La seguridad en procesos de licitaciones

Corporate Security in bidding processes

The complexity and size of a contract (figures of project, personnel involved, environment in which it is carried out, sophistication and difficulty of the contractual object, etc.) are positively correlated with security risks.

In the most emblematic or high risk projects, the CSD must concur with the business areas throughout the different phases of the public or private bidding process, in line with the points set out below.

It is desirable that Business Area Management count on the CSD from the moment that it decides to run a tender. There are several reasons for this, the most defining being that if the security risks and their mitigation costs are not taken into account in the offer, the subsequent implementation of security systems and services will be much more difficult and consequently will be detrimental to the profit of the project.

Other possible consequences that could arise:

Security risks that might have a great impact in operational terms and costs, such as those posed by unions or organized crime groups in certain countries, are not adequately assessed or are hidden or unknown to the bid manager and his team.
The Duty of Care of expatriate personnel is not taken into account and the appropriate measures are not taken to guarantee their protection.
Consideration is not taken on elements deemed necessary for the security of the project during the operation and maintenance phase.
An adequate security structure (security department, security manager) is not established, or this function is attributed to a JV or consortium partner that has a very different perception about security risks and/or does not have the adequate expertise, means and procedures to attend for the security and Duty of Care function.
Coordination problems arise in the project that affect essential functions related to security such as Crisis Management, Business Continuity, Evacuation Plan, etc.

The CSD activities in support to business will be very similar in most processes, whether it is public or private or turnkey contracts, although in mixed work and service concession contracts it is advisable to take into account some specific guidelines.

1. From initial tender notification to tender award

In this phase there are three issues to deal with:

Due diligence of possible JV / Consortium partners.
Project Security Risk Assessment.
Outline security structure and back office support.

Due diligence of possible JV / Consortium partners

According to FCC group's compliance regulations it is mandatory to carry out Due Diligence studies of third parties with whom it is expected to collaborate or carry out operations. In this sense, when the creation of a JV is being negotiated for the presentation of a joint offer, the Compliance Department must conduct Due Diligence over the potential partners before a JV or consortium agreement. The Security Management of FCC Group cooperates with these studies preparing open source reports for compliance or conducting external investigation services (private detectives, investigation companies).

Project Security Risk Assessment

Security risks are often not included on the maps risk managers look at in large projects or those that smaller projects managers handle. The FCC Security Directorate is the Group’s appropriate body to advise Business Areas on geopolitical and security issues, as well as over the security conditions and specific risks in the area where the project is located.

The security risk assessment is supported by a balanced study of elements that include reports made by CSD staff during the performance of their duties both in Spain and abroad, open sources intelligence reports, relations with consular services and embassies, security forces and external advisory services.

CSD must receive the information from the Business Areas studies department to know and understand the location, object, structure, phases and expected duration of the project. The client's security requirements must be sought, explicit (named directly in the specifications) or implicit (derived from compliance with legal requirements, such as critical infrastructure regulations, information protection, data protection or compliance with national manufacturing or construction standards). Sometimes the security requirements are not stated in the specifications but included later at the time of signing the contract. The project delivery method used will influence the organization and structure of the project and therefore its security organization.

In international projects consideration must be given to geopolitics and the Duty of Care of expatriate personnel. In certain countries, special attention must be paid to risks of cultural and religious nature and the need to brief expatriate or locally recruited personnel on them. Attention should also be paid to antisocial risks that are difficult to perceive if the country is not well known, such as those posed by certain trade union groups in Latin American countries, Bedouins in Arab countries or Roma groups in Europe.

Regarding Risk Assessment methodology, FCC Group CSD applies the ISO regulations on risk management (ISO 3100) and the guidelines and standards of widely internationally disseminated, ASIS (General Security Risk Assessment Guideline; ANSI / ASIS / RIMS RA. 1-2015 Risk Assessment). See Methodology for security risk analysis .

Outline security structure and back office support

When preparing a tender for an emblematic project or one located in countries with a medium to high risk level, FCC Group Business Areas must pay special attention to security issues. In addition, it should be noted that bidding as a sole contractor has a very significant influence on the security organization.

In solo projects there is greater freedom of organization and it is easier to implement the security support that the CSD can provide or the performance of functions such as incident response, crisis management and staff emergency evacuation as these functions do not depend on third-party nor have coordination requirements.

When bidding as part of a JV or consortium, it is usual that partners may have different perception of risk and the security posture to be be applied in each case, especially if there are local companies among the partners. In this context, disagreements often arise on how to deal with risks and how to organize security. It also may happen that there are functions for which coordination has not been foreseen or that are not adequately addressed, such as crisis management or emergency security evacuation of personnel.

In general, if the tender is carried out as part of a JV or Consortium and it is an emblematic project in which FCC has the leadership or a significant participation, FCC should lead the Project Security.

On the other hand, to resolve any security coordination problems in the consortia, it is recommended that FCC Group CSD establishes contact with the Security Departments of the other partners companies’ to agree the project's security policy and to foresee, in case of project award, the creation of coordination mechanisms. This is especially necessary in the case of emblematic or very complex FCC – led projects, in which significant security risks are foreseen.

2. From the award to the signing of the contract

Tras la adjudicación y antes de la firma el contrato, comienza la movilización y la planificación de detalle del proyecto y se inicia también la planificación de seguridad, partiendo de los informes que se hayan remitido a la unidad de estudios en la fase anterior, en los que se valoran los riesgos y costes de seguridad del proyecto y se dan las líneas generales para la organización de la seguridad.

Lógicamente los informes de seguridad anteriores a la licitación han sido elaborados partiendo de los supuestos de planeamiento y la información que haya proporcionado la unidad de estudios y por tanto para continuar con la planificación de seguridad se deberá llevar a cabo un análisis de mayor detalle en el que se tengan en cuenta las circunstancias concretas de la adjudicación y la información que se vaya conociendo. El problema es similar al que tienen las unidades de desarrollo de negocio tras la adjudicación del proyecto, que no es otro que profundizar y adaptar la oferta realizada y preparar la documentación y recursos necesarios para la ejecución del proyecto: estructuras de gobierno, documentación técnica y planos de ejecución, presupuestos, servicios a contratar etc.

En los grandes proyectos conviene designar a un responsable para atender a la función de seguridad y crear un departamento de seguridad, más o menos amplio en función de la necesidad, mientras que en los proyectos más pequeños la función de seguridad se puede asignar a otro miembro del staff del contratista, como por ejemplo el responsable de RRHH o el responsable de PRL. En este segundo caso, lo ideal es que estos responsables tengan unas nociones de seguridad y mantengan una relación funcional con el DSC de FCC.

Si se trata de una UTE o Consorcio en países de riesgo agravado y como ya se apuntó anteriormente, es conveniente reservar la posición de responsable de seguridad para FCC, pero si ello no es posible se debería tratar al menos de implicar al departamento de seguridad de FCC en su selección y reclutamiento pues ello redundará en beneficio de la seguridad del personal y activos de FCC.

El grado de detalle que deba tener el Plan de Seguridad del proyecto es una cuestión de valoración y conveniencia que tiene que ver con la importancia y riesgos del proyecto. En cualquier caso todo proyecto debería tener un plan de seguridad, aunque sea de mínimos.

En muchas licitaciones el contrato no está preparado y listo para la firma en el momento de la adjudicación o está solo esbozado y no totalmente definido. Si tal es el caso, se abre una negociación entre el adjudicatario y el cliente, que estará con frecuencia asesorado por un ingeniero o consultor, en la que se define el detalle de la relación contractual y en la que se irán conociendo de forma progresiva sucesivas informaciones y acuerdos que pueden afectar a la planificación de seguridad, como por ejemplo cualquier disposición que se haga sobre el reparto de riesgos, la aparición de requisitos sobrevenidos de seguridad, la estructura de gobierno del consorcio, el reparto de puestos o costes etc.

Durante esta negociación hay que tratar de inferir las implicaciones para seguridad que puedan derivarse de las propuestas del cliente. En ocasiones el asesoramiento del consultor puede llevar a la inclusión de requisitos o clausulas no contempladas en los documentos de la licitación que provoquen sobrecostes no previstos.

En caso de riesgos sobrevenidos o cambios significativos del nivel de riesgo durante la ejecución del proyecto sólo será posible repercutir al cliente los costes de seguridad no previstos si así se ha negociado antes de la firma. Conviene por lo tanto, a ser posible, incluir cláusulas que permitan renegociar la repercusión de los costes con el cliente ante la aparición de riesgos difíciles de valorar.

Por todo lo anterior, es conveniente que el DSC participe en el proceso de negociación del contrato y esté al tanto de todos los aspectos que puedan afectar al plan de seguridad del proyecto. La planificación de seguridad no podrá considerarse como concluida hasta que no se haya cerrado esta negociación.

En algunos procedimientos de contratación, normalmente de una administración pública, en los que el objeto del contrato es técnicamente complicado y difícil de definir o en los que se busca fomentar el desarrollo tecnológico se contempla una fase de negociación prolongada con uno o varios adjudicatarios potenciales durante la cual se inician trabajos técnicos con la finalidad de definir en detalle las especificaciones del proyecto al tiempo que se va avanzando en el desarrollo del mismo. Tal es el caso por ejemplo de los procedimientos con negociación, el diálogo competitivo o el concurso de proyectos con jurado. La ventaja de estos procedimientos es que pueden permitir que afloren los riesgos de seguridad de los proyectos, facilitándose así su tratamiento y el estudio de costes desde la fase de diseño. En este tipo de contratos FCC puede verse realizando “trabajos tempranos” antes de la adjudicación, trabajos que lógicamente pueden incluir aspectos de seguridad. El departamento de seguridad deberá participar también en la seguridad de estos trabajos tempranos.

El gobierno y la dirección de un consorcio se suelen hacer mediante un comité de dirección constituido por sus partícipes, que se reúne periódicamente para la emisión de directrices. Las cuestiones que se traten en este comité que afecten a la seguridad son comunicadas al departamento o responsable de seguridad del proyecto por la cadena jerárquica del consorcio. En determinadas circunstancias, cuando la problemática de seguridad del proyecto sea muy compleja o los riesgos muy elevados, puede convenir establecer una relación más directa entre el citado departamento o responsable de seguridad del consorcio y los departamentos o responsables de seguridad corporativa de los partícipes del consorcio, con la finalidad de facilitar el asesoramiento y la prestación de apoyos de back office.

Una posibilidad que ya se ha explorado en algún proyecto internacional liderado por FCC es la creación de un “Comité de Seguridad del Consorcio”, constituido por los directores de seguridad corporativa de las empresas partícipes, mediante la negociación y firma de un MOU autorizado por el Comité de Dirección del Consorcio. Este comité de seguridad puede ayudar a definir y poner en marcha la política de Seguridad del Proyecto, contribuir a los procesos de organización, selección y contratación del departamento o personal de seguridad, apoyar técnicamente y con inteligencia al departamento de seguridad o responsable de seguridad del proyecto, apoyar la contratación de sistemas y servicios de seguridad para el proyecto y coordinar las medidas que se puedan poner en marcha desde las sedes de las empresas, como por ejemplo las relativas a gestión de incidentes y crisis, las evacuaciones de personal, la mensajería de alerta al personal, el seguimiento de viajeros, etc.

3. From the signing of the contract

La participación del DSC a partir de la firma del contrato y durante toda la fase de ejecución del proyecto tiene una doble vertiente de apoyo a FCC y apoyo al Consorcio.

La primera vertiente va encaminada a sensibilizar, apoyar y proteger al personal de FCC en el consorcio para dar cumplimiento a la “obligación de proteger”. En este cometido se emplean las herramientas y procedimientos habituales del departamento y se aplican las políticas establecidas en el nivel corporativo: inducción de seguridad del personal en el extranjero, consultoría de seguridad en viajes, travel tracking, mensajería de alerta, aplicación de geolocalización y llamada de emergencia, aplicación de comunicaciones seguras, telefonía satélite, despliegue de personal de seguridad en el exterior, centro de apoyo a expatriados en la Sede de las Tablas etc.

La segunda vertiente consiste en el apoyo a los responsables del proyecto y a su departamento de seguridad para la finalización y puesta en marcha del plan de seguridad, la valoración de los riesgos de seguridad, la contratación de sistemas y servicios de seguridad y en general la sensibilización y protección de personal y activos propios del proyecto.

Estas dos funciones son dos caras de una misma moneda, una centrada en el personal y activos de FCC y la otra como una declinación de lo anterior aplicada al consorcio/proyecto de que se trate en función de las circunstancias del mismo.

4. Work and service

En los proyectos mixtos de obra y servicio que llevan aparejado la operación y mantenimiento posterior a la construcción hay unas particularidades que conviene resaltar.

Si el proyecto requiere un responsable de seguridad dedicado conviene que sea designado y seleccionado por el DSC del Grupo FCC y que su labor tenga continuidad durante la fase de O&M.

Con carácter general si FCC va a ser el operario de una concesión o servicio por un plazo prolongado de seis o más años, conviene estudiar las necesidades de seguridad futuras de dicha concesión o servicio y tratar de incorporar al proyecto de construcción todos los sistemas que puedan ser necesarios para el plan de seguridad durante la operación, incluso aunque dichos sistemas no se hayan ofertado en la licitación. Ejemplos de esto son los sistemas electrónicos de seguridad (CCTV, sensores anti intrusión), los cableados, racks y conexiones necesarias, las edificaciones para el personal de vigilancia y control de accesos, los vallados, las barreras, bolardos y obstáculos físicos, los dispositivos de control de acceso, los espacios de aparcamiento para las visitas, etc.

En estos casos interesa obtener sinergias entre los elementos de seguridad de la obra y los que se van a necesitar para la fase O&M. Así por ejemplo, si se adecua el calendario de construcción para construir de forma temprana los vallados y canalizaciones perimetrales, se podrán instalar los postes de iluminación y cámaras de video vigilancia perimetral desde el principio y estos podrán emplearse no solo en la fase O&M sino también durante la fase de obra, con los consiguientes ahorros.

Involved parties and its interrelation

Construction contracts are characterized by:

a. Parties involved

The following parties are usually involved in a construction contract:

- A client (public or private), who is the one who has a project requirement, defines it and pays for the work.
- An architect or engineer who carries out the design of the:
- Design–Preliminary/Design Development: consisting of the expository, justification, descriptive reports, some plans and a budget broken down by parts.
- Design–Final. It consists of several reports, foundation and structure plans-layouts, detail plans and diagrams, sizing of the facilities, technical specifications, bill of quantities and budget.
One or more contractors in charge of carrying out the works contained in the project: civil works, metallic structure, installation of mechanical equipment, electricity, plumbing, wood or metallic carpentry, floors, painting, landscaping, gardening, etc. The contractor can be a stand-alone or a joint venture or consortium. Contractors’ organisation defines the different ways of the contractor`s organization.
An architect or engineer who carries out the technical direction and control of the work.

b. Relationship between the parties

The parties can establish different degrees of relationship amongst them and this relationship can be contractual or just for coordination purposes. The client can:

Have separate contracts with each party involved.
Hire an engineer / architect for the design and another for the technical direction of the works.
Hire each of the trades involved in the work on his own: bricklayer, plumber, electrician, carpentry, painting, etc.
Establish a contract with a single main contractor, who will be in charge of the design, the work of all trades and the control and coordination of all the works.
Contract the general or detailed design on its own or transfer it to the contractor. In case the contractor becomes responsible for the design, this can be done:
- By the contractor's own technical services.
- By a consulting firm that is part of the JV or Consortium of the project.
- Subcontracting, all or in part, to one or more engineering consultants.

c. Design responsibility

The detailed design of a large project can be extraordinarily complex. In complex projects such as hospitals, railway lines, subways, highways, ports, airports, etc. the client may not be in a position or may not have the necessary trained personnel to provide a design so he is limited to stating what he wants or needs in the form of requirements.

The client has the possibility of entrusting the design to an architect or engineer, but there is a risk that conflicts may arise during the execution of the work when the contractor carries out a project in whose design he has not participated.

For this reason, in most international construction project tenders, the design is placed under the responsibility of the party awarded the contract.

