The British government has the Sisyphean task of resolving more than 300 ‘preparedness projects’ before the fast approaching 29 March 2019 deadline for leaving the European Union.

Until now, Brexit preparedness project delivery has been largely under the command of the Department for Exiting the EU (Dexeu), but concerns have been raised that they are not managing the complexity and sheer volume of the work required.

So the government has established a shadow ‘EU exit capability team’, complete with IT experts and project managers, to support and assist Dexeu as the deadline approaches.

One of the priorities of the EU exit team is to look closely at the riskiest projects and make sure they are being managed as effectively as they can be. Essentially, the exit team is a form of “risk management”, implemented by the government as the likeliness of a no-deal Brexit increases.

 

How important is successful project delivery before Brexit?

As Tony Blair warned, Brexit is a bit like agreeing to a house swap without having seen the other house. However, this is not about how Brexit will look post-March 19, but what needs to be done in preparation for the 29 March 19 deadline.

Whatever your personal feelings about Brexit, successful delivery of the key Brexit preparedness projects is in everyone’s interest. Some of these projects must be completed as Britain formally leaves the European Union on 29 March, no matter what shape Brexit takes, whereas some will only be required in the event of a no-deal.

The importance of Dexeu and the exit team’s success at project deliverance cannot be overstated. The government simply does not have the time to make mistakes or flounder. It has only one chance to ensure the projects are completed before the deadline.

 

How the government is implementing risk management and where it could go wrong

The government has assembled a Brexit preparedness programme, because both the exit team and Dexeu are looking at a number of projects, and all for the same cause.

A ‘programme’ is defined as a “collection of interrelated projects that together will deliver defined benefits” — in this case, the smoothest exit from the EU possible.

The two departments will undoubtedly already be using some risk management techniques — but it is highly likely that, under pressure, these techniques will degenerate into little more than box-ticking or worse — provide the wrong answers and mislead and waste time when there is no time to waste.

 

What the government needs

Large and complex programmes consist of many projects. Many projects will generate very many risks and if these are not processed appropriately, it will be difficult to “see the wood for the trees”. Even more fundamental is the fact that some of the projects are critical to the programme’s success whereas some of the projects are not. This means that effective Project Prioritisation is crucial as a first step to risk management.

Essentially the government needs to clearly establish certain criteria relative to 29 March 19 including:

  • Projects for which delivery is critical.

  • Projects that the government really should deliver.

  • Projects that would be desirable to deliver.

  • Projects not immediately necessary for 29 March (and could be delivered later).

Project objectives cannot be delivered unless the resources are there to meet them. These resources are limited and it is not possible to know what resources are really required without effective project prioritisation.

In all likeliness the government will have considered some form of prioritisation already; the establishment of an exit team is a positive sign that the government is conscious of certain projects requiring prioritisation over others.

But it is unlikely the government will have taken into account the full complexity of the situation and it is essential that the government can communicate priorities with the private sector who need to do much of the preparedness work.

The Programme Criticality/Complexity matrix

If the government fails to prioritise the projects appropriately they will run the risk of spreading resources too thinly, and too much time and effort will be spent on projects that do not need urgently addressing.

Both Dexeu and the exit team are likely to be following a basic process for prioritising projects — indeed, that is why the exit team exists in the first place — but often these processes are flawed as they tend to overly focus on the size or cost of the project.

Size of project is clearly important, but other factors should be considered: such as benefits that should be realised and, the chances that the project will fail due to unmanaged risks. Some projects (e.g. supply of key drugs) could be a matter of life or death and cannot be allowed to fail. For these reasons, both Dexeu and the exit team would benefit if they prioritise their Brexit preparedness projects using a Criticality/Complexity matrix:

A matrix showing the criticality/complexity of risk

The Criticality y-axis is effectively a measure of how much be at stake if the project failed to deliver by the required date:

  1. ‘A’ — Little or no impact on the overall programme objectives if the project fails to deliver its objectives by the 29 March 2019.

  2. ‘B’ — Manageable impact on the overall programme if the project fails to deliver its objectives.

  3. ‘C’ — Significant impact on the overall programme if the project fails to deliver its objectives.

  4. ‘D’ — Critical impact on the overall programme objectives if the project fails to deliver its objectives by 29 March 2019.

Whereas the Complexity x-axis is effectively a measure of the inherent risk in the project:

  1. ‘A’ — Simple project and small team.

  2. ‘B’ — Complex project and small team.

  3. ‘C’ — Simple project and large team.

  4. ‘D’ — Complex project and large team.

Note that complexity is strongly driven by team size as communication grows exponentially difficult as the team size increases and communication failures equal risk.

Both Dexeu and the exit team should organise a workshop of senior stakeholders and plot each project on this matrix. Once the projects are plotted on this prioritisation matrix, it will become clear where management attention should be directed.

Projects that are D Criticality, but A or B Complexity will probably be delivered. Projects that are D (or C) Criticality and D (or C) Complexity are the ones to concentrate on as they will probably not be delivered without robust risk management. Interestingly, projects that are A or B Criticality and C or D Complexity are not essential, taking valuable resource and may well fail and therefore, potentially, should be culled!

Assumption Management rather than Risk Management using ABCD (Assumption Based Communications Dynamics)

The risk register is the traditional ‘list’ of risks, and the risks themselves are normally placed in priority order based on Impact and Probability, which are not necessarily the “right” criteria. Also, many traditional risk registers fall down in their effectiveness due to negative psychology which is caused by expressing what you don’t want to happen rather than what you do want.

The exit team are said to be performing ‘Deep Dives’. Deep Dives are useful to explore the detailed risks of implementation, but it is too easy to get “lost in the noise” and therefore miss the big strategic risks.

There is also the difficulty in finding the right balance in communication to project managers, civil servants, and stakeholders. Leadership and teams will need just the right level of detail about each risk so they can understand and manage it effectively. If there is too much information about a risk, it risks becoming unread and therefore, not managed. If there is too little information, then the risk itself may be misunderstood and therefore mismanaged.

A risk register using Assumption Based Communications Dynamics addresses both of these problems. The ABCD approach uses Assumption Analysis, so the “risks” are actually captured as positive — and not negative — statements i.e. “what (assumptions) needs to happen in order for the project to be successful”. Positive assumption statements are also directly connected to the project (and ultimately the programme) objectives and therefore remain focussed and relevant.

In addition, registers should be dynamic; maintained and updated regularly and reports should be produced in real time, so that senior management can oversee, access, and manage risks on a real-time basis and actively engage in risk management process. Risks should also have action plans that are proactive, clear and specific. ABCD encourages all these behaviours.

 

The challenges of assessing timescale risk

We have already touched on some of the problems to do with traditional risk management: including the negative psychology encouraged by traditional risk registers and the mis-communication that arises naturally as a project or programme increases in number and size. These are avoidable problems that are part-and-parcel with industry standard approaches when it comes to managing risk.

Quantitative Schedule Risk Analysis (QSRA) is virtually the industry standard approach when it comes to assessing risk to project timescales. However, QSRA type analyses generally “squeeze” projections, making them appear far more optimistic than they should be. QSRA always takes the current plan as its basis and then adds “spreads” around the mean values. The problem is that, for many Brexit projects, the “current” plan has inevitably already been “squeezed” by planning backwards from the required end date (to fit everything in), and therefore each activity has been shortened to fit the required end date of the project.

Therefore, even without looking deeper at the psychology problems caused by the negative language, QSRA is a fatally flawed process.

 

How to avoid the flaws of QSRA and implement effective timescale risk management using Strategic Target Analysis

A much more accurate method of predicting timescales is Strategic Target Analysis (STA). STA addresses many of the failings in QSRA and always gives a more realistic assessment of the predicted end date (even if the answer is not the one that you would like), along with clear plans to get the project back to the date required.

One of the ways STA addresses the “squeezed plan” problem is by constructing a Potential Critical Path Network (PCPN). A PCPN is effectively a strategic abstraction of the current plan that consists of “bricks” of effort that could fall on the Critical Path through the programme.

The purpose of the PCPN “brick” is to delegate a programme or projects into divisible, manageable chunks under the “ownership” of an expert and authoritative individual. These owners are generally allocated based on their ability to estimate and understand the brick as accurately as possible.

The brick, once established, should then be broken down further by the owner, into the following components, using the ABCD method.

  1. ‘A’ — The ‘Absolute minimum’, or: “What would be the timescale estimate if everything went perfectly?”

  2. ‘B’ — The ‘Best guess or realistic estimate’, or: “What would a single-point estimate be, with no added contingency?”

  3. ‘C’ — Contingency added, or: “What would need to be added to make the estimate ‘comfortable’?”

  4. ‘D’ — The Disaster scenario, or: “Is there an unlikely situation where things could go very badly wrong?”

This process is best facilitated so that it remains rigorous and accurate. When facilitated, the assumptions that are driving the estimates can be captured and rated for Sensitivity and Stability so that the model remains logical and transparent e.g. what assumption(s) need to be managed to remove the C component of the Brick etc.

The Brick has an implicit probability distribution based on the spread of the components and this allows for a Monte Carlo analysis to be performed on each potential critical path in the PCPN.

