Almost every company has one: a moment so disastrous it’s permanently etched in corporate memory.
Not all of them precipitate global media stories – Exxon Valdez, Deepwater Horizon, the Union Carbide Bhopal gas leak – but, as well as taking a terrible human toll, these disasters leave scars on the collective psyche of the board, senior management team and shareholders.
Businesses rethink safety or environmental policies and processes. Governance measures are tightened. Everything is done to make sure such disasters never, ever happen again.
And yet, most organisations fail to close one simple risk control loop.
At the very beginning of their capital projects, many businesses fail to ask the ‘Red Flag Questions’ that should trigger immediate global alarm bells. These are often the questions that in hindsight, seem obvious… So obvious, no one actually thought to ask them.
At the very beginning of their capital projects, many businesses fail to ask the 'Red Flag Questions' that should trigger immediate global alarm bells. These are often the questions that in hindsight, seem obvious...
So obvious, no one actually thought to ask them.
Why aren’t we asking Red Flag Questions early in every project?
Businesses don't ask the obvious question for three reasons:
The illusion of overkillCapital projects are subjected to many risk identification processes, including HAZOP, Layer of Protection Analysis or Probabilistic Hazard Analysis studies. It’s easy to imagine that any major corporate risk will leap out at this point. But not necessarily.
These processes focus exclusively on project delivery risk and many only look at one part of the project. They don’t explicitly ask enterprise-level Red Flag Questions, like: “Does the project interface with an ammonia system?” or “Is this project in a new country?” Which, in some organisations, should trigger an immediate escalation of oversight by a subject matter expert.
The illusion of awarenessCorporate horror stories are kept alive at the senior management level, but eventually they stop trickling down to project managers.
Over time, corporate knowledge degrades. Employee churn and the use of contractors means workforces are constantly being refreshed. Leaders imagine it’s unthinkable these issues aren’t top of mind with everyone.
This is a critical error. Unless Red Flag Questions are codified in risk assessment, executives cannot assume they will be alerted when the business starts work on a project that bears frightening similarities to a previous disaster.
The illusion that size mattersSome companies do ask Red Flag Questions, but only when they’re dealing with projects of large capital value. Typically, big projects make up around 20% (by number) of projects being executed in a given year.
That leaves 80% of projects running below the radar – and some of them will be high risk. Also, small projects are often led by new or inexperienced project managers who may not know enough to ask the right questions.
What will our Red Flag Questions look like?
Red Flag Questions are as individual as a fingerprint. They depend on what has caused your organisation its worst moments of pain and failure.
Professional Indemnity claims are a good place to start. Typical questions include:
Could this project result in a significant environmental incident?
Will the project interface with an ammonia system?
Will the project be delivered in a country where we do not currently operate?
Are we introducing a new manufacturing process?
Are we introducing a new technology?
How should Red Flag Questions be constructed?
As a general rule of thumb, Red Flag Questions should be:
These are Yes/No questions, making it easy for project managers to check through the list and ensure absolute clarity from a control perspective. Questions should be easy to understand and unambiguous, with supporting materials to clarify meaning where necessary.
You don’t want too many. Most of our clients use around 15. A ceiling of 20 is a sensible limit. Introduced early – Ask the questions early in the lifecycle, at beginning of the development phase.
A Red Flag answer should trigger immediate contact from a subject matter expert who will help the project manager assess and treat the risk. A red flag won’t necessarily kill a project. As per ISO 31000, it will simply ensure the project gets the governance it deserves.
Support by senior management
It is vital people know leaders won’t ‘shoot the messenger’. In a good risk management culture, people who trigger red flag alerts should be publicly praised.
These questions are so critical to risk assessment, they must be systematised and embedded in the delivery processes of every project – big and small.
You need a centralised risk detection platform that drives project managers to answer Red Flag Questions early and captures their answers. Any red flag question with the answer “yes” should trigger an alert to the appropriate subject matter expert.
The capital project management system or software you are using should also populate the project risk register and log any mitigation actions.
This allows governance owners line of sight across Red Flag Questions, giving them confidence that the right questions have been asked and risks are being managed and mitigated.
Ultimately, Red Flag Questions are an early warning system, a coarse filter to make senior leaders aware of the capital projects they should be paying attention to. Without them, companies risk repeating their worst mistakes.