The risk management process starts with the identification of risks. Identification of risks refers to defining a comprehensive list of risk events, usually grouped in consistent categories, and then describing them so as to understand clearly how those risks will impact the project outcome if they materialize. Processes for identifying risks are well established – see, for example, the International Organization for Standardization (ISO) 31000 Risk Management Standard.
Risk assessment (including identification) may be more or less exhaustive depending on the purpose of the assessment. For VfM and commercial feasibility exercises (carried out during appraisal), this work will usually be more exhaustive. For risk allocation, this work will be less exhaustive and will involve a degree of prioritization; the decisions about the allocation of the significant risks of the project (in terms of likelihood and/or impact), when documented in the contract, will implicitly allocate many of the less significant risks without the need to expressly consider and allocate those less significant risks.
This section introduces the concept of risk identification bearing in mind, in terms of risks, both the needs of the Appraisal Phase (related to VfM and commercial feasibility) and the allocation exercise (the focus of the Structuring Phase in terms of risk analysis).
As introduced, the categories assumed by a private partner when analyzing the risks (based already on a risk allocation structure) may differ in the sense that some categories or types of risks are only the subject of a private assessment. Basically, this covers some political risks in the broad sense (including the credit risk of the counterparty).
However, some risks which potentially can be incorporated into the political risk category by a private appraiser will be considered in the public assessment so as to allocate risk and define the risk structure of the PPP contract. This is the case for riots, wars (and generally “force majeure” risks), and similar risks. It is also the case for any changes in the legal framework or other potential political and policy actions that may affect the project outcome or directly affect the financial equation of the private investors or the lenders.
Some of these political risks (for example, controls on the convertibility of the currency) will be analyzed by the prospective private partner under the country risk category, that is, in an analysis screening the country and program rather than the specific project.
There are multiple classifications of risks suggested by different authors and institutions. No matter what categorization is used, the relevant issue is to be sure that all potential events are identified and treated in terms of qualification, quantification, and allocation. Eliminating the risk of “blind spots” and natural overlaps are taken into account in the assessment so as to avoid double counting.
When defining categories and events, it is necessary to accept that overlaps exist. Some risks can be difficult to assign to one specific category. For example, “market risk” may materialize in the form of lower demand for the service, but a change in demand may also be caused by a policy decision which, while not intended to, may impact the project. In this instance, the danger may equally be regarded as a “political risk”. Also, risks of cost and time overruns are interrelated as time overruns usually cause cost overruns.
To handle overlaps and avoid blind spots, it is useful to develop a “risk register” and conduct meaningful brainstorming sessions. Blind spots can occur when areas are overlooked, either because of negligence or from paying too much attention to certain risks, but not to others.
The detailed risk register is used to conduct an orderly quantitative risk assessment. The purpose of this is to define the financial base case in order to conduct the commercial feasibility analysis and to handle the VfM exercise.
However, when handling the risk allocation tasks, it is obvious that it is necessary to identify and categorize risks so as to decide on their optimum allocation. However, this is frequently done on the basis of a less exhaustive categorization of risks, relying more on a qualitative assessment (see next section).
In defining the risk allocation strategy, it is common and good practice to use a “risk matrix”. The risk matrices usually mix categories of risks not only identified by their nature (for example, political, market, general economy), but also including and describing risks identified by their timing or as an obligation or element of the contract’s scope (for example, construction risks, O&M risks, and revenue risks).
A risk matrix identifies and systematically describes all risks properly, including how they affect the project (and in what form), as well as potential mitigation measures (a risk may potentially have a severe impact, but be easy to mitigate). Some risk matrices include the qualitative assessment of the risks (describing them in terms of relevance of impact), which is explained in the following section. See box 5.18.
As with the allocation analysis, this PPP Guide will work with the following broad categories of risks, noting that some of these categories may be more or less useful depending on the risk specifics of the respective project.
- Site risks: Availability of the site, design risks, environmental, permits, and ground conditions.
- Design risks.
- Construction risks.
- Commissioning risks.
- Revenue risks: Demand/usage (in user-pays and volume payment mechanisms), price or tariff risk (in user-pays), availability and quality risks, third party revenue risks, and so on.
- Maintenance risks.
- Other operating risks.
- Financial risks.
- Changes in law.
- Force majeure risks.
- Early termination risks.
It should be noted that this risk classification is done from a project standpoint, that is, it does not cover or consider the “country risk” category, although some expressions of political risk may fall within some of the categories above, such as changes in law or force majeure.
In order to identify and allocate the risks, a specific risk matrix should be developed for every project that is being analyzed. Although a basic risk matrix may have been developed at the previous phase for the purpose of defining the PPP pre-structure, a detailed one should now be completed. The risk matrix should contain at least the following information for each risk.
The risk matrix helps the government to organize the conduct of the risk analysis and to record the decision on the risk allocation so it can be incorporated into the contract afterwards. The decision will usually be made by means of qualitative assessment (with potentially some limited exceptions that may require an ad hoc quantitative assessment exercise).
The qualitative assessment is sometimes recorded in a separate document which will provide feedback to the risk allocation matrix to define the allocation for any unclear or difficult risk events (see section 5.4).
 Federal Highway Administration (FHWA), the U.S. Department of Transportation (2013) provides an explanation of how to handle a meaningful identification exercise by creating registers and other tools, such as “Risk Relation Maps” (RRM). It also provides a check list to double check the correctness and reliability of the register. Also, Farquharson and others (2011) includes an example of a Risk Register for a PPP project in appendix B.
 “PPP Manual of Rio de Janeiro” (2008) provides an example of a risk matrix in Annex 2,page 178. Appendix A of the “Risk Allocation and contractual issues guide” provides for a detailed risk allocation matrix describing the recommended or preferred allocation (Partnerships Victoria, June 2001).