for shared and emerging risks through developing business resilience that enables an entity to respond to the wide-reaching issues associated with COVID-19 effectively and in a timely manner.

In 2017, The Western Sydney Airport Co Limited (WSA Co) were tasked with the responsibility to build and operate Sydney’s new international airport. The risk landscape that WSA Co were exposed to was particularly complicated and constantly changing and evolving. It involved significant planning, design, construction and eventually an operational phase. The successful delivery of the project requires continuous construction activity with minimal interruption. Therefore, the ability for WSA Co to actively identify, respond to, manage, recover and continue operating throughout a disruptive event such as COVID-19 was of the utmost importance.

Shared risk refers to risks that arise from objectives shared between multiple entities and include risks that extend across these multiple entities. Management of shared risk requires ongoing communication between entities to accept and manage these risks effectively. Depending on the context of the body of work and its complexity, there can be an increased level of benefit associated with the establishment of more formal processes designed to manage shared risk. Attributing responsibility and reaching a mutual understanding about these shared risks can ensure that agencies are able to work together and share information to mitigate issues that they have in common. Thereby increasing the efficiency of all off the affected stakeholders’ risk management capability.

WSA Co’s management of shared risk contributed towards a slew of benefits that enabled them to negotiate difficult operational challenges and reach their strategic objectives. These benefits included:

1. Greater ability to identify and manage the issues associated with COVID-19
2. Clarity and understanding of risk drivers
3. A high-degree of preparedness to deal with uncertain and unprecedented issues
4. Enhanced risk capability across internal and external workforce

The following key processes assisted WSA Co when managing their shared risks:

A key component of WSA Co’s ability to negotiate shared risk was their willingness to collaborate with all of the different suppliers and stakeholders involved in the project. Throughout he construction of the Airport, WSA Co will potentially have up to six principal contractors on site at any one time. The project is highly complex, involving the largest earthmoving works in Australia. As a result, there is a high degree of interface and shared risk throughout the project, with many different parties regularly interacting and engaging with each other to achieve the same objectives (i.e. ensuring that the project is on time, on budget and within scope). This dictated the need to set in stone measures and planning processes that involved extensive collaboration and involvement across all stakeholders and contractors. Through the constant communication between all these suppliers, WSA Co have been able to maintain a holistic and accurate view of the shared risks that materialise, especially during the project lifecycle, and as a result of the Pandemic.

An effective mechanism to manage the shared and common risks that were present for WSA Co and the multitude of external stakeholders throughout the project was the development and integration of an Interface Risk Profile. This profile allowed WSA Co to track and manage the different challenges and issues that presented themselves through various interactions across different contractors, government agencies, utility providers and parallel external projects (i.e. Metro Rail Project and the development of the M12 Freeway). WSA looked at mapping the variety of shared risks associated with their different interfaces and subsequently built these out into an Interface Report. This report was combined with an interface risk table which captured every interface relationship and the potential impact and financial consequence of all risks associated with a stakeholder relationship. For example, there various safety interfaces that existed across the project that were applicable to every contractor and agency. Through this process, they were able to be monitored, evaluated and mitigated through the Interface Risk Profile and reported on. Furthermore, Interface Deeds and legal agreements were also established for two interfacing parties, to set out the terms and obligations of the interface arrangements between these parties and WSA Co. Thereby, ensuring that there was a degree of accountability and understanding surrounding these types of day-to-day interactions that have shared ramifications.

These extensive controls and processes that form part of WSA Co’s interface risk management process provided the business with sufficient management oversight and clarity on any risk drivers in relation to their extensive stakeholder engagements. This has evidently paved the way for WSA Co to effectively and collaboratively manage their stakeholder relationships and related shared risks.

