An exact definition for risk is hard to find and its measurement is controversial as well. In literature, the word "risk" is used with many different meanings. The Oxford English Dictionary defines risk as "chance or possibility of danger, loss, injury, etc.”.
In the context of an infrastructure project, there are also different definitions issued or used by different agencies and institutions.
Most of the definitions are focused on the probability or likelihood of the event. For example, the OECD defines risk as the probability that the actual outcome (for example, sales, costs, and profits) will deviate from the expected outcome. A definition from Australia is as follows: ‘the chance of an event occurring which would cause actual project circumstances to differ from those assumed when forecasting project benefit and costs”. See box 5.16 for differences between risk and uncertainty.
In the UK’s Orange Book, risk is defined as the “uncertainty of outcome, whether positive opportunity or negative threat, of actions and events”. This definition implicitly covers both the probability and consequences/impacts, and it is preferred for this PPP Guide. As the UK’s Orange Book also states, “the risk has to be assessed in respect of the combination of the likelihood of something happening, and the impact which arises if it does actually happen. Risk management includes identifying and assessing risks (the ‘inherent risks’) and then responding to them”.
BOX: 5.16 Risk versus Uncertainty
The risk concept is inclusive of the uncertainty concept. Risk can be measurable or immeasurable, the latter also being referred to as uncertainty.
As explained in OECD (2008), “uncertainty should be distinguished from measurable risk” (Fourie and Burger 2000; Grimsey and Lewis 2005). Uncertainty is defined as a case in which measurable objective or subjective probabilities cannot be calculated and then ascribed to the range of possible and foreseeable outcomes.
Prior experience or research might, but will not necessarily, allow the government and possible private partners to state expected worst case and best case scenarios. Nor will this ascribe subjective, ordinal (non-numerical) probabilities (such as “likely” or “very unlikely”) to each scenario. Such ordinal probabilities depend less on information and more on enlightened guesswork (“guestimates”) than on the case of measurable risk.
Despite this theoretical discussion, this PPP Guide generally refers interchangeably to risk and uncertainty, as the risk assessment to be made and the risk categories to be addressed will include measurable and immeasurable risks as well as objective and subjective valuations.
Therefore, the essence of risk is characterized by two factors: the likelihood of the event taking place and the impact of the event.
1. The likelihood: The probability of the risk event occurring within the time period of the project; and
2. The impact: The financial value of the risk event’s effect.
The value of the risk can therefore be calculated using the following “risk formula”:
Risk (Expected Loss) = likelihood x impact = probability of risk occurring x financial value of effects
As will be explained later in this section (see 5.3), prioritization is a must have in proper risk management. Therefore, the management should be focused on risks that have a high degree of expected loss defined as a combination of probability and potential impact.
From the government’s perspective, the outcome of the project (its success) is affected by a broad variety of risks, including social impacts, reputational risks, and the risk of the PPP process being cancelled. In addition, there is the risk of the project being delayed and/or more costly than projected in the pre-award phase of the cycle. However, for the purpose of risk allocation and structuring, when structuring the tender and the contract, the public partner must focus on the risks affecting the roles, responsibilities, and the financial position of the private partner under the contract — from contract signature through the life of the contract.
PPP project risk structuring must deal with uncertainty over long periods of time. In this sense, it is important to be aware of the fact that projects with long life cycles can be subject to an endless catalogue of events affecting their performance, and that even the most careful set of provisions and remedies can fail to consider them all.
Risks should be addressed in an organized and structured approach, which is defined as the risk strategy.
Risk management should follow the Risk Management Cycle (see figure 5.9), which, in sequence, includes: a profound effort to foresee such events (identification – explained in 5.2), a rigorous analysis of their implications (assessment of likelihood and size of consequences if they materialize – explained in 5.3), and an analysis and implementation of possible mitigating measures or remedies (explained in 5.4).
Mitigation measures will provide feedback into the assessment so as to finalize a set of risks that will be the object of the allocation exercise and, subsequently, the risk structuring and incorporation of that structure into the contract. Through this process, some risks are transferred to the private partner, some risks are retained by the public partner, and some risks are shared.
Once risks are allocated and structured (section 5.5), an effective management strategy will be implemented (also known as treatment of risk).
For retained risks, the public partner will develop specific management strategies for each risk. These strategies may include:
- self-insuring and building up contingency funds in the budget;
- contracting out insurance policies for some risks;
- entering into hedging mechanisms for some financial or economic risks (for example, inflation);
- relying only on reactive management when a particular risk occurs; and
- For all risks, the public partner will design and operate a risk monitoring system which will incorporate mechanisms to review the identified risks, detect new risks as they arise, and establish how to deal with the risks when they occur, including risks that have been transferred. The public partner monitors both retained and transferred risks because it has the ultimate responsibly to the tax payer for the asset and the service it provides. Managing the risks is part of contract management (risk monitoring and ex-post management) which is explained in chapters 7 and 8.
Management of the financial consequences of retained risks, which typically take the form of contingent liabilities, is discussed in chapter 2 of this PPP Guide, and control after the contract signature of the transferred and shared risks is covered in chapters 7 and 8. The core objective of this section is to understand risk allocation and structuring.
Those tasks (identification, assessment, mitigation, allocation, treatment, monitoring, and ex-post management) comprise the risk management cycle.
