When a system integrator finds a new opportunity to provide services—a new client, a revolutionary application, a troubleshooting issue that no one else has solved—we get really excited! We live for problem solving.
Industrial industry system integrators must be brave to face new frontiers. For example, when working on chemical plant process improvements, site visits may uncover safety issues, including poor maintenance, hazards, and undertrained employees. I remember a past project where I saw a metal rod jammed in the “alarm acknowledge” button automatically overriding alarms as they came up. This was remediated, but taught me that “risky” means different things to different people.
Safety risks deservedly take center stage, but all aspects of business present risks. Even operating at “steady state” has its own risks. But when you need to grow, upgrade, or improve operations, there are new risks to consider.
Risk management is part of operating a manufacturing facility and running a control system integration firm. The Control System Integration Association best practices states, “Risk is the potential loss resulting from a future event. For risk to exist, there must be an identifiable loss and uncertainty of that loss occurring.”
Owners and operators of manufacturing plants need to understand threats, vulnerabilities, and associated risks to their production systems. Issues include operational complexity, maintenance of legacy systems, evolving supply chains, competitive pressures, connections with enterprise resource planning systems and the Internet, remote access, and cybersecurity. Threat sources come from technical situations, infrastructure, and internal and external individuals—some with motives for sabotage and crime or even industrial espionage and terrorism.
Control system integrators work with clients to help manage client risk priorities, while also considering their own risk management at the project and corporate level. The process for identifying and assessing risk is undertaken at the beginning of a project, typically during proposal development where risk factors are identified and quantified with decisions made to accept the risks, plan accordingly, work with the potential client to mitigate risks, or to decline the project because it presents unnecessary or unacceptable risk. Failure to follow good practices here can place the company, as a whole, at risk.
Risk identification and assessment includes the review of commercial terms, pricing, technical skills, available resources, service supplier qualifications, scope definition, safety issues, and deliverables. The following are five important areas to assess during initial project definition:
- poorly defined project scope
- undefined or poor acceptance test criteria
- undertaking technical challenges beyond current skill sets
- selection of unqualified or inexperienced service suppliers or subcontractors
- unreasonable constraints, including schedule expectations and resource availability
- undefined or poorly defined project deliverables: these risks are particularly important for projects governed by a regulatory body
- failure to estimate appropriately causing a project overrun
- failure to use good change management causing an overrun
- poor project management resulting in poor cash flow
- undertaking work for clients with a poor credit rating and an inability to pay
Insurance and indemnification risk
- providing a proposal with inadequate terms and conditions
- accepting contracts with one-sided or unfair terms and conditions
Commercial contractual risk
- failure to appropriately handle confidential client information or intellectual property, opening up the possibility of financial loss claims by the client
- failure to formally hand ownership of project deliverables to the client
- failure of project team to understand contractual commitments
- failure to come to an agreement on a health, safety, and environmental plan for project
- failure to meet OSHA 29 CFR 1910.119 process safety management requirements, if required
- failure to meet other regulatory agency safety standards that apply, including Department of Defense, Department of Energy, FDA, and the Bureau of Alcohol, Tobacco and Firearms
In the case of the chemical plant example, one of the risks is employees accepting a risky environment and not acknowledging dangers. It can be easy to miss threats or assume that someone else is going to watch out for them. Clear roles and responsibilities are essential.
Done properly, risk management allows project goals to be met and supports success. Consideration for project risk means that both parties—the client and the integrator—will look back on the project knowing it added value to both their companies.