A Business Resilience Framework was developed in 2019 to establish a collaborative response in the event of a disruptive incident that threatened the operations of WSA Co and potentially the wider community. Organisational resilience was particularly important to WSA Co considering the constantly evolving nature of their business and their engagement of key contractors. This dependency and reliance upon external agencies, utility providers and other projects reaffirmed the importance of being able to resiliently manage shared risks across the project. As a result, the business planning process identified WSA Co as being susceptible to any instability and unforeseen events that could impact the economy and the operations of their contractors, resulting in the early development and introduction of a Business Resilience Framework.

The Business Resilience Framework was effective in allowing the entity to respond to the effects of COVID-19 quickly and efficiently. It facilitated the establishment of an Incident Management Team (IMT) that was able to react to the early local and nation-wide impacts on supply chain logistics and labour. This IMT included representatives from Safety, People & Culture, Corporate Affairs, Technology and Asset Management. Through this, a COVID Safe Plan was initiated and revolved around upholding the safety and continuity of their people, contractors and operations. This Plan was one example of many robust control mechanisms that managed the safety of their workforce, and aligned with the approach taken with contractors on-site. Whilst also ensuring the alignment with the ever changing government requirements and regulations.

This reactive response was borne out of initially embedding a foundation of organisational agility that assisted in providing guidance to the Executives and Business on how to manage this shared risk that impacted almost every aspect of the project. As a result of this exemplary organisation resilience, flexible working was instigated, maintaining the continuity of operations and combating the shared risk of COVID-19.

Embedding a strong risk-focused culture was also important in helping safeguard WSA Co through the challenging circumstances that presented themselves during the COVID-19 Pandemic. To achieve this, WSA Co believed in educating their workforce, and embedding risk management requirements in the engagement of contractors. This was in an attempt to raise the level of risk capability across the board in order to allow the successful identification, evaluation and treatment of shared risks that have the ability to impact operations. This, in conjunction with widely communicated and understood risk frameworks, is helping to promote a positive risk culture and mindset on-site.

A strong and robust dialogue was always maintained between WSA Co and the stakeholders involved in the project regarding better practice risk management. This created a strong level of cooperation and alignment of shared risk mitigation strategies and tolerance.

The aim of this case study is to assist Commonwealth officials at all levels, including Senior Executive Service officials to understand the benefits of:

• Collaborating with state or federal government agencies and the private sector,
• A structured approach to managing shared risk, and
• Engaging with stakeholders who understand the risk and consequences.   

This case study provides insight into the benefits of deploying multidisciplinary teams to resolve complex issues, and how critical innovation is to robust risk management and practice.  

In late March 2020, COVID-19 containment measures saw commercial passenger flights to and from Australia drop by more than 90 percent almost overnight. This devastated the country’s ability to transport goods internationally by air, including vital medical imports. In response, the Australian Government rapidly stood up the International Freight Assistance Mechanism (IFAM) as a temporary emergency support measure to keep global airfreight links open between Australia and existing international trading partners.

This case study demonstrates how IFAM collaborated to manage shared risk, the benefits of partnering with multiple government agencies and the private sector, and how a collaborative and coordinated approach mitigated the likelihood of Sydney Airport shutting down during a global pandemic. This case study also demonstrates how Austrade used:

• Insights from the Australian National Audit Office (ANAO) in the program design and implementation
• Structured its governance arrangements, internal audit, and review processes to ensure robust risk management and oversight
• Evolved an existing risk management framework to support a $1 billion program. 

IFAM, a high profile and dynamic emergency response program, required a structured approach to managing shared risk. Collaborating with stakeholders required risk owners and controls to be identified and assigned, and the establishment of robust governance arrangements. IFAM worked across government and the private sector to ensure that those best placed to mitigate risks were engaged and understanding of their role. The resulting outcomes for IFAM were as follows:  

• Global supply chains and flight lanes into Sydney Airport remained open, which maintained IFAM’s policy objectives
• Assurance was provided to the Australian Government and relevant Ministers that the threat of Sydney Airport being shutdown was being actively managed
• The established working group oversaw and implemented policy changes to their individual business or government agency to support risk mitigations
• Stakeholders maintained an active role in managing shared risk
• Established/strengthened networks between government and the private sector
• The pooling of expertise – different minds brought fresh thinking and innovation to emergency management.