Monte Carlo analysis is a standard technique for adding together probability distributions. Crucially, Monte Carlo analysis provides leadership with the percentage confidence of meeting key milestone dates.

From this analysis the most likely critical path can be deduced (i.e. the longest) and the assumptions that drive the Brick components essentially form a “Roadmap” of how to manage the timescales back from what is being predicted (i.e. probably much later than 29 March for some projects) to what is required (i.e. 29 March 2019).

A stability/sensitivity matrix

Managing Brexit projects with ABCD Strategic Target Analysis

According to a recent article in The Times, one of the directors of the exit team is Mike Potter. He has the unenviable job of having to “devise an £800 million cross-functional programme to deliver UK government services after Brexit”.

But with Project Prioritisation and STA, this task already sounds less daunting. If these methods were utilised, a lot of the work would be delegated to the knowledgeable and competent “Brick Owners”. Potter would then be afforded a relative freedom to assess and provide oversight to the programme more clearly.

The deadline for leaving the European Union, 29 March 2019, is a date in the calendar fraught with uncertainty. Traditional project management approaches can fall down as they rush to work backwards, under extreme pressure, to fit in all of the required activities; regardless of their practicality.

But STA, as has been discussed, does not work backwards; instead it constructs a master plan going forward. STA and its subsequent PCPN, along with ABCD analysis, should allow for greater communication, clarity, and foresight: especially as ABCD affords for multiple plans per project, along with appropriate risk assessment and contingency plans.

STA has been used on many large/complex programmes around the world and always works i.e. if the assumptions are managed; the target date is met but if the assumptions are not managed or analysis is discarded, then the programme often ends up exactly where the STA predicted that it would!

However, even the most meticulous risk management planning still leaves room for the entirely unexpected. Once the key, strategic assumptions that need to be delivered are understood, both Dexeu and the exit team will have to consider the entirely unexpected. In risk management terminology, these unexpected scenarios are called Black Swans.

 

Black Swan risks and Brexit

Given the uncertainty looming over Brexit, and the overwhelming number of projects the government has to deal with and in such a short time frame, there could be a bevy of Black Swans just around the corner. As David Cameron has said, Brexit is “the gamble of the century” and “a leap in the dark”.

A ‘Black Swan’ is described as an event that arises against all expectations, sends massive shockwaves to those affected, yet has the curious property of seeming almost inevitable in hindsight. Two of the most infamous Black Swans in recent history would be the 2007-08 global financial crises, and the Brexit referendum decision itself.

Why do Black Swans occur?

Black Swans almost certainly flourish in the psychological landscape discussed earlier, but whatever the reason, by their very definition, Black Swans can be very difficult to predict or avoid. Proactive risk management does not normally seek to identify and prevent Black Swans. The aim is more to manage the “known unknowns” that have a significant impact and probability whereas Black Swans are “unknown/unknowns” that have massive impact but are normally seen as highly improbable.

Black Swans might be identified in a brainstorming workshop, but these tend to be inefficient and ineffective. A more structured way of proceeding is to actively look to use a Black Swan Assumption Analysis ie look to capture assumptions that would be rated as Criticality of D (i.e. Critical impact) and Stability of A (i.e. Very confident that the assumption will occur).

A decision can then be made on how to manage these “Black Swan assumptions” i.e. proactively, by putting plans in place to make absolutely sure that they do not go wrong or reactively, by putting Contingency Plans in place to manage the fallout. Due to sheer number of risks in the programme as a whole it is normal to deal with Black Swan assumptions with Contingency Planning.

 

Conclusion: Riding out the coming Brexit storm

No country has ever left the European Union before so most estimates for how Brexit will turn out will undoubtedly be based on guesswork and this is bad news for both the exit team and Dexus as they plan to meet the deadline of next March.

But fortunately, there are effective and tested methods today that allow for greater risk management accuracy than ever before. ABCD and particularly STA, are reliable, tried and tested approaches that should reduce the psychological tendencies for human error.

As the Brexit negotiations continue to develop, the risk landscape will continue to change with it and it is crucial that a reliable, rigorous and robust process is used to lead the programme through the change and complexity. Traditional risk management approaches are likely to become box ticking exercises and/or reactive in their nature – identifying and managing the risks that are already obvious and effectively being managed. ABCD will ensure that leadership and teams are proactive and fully understand the real risks that they need to manage.

It won’t be easy. With a project as complex as this, the unexpected is likely to be around the corner. Some Black Swans may be inevitable, but with the proper organisation, communication, and methodologies in place, the government can be sure it did everything it could to ensure the smoothest transition possible.