Bushfires, privatization of profits, socialized risk, AS4360
Posted by Dave Bath on 2009-02-15
In a really essential service, privatized profits and socialized risk will be highlighted by the upcoming class action for the recent tragic bushfires against the power distributors and the Victorian Government (The Age: here and here)
Hopefully, the plaintiff’s lawyers will demand to see the AS/NZS 4360-compliant risk registers and risk treatment plans of both the distributors and the government, as both were exposed to risks. There are even specific adjuncts to AS4360 dealing with fire in a Victorian context.
If the risk registers and treatment plans are inadequate, then demonstrating negligence is an open and shut case, and you wouldn’t need to get into highly technical engineering arguments about power-pole lifecycles, melting points of wires, and predictability of meteorological phenomena.
This post include a rough quantitative analysis of the requirements, not just rant in qualitative terms, as well as a quick demonstration that the relevant outsourced risk management handbooks are mentioned in the Victorian government internet domain.
The root cause was the then Kennett Liberal government’s privatization agreement that capped liability of power distributors to $100M.
The estimated compensation required is $500M for just one of the fires where there is evidence improperly-maintained powerlines were the cause, around Horsham, not the biggest in Eastern Victoria. Already there is evidence gathering that fires starting in East Keilor were also associated with improperly-maintained powerlines.
This meant that the power distributors, in this case SP AusNet (where profits go to the Singapore Government) have no commercial reason to manage the biggest risks, which thus need to be managed by the Victorian Government as the entity who will bear the costs of any disaster.
It will be interesting to see how SPAusNet tries to work the $100M cap – per year, per day, or per disaster. If the contract stipulates $100M per disaster (as it should), then each bushfires the other day should be associated with $100M costs borne by SPAusNet. Again, the adequacy of the contracts should be questioned. The more inadequate the contracts, the better the risk management documentation required of the government.
So… the lawyers for plaintiffs merely need to get access to the relevant risk registers and risk treatment plans required for AS/NZS 4360 (Risk Management) compliance.
While these standards and handbooks are copyright, you can see the committee draft of a recent (and less demanding) version of the methodology to address the standard here.
While Kennett is to blame for the initial bungled contract, the Bracks/Brumby government has had a decade to manage risks by ensuring ongoing review of the risk management documents of SPAusNet, and have it’s own documents that cover the risks unmanaged by SPAusNet. There has been time to renegotiate any agreements to ensure the government has access to SPAusNet risk management documents.
If there is no AS/NZS 4360-compliant documentation within government to manage the risk, and a record of inspections of SPAusNet risk-management documentation, then the government is demonstrably negligent: even without a disaster having occurred.
Before going into the details, we need to gather some figures on SPAusNet’s annual turnover and budget so we can put $100M into context, and see if that figure was a reasonable cap. These are available from a number of places, but I’m using corporateinformation.com.
- Sales: Calendar Year 2008: $1,005,966,000
- Market Capitalization: 2009-02: $2,205,240,248
Let’s round down and say $1B is the annual turnover of SPAusNet.
You can also get pretty graphs of things like market capitalization and trade volumes at Google Finance ASX:SPN.
SPN is still as of 2009-02-10 (after the fires) considered a stock to buy, implying that despite it being obvious at that time that significant payouts are likely.
What is required in Risk Management documentation? If any of this documentation is missing, demonstrably inadequate, or their is demonstrably poor governance that ensures action is taken to meet the demands of the documentation, then negligence/responsibility is proven.
- A what-is-bad and how-bad-is-bad matrix:
- Prepared by board/CEO, as they are the only people with the power to define it.
- It is a matrix of class of risk (financial, health/safety, reputation, downtime, etc) by severity, allowing equivalence of tangible and intangible risks, thus allowing different managers to say "x deaths per annum is to be treated as seriously as the loss of $y"
- The severity is usually broken up into 5 categories, with the financial breakdown defined as a percentage of annual turnover (revenue and/or budget depending on whether you are a company, a service division inside a company, or an agency), with the thresholds as follows:
- Over 10%
- under 1% of revenue/budget
- Risk Register and Accounting: Maintained by the Corporate Risk Management Group, this contains a list of
- individual risks
- estimated outcome of each risk if realized
- estimate frequency of each risk
- Multiply cost of outcome by frequency to understand how seriously the risk needs to be taken. Something minor that happens every week should be treated as seriously as something 50 times as bad that might happen once a year
- Risk Accrual: (if something has a 10% per annum chance of occurring, and hasn’t occurred for nine years, it should be treated as if the chance of it occurring in the following year as between 90% and 100%)
- Risk treatment plan:
- details who is responsible for doing what to control the risk, whatever the mix of prevention and/or recovery processes.