1. Governance arrangements

IFAM was established as a temporary emergency support measure originally designed to operate for a 6 month duration. As time evolved, it quickly became clear that the economic impact resulting from a global pandemic meant that the program would need to continue beyond its original scope. A more adaptive model was required which highlighted the value of risk focused management and the criticality of sharing risk mitigations with stakeholders. Lessons contained within the ANAO’s Audit Insights provided Austrade with the foundational information it needed. It allowed Austrade to focus on the mitigation of risks experienced by other rapid government initiatives and provided an evidenced-based framework to support the establishment of IFAM’s risk-focused governance, planning and reporting arrangements.

To support robust program risk management, Austrade evolved its existing risk management strategy by incorporating other risk management approaches or practices by cross-agency and public sector stakeholders. This ensured Austrade’s approach was dynamic, measured, and reflected cross-entity input by the airfreight sector. The outcome for Austrade was the emergence of a multi-layer governance structure. This enabled evidenced-based government decision making and program management. IFAM’s governance arrangements were designed to work in conjunction with internal management, external stakeholder consultation, advisory measures, and ministerial oversight. Program operations were structured to be governed by 3 internal governance bodies and one external advisory group to address program risks:

• Monthly Steering Committee to oversight IFAM’s governance.
• Monthly Executive Advisory Group (EAG) to provide sector specialist knowledge.
• Fortnightly Program Management Meeting (PMM) to review strategy and operations.
• Bi-weekly Operations Synchronisation Meeting to oversight day to day operations. 

In establishing IFAM’s risk management reporting, the application of Austrade’s risk management framework connected the governance of IFAM into Austrade’s governance structure to ensure there was a common language, understanding and risk appetite. As the program extended and the appropriation increased (5 Tranches over 2 years with an appropriation of more than $1 billion), IFAM identified the requirement to tailor its risk reporting to support program needs and introduced the concept of continuous tracking of movements within the risk profile. This enabled risk managers to visualise the movement of risks and trends over time to support evidence-based decision making and the management of cross-agency shared risk. The flow of risk management information through IFAM’s multi-layered governance structure, made visible the relationship between management actions and changes in the risk profile and environment. This approach provided IFAM’s governance committees active feedback on successful actions through IFAM’s risk reporting framework. 

2. Identifying and actively managing risk

The task for IFAM was to maintain global supply chains by keeping flight lanes open through blocks, charters, and grants. In managing blocks and charters, this meant that not only did IFAM need to book a plane or space on a plane for a particular route, but became responsible for ensuring that these services were effectively used (that is, the block or charter was as close to full as possible).

IFAM’s multidisciplinary team routinely conducted data extraction and analysis and presented findings to IFAM’s advisory and governance bodies. Data insights assisted the Executive Advisory Group to provide expert advice to the IFAM Executive, informing quick-response decision making on freight lanes and recovery, panel contracts, seasonality issues and markets, financial commitments, and managing program risk. It was through IFAM’s multi-layered governance structure, the process of consultation and review, that IFAM recognised that the loss of cargo operations at Sydney Airport represented a real and immediate risk to Australia’s global airfreight connections. 

The PMM identified the potential risk of the collapse of cargo operations at Sydney Airport following the shutdown of Melbourne Airport in 2020. The spread of COVID-19 infections had brought Melbourne Airport operations to a standstill. The effect on Australia’s connections to global supply chains was significant and the PMM sought sector specialist advice from the EAG on the risk exposure, where it sat, and who was best placed to manage each risk. Feedback provided by the EAG identified the requirement to engage government and industry to mitigate disruptions to freight operations at Sydney Airport and to commence drafting a risk assessment and plan.

3. Allocating risk and identifying mitigation accountability

The experience of the collapse of Melbourne Airport cargo operations due to COVID-19 infection, alerted IFAM to the potential impact on Sydney Airport which accounted for 54% of international flights and a range of specialist infrastructure attached that does not exist at other airports.