The first part of the cycle (identification and assessment) is usually done during appraisal, with the purpose of conducting the commercial feasibility analysis (and subsequent affordability analysis) as well as the VfM exercise. The appraisal requires detailed assessment of the risks, usually through quantitative analysis. In contrast, the risk assessment required to define the risk allocation requires less detail and is mostly based on qualitative or semi-quantitative risk assessment. The risk allocation then feeds into the detailed risk structuring in the contract, which can require an assessment (either qualitative or quantitative) of many nuances in respect of particular risks. These differences are explained further in the next sections.
FIGURE 5.9: The Risk Management Cycle from the Perspective of the Public Partner in the PPP Context
The private partner will have its own risk management cycle based on the risk allocation structure of the contract and its own analysis of the project risks. The ability and options for the private partner to manage the risks that have been transferred must be considered by the public partner (see section 5.5). This is necessary when defining the risk structure and deciding the risk allocation (including the tolerance of the lenders for certain risks), because this is at the heart of the risk allocation. In fact, it is something to be considered when deciding the scope of the contract, as that is the basis of the future risk allocation – see box 5.17 below.
The public party must have a clear view of the ability of the prospective private partner to effectively manage the risks. Risks have to be allocated to the party best placed to manage them. However, there are risks that cannot be assumed by any party or by any agent in the market place (uninsurable risks). Those risks will have to be retained by the authority, as the government’s decision to invest in or promote the project (regardless of the method of procurement) is not based on financial feasibility but on socio-economic factors. In this circumstance, a risk may be incorporated as a retained risk in the overall assessment, and the project may still evidence a likely positive outcome.
Assuming a certain risk allocation structure, the private side will proceed in the same manner as the public sector, analyzing the risks so as to identify and assess them, and then deciding how to deal with them. There are some risk events that are not considered or assessed by the public partner from a financial and project standpoint, but which will be risks for the private partner because they are implicit in the nature of the public partner as an authority and contracting party (its ability to meet the obligations to pay, or the counterparty risk in government-pays PPPs, or the financial risk of terminating the contract capriciously). However, some of these risks (included in the concept of political risk, as perceived by the private sector) may have been considered by the public partner from a framework and program perspective.
Assuming that the allocation is appropriate (that is, that no risks allocated by the contract are unbearable by the private partner), the private partner has a range of tools and possible strategies available to it.
The private partner will have to develop and implement a risk plan that includes preventive and reactive measures, including a risk monitoring system for all risks, which in many cases is not just good practice but a contractual obligation with third parties (insurers) or with the procuring authority.
As with the case of the public partner with respect to the allocation of risks in the main contract (the PPP agreement), the decision by the private party to retain and price the risk or transfer it through to another party will depend on whether that third party (including the hedging market or the insurance market) can manage that risk by absorbing and pricing it efficiently, or even pass the risk through to subsequent third parties in a cascade.
Appendix A to chapter 6 further explains how the private partner faces the challenge of managing risks, especially by means of transferring them through to contractors under “back-to-back” schemes.
One further clarification has to be made with respect to the private perspective about risks vis-a-vis the scope of knowledge covered in this section. This chapter is about projects, so for convenience it ignores the previous strategic analysis of the private partner in terms of country risk (see chapter 1.5.6.c) and PPP program opportunity. It is assumed that the specific country hosting the project and the respective PPP program are acceptable in terms of risk and will be appealing as a strategic target.
Chapter 6, appendix A describes the cycle of country analysis especially project analysis from the private perspective.
 Public-Private Partnerships:In the Pursuit of Risk-Sharing and Value for Money (OECD 2008), page 13.
 Chris Furnell, Risk Identification and Risk Allocation in Project Finance Transactions, paper presented at the Faculty of Law, The University of Melbourne, May 2000, p. 1., cited in Partnerships Victoria (2001), Risk Allocation and Contractual Issues, http://www.dtf.vic.gov.au/Publications/Infrastructure-Delivery-publicati....
 Inherent risk as opposed to residual risk, the latter being the risk remaining after the specific treatment applied to mitigate and manage the risk by any of the potential risk strategies.
 Another potential output of the assessment may be rejecting the project or redefining it in such a material way (for example, a significant change in the scope) that the appraisal should start again from the outset. The existence of significant risks that may not be tolerated by the public or by the private partner, which is a sign of unfeasibility, is something that should be detected during the early stages of the appraisal.
 For references to further reading on project risk management from a broader perspective, please see previous footnote or refer to the “References” section at the end of this chapter.
 Conversely, there are also risks that only affect the public partner and are not analyzed by the private partner (government reputational risk, failure to select the right partner, failure to achieve VfM, and so on).
 A sustainable PPP strategy requires managing aggregated fiscal implications and controlling liabilities, which has to be addressed by means of a proper framework, as explained in chapter 0 and developed in chapter 1. However, the risk perspective of this chapter is contract specific and relates to the direct financial implications of each specific project.
 Another more subtle way to treat certain risks, corresponding to a self-insurance approach, is by diversification of the portfolio of project risks, usually combined with the pricing of the risk in terms of equity IRR and/or contingencies. The more diversified the portfolio of an investor, the less the exposure to certain risks and therefore the lower the risk premium.