Enterprise vs Project Risk — VW, Barings, Thames Tideway

The Governance Library curated by Matthew Doyle

Risk Room · Enterprise Risk vs Project Risk

Case study · Volkswagen Dieselgate

00:00

Risk Room · Concept · Altitude distinction

EnterprisevsProject Risk

Not the same risk at different altitudes. Different questions.

Project Risk

Delivery

Will it come in on cost?

On time?

On scope and quality?

PRINCE2 · PMI PMBOK · agile variants. The discipline is mature.

Enterprise Risk

Existence

Strategy. Licence to operate.

Reputation. Balance sheet.

Survival.

COSO ERM · 2017 revision — renamed "Integrating with Strategy and Performance" to pull risk management upward into strategy-setting.

Not the same risk at different altitudes.
Different questions.

Project asks

Will the work get done, on cost, on time, to spec?

Enterprise asks

What happens to the organisation, if the work gets done — and if it doesn't?

The governance failure happens when the project question is answered, and the enterprise question is never asked.

Case · VW EA189 · mid-2000s

The project problem

The engineers were handed three constraints.
They solved it — on the project's own terms.

Constraint 1Meet the US nitrogen-oxide standard

Constraint 2Hit the cost target

Constraint 3Deliver the performance already promised

What they built instead: akustikfunktion — software that detected the test and turned the controls fully on. A project-level fix.

The other question

Never asked in the engineering meeting.

What happens to Volkswagen, as a company, if this is discovered?

What does disclosure look like, in the United States and in Germany?

What does a brand built over 70 years on trust in German engineering look like the morning after?

The room in which the project was being solved was not wired to ask it.

11m

cars · project-level fix

→

€30bn

enterprise-level consequence

A decision that made project-level sense, inside a culture that never forced the enterprise-level question to the surface.

The pattern is older than Volkswagen · Barings · 1995

Nick Leeson · Barings Futures Singapore

Head office in London monitored the desk as a project-level profit centre. Daily P&L. Position summaries. Profitability against target. What head office could not see was that losses had been accumulating since 1992.

Error Account88888

January 1995 · Kobe earthquake unsettles the Nikkei

Leeson's bet that the index would stabilise — blown open.

1.4×

Barings' entire capital base · exposed through one desk

233 years of merchant banking ended in a weekend. Barings sold to ING, the Dutch bank, for £1.

Different sector. Different decade.
Same gap.

Route project decisions upward when they carry an enterprise signature.

A working heuristic — not a formal rule.

Signal 01

When the project solution depends on regulatory creativity.

Route it.

Signal 02

When delivery depends on a representation a competent outsider would find misleading.

Route it.

Signal 03

When the downside, if discovered, is existential.

Route it.

What good looks like · Thames Tideway Tunnel

Enterprise signatures routed by the governance, not by the goodwill.

Bazalgette Tunnel Limited

Named for the Victorian engineer · Specified Infrastructure Project · Ofwat licence

Ring-fence

Construction cost risk regulated and isolated from Thames Water's balance sheet.

Regulated returns

Investor returns structured under a regulated asset base model — similar to a utility.

Enterprise question

Answered structurally — before any project meeting begins.

Designed into the governance at the start — not bolted on after the crisis.

The caveat worth naming

Thames Water has its own enterprise-level problems.
The tunnel is still protected.

Thames Water is in regulatory special measures — for reasons that have nothing to do with the tunnel. The fact that Thames Water has enterprise-level problems does not contaminate the tunnel project. That is precisely the point of the ring-fence. Project governance that routes enterprise-level risk is designed to prevent contamination running in either direction.

Three things to carry forward.

A reading

US DoJ Statement of Facts · US v. Volkswagen AG, January 2017. Paired with the Bank of England's Board of Banking Supervision Report into the Collapse of Barings, July 1995.

A question

Which project decisions in your organisation currently carry enterprise signatures — and is anyone with enterprise accountability in the room when they get made?

The wider library

Project · Enterprise — different altitudes of the same map.
Appetite · Tolerance — what the enterprise said it will carry.
Three Lines · Board oversight — who is watching.

Risk Room 06 · The Governance Library curated by Matthew Doyle · mæd partners

00:00 · 06:30