IFAM and the Department of Infrastructure, Transport, Regional Development and Communications, formed a working group to prepare a contingency plan. The level of threat that the risk posed to Sydney Airport and Australia’s connection to its global trading partners was high. A joint whole-of-government (federal and state) as well as a private sector mitigation strategy was required and emerged. This enabled IFAM to engage stakeholders with the relevant delegation or authority to manage and mitigate the causal elements posed by the risk.

IFAM collaborated closely with carefully identified stakeholders to actively manage the risk. Two inter-government and private sector workshops were convened, followed by a subset of meetings to draft an issues paper and new policies and processes to support a contingency plan. A brief summary of the mitigations identified and applied are set out in the table below.

The working group regularly met to agree and monitor a set of mitigations and controls and reported on progress. The effectiveness of the working group collaborating to manage shared risk ensured Sydney Airport operations was well positioned to respond to the outbreak of the Delta variant when it emerged. This preparation resulted in no large-scale impact to Sydney Airport or its international airfreight operations.

IFAM’s role was to communicate the identified risk and engage a diverse group of expertise across industry and government and facilitate a forum for open and transparent engagement. IFAM worked collaboratively with members of the working group to structure an approach to mitigate risks and issues identified within the broader risk – maintaining Australia’s connection to the global airfreight system. 

IFAM successfully reconnected 9 Australian ports to 63 international destinations, helping the movement of high-value perishable Australian products to international customers and enabling the import of items of national importance. It is estimated that 35,000 direct jobs and 120,000 indirect jobs were reliant on the airfreight industry.

In the delivery of the program, IFAM partnered with Commonwealth agencies, state and territory governments, and industry partners. The IFAM story is a demonstration of the Australian Government’s commitment to maintain global air connectivity, and the importance of innovation, collaboration, and cooperation in response to unprecedented circumstances when managing risk.

This case study is intended to assist Commonwealth officials at Specialist and Executive levels understand:

• how to implement arrangements for managing shared risks
• how to engage and collaborate with other stakeholders sharing the same risks in order to realise the full potential of the project
• the benefits of establishing a strong relationship with stakeholders sharing the same project risks
• how cooperation through the management of shared risks on a project can improve the outcomes achieved

This case study provides guidance for entities seeking practical examples on the management of shared risk, as modelled off the method used by National Health Funding Body (NHFB).

The NHFB is a small agency that oversees the administration of Commonwealth, State and Territory public hospital funding and payments. In 2019, the NHFB launched a new National Health Funding Pool Payments System to support the financial administration of over $59 billion annual funding for public hospitals in Australia. The new Payments System positioned the agency well to respond to the COVID-19 pandemic including the payment of more than $12 billion in additional financial assistance under the National Partnership on COVID-19 Response.

Shared risks are those risks with no single owner, where more than one entity is exposed to or can significantly influence the risk. These include risks that extend across entities and may involve other jurisdictions. The growth of shared services and inter-agency projects means that shared risk is becoming more widespread.

The management of shared risks should be agreed by all parties involved. Accountability and responsibility for the management of these risks should be identified and accepted by those best positioned to manage them.

As an agency with approximately 20 staff (now 28), the NHFB contracted an external provider to undertake a comprehensive review of business needs, system functionality requirements and existing capability gaps. The original system was almost a decade old and even though it was able to facilitate payments to each hospital network account, it was unable to generate payment files for the Reserve Bank of Australia (RBA) or capture information relating to the funding flow into and out of the accounts by having to relying on a number of separate systems and manual processes. This resulted in information gaps, discrepancies, delays in reporting as well as delayed and/or rejected payments which then needed to be corrected.

Overall, the original system did not support the NHFB’s vision of improving the transparency of public hospital funding in Australia, resulting in the need for the establishment of a new payments system.

