From optimistically under-costing jobs to acting out of character under pressure, here are the reasons why so many major projects fail to hit basic targets. By Warren Black, associate director, risk transformation, Ernst & Young.

Construction worker safety health

Over the past two decades, the global project industry has experienced noticeable improvements in defining and standardising both project control and risk management better practice.

But despite these improvements, complex projects are still failing to come in on time and under budget at an abnormally high rate.

Case evidence published by Oxford’s Said Business School (2011-14) and IPA Global (2012) has demonstrated that more than 60% of large-complex projects, observed globally across all industry sectors, had failed to meet their owner-sanctioned objectives. Although a broad range of views have been published as to why these major projects continue to fail at such a high rate, this article addresses the apparent cynicism being displayed towards existing project risk management effectiveness.

Project owners, practitioners and academics alike appear to be visibly questioning the return on investment that traditional risk practices bring to a major project environment.

This was no more evident than during the global commodities depression of 2014/15 when many large project organisations, as well as their contract engineering and advisory firms, shed significant numbers of risk management and assurance resources in an effort to lower project overheads. Some major project organisations that had no choice but to cut really deep dissolved their entire risk management capability as these resources were assessed as being non-critical to project delivery.

In light of this visible industry dissatisfaction, project risk management needs to evolve to a higher state of effectiveness if it is to regain the confidence

of project owners and add demonstrable value to future project delivery. Before such a risk effectiveness revolution can occur, however, a number of negative project phenomena impairing risk management from delivering value in major project environments, will need to be addressed.

These impeding phenomena include:


The importance of effective executive decision-making and oversight (good governance) in attempting to control material project risks is well documented. A quick title search on Google Scholar will uncover a broad range of submissions linking project failure to ineffective project governance. Many of these papers have been submitted by business schools, project societies, advanced degree candidates and the auditors of major project environments.

In Australia, the Auditor Generals of New South Wales, Western Australia and Victoria have submitted public reports within the past five years identifying the lack of effective governance as a primary cause of project overruns and blowouts in state-funded infrastructure. Furthermore, Infrastructure Australia released a report last year suggesting that continued governance failings in state-funded projects may impede the broader government’s ability to secure the capital required to meet 2030 infrastructure targets.

A common view is that no risk management methodology or system can succeed in an environment whereby senior executives are neither available nor accountable to make timely decisions regarding the manner in which risks are to be controlled. Therefore, in the project risk management universe, good governance appears to be the central solar system around which all other matter revolves.

Yet despite this, good governance appears to be a forgotten premise in many major project environments and few project risk methodologies offer any emphasis or guidance on the matter. If establishing a sound governance framework is critical to project control and risk management, where is the globally endorsed PMI, OGC or ISO standard/guide and why do so few projects proactively test, validate and report on their governance effectiveness? Surely project meeting attendance rates, captured minutes, decision approvals and completeness of assigned actions should be regularly audited?

It is thus inferred that if risk management is to add value to major project environments, establishing a robust decision-making framework should be the foremost thought in all forms of risk planning, resourcing and control. Until the globally accepted project risk management standards, guides and practitioners thereof start placing credible emphasis on closing the governance gap, conventional risk management approaches will potentially remain ineffective in major project environments.



A phenomenon exists in major project environments whereby those tasked with costing a project will often plan for the most optimistic cost or schedule estimate to get an investment decision “across the line”. This is often referred to as the hidden hand or optimism bias.

Albert Hirshman argued in 1967 that such a bias is a necessary evil because if investors knew the true cost from the very beginning, they would never invest and nothing would ever get built. Furthermore, by not reporting all the bad news to the project owners, project managers can continue unimpeded, thereby allowing for a greater capacity to correct the causes of the bad news. Although optimism bias may have some noble origins, Lovallo & Kahneman argue that project executives who present potential investors with an unrealistic investment scenario are “fraudulent or delusional”.

Such under-costing has proven problematic for enabling effective risk management in major project environments as the advanced strategies and resources required to mitigate complex risks are often compromised from the start due to the lack of an assigned budget. Advanced risk environments require advanced risk solutions, but such advanced risk solutions come at a premium. If this premium is not budgeted for, then ineffectively simplistic solutions will almost certainly prevail.

Moreover, the ultimate merits of under costing are questionable as the end result is often predictably negative. Projects with ineffectively simplistic delivery frameworks will almost certainly overrun the owners’ agreed budget, the owners in turn will almost certainly task the project executives to bring the costs under control, and when these executives fail, the owners will be forced to raise more capital and dismiss them.

A case in point: of the seven largest projects engaged in Australia within the past five years, all have significantly exceeded their original budget, creating severe cost pressures for their parent company. In almost all cases the senior project directors and/or corporate heads have been replaced by the owners, in some cases multiple times over.

It would thus appear a correlation exists between under-costing and executive longevity, and it is therefore implied that if risk management is to add value to major project environments, robust strategies, systems and resources will need to be cost in and planned for from the very beginning. Furthermore, project owners should also potentially consider assigning specific budget classes for enabling robust risk controls in the same manner that corporate risk functions are budgeted for by the shareholder’s board.



As early as 1921, economist John Maynard Keynes observed that systematically linear risk forecasting techniques have little effect in complex, evolving environments, primarily due to the significant uncertainty that underpins such environments. Since this time, a plethora of academic research has been conducted validating Keynes’ observations that risks borne within environments of significant uncertainty cannot be managed by systemically linear risk forecasting techniques alone.

