Risk Management

1. Scope
Risk management is concerned with identifying potential problems and eliminating or reducing the
damage the realisation of those risks would cause. Failure to adequately manage risks will threaten
the success of the project.

Risk management is the responsibility chiefly of the Project Manager. A well-planned approach to risk
control will allow the project team to concentrate resources in those areas where risk is high and
reduce risks to acceptable limits.

Risk assessment and management will be conducted at the start of the project and also throughout
the project lifecycle to ensure that risks are acknowledged and controlled. It is usually impossible to
eliminate all risks, but they can be recognised and dealt with. The risk management process requires
that each risk is assessed and measures formulated to prevent it (avoidance actions) or minimise its
effect. Both need to be considered because avoidance measures may fail.

As the project proceeds, the nature of risks is changing. Old risks disappear and new ones come up.
Consequently, risk management is a continuous process thus risks should be regularly reviewed and
reassessed.

2. Risk Assessment
The risk factors related to project implementation have been identified. For each risk, mitigation
strategies are proposed. The implementation of each risk-mitigation measure will be tightly controlled
by the responsible management body.

The Project risk management process includes identification, mitigation and action plans to reduce
and/or eliminate any risk that may arise. It will comprise the following steps:

• Description of risk

• Severity

• Probability

• Proposed Risk Mitigation Measures

The purpose of the risk mitigation planning is to reduce the impact or the probability for the event to
occur, to a level that can be managed by the project. It determines when and what needs to be done
to reduce or eliminate the risk.
 There are two main categories of risks:

• Operational

• Technical

The continuous risk management process is based on early identification and fast reaction to events
that can negatively affect the outcome of the project. The frequent meetings of the project bodies
therefore serve as the main forum for risk identification. The identified risks are then analysed and
graded, based on impact and probability of occurrence.

The first step is to identify and evaluate the potential risks in the planned work. The following figure
explains the process behind risk analysis.

The initial risk factors that can be identified, are the following:

 Complexity - the activities may be too complex to realize.

 Scope - the total set of activities may be too large for the partners to realize and/or manage.
 Capacity - one or more of the partners may not be able to honour its commitments without
the others having the capacity to fill the gap.
 Reliability - the project methods and strategies applied could be inappropriate to realize the
intended outcomes.
 Validity - the outcomes may not reflect the real needs and priorities of the stakeholders
 Sustainability - the project outcomes may not lead to a sustainable outcome.

In the risk management elaboration to be carried out within project, each one of the risk factors will be
analysed, and will be detailed in terms of: identified and quantified risks; contingency action per identified
risk; monitoring mechanism; quantified threshold level; and line of action when threshold is overstepped. It
will build on the strategic risk assessment directions.

Complexity Scope Capacity Reliability Validity Sustainability

The project methods

The total set of The project
RISK of One or more of the and strategies applied The outcomes do
activities is too outcomes may
Overall The activities are too partners is not able are inappropriate to not reflect the real
large for the not lead to a
project complex to realize. to honour its realize the needs and priorities of
partners to realize sustainable
activities commitments intended the stakeholders.
and/or manage. outcome.
outcomes.

Review the activities Prioritize and/or Replace Adjust project Adjust the
Adjust the project
Actions and/or scale down scale down defaulting methods and project activities
activities and outputs.
project ambitions. ambitions. partners. strategies. and outputs.

Table 1: Sample Risk Methodology

In order to minimize the risks, the project stakeholders have concretized the project proposal as much
as possible and have agreed on the project tasks. Furthermore, an elaborate project management
structure has been defined in order to monitor the cooperation between the partners and identify and
 investigate management risks as soon as possible. In Kolin and Integra Joint Venture, the following
potential management risks have been mainly foreseen, and corresponding contingency plans are
suggested:
Risk
Management Risks
Critical Path Awareness. Within the
critical path a delay of a deliverable
would result also in a delay of the
following development, prototypes,
tasks and work packages.
Underestimation of the required effort.
Loss of key personnel and delays due
to re-hiring.
Limited
coordination among parties / tasks
Probability Impact Proposed Risk Mitigation Measures
Monitoring the effort spent and regularly comparing
actual and planned achievements, the project team
will identify any slippage and ensure that any
underestimations of effort are dealt with as early as
possible.
Medium Low
In the unlikely event of delays or underestimated
effort remaining unnoticed and undealt with for
longer periods, the management team, in
consultation with the EC services, will appropriately
adjust the work plan and/or reallocate effort.
Medium Medium As above.
Each partner is responsible for making sure that the
Low Medium case of personnel turnover can be handled
adequately.
Kolin and Integra Joint Venture has extensive
experience in coordinating large projects, and thus
will ensure the necessary respect for
interdependencies. Effective coordination is ensured
Low High
by the management structure. Other key
stakeholders within Project are experienced project
coordinators as well and can support the Joint
Venture if needed.
 The Contractor will conduct a strict management of
tasks against the allocated time. Moreover, regular
meetings will be held (at least every 3 months) to
discuss the progress of the work and to redefine the
tasks if necessary.
Delay in In the unlikely event of delays in the availability of
Medium Medium
implementation of tasks key personnel, the available personnel will
temporarily assume more responsibilities and
allocate more effort to Contractor than originally
planned, until the new personnel is available. There
is sufficient overlap in expertise both inside and
across the Joint Venture members to
ensure that this can be achieved.

Diversity of Interaction with Signaling suppliers and/or experts

Signaling and can provide a deeper insight on the diversity of
Medium Low
control systems can lead to an signaling system and their expected behavioral
inefficient anomaly detection. differences.

Kolin and Integra Joint Venture is dedicated to

ensure effective dissemination and outreach of
Project activities. The effectiveness of the
Limited visibility of the project among implementation of communication and dissemination
Low High
stakeholders activities will be monitored on a regular basis. The
activities planned will be adapted, if necessary, so
as to better target the messages to stakeholders,
thus maximising their impact.

The projection model and parameters will be

Projected data using for rigorous
Medium
testing proves to be unrealistic
continuously monitored and refined by comparing
projections with subsequent data made available
Low
during the project's lifetime. This will provide us with
high-quality model and parameters by project's end,
as well as a clear idea about their true accuracy.

Due to large amount of research in diverse safety-

critical areas, such as aerospace, automotive and
Mitigation mechanisms from medical, many options exist. The mitigation
Low Medium
other domain do not apply approach in the project is to extend the reach to
other domains and secondly, if needed, limit the
scope the security profiles