The management of shared project risks through collaboration

The NHFB successfully implemented the new Payments System in partnership with industry experts and key stakeholders such as the Treasury, the RBA, the Department of Human Services (now Services Australia) and Commonwealth, State and Territory Health Departments. It was clear that these stakeholders shared the similar objectives and subsequent risks of establishing a new public hospital funding payments system. A variety of collaborative initiatives were undertaken in order to create a project environment that was underpinned by transparent communication between parties. This allowed for a quick and dynamic resolution of potential problems that could be encountered along the way.

One of the 5 initial criteria identified as being key to the project was the interoperability between the new system, NHFB’s ICT infrastructure (via the Department of Health and Aged Care) and other stakeholder systems. Due to the very nature of the output of the project that would inherently operate in conjunction with other stakeholder systems, it was therefore critical to seek the views of these other stakeholders. As a smaller agency with limited in house expertise, the NHFB undertook this major project by actively seeking collaboration and engagement with key parties at every step of the way in order to manage the shared project risks identified and address any existing capability gaps within the agency.

To support both the planning and implementation of the Payments System project the NHFB established a Steering Committee with representation across the key stakeholders, including Treasury, the RBA the Administrator of the National Health Funding Pool, the Department of Health and Aged Care (Finance and ICT Security), a State and Territory representative (New South Wales) and Services Australia (previous system operators). A Payment System Project Working Group with representation from the NHFB, each State and Territory and our industry partners was also put in place to provide advice on business requirements and co-design solutions.

Properly assessing, analysing, and documenting the shared risks associated with the implementation of new Payments System was critical to the success of the project. The project risks were monitored and managed across all phases of the project, communicated through the Payments System Project Working Group, with ongoing oversight by the Steering Committee. The use of this Steering Committee as a forum for open discussion allowed for all of the affected stakeholders to properly understand the shared risks of the project, as well as agree upon responsibility for any mitigation strategies to combat these.

Creating a strong relationship between stakeholders

The early engagement, consultation and fostering of a positive relationship with State and Territory stakeholders was critical throughout the planning phase of the project. The NHFB funded stakeholder travel to participate in co-design and testing workshops and held bilateral discussions on specific design issues.

Ahead of implementation, the NHFB provided assistance to States and Territories to support their business and technical readiness including testing of local systems, as well as on-site training prior to go-live. The NHFB also continued to focus on productive relationships through regular bilateral engagement with their key industry partners and system administration stakeholders.

A Payments System Community of Practice with representation from all States and Territories was also established. Feedback and suggestions for improvement from this forum as well as a Payments System user group survey done in August 2020 helped the development of a number of system enhancements that were rolled out in 2020-21. This platform facilitated the sharing of ideas and also instilled a sense of cooperation and connectedness across the stakeholders involved on the project.

The benefits of collaboration

Through the successfully undertaken stakeholder and industry partner engagement approach, the new Payments System delivers simple and secure payments processing, an improved user experience, as well as a scalable and flexible system that reflects industry requirements and meets the demands and expectations within the public hospital system, even in times of disruption.

The design of the system better supports the obligations and responsibilities of the Administrator through best practice administration of public hospital funding.

The undertaking of face-to-face training and support to States and Territories helped improve the transition for the jurisdictions’ users in adopting the new payments system. It provided an opportunity to address any bedding down issues associated with introducing a new system to external parties and operated as an effective mitigation strategy to combat any potential risks.

Ongoing collaboration throughout the implementation of the Payments System, included a rolling review and improvement approach and regular status updates relating to policy, governance, stakeholders and system design which were communicated to the broader organisation and other stakeholders. This approach helped develop a fit-for-purpose end product that resolved the problems with the original system.

As a result of the management of the shared risks that presented themselves across the implementation of the project, the NHFB have also been able to better respond and adapt to the emerging business needs and obstacles that are associated with establishing this type of payments system. This was exemplified by more than $12 billion in payments distributed under the National Partnership on COVID-19 Response. The NHFB were also able to implement minor system changes quickly to support the administration of the National Partnership on COVID-19 Response and continue to outlay these payments to public hospitals.