To get around the disadvantages of the two previous methods, which are extreme and opposed, new contracting methods have been developed where client and contractor keep a swift dialogue aimed at defining and agreeing on a final design within the parameters that allow [allowed for within] the budget of the work.

d. Financing system

Project financing is usually the sole responsibility of the client. However, some public infrastructure construction projects can be financed with private capital, in exchange for allowing the operation of the infrastructure by the contractor or a third party for a period of time in which it is calculated that the pay–back will compensate the investment. After this period, the infrastructure is transferred or definitively handed over to the Administration owner.

Project finance details the usual financing systems for public infrastructures with private capital.

e. Payment system

Payment for the work performed can be made for the time the work has taken or per unit of work performed (Milestone Payments). In both cases, the contractor must provide invoices for the works and materials actually used in the work carried out, adding the Net Industrial Profit that has being agreed with the client. Recently another payment method has being used called "open book" in which the contractor must explain to the client his cost structure and negotiate which of those are reimbursable. Although this system is part of a European Community Directive, it has not yet been transposed into Spanish Laws and Regulations. There is a last system, called “lump sum” in which payments are made according to an agreed procedure normally related to the progress of works without the contractor having to provide invoices for the detailed costs.

f. Risk allocation

In general, the client usually owns the Force Majeure, War and Terrorism risks although he can also assign them to the contractor so he will be responsible for insuring them.

It is now customary for the FCC Group to establish a risk map for each project and it is also becoming common for large international clients in turnkey contracts to ask the awarded contractor of the works, service or concession, to provide a Risk Assessment Matrix. This matrix can be used as a negotiation framework before signing the final contract and as a basis for understanding in the event of an excessive increase of any of the risks or the appearance of unforeseen ones.

Spanish public sector takes into account the analysis of operational risk in service or concession contracts as for example in the case of the risk of insufficient demand. This has happened with the concessions of the radial highways in Madrid. This risk is normally assumed by the concessionaire.

In large international turnkey projects, the allocation of risks and costs can be negotiated during the of negotiation of the contract formalization process, since in addition to the typical risks of a construction project there are other ones of a political, climatological, labour, regulatory and social nature, etc. which are very difficult for bidders to assess when making their bids.

Types of construction contracts

The public sector is the main client of construction companies due to the constant need for renovation and improvement of all kind of public infrastructures aimed primarily at health, education and the transportation of people and goods.

To meet these needs with proper controls, transparency, equal opportunities, equality, etc. the Spanish public sector has a complete set of laws and regulations, where European Union regulations and guidelines have been transposed. The procedures for awarding public contracts contemplated by Spanish laws have also being harmonized to a great extent with European Union regulations or in the process of being so.

Public sector contracts provides more detail on these procedures that can also be consulted at: https://www.boe.es/eli/es/l/2017/11/08/9/con

There are three groups of tendering procedures: ordinary, special, and massive.

The main difference between the first two is that the public sector uses the “ordinary procedures” when it knows precisely what it needs and is capable of translating it into a contract whose clauses are not negotiable. If the bidding process can be attended by all companies in the sector, it is called an “open tender”, while if the contractor is required to have certain technical or financial starting capabilities, which requires a prior selection of those who can attend the process, it is called “restricted tender”.

The public sector uses the “special” procedures when it does not have the means to define the need or when it seeks to promote technological development to improve certain public infrastructures or services. The main characteristic of these procedures is that it is possible to negotiate some of the conditions of the contract throughout the process.

Lastly, massive procedures are applied to satisfy anticipated and repetitive needs for recurring works, services or supplies with similar characteristics.

The “ordinary open contracting” procedure, which can be taken as a general reference model, follows the following phases:

In all the other procedures, the scheme is slightly different according to its own special characteristics.

In the case of the private sector, it also requires construction companies to satisfy its needs of all kinds, using the private work or service contract, which is the one kept between individuals or parties and in which there is no public interest. In Spain, Private Sector contracts are contemplated in the Civil Code and are developed in several specific regulations. The awarding of a work or service in the Private Sector is not subject to the same regulations as in the Public Sector, although similar procedures are followed to safeguard the interests of the parties.

