You're following my line of questioning here pretty well.
Between the 1998 report and the second 2001-02 report, some action was taken, but evidently not enough. Was it a problem only to this particular project, or in your opinion was it systemic? Were they having risk management problems throughout the culture? This is not specifically dealt with in the time from 1998 to 2001. Is there an overall problem here, or is this merely a project-specific problem with risk management?