- Evidence of assurance that the prevention/recovery actions are being carried out or in place.
So, with a turnover of A$1B, and a liability cap of A$100M, SPAusNet doesn’t have to worry about about anything in the top category, implying that the government must maintain all the documentation associated with both the big risks, or frequent small risks. In my view a $500M cap would have been appropriate… and if the company couldn’t pay up, all assets would revert to the government, efficiently nationalizing the utility again.
If the liability cap is per-annum, then the government needs to have lots of AS4360-compliant documentation, including evidence of frequent audits of SPAusNet’s AS4360 documentation.
And we haven’t even begun to consider the other power distribution networks.
Such documentation of risk analysis and treatment plans, as well as evidence of appropriately thorough audits, should be the first thing looked at by class-action lawyers and the mooted Royal Commission.
You could make a good case that the high-level risk management documentation for utility disasters, whether through fire, meteorology, human behaviour (inaction or malevolence), should be publically available at all times, at least for those documents that the government should maintain.
You do not have to argue about whether the details of mitigation processes are absolutely correct, just that the documents exist and are complete, including the assignment of responsibilities for difference risks.
The easiest one to find is not the fire-specific risk, but the general financial liabilities risk model inside the Victorian government, and reviews every year since Kennett socialized the major risks.
The only reason high-level risk management practices won’t be in Victorian Royal Commission terms-of-reference is that Joh Brumby and company know what the answers would be. The only reason the Victorian Liberal Opposition don’t make a fuss over the liability cap and outsourced risk practices is that this will damn Kennett and the core philosophy of outsourcing profits.
The thing is, AS4360 compliance is already in the regulations, and AS4360 non-compliance is probably the root cause of the tragic outcomes of the proximal causes. So, are the minor parties intelligent enough to go for the relatively easy-to-prove-or-disprove adequacy of AS4360 documentation and governance? Probably not.
- Council of Australian Governments 2003 National Inquiry on Bushfire Mitigation and Management
- Site home
- Section 3: Mitigation and Management (Chapters 4 through 9 of the findings) includesChapter 4: The risk-management process which is big on AS4360, and
Recommendation 4.1: The Inquiry recommends that a structured risk-management process based on the Australian Standard for Risk Management be further developed and applied in all aspects of bushfire mitigation and management, informed by a thorough understanding of the full range of assets.
- Bushfire Risk Register Discussion at Griffith University from a 2007 conference discusses bushfires in the context of AS4360
- "Phoenix: development and application of a bushfire risk management tool"" via ema.gov.au, from the 2008-11 edition of the Australian Journal of Emergency Management
- "Bushfire risk at the Rural/Urban interface" (CSIRO and Bushfire Co-operative Research Centre, 2006-04-06) discusses fire risks and analysis of which parts of houses are the "entry point" for fires, noting the impact for planning standards of individual houses and townships. You can DONATE TO BUSHFIRE CRC RESEARCH ACTIVITIES HERE.
- Other material on AS4360 and some associated handbooks
- HB 240 – Guidelines for managing risk in outsourcing utilizing the AS/NZS 4360:2004 process, the HB240 front matter
- Googling Mentions of AS4360 HB240 in Australian Government:
- All of Oz gov.au – Yep, including auditor reports
- Example of financial HB240 Analysis: New South Wales: Treasury Managed Fund Guide To Risk Management – The RCCC (Risk Culture/Control/Capability) Approach (2005)
The scope of the Guide includes the full range of potential risk exposures that face the NSW Government (including insurable and non-insurable risks such as quality of services and accountability relating to effi ciency and effectiveness). The purpose of the Guide is to provide all government managers and personnel with broad guidance and a framework for managing risk in the NSW public sector environment.
The TMF Risk Management Unit (RMU) developed the Guide as part of a sponsored project, following a review of national and international better practice for risk management and consultation with a number of NSW Government (TMF) agencies between August 2003 and March 2004. A Consultation and Research Report (March 2004) contains information on the risk requirements for, and needs of, those agencies.– From the Foreward
- Looking for mentions of HB240 in vic.gov.au – NOTHING THERE – NOT EVEN IN AUDITOR REPORTS – This almost does the class-action lawyers job for them. A similar whole-of-Victorian-Government search "from the inside" that returns nothing would clinch the case – not just for fires, but everything else. THE LACK OF THE VICTORIAN EQUIVALENT OF THE NSW TMF DOCUMENT IS DAMNING