In each country there is one or more project delivery methods for construction works based on the contractual relationship between the parties. In Spain there is a method called “traditional”. In the USA, the American Institute of Architects (AIA) has published since 1975 several standards of project delivery methods that have spread almost universally as the Design - Bid - Build equivalent to the traditional Spanish method and subsequently has done the same with other methods such as Design - Build. Private contracts describes the project delivery methods applicable to construction projects.

Finally, there is another type of construction contract called "turnkey" initially used by the private sector for the construction of large industrial plants, especially in the petrochemical sector. The use of turnkey contracts has later spread among the public sectors of developing countries, with the aim of promoting the construction of large infrastructures and encouraging industrialization. The lack of regulations and local capacities to start up and control this type of works led to the development of different “standard contracts” called “turnkey” versus “traditional” contracts from the private sector or those used by Public Entities of developed countries. Turnkey projects explains its rationale and special characteristics in greater detail.

There is no “universally recognized” definition of international turnkey contracts - also known as “Llave en mano”, “Clé en main” and recently EPC (Engineering - Procurement - Construction).

Two professional associations - the Fédération International des Ingénieurs Conseils (FIDIC) and the Engineering Advancement Association of Japan (ENAA) - have engaged in standardizing international construction contracts. The World Bank recommends the use of the FIDIC standard contract. International contract standards describes these two international contract standards most used in turnkey projects.

Finally, Tendencias en metodologías de construcción includes a brief study of some current trends in construction methods that appear in public and private bids for works.

Methodology for security risk analysis

The ISO standard with general risk management guidelines ISO 3100:2018 (ISO 3100:2018) Risk management. Guidelines.

ASIS has published guidance and a standard for security-related risks analysis and management.

The ASIS guidance recommends a seven-step process for conducting a security risk assessment applicable to all situations where people or assets are subject to security-related risks that may result in death or injury to people or loss of assets. These seven steps are as follows:

1. Understand the organisation and identify the people and assets at risk.

2. List the risks/vulnerabilities

3. Calculate the likelihood or frequency of the risk

4. Establish the impact of the risk materialising.

5. Develop options to mitigate the risks

6. Study the feasibility of implementing the options

7. Conduct a cost/effectiveness analysis.

Bibliography

ÁLVAREZ, MIGUEL et alli. “Integrated project delivery, an alternative to the usual form of construction work in Spain”, Building & Management, vol. 1-3, 2017, pp. 30-36. http://polired.upm.es/index.php/building_management/article/view/3656

AMERICAN INSTITUTE OF ARCHITECTS. Integrated Project Delivery: A guide, Version 1, 2007. http://info.aia.org/siteobjects/files/ipd_guide_2007.pdf

BERENGUEL FELICES, FRANCISCO. “Viabilidad de los contratos llave en mano para la provisión de infraestructuras públicas en España”, Ingeniería Civil, Nº 184, 2016, pp. 75-89 http://ingenieriacivil.cedex.es/index.php/ingenieria-civil/article/view/473/446

HERNÁNDEZ RODRIGUEZ, AURORA. “Los contratos internacionales de construcción llave en mano”, Cuadernos de Derecho Transnacional, vol. 6, nº 1, marzo 2014, pp. 161-235.

https://e-revistas.uc3m.es/index.php/CDT/article/view/1908/900

Ley 9/2017, de 8 de noviembre, de Contratos del Sector Público, por la que se transponen al ordenamiento jurídico español las Directivas del Parlamento Europeo y del Consejo 2014/23/UE y 2014/24/UE, de 26 de febrero de 2014.

RODRÍGUEZ SILVA, LUIS RACIEL. “Los contratos bajo la modalidad “llave en mano”: estudio teórico – doctrinal y algunas tendencias actuales”, Revista CES Derecho, vol. 2, julio-diciembre 2011, pp. 73-90.

SÁNCHEZ SAIZ - EZQUERRA, BRUNO et alii. “Project Management: Terminology for the Spanish Building Industry” 20th International Congress on Project Management and Engineering Cartagena (Spain), July 13-15th 2016, Cartagena, 2016, pp. 436-449.

TOURAN, ALI et alli. Transportation Research Board Report 131: A Guidebook for the Evaluation of Project Delivery Methods, Washington, 2009.