Most noteworthy to the project risk universe was Rittel & Webber’s 1973 paper which identified the existence of ‘wicked’ risks in complex planning environments.

The two argued that every complex environment is exposed to a range of uncertainties that are continually evolving due to dynamic interdependencies and external influences. Such dynamically evolving uncertainties create risks that are far too complex to systematically identify, quantify and control; these risks were deemed as being ‘wicked’.

There thus exists in complex project environments a class of risk that cannot be proactively predicted, identified or forecast in sufficient time and context to be controlled.

This has been explored in Complex Uncertainties (Keynes, 1921), Dilemmas in Planning (Rittel & Webber, 1973), Black Swans (Taleb, 2007), Unknown-Unknowns (Loch, et al, 2006), and Managing Project Uncertainty (Ward & Chapman, 2003-11).

These authors commonly argue that because of the complexities, systematically linear risk forecasting processes (e.g. ISO 31000, PMBoK Risk Process, Prince2 Risk Process) are effectually limited in complex risk environments as they are systematic, linear and rational, whereas complex risk environments are more likely to be dynamic, deviant and irrational. Such misalignment cannot enable effective risk control and thus alternative risk control strategies are required in environments of escalated uncertainty.

In this regard, a negative phenomenon currently exists whereby project executives appear to have an overwhelming desire to adopt the simplest, least resource- intensive risk management approach, and almost always choose to adopt a systematic, risk forecasting process as their primary means of risk control, despite almost 100 years of complex risk theory advising otherwise.

If risk management is to add value to major project environments, risk practitioners need to move beyond adopting the standard process- based risk methodologies and design in dynamic, multi-dimensional and collaborative risk strategies, systems, structures and behaviours that are better placed to address the uncertainty inherent within such complex project environments. In brief: advanced project environments require advanced risk solutions.



In 1954, William Golding published his Nobel Prize-winning tale Lord of the Flies, which describes how seemingly innocent children trapped on an island ignore their own upper-class value systems and resort to a system of tribal savagery and warfare in order to survive. Golding’s story was inspired, in part, by a series of World War II social studies, which observed that relatively honest, mild- mannered people will often revert to extreme or uncharacteristic behaviours if they believe their self-preservation is at risk, particularly when operating in isolated or pressured environments.

This observed social phenomenon is particularly relevant

for major projects as such projects often operate in an isolated manner removed from the direct line of sight of the corporate owner or their supporting internal standards. Furthermore, such projects often offer an intense and highly pressured environment whereby employees are expected to deliver without question or be replaced. Major project environments are thus potentially rife for professionals to engage in uncharacteristic behaviours.

It is thus not uncommon for project officers working in such isolated and pressurised environments to ignore both their professional and personal beliefs, as well as proven better practices, because they fear being replaced for not doing what their seniors instruct them to do. In the project risk management universe specifically, this phenomenon of pressured isolation can result in project risk officers willingly managing risk systems they know to be ineffective or willingly submitting risk reports that they know to be misleadingly positive. It’s not so much a matter of risk officers behaving fraudulently as it is a matter of doing what they need to in order to survive within the project constraints.

Thus if risk management is to add value to major project environments, project risk officers should be empowered to operate uninfluenced from those executives whose remuneration is dependent on hiding the bad news. Project owners may even consider learning from globally accepted corporate risk standards such as Sarbanes-Oxley, COSO and Turnbull, which advocate strongly for appointed risk officers to operate independently so as to eliminate those internal influences and pressures which might promote the very same uncharacteristic survival behaviours outlined in Lord of the Flies.



One of the luxuries of delivering projects in the 21st century is that there are now a few hundred years

of documented major project learnings to use as a reference for better practice. Yet despite this, project owners, executives and officers have been observed to regularly ignore such historical learnings and

opt for strategies that are questionable in terms of accepted better practice, primarily due to their need to make politically acceptable budget, resource and schedule decisions.

Edward Merrow indicated in his 2012 book Industrial Megaprojects that throughout his career, he had been regularly surprised at how the most well-educated, experienced and honest of project officers could make the most poorly assessed of decisions despite all knowledge and evidence demonstrating the opposite. Also, Bent Flyvbjerg of Oxford Business School refers to the “iron law of megaprojects” (2011) whereby such projects are delivered “overbudget, over time, over and over again”. It is implied that this law has come about (in part) because the adoption of best practice has become an outlier in executive decision-making.

Thus an observed phenomenon exists in major project environments whereby project owners, executives and officers are known to ignore the proven teachings of history in pursuit of more politically acceptable means. This may help explain those major project environments that choose to ignore known better practices by:

  • placing limited emphasis on establishing a robust governance framework, despite the substantial case evidence demonstrating that poor governance is a leading cause of project failure;

  • intentionally under-costing projects just to get them across the line, despite substantial case evidence demonstrating the ultimate end for this approach is a failed budget with dismissed executives;

  • adopting systematically linear risk management processes to mitigate complex and wicked risk environments, despite almost 100 years of economic law advising otherwise; and

  • appointing risk officers to report to the very same project executives who are incentivised to hide risks, despite most corporate risk standards (SOX, COSO, ASX7, Turnbull etc) advocating that risk officers should operate independent of the executive.

The inability to learn and/or apply better practices is particularly problematic in the project risk universe as it implies a lack of progression in the manner in which advanced risk solutions are brought to bear in advanced project environments. Thus if risk management is to add value to major project environments, project owners, executives and officers should heed the lessons of known better practice, as the cost of ignoring these lessons is potentially greater than the premium of implementing them.