Australian Lefty on Politics, Governance, Science and Info Management

Bushfires, privatization of profits, socialized risk, AS4360

Posted by Dave Bath on 2009-02-15

In a really essential service, privatized profits and socialized risk will be highlighted by the upcoming class action for the recent tragic bushfires against the power distributors and the Victorian Government (The Age: here and here)

Hopefully, the plaintiff’s lawyers will demand to see the AS/NZS 4360-compliant risk registers and risk treatment plans of both the distributors and the government, as both were exposed to risks.  There are even specific adjuncts to AS4360 dealing with fire in a Victorian context.

If the risk registers and treatment plans are inadequate, then demonstrating negligence is an open and shut case, and you wouldn’t need to get into highly technical engineering arguments about power-pole lifecycles, melting points of wires, and predictability of meteorological phenomena.

This post include a rough quantitative analysis of the requirements, not just rant in qualitative terms, as well as a quick demonstration that the relevant outsourced risk management handbooks are mentioned in the Victorian government internet domain.

The root cause was the then Kennett Liberal government’s privatization agreement that capped liability of power distributors to $100M.

The estimated compensation required is $500M for just one of the fires where there is evidence improperly-maintained powerlines were the cause, around Horsham, not the biggest in Eastern Victoria.  Already there is evidence gathering that fires starting in East Keilor were also associated with improperly-maintained powerlines.

This meant that the power distributors, in this case SP AusNet (where profits go to the Singapore Government) have no commercial reason to manage the biggest risks, which thus need to be managed by the Victorian Government as the entity who will bear the costs of any disaster.

It will be interesting to see how SPAusNet tries to work the $100M cap – per year, per day, or per disaster.  If the contract stipulates $100M per disaster (as it should), then each bushfires the other day should be associated with $100M costs borne by SPAusNet.  Again, the adequacy of the contracts should be questioned.  The more inadequate the contracts, the better the risk management documentation required of the government.

So… the lawyers for plaintiffs merely need to get access to the relevant risk registers and risk treatment plans required for AS/NZS 4360 (Risk Management) compliance.

While these standards and handbooks are copyright, you can see the committee draft of a recent (and less demanding) version of the methodology to address the standard here.

While Kennett is to blame for the initial bungled contract, the Bracks/Brumby government has had a decade to manage risks by ensuring ongoing review of the risk management documents of SPAusNet, and have it’s own documents that cover the risks unmanaged by SPAusNet.  There has been time to renegotiate any agreements to ensure the government has access to SPAusNet risk management documents.

If there is no AS/NZS 4360-compliant documentation within government to manage the risk, and a record of inspections of SPAusNet risk-management documentation, then the government is demonstrably negligent: even without a disaster having occurred.

Before going into the details, we need to gather some figures on SPAusNet’s annual turnover and budget so we can put $100M into context, and see if that figure was a reasonable cap.  These are available from a number of places, but I’m using

  • Sales: Calendar Year 2008: $1,005,966,000
  • Market Capitalization: 2009-02: $2,205,240,248

Let’s round down and say $1B is the annual turnover of SPAusNet.

You can also get pretty graphs of things like market capitalization and trade volumes at Google Finance ASX:SPN.

SPN is still as of 2009-02-10 (after the fires) considered a stock to buy, implying that despite it being obvious at that time that significant payouts are likely.

What is required in Risk Management documentation?  If any of this documentation is missing, demonstrably inadequate, or their is demonstrably poor governance that ensures action is taken to meet the demands of the documentation, then negligence/responsibility is proven.

  • A what-is-bad and how-bad-is-bad matrix:
    • Prepared by board/CEO, as they are the only people with the power to define it.
    • It is a matrix of class of risk (financial, health/safety, reputation, downtime, etc) by severity, allowing equivalence of tangible and intangible risks, thus allowing different managers to say "x deaths per annum is to be treated as seriously as the loss of $y"
    • The severity is usually broken up into 5 categories, with the financial breakdown defined as a percentage of annual turnover (revenue and/or budget depending on whether you are a company, a service division inside a company, or an agency), with the thresholds as follows:
      • Over 10%
      • 5-10%
      • 2-5%
      • 1-2%
      • under 1% of revenue/budget
  • Risk Register and Accounting:  Maintained by the Corporate Risk Management Group, this contains a list of
    • individual risks
    • estimated outcome of each risk if realized
    • estimate frequency of each risk
    • Multiply cost of outcome by frequency to understand how seriously the risk needs to be taken.  Something minor that happens every week should be treated as seriously as something 50 times as bad that might happen once a year
    • Risk Accrual: (if something has a 10% per annum chance of occurring, and hasn’t occurred for nine years, it should be treated as if the chance of it occurring in the following year as between 90% and 100%)
  • Risk treatment plan: 
    • details who is responsible for doing what to control the risk, whatever the mix of prevention and/or recovery processes.
    • Evidence of assurance that the prevention/recovery actions are being carried out or in place.

So, with a turnover of A$1B, and a liability cap of A$100M, SPAusNet doesn’t have to worry about about anything in the top category, implying that the government must maintain all the documentation associated with both the big risks, or frequent small risks.  In my view a $500M cap would have been appropriate… and if the company couldn’t pay up, all assets would revert to the government, efficiently nationalizing the utility again.

If the liability cap is per-annum, then the government needs to have lots of AS4360-compliant documentation, including evidence of frequent audits of SPAusNet’s AS4360 documentation.

And we haven’t even begun to consider the other power distribution networks.

Such documentation of risk analysis and treatment plans, as well as evidence of appropriately thorough audits, should be the first thing looked at by class-action lawyers and the mooted Royal Commission.

You could make a good case that the high-level risk management documentation for utility disasters, whether through fire, meteorology, human behaviour (inaction or malevolence), should be publically available at all times, at least for those documents that the government should maintain.

You do not have to argue about whether the details of mitigation processes are absolutely correct, just that the documents exist and are complete, including the assignment of responsibilities for difference risks.

The easiest one to find is not the fire-specific risk, but the general financial liabilities risk model inside the Victorian government, and reviews every year since Kennett socialized the major risks.

The only reason high-level risk management practices won’t be in Victorian Royal Commission terms-of-reference is that Joh Brumby and company know what the answers would be.  The only reason the Victorian Liberal Opposition don’t make a fuss over the liability cap and outsourced risk practices is that this will damn Kennett and the core philosophy of outsourcing profits.

The thing is, AS4360 compliance is already in the regulations, and AS4360 non-compliance is probably the root cause of the tragic outcomes of the proximal causes.  So, are the minor parties intelligent enough to go for the relatively easy-to-prove-or-disprove adequacy of AS4360 documentation and governance?  Probably not.

See Also/Notes:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: