MA-E-230E Agir Manual Rev 3

CLASSIFICATION
ENGINEERING
INTERNAL USE STANDARDIZATION SYSTEM -
SPE
TITLE VALE No. PAGE
1/22
INTEGRATED RISK ASSESSMENT AND MANAGEMENT MA - E - 230E
REV.
MANUAL (AGIR)
3
REVISIONS
IT: ISSUE A - PRELIMINARY C - FOR INFORMATION E - FOR CONSTRUCTION G - AS BUILT
TYPE B - FOR APPROVAL D - FOR QUOTATION F - AS PURCHASED H - CANCELED
Rev. IT Description By Ckd. Appr. Auth. Date

FIRST ISSUE. CANCELS AND
0 C ACS AOG AM GJ 03/01/13
SUPERSEDES DOCUMENT PR-E-230
TAXONOMY ADAPTED AND RISK SIPOC
1 C RF RL WQ GJ 01/13/14
INCLUDED
CLARIFICATION ON RISK CODES,
2 C SIPOC ADAPTATION; CHANGES IN THE AG KG RH GCC 03/05/15
INTEGRATION WITH OPERATIONAL

RISKS METHODOLOGY, DETAILING OF
3 C AOG RVF RH GCC 10/11/16
THE CRITICAL RISK ASSESSMENT
PROCESS DUE TO PR-E-236E CANCEL
This document may only be altered/revised by the SPE management team.
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
2/22
REV.
MANUAL (AGIR)
3
TABLE OF CONTENTS
ITEM DESCRIPTION PAGE
1.0 PURPOSE 4
2.0 APPLICATION 4
3.0 REFERENCE DOCUMENTS 4
4.0 CODES AND STANDARDS 4
5.0 DEFINITIONS 5
6.0 CONCEPT OF RISK 5
7.0 PROCESSES AND OUTPUTS OF INTEGRATED RISK ASSESSMENT AND
MANAGEMENT 6
7.1 BUSINESS RISK ASSESSMENT 8
7.2 ALTERNATIVE RISK ASSESSMENT 9
7.3 PROJECT RISK ASSESSMENT 10
7.4 INDUSTRIAL FACILITY HAZARD AND OPERABILITY STUDIES - HAZOP 11
7.5 RISK MANAGMEMENT PLAN MONITORING 12
7.6 CRITICAL RISK ASSESSMENT 12
8.0 GUIDELINES FOR ASSESSMENT 13
8.1 ASPECTS TO CONSIDER IN FACILITATING RISK IDENTIFICATION SESSIONS 13
8.2 RISK DESCRIPTION AND CODING 14
8.3 USE OF RISK MANAGEMENT SOFTWARE (STATURE PRM) 16
8.4 CRITERIA FOR INTERRUPTING A RISK ASSESSMENT SESSION 17
9.0 RESPONSIBILITIES 17
9.1 PROJECT LEADER 17
9.2 FUNCTIONAL LEADERS 18
9.3 PROJECT RISK ANALYST 18
9.4 PROJECT RISK CONTROLLER 19
9.5 NORMATIVE AREA OF RISK MANAGEMENT 20
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
3/22
REV.
MANUAL (AGIR)
3
10.0 INTERFACES 21
11.0 INDICATORS 21
ATTACHMENTS 22
ATTACHMENT A - RISK SIPOCS 22
ATTACHMENT B - RISK CRITICAL ANALYSIS 22
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
4/22
REV.
MANUAL (AGIR)
3
1.0 PURPOSE
This document defines the criteria and responsibilities for applying the Integrated Risk
Assessment and Management – AGIR during the development and execution phases in Vale
capital projects.
2.0 APPLICATION
This procedure applies to all Vale capital projects, along the enterprise lifecycle: development
(FEL 1, FEL 2 and FEL 3) and execution, up to the signature of the FAC (Final Acceptance
Certificate). For each phase, the type of analysis shall be appropriate to the project’s
definition level.
3.0 REFERENCE DOCUMENTS
Documents listed below have been used in developing this document or include instructions
and procedures applicable to it. They shall be used in their latest revision.
For each process in the manual, support documents are provided in the corresponding
SIPOC (Suppliers, Inputs, Process, Outputs and Client).
GU-E-400 Glossário de Termos e Siglas utilizados nos Empreendimentos (Glossary o

Terms and Acronyms Used in Project Implementation)
PR-E-231 Análise e Gestão Integrada de Riscos (AGIR) – Riscos do Negócio
(Integrated Risk Assessment and Management (AGIR) - Business Risks)
PR-E-232 Análise e Gestão Integrada de Riscos (AGIR) – Riscos das Alternativas
(Integrated Risk Assessment and Management (AGIR) – Risk of
Alternatives)
PR-E-233 Análise e Gestão Integrada de Riscos (AGIR) – Riscos do Projeto
(Integrated Risk Assessment and Management (AGIR) - Project Risks)
PR-E-234 Monitoramento do Plano de Gestão de Riscos (Monitoring the Risk
Management Plan)
PR-E-235 Análise de Segurança e Operabilidade de Instalações Industriais (Hazard
and Operability Analysis of Industrial Facilities – HazOp)
4.0 CODES AND STANDARDS
Codes and/or standards listed below have been used in developing this document or include
instructions and procedures applicable to it. They shall be used in their latest revision.
ISO 31.000:2009 Risk Management – Principles and Guidelines
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
5/22
REV.
MANUAL (AGIR)
3
Planning, Development and Management

NFN-0001
Standard
POL-0009-G Corporate Risk Management Policy
PMI – Project Management Institute Practice Standard for Risk Management
5.0 DEFINITIONS
General definitions, common to the universe of project implementation, may be found on GU-
E-400.
6.0 CONCEPT OF RISK
According to Corporate Risk Management Policy (POL-0009-G), “Risk is the effect of

uncertainty on business de objectives of a company that manifests itself in many ways, with
potential impact on all aspects of their business, including but not limited to: health and
safety, environment, communities, reputation, regulation, market, operations, ability to
generate cash flows and financial statements.”
Also within the same document, “Corporate risk is the integrated view of the different risk
dimensions, being the responsibility for managing each individual risk dimension of the
business and corporate areas. The procedures for managing each specific risk will be treated
in proper normative documents elaborated by the responsible areas.”
Considering these assumptions and guidelines, there are two areas focused on corporate
and project risk management that are related each other: Operational Risk Management is a
methodology focused on managing corporate, operational and Vale Business risks, and
Integrated Risk Analysis and Management (AGIR), which is the methodology used by Vale in
its capital projects. The image below shows the two methodologies and its connections:
Figure 6.1 – Methodology application
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
6/22
REV.
MANUAL (AGIR)
3
The AGIR methodology, as it is focused on start its application since FEL1 stage and follows
until the end of the Execution stage. In the other hand, the Corporate Risk Management
manages all business risks as long as there is the possibility of operational loses. By default,
projects will generate products for the future operation, and it is very important that, any risk
identified on the early stage of project that might compromise the operation units must be
known by the operational risk team.
Risks can provide pessimistic and optimistic variations on the estimates assumed by the
project and can be classified as:
• Potential fatal flaws – risks which, if occurring, may permanently prevent

the project for being carried on. Examples include: loss of market opportunity,
drop in product prices, early involvement of competitors, environmental
impacts and/or severe social impacts, company image risks , possibility of
breaking agreements previously signed with governments, financial and/or
social agents, among others;
• Threats – risks which have a negative impact on the compliance with the
goals proposed for the business and/or project, whichever they are;
• Opportunities – risks which have a positive impact on the goals proposed,
making it easier to reach or overcome them.
This document deals specific with risks that affects the projects, and consider a basic
concept of risk as being: The measure of uncertainties about the assumptions adopted for a
project in the different disciplines which are part of it, as well as the impact of such
uncertainties on the project goals: schedule, budget (CapEx), sustainability (Health and
Safety, Environment, Communities an Image) and / or future operation (operability,
maintainability, Operational Health and safety and OpEx).
7.0 PROCESSES AND OUTPUTS OF INTEGRATED RISK ASSESSMENT AND

MANAGEMENT
The Integrated Risk Assessment and Management (AGIR) is a process developed,

standardized and applied to Vale capital projects, in alignment with Vale’s policies and
instructions. It integrates threats and opportunities, in a multidisciplinary context, involving the
areas of: engineering, environment, health and safety, planning, construction, procurement,
community relations, human resources, land management, operational readiness,
communication, strategy and economic feasibility, among others.
AGIR results may:
• Assist project and corporate areas in the decision making process;

• Identify in advance and manage threats, so as to eliminate their causes or
mitigate their effects;
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
7/22
REV.
MANUAL (AGIR)
3
• Capture identified opportunities, incorporating them to the business/project;

• Develop the lessons learned, in order to achieve continuous improvement in
the development and construction of engineering projects.
All macro-processes defined in the standard ISO 31000:2009 and in NFN-0001 are complied
with by the AGIR methodology, as shown in figure 7.1 below.
Figure 7.1 – Macro-process defined by standards ISO 31000:2009 and NFN-0001
Figure 7.2 shows the application of each Integrated Risk Assessment and Management
process throughout the project lifecycle.
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
8/22
REV.
MANUAL (AGIR)
3
Figure 7.2 – Timing for application of each Integrated Risk Assessment and Management – AGIR
process
The processes and the timing for their application are detailed below.
7.1 BUSINESS RISK ASSESSMENT
The main goals in the business risk assessment are the identification of potential fatal flaws,
threats and opportunities associated to the business, and the simulation of economic
scenarios evaluated based on the threats and opportunities identified. Based on the
assessment results, a management plan shall be prepared for the potential fatal flaws,
threats and opportunities associated with the business.
The Business Risk Assessment process is described in procedure PR-E-231E. As this is the
stage for business evaluation and for preparing the initial economic feasibility stage in a
project, FEL 1 is considered the most appropriate stage for applying this procedure.
The business risk evaluation is not limited to the initial development phase and, in some
cases, its application can be required during advanced project development and execution
stages. An example is the fact that a great change in market demand and competitor
positioning may demand the application of such analysis regardless of the project phase.
It is recommended that this assessment be performed after the business strategy has been
defined, the market and industry analysis, as well as the economic analysis, have been
performed, and prior to the approval of the business plan.
The output of the business risk assessment is the Integrated Business Risk Assessment and
Management Report, which describes the entire assessment process, and whose
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
9/22
REV.
MANUAL (AGIR)
3
attachments are the “Risk Record”, the “Evaluated Economic Scenarios”, the “Risk
Management Plan”, and the “Attendance lists of participants in all meetings”.
7.2 ALTERNATIVE RISK ASSESSMENT
The main goals of the alternative risk assessment are the identification of risks for each one
of the alternatives, and the construction of a multi-criteria decision tree. This decision tree
weight the risk indexes for each one with their economic indicator (LCC – Life Cycle Cost or
NPV – Net Present Value), in order to highlight the alternative which maximize the economic
return, at the same time it minimize the risk level, as provided in figure 7.3.
Figure 7.3 – Example of a decision tree for an alternative selection
Examples of the application of this process include: location of a plant, ore transportation
alternatives (railway, pipeline or truck), railway routes, equipment alternatives, etc.
The procedure PR-E-232E describes the risk assessment process for the alternatives.
The project shall perform this assessment before selecting the alternatives for each one of
the relevant trade-offs under development.
As it is the stage for developing the conceptual design, in which the highest number of
engineering alternative studies take place, FEL 2 is considered the most appropriate stage
for applying this procedure.
The alternative risk assessment is not exclusively limited to the FEL 2 phase and, in some
cases, its application may be required during the other project development and execution
stages. Examples include the definition of a technology during FEL 1, or the definition of a
construction methodology during execution.
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
10/22
REV.
MANUAL (AGIR)
3
Based on the assessment results, the identified risks for the selected alternatives should be
evaluated in the project risk analysis (item 7.3) at the end of FEL 2 phase for further
prioritization and development of the risk management plan.
The alternative risk assessment output is the Alternative Integrated Assessment and
Management Report which describes the entire assessment process, and whose
attachments are the “Risk Record” and the “Attendance list for all participants in all
meetings”.
7.3 PROJECT RISK ASSESSMENT
The project risk assessment is designed for the identification of uncertainties, which may
occur in the project during the FEL 2, FEL 3 and execution phases, in order to identify the
risks those may affect positively or negatively on the main project goals.
For a more precise identification, two methodologies may be applied: qualitative or

quantitative assessment. The decision on which methodology should be used will depend on
the project phase and on the level of development of its documents.
The main goals in the process are: the risk identification, qualitative and/or quantitative
assessment, risk plan management development. In case of quantitative assessment, based
on Monte Carlo simulation, provides the analysis of the potential impact of the set of
identified risks, simulating the probability of success of the project goals. Based on the
assessment results, a management plan shall be prepared for the potential fatal flaw, main
threats and opportunities identified.
The Project Risk Assessment process is described in procedure PR-E-233E, which describes
the methodology for both the quantitative and qualitative assessments.
During FEL 2, the quantitative methodology shall be applied at the end of the phase, after the
completion of all trade-offs and/or completion of conceptual design.
During FEL 3, the moments for applying the project risk assessment are:
• Stage 1 – Recommended for FEL 3 phase projects which last longer than a
year. The qualitative assessment methodology shall be applied at around
50% of the development in this phase.
• Stage 2 – It shall be applied after CapEx has been defined, in its last revision
for authorizing the execution, and before the planning baseline is defined,
usually at around 90% of the FEL 3 development. During this stage, the
quantitative methodology shall be applied.
During the Execution phase, the moments for the application of this analysis, using the
quantitative methodology are, at least:
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
11/22
REV.
MANUAL (AGIR)
3
• Prior to the contracting peak, or no later than 10 months after project

approval at the DCA (whichever comes first);
• Prior to civil work peak, or no later than 10 months after the previous analysis
(whichever comes first);
• Prior to the electromechanical assembly peak, or no later than 10 months
after the previous analysis (whichever comes first);
• Prior to the start of commissioning, or no later than 10 months after the
previous analysis (whichever comes first).
Any changes in the frequency suggested above will be under the responsibility of the Project
Leader.
During the execution phase, the activities planned are performed, and the amounts approved
during FEL 3, or the amount defined by the project, such as the trend, are used, in order to
achieve the goals defined by means of the quantitative analysis, with the use of Monte Carlo
analysis.
7.4 INDUSTRIAL FACILITY HAZARD AND OPERABILITY STUDIES - HAZOP
Hazard and operability studies’ aim is the identification of risks which may compromise
people and industrial facilities safety, and their neighboring areas, the environment, the
operational performance of facilities, and to propose mitigation actions or the elimination of
such risks. This process is described in procedure PR-E-235E.
The analysis shall be performed when the project reaches a definition of basic design of at
least 80%, that is to say, at the end of FEL 3 engineering, prior to the approval of the project.
This process may also be optionally applied at the end of FEL 2 and at the start of execution
phase.
The output of the industrial facility hazard and operability studies is the Industrial Facility
Hazard and Operability Analysis Report – HazOp, describing the entire analysis process, and
whose attachments are the “Risk Record”, including actions for treatment of the identified
risks, and the “Attendance lists of participants in all meetings”
As examples of this process application results we have: improved enterprise safety in

relation to physical integrity of people, protection of physical assets and the environment,
increased process reliability by means of operational loss mitigation.
The figure below shows the values of the initial and final risk severities, recalculated
considering treatment actions, as well as the RPN (Risk Priority Number).
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
12/22
REV.
MANUAL (AGIR)
3
DESVIO OPERACIONAL
PARÂMETRO DE
PALAVRA-GUIA ID. DESCRIÇÃO DO DESVIO OBSERVAÇÕES
PROCESSO
Alto Nível D1 Nível alto de minério silo SI-2120-01
CLASSIFICAÇÃO
CLASSIFICAÇÃO
OCORRÊNCIA
OCORRÊNCIA
SEVERIDADE
SEVERIDADE
RPN INICIAL
DETECÇÃO
DETECÇÃO
CONSEQUÊNCIA
RPN FINAL
NFN-0001
NFN-0001
AÇÕES RESPONSÁVEL PELA
ID CAUSA CONTROLE PRAZO
RECOMENDADAS AÇÃO
VIZINHANÇA
LOCAL SISTEMA
IMEDIATA
- Prever sistema
Transbordo de
Falha no sistema de redundante de
minério, Sistema de controle
instrumentação de Alimentador controle de nível;
N1-D1-1 7 indisponibilidade Peneiramento 6 de nível por 5 210 72 4 6 3 72 40 João da Silva 31-ago-15
controle de nível do de correia - Prever instalação
de parte de células radiofrequência
silo sistema CFTV no
do silo
silo SI-2120-01
Figure 7.7 – RPN calculation table, considering treatment actions.
7.5 RISK MANAGMEMENT PLAN MONITORING
For the verification of the fulfillment of the actions proposed in the management plan, a
monitoring process was established, as described in procedure PR-E-234E. Efficiency and
effectiveness indicators are measure during this process.
The products of the monitoring process of the risk management plan are the "Monitoring
report" and the "Updated Risk Management Plan."
7.6 CRITICAL RISK ASSESSMENT
The professionals of risk normative team, who objectively evaluate the execution of the
Integrated Risk Analysis and Management (AGIR) and Hazard and Operability Analysis
(HazOp) process, carry out the Critical Risk Assessment (ACR).
The assessment comprises the verification of the content and/or maturity of the project
aiming to guarantee:
• Ensure quality and support to the projects during the AGIR application,
seeking to improve the process since the risk identification stage to the
Management Plan development;
• Continuous feeding of the identified risks in the capital projects in the Vale
risks database.
The Risk Critical Analysis can be requested to the Risk Normative Area to be carried out
whenever a third parties or the project itself undertakes the AGIR or HazOp to check its
compliancy to the methodology. On requesting this analysis, the project team must send the
required information no later than a month after the issue of the AGIR and/or HazOp report.
On this case, after receiving the documentation, the risk analysts will have no later than a
month to perform the Risk Critical Analysis.
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
13/22
REV.
MANUAL (AGIR)
3
After issuing the ACR, the project can choose to comply with the recommendations and will
have a 2-week deadline to do so. It is also possible to request a reevaluation for the
normative area, which will have two more weeks to make this second and last assessment.
To request this assessment, there are some documents that necessarily need to fulfilled and
attached to the reports those will be evaluated. Check the specific procedures of each
methodology in order to know about them.
The product of this analysis is the document “Verification of the Integrated Risk Assessment
and Management,” submitted to the project leader and the risk analyst, containing
observations as to the adequacy of the work and suggestions for improvements and
complements. As each verification has its specific details, the Attachment B contemplates all
questionnaires to be chosen according to the applied methodology. As an example, if the
project request a ACR of the Project Risks Assessment, the corresponding worksheet should
be chosen to carry out the Critical Analysis.
8.0 GUIDELINES FOR ASSESSMENT
8.1 ASPECTS TO CONSIDER IN FACILITATING RISK IDENTIFICATION SESSIONS
Some practical guidelines should be observed during the facilitation of risk identification
sessions:
• Ensure effective participation of the team that is responsible for the project
and/or corporate teams;
• Enable free access and freedom so that the team can identify the risks;
• At the beginning of the risk identification session, there will be a quick
presentation of the purpose of the meeting so that the group will know all the
subjects that will be discussed. The people present will be reminded that
every issue will be addressed sequentially, and, at this moments the subject
will mature when they get into the details of the discussion;
• The work will always be conducted in pairs of risk analysts. While one analyst
registers the information that is commented by the work group, the other
works directly conducting the groups questioning;
• Recording the identified risks is an activity of great importance and very
difficult in view of the dynamic of these meetings. The analyst responsible for
the register must have experience in this kind of job. A poor record may lose
important information provided by the group;
• The impact of the risk will be explained in the description, if identified during
the session. Later on, during the review of the risk record, the information
regarding the impact shall be separated, and filled in the correct field,
complementing and improving the clarity of the information;
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
14/22
REV.
MANUAL (AGIR)
3
• Generic descriptions of the risk impacts should be avoided (example:

“increase of deployment costs”). Instead, use ("the increase of the cost of
foundations"). The more specific the description of the impact, the easier it
will be linking the risks to the schedule activities and CAPEX lines;
• Only the blank template of the risk register will be presented in order to drive
the issues properly, not showing the notes – because of the meeting
dynamics, the text can present errors of conjugation, grammatical
agreement, confuse subjects, etc. The exposure of this “draft” to the team
causes a loss of focus and the identification productivity decreases;
• The risk register worksheet shall not be projected all the time. It is good to
encourage the participants to show information about the subject that is
being discusses reports, maps, photographs, engineering drawings, etc.
Ideally, most of the time, the group should discuss based on the project
documents.
In accordance with to the "Practice Standard for Project Risk Management," of the PMI, the
critical factors of success for a project risk management and that should be observed during
the assessment processes are:
• Recognition of the value of the practice and management of risks:

• Team commitment and responsibility;
• Open and honest communication;
• Organizational commitment;
• Effort consistent with the project scale;
• Integration with project management.
8.2 RISK DESCRIPTION AND CODING
Risk is an event or uncertain condition, which, if it occurs, brings consequences in the

objectives and affects the project deliveries. So writing "delay risk" or "cost increase risk" is
not recommended, because this kind of expression can confuse the event with its
consequence.
It is suggested that the risks be described considering the factors shown below in order to
improve their understanding:
Cause Event Consequence

(Condition) (Uncertainty) (Possible result)
Figure 8.1 - Factors to be considered in the description of the risks

PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
15/22
REV.
MANUAL (AGIR)
3
An example of the risk description: “Licensing authority is overwhelmed due to the existence
of several licensing requests from Vale and other companies. For that reason, the timeframe
estimated by project for obtaining environmental licenses may be insufficient. This fact can
delay civil works”.
The coding of identified risks is essential to your identification and traceability within the
stages of each risk analysis.
The risk code consists of four fields, in accordance with the structure below:
Type of Risk – Project Phase – Involved Discipline – Numerical Sequence
The "Type of Risk" field corresponds to your classification:
A  Threat
O  Opportunity
F  Fatal Flaw
The "Project Phase" field corresponds to the moment when the risk was identified:
1  FEL1
2  FEL2
3  FEL3
4  Execution
The "Involved Discipline" field corresponds to the discipline to which the risk belongs:
MAM  Environment
COM  Communities Relationship
RCH  Human Resources
FUN  Land Management
SEG  Health and Safety
ENG  Engineering
POP  Operational Readiness
SUP  Procurement
PLN  Planning
CTR  Construction
ANE  Market Analysis and Economic Evaluation
The “Numerical Sequence” field corresponds to the sequential numbering of the risks: 001,
002, 003, etc. The numerical sequence must be composed of 03 (three) digits, be applied per
discipline and restarted at each project phase for new risks. It is worthy to highlight that the
codification of the risk identified beforehand in a previous phase shall be maintained in the
next identification process.
To help understand the risk coding, here are a few examples:

PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
16/22
REV.
MANUAL (AGIR)
3
• F-1-FUN-001– Fatal Flaw risk, identified during FEL 1, regarding the Land
Management’s discipline, sequential 001;
• A-2-COM-001 – Threat risk, identified during FEL 2, regarding the community
discipline, sequential 001;
• A-3-COM-001 – Threat risk, identified during FEL 3, in the Community
Relations discipline, sequential 001;
• O-4-MAM-001 – Opportunity risk, identified during Execution, regarding
Environmental discipline, sequential 001;
• A-4-MAM-002 –Threat risk, identified during Execution, regarding
Environmental discipline, sequential 002.
It is worth pointing out that the Hazard and Operability Analysis of Industrial Installations –
HazOp, has a specific encoding structure, as defined in procedure PR-E-235E.
8.3 USE OF RISK MANAGEMENT SOFTWARE (STATURE PRM)
There are numerous tools available on the market to manage and control the projects risks
ranging from Excel spreadsheets to sophisticated systems. Vale uses, for FEL3 and
Execution phases, the Stature PRM software.
This software has a unified and up-to-date database that facilitates the risk identification,
promotes the replacement of the Excel worksheets and enables the automatic issuance of
the main reports (Efficiency and/or Efficacy indicators, Action Plan status and Recurring
risks).
Moreover, it allows conducting the AGIR process in different languages (English, Portuguese
and Spanish) increasing the process agility and helps the risk controller on managing the
pending actions from the action plan through a workflow that sends e-mails to the action
owners.
This tool is divided on two modules:
• Rich Client Module: it is a web-based platform that allows the conduction the
whole process through the Internet Explorer. This module is recommended
for the risk analysts and the risk controllers.
• PHA-Pro Module: it is an off line module that allows the user to export his
study to work on places that does not have the Vale network. At the end of
the sessions, the user import the work to the on line module and keep its
bases updated. This module is recommended for the risk analysts.
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
17/22
REV.
MANUAL (AGIR)
3
8.4 CRITERIA FOR INTERRUPTING A RISK ASSESSMENT SESSION
With the purpose of guaranteeing a minimum quality of the results of the risk assessment,
objective criteria were established to interrupt the assessment session.
The definition and previous knowledge of these criteria by the people involved avoids
subjectivity in the execution of the risk assessment and conflicts provoked by the absence or
deficiency of the infrastructure for its execution.
The interruption of the assessment must be supported by evidence of the criteria and formal
registers to support the decision. The criteria are described in Table 8.1.
Table 8.1 - Criteria to interrupt a risk assessment

Criteria Description
Project The documentation necessary for the assessment is incomplete or inconsistent, which
Documentation may compromise the process.
Representative Absence of the discipline leader and/or the leader representative and the
Quorum representatives of the key disciplines in the work sessions.
9.0 RESPONSIBILITIES
9.1 PROJECT LEADER
The uncertainties of the project execution are proportional to its size and complexity and the
possible impact of the risks must be considered.
Due to the characteristics expected from a Project Leader (especially anticipation and
systemic vision - 360º), risk management is an essential tool to minimize failures and rework,
avoid fatalities and promote determination of alternative plans, thus providing the projects
with stability, predictability, safety, and competitiveness.
Due to the level of commitment with the project, seniority and decision power – fundamental
attributes of the position – the project leader is solely responsible for the project risk
management, which involves the preparation of a management plan, where actions proposed
to the work group will be critically considered regarding efficiency and execution viability, as
well as execution monitoring.
The Project Leader will be responsible for guaranteeing the effective participation of his team
and all teams, which have some interface with the project at all necessary moments for the
assessment, as well as provide the necessary information to the analysts and guarantee its
truthfulness. He is also responsible for guaranteeing the fulfillment of the assessment
planning, according to deadlines established in the procedures and assessment planning.
The responsibilities are detailed on the table below:
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
18/22
REV.
MANUAL (AGIR)
3
Table 9.1 - Project Leader Responsibilities’

Project Leader
• Assign the analyst and risk controller before the start of the work
• The project leader must make available their representatives for full-time participation in the
risk assessment meeting. The representatives must be able and fully qualified to answer
the questions they are presented.
• The project Leader will provide, on a timely basis, all the documents necessary to the risk
assessments, as specified in the AGIR methodology procedures, as well as guarantee the
truthfulness of the information. Only the requested documents will be sent to the persons
responsible for the risk assessment.
• Define which actions if the risk management plan will be tracked by each indicator
(efficiency and effectiveness) with support from the risk controller;
• Follow up the fulfillment of risk management plan;
• Provide professional to follow the verification of monitoring process.
9.2 FUNCTIONAL LEADERS
The Functional Leaders will support the Project Leader in the definition of strategies and
actions for the risk management of their projects and they will also provide the resources
necessary for the risk assessments and for the fulfillment of the actions defined in the risk
management plan.
They will also validate demands for change in the risk management plan.
9.3 PROJECT RISK ANALYST
Given the needed level of commitment to the project, this function must be carried out be a
Vale employee, although it may, in special cases, be filled by a project contractor employee.
It is worth noting that the risk analyst must be formally named and that, due to the
characteristics of his position, it is recommended that he is not part of the project team under
his analysis. This analyst must also establish great interaction with the planning coordinator
and the cost engineer.
The risk analyst is the technician responsible for executing the risk assessment processes.
To this end, this professional must have the following attributes:
• Basic knowledge of qualitative and quantitative techniques and structuring

techniques of decision problems:
• Basic knowledge of project planning and budgeting;
• Critical vision of the project to highlight the assumptions involved and the
fragilities associated with them, as well as the necessary elements to
guarantee the capture of opportunities;
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
19/22
REV.
MANUAL (AGIR)
3
• Systemic vision of the project to highlight how the risks can interfere in the
set of all the disciplines that make up the project;
• Independence to identify risks and present the results of the performed
assessment, before the other project coordinators, from the manager of the
project himself and the PMO of the business unit;
• Communication ability to work as a facilitator in the work and research
sessions involved in the identification and assessment activities. Must be
able to write the risk assessment technical reports.
The risk analyst has direct and final responsibility over the set of identified risks regarding
their amplitude, scope, and degree of detailing, as well as the set of conclusions of the
assessments. The analyst must have full knowledge of the foundations and methods used in
the risk identification and assessment.
It is also the responsibility of this professional to duly manage the documentation and the
databases, records, histories, reference documents and calculation records used in the
activities developed for the project risk management.
The responsibilities of the Project Risk Analyst are detailed on the table below:
Table 9.2 - Project Risk Analyst Responsibilities’

Risk Analyst
• Perform the risk assessment of the project management plans under his responsibility.
• If it is requested the development of the Risk Critical Analysis, the risk analyst will send a
complete assessment report (AGIR or HazOp), including the attachments, together with the
support documentation on the project, to the Normative Area of Risk Management of
Capital Projects;
9.4 PROJECT RISK CONTROLLER
The risk controller must be formally assigned by the project manager in agreement with the
risk analyst. The controller is responsible for establishing the great interaction with all the
project coordinators and all the other areas of the business and corporate units with defined
responsibilities in project risk management. The controller will be responsible for the
communication, monitoring and control of the execution of the risk management plan and
also for its possible reviews, as set out in PR-E-234E.
The risk controller must have the following attributes:
• Capacity of dialogue with the project coordinators and all the other areas of
the business unit and corporate areas;
• Experience in follow-up and communication of physical and financial
execution of action plans;
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
20/22
REV.
MANUAL (AGIR)
3
• Systemic vision of the project to highlight how the risks can interfere in the
set of all the disciplines that make up the project.
The responsibilities of the Project Risk Controller are detailed on the table below:
Table 9.3 - Project Risk Controller Responsibilities’

Project Risk Controller
• Check the status of fulfillment of the actions with the responsible for its implementation;
• File objective evidence of fulfillment of actions executed;
• File and make available, when requested, the evidence that proves the execution of the
actions defined in the management plan, as well as allow free access and necessary
information to the verification process of the risk management plan.
• Inform the Project team and responsible for the pending actions and next actions;
• Define which actions the risk management plan will be tracked by each indicator (efficiency
and effectiveness) with the project leader;
• Review risk management plan if necessary;
• Register history of mitigation, elimination or capture of risks on the cover of the risk
management plan;
• Register deviations and issues;
• Calculate monitoring indicators;
• Fill out the monitoring report;
• Forward the monitoring report to the project leader and functional leaders.
9.5 NORMATIVE AREA OF RISK MANAGEMENT
This area is responsible for the definition, implementation and continuous improvement of the
AGIR methodology to be applied in all Vale capital projects.
This team must provide technical advice to Vale projects under development and execution
phases regarding the execution and hiring of risk assessments. They also can support the
risk management process in the projects as a participant of the work groups during the
sessions.
The responsibilities of the Normative Area of Risk Management are detailed on the table
below:
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
21/22
REV.
MANUAL (AGIR)
3
Table 9.4 - Normative Area of Risk Management Responsibilities

Normative Area of Risk Management
• Perform risk analysis in projects;

• Qualify and support the Vale risk analysts and controllers and the specialized service
providers;
• Check all risk assessments in engineering projects of Vale, subsidiaries and affiliates, through
the Critical Risk Assessments, if requested by the project;
• Verify the risk monitoring process, according to procedure PR-E-234E.
10.0 INTERFACES
The interfaces are listed in each SIPOC of Attachment A.
The following areas may be involved on the Risk Assessment Process and may have some
interfaces:
Table 10.1 - Interfaces
Contractors
• In the risk assessments carried out by the specialized contractor, these services must be
in total compliance with the procedures referring to the AGIR methodology. The
exceptions must be treated individually between the business unit team and the Normative
Risk Management Area;
• The confidentiality preservation and total protection of Vale's organizational process
assets must be required from service providers;
• The contractors can be invited to attend the assessment sessions or required to provide
some information to the analysis team such as, engineering information among others.
Corporate Divisions
• Representatives of the corporate divisions can be invited to participate in the sessions or

provide data for analysis, such as: land acquisition process, information about permits,
simulate the NPV model for economic scenarios created based on risk analysis, and
estimate any other financial economic indicator used in the project.
11.0 INDICATORS
The indicators are listed in each SIPOC of Attachment A
PE-G-608E_Rev_14
CLASSIFICATION
ENGINEERING
SPE
TITLE VALE No. PAGE
22/22
REV.
MANUAL (AGIR)
3
ATTACHMENTS
ATTACHMENT A - RISK SIPOCS

ATTACHMENT A - Format: Adobe PDF
RISK SIPOCS.pdf (8 pages)
ATTACHMENT B - RISK CRITICAL ANALYSIS

ATTACHMENT B -
Format: Microsoft Excel
RISK CRITICAL ANALY (5 pages)
QUESTIONS, COMMENTS OR SUGGESTIONS

For questions, comments or suggestions regarding the SPE, please access the online central SPE
Responde, available on the Project Portal, or contact us via email at spe@vale.com.
Your participation is essential for the SPE collection improvement and maintenance processes.
PE-G-608E_Rev_14

MA-E-230E Agir Manual Rev 3

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MA-E-230E Agir Manual Rev 3

Uploaded by

Copyright:

Available Formats

CLASSIFICATION

Rev. IT Description By Ckd. Appr. Auth. Date

INTEGRATION WITH OPERATIONAL

This document may only be altered/revised by the SPE management team.

ITEM DESCRIPTION PAGE

3.0 REFERENCE DOCUMENTS

GU-E-400 Glossário de Termos e Siglas utilizados nos Empreendimentos (Glossary o

4.0 CODES AND STANDARDS

Planning, Development and Management

POL-0009-G Corporate Risk Management Policy

PMI – Project Management Institute Practice Standard for Risk Management

6.0 CONCEPT OF RISK

According to Corporate Risk Management Policy (POL-0009-G), “Risk is the effect of

Figure 6.1 – Methodology application

• Potential fatal flaws – risks which, if occurring, may permanently prevent

7.0 PROCESSES AND OUTPUTS OF INTEGRATED RISK ASSESSMENT AND

The Integrated Risk Assessment and Management (AGIR) is a process developed,

AGIR results may:

• Assist project and corporate areas in the decision making process;

• Capture identified opportunities, incorporating them to the business/project;

Figure 7.1 – Macro-process defined by standards ISO 31000:2009 and NFN-0001

7.1 BUSINESS RISK ASSESSMENT

7.2 ALTERNATIVE RISK ASSESSMENT

Figure 7.3 – Example of a decision tree for an alternative selection

7.3 PROJECT RISK ASSESSMENT

For a more precise identification, two methodologies may be applied: qualitative or

• Prior to the contracting peak, or no later than 10 months after project

7.4 INDUSTRIAL FACILITY HAZARD AND OPERABILITY STUDIES - HAZOP

As examples of this process application results we have: improved enterprise safety in

Alto Nível D1 Nível alto de minério silo SI-2120-01

Figure 7.7 – RPN calculation table, considering treatment actions.

7.5 RISK MANAGMEMENT PLAN MONITORING

7.6 CRITICAL RISK ASSESSMENT

8.0 GUIDELINES FOR ASSESSMENT

8.1 ASPECTS TO CONSIDER IN FACILITATING RISK IDENTIFICATION SESSIONS

• Generic descriptions of the risk impacts should be avoided (example:

• Recognition of the value of the practice and management of risks:

8.2 RISK DESCRIPTION AND CODING

Risk is an event or uncertain condition, which, if it occurs, brings consequences in the

Cause Event Consequence

Figure 8.1 - Factors to be considered in the description of the risks

Type of Risk – Project Phase – Involved Discipline – Numerical Sequence

The "Type of Risk" field corresponds to your classification:

To help understand the risk coding, here are a few examples:

8.3 USE OF RISK MANAGEMENT SOFTWARE (STATURE PRM)

This tool is divided on two modules:

8.4 CRITERIA FOR INTERRUPTING A RISK ASSESSMENT SESSION

Table 8.1 - Criteria to interrupt a risk assessment

9.1 PROJECT LEADER

The responsibilities are detailed on the table below:

Table 9.1 - Project Leader Responsibilities’

9.2 FUNCTIONAL LEADERS

9.3 PROJECT RISK ANALYST

• Basic knowledge of qualitative and quantitative techniques and structuring

Table 9.2 - Project Risk Analyst Responsibilities’

9.4 PROJECT RISK CONTROLLER

The risk controller must have the following attributes:

Table 9.3 - Project Risk Controller Responsibilities’

9.5 NORMATIVE AREA OF RISK MANAGEMENT

Table 9.4 - Normative Area of Risk Management Responsibilities

• Perform risk analysis in projects;

The interfaces are listed in each SIPOC of Attachment A.

• Representatives of the corporate divisions can be invited to participate in the sessions or