Ref Risk Description Stage of the contract Potential consequences Inherent risk (before Safety Controls Assurance Residual

Safety Controls Assurance Residual risk Risk Owner Risk Type

No. management control) (remaining risks after
Low = 1, High = 5 controls have been
applied)

(L x C)Residual Risk
C (1-5)Consequence

C (1-5)Consequence
(L x C)Inherent Risk
L (1-5)Likelihood

L (1-5)Likelihood
1 Inadequately During the Contract -Leads to overruns on time or 4 5 20 -Managing Contract -Assessment 3 4 12 Head of Financial
administering the implementation cost performance. -Training Procurement Reputational
contract -Full benefits not achieved -Financial Regulations -Contract Department
-Delivery of unsatisfactory Budgetary control checklist
product -Maintain up-to-date agency -Contract
-Contract/supply disputes procedures and practices performance
-Potential of Fraud and -Ensure all staff are suitably measurements
corruption trained and experienced in
contract planning and
management

2 Environmental Before, during and -Delays in delivery 5 5 25 -Make a proper demand -Contract 3 3 9 Warehousing Financial
risk: Covid-19 after the Contract -Delays in payment planning Manager Reputational
pandemic implementation -Volume of selling/purchasing -Keep a considerable
goods does not fulfill the amount of inventory
required amount in the Contract -Seek for substitutes

3 Loss or damage to During the delivery -Delays in delivery 4 4 16 -Include appropriate -Contract 2 3 6 Transporting Financial
goods in transit phase -Downtime packaging instructions in -Insurance Manager Environmental
-Liability disputes specification -Inspection
-Agree on insurance cover Certificate
for supplier to provide
-Accept delivery only after
inspection
-Know when title of goods is
transferred to buyer
 The risk register has an overall aim of improving the logistics contract
management of Mega Market. This risk management plan sets out financial and other
risks and how they will be mitigated. It explains the principles relating to the
Company’s risk management strategy and the approach to be taken with respect to this
scheme. It also refers to the contract management, governance, stakeholder
engagement and communication, procurement and contract management.
The Head of Procurement Department will be responsible for the management
of risks associated with the scheme, including chairing regular risk workshops and
maintaining the Risk Register. The risk management process improves when
responsibility for individual risks are delegated to team members, where necessary.
Therefore, risk workshops will be held at regular intervals during the delivery of the
scheme and will be timed to coincide with various key milestones and activities
shown on the programme.
• Start of detailed design for scheme elements
• Midpoint of detailed design for scheme elements
• Start of procurement for individual scheme elements
• Following award of contract for individual scheme elements
• During mobilisation period
• At frequent intervals during the contracting period.
The effective management of risk and uncertainty through accurate evaluation
and proactive mitigation of risks is critical to the success of the project. The following
guiding principles will be adhered to:
- Risk management is part of all project management board meetings and
decision-making scheme risk will be managed as an on-going process as part of
the scheme governance structure. A scheme risk register is maintained and
updated at each of the two-weekly risk workshops. Responsibility for the risk
register being maintained is held by the Head of Procurement Department.
- Risk management will be proactively and consistently applied throughout the
contract lifecycle
- Risk communication will be open and transparent to all stakeholders
- The management of risks is to ensure their reduction to a level as low as
‘reasonably practical' or adopt appropriate mitigation strategies.
A risk assessment will be initiated at the beginning of the project, with the
identification and assessment of risks in terms of their likelihood and associated cost
outcomes. The risk assessment will be reviewed regularly and the Contract
Management team will identify risks and measure their impacts on the programme.
All risks will be documented in a register with the impact on the programme clearly
defined and the mitigation set out. The programme will take account of the ‘most
likely’ scenario after mitigation.
 The 1st step is the identification of all risks affecting the project through risk
workshops and risk reviews, resulting in a risk register. Risk workshops typically
include a mixture of expertise such as engineers, designers, finance officers,
procurement specialists, and environmentalists. On the screen, we have 3 risks in the
risk description, which is a summary of the hazard and what may cause it, after
assessing with the members and specialists. Our group focuses on the analysis of the
first risk “Inadequately administering the contract”. The consequence for not closely
supervising the Contract is mentioned in the next column.
The second step is to identify where the risks are going to arise during the
Contracting period and the consequences to the activity if the risk were to materialize.
For this Contract, the Team divided the risk management into 3 stages: before, during,
and after implementing the Contract. For this risk, ineffective contract administration
leads to overruns on time or cost and failure to meet the set aims. Other outcomes
could be late deliveries, payment delay, disputes arising between the 2 parties as they
fail to perform their obligations, or the worst scenario is the deliberate exploitation of
the staff to embezzle the fund of the company.
The third step of the process is the analysis of the various risks by defining
their distributions in terms of probabilities, impacts and knock-on effects. This
information is gathered through risk workshops and other interactions. A qualitative
risk ranking will be undertaken in the form of a standard decision matrix or the
inherent risk columns in the risk register. In risk management, inherent risk is the
natural risk level without using controls or mitigations to reduce its impact or severity.
It is measured by two factors – impact and likelihood on the scale from 1 to 5. The
inherent risk is calculated by multiplying the 2 elements likelihood and consequence
with the highest score of 25. Any risk scoring 20 or above (i.e. in the red shaded area,
named Extreme) are serious in nature and, therefore, will be under strict control of the
Team. The scores from 15 to 19 are in the High level, from 12 to 14 are in the
Medium level, while the remaining is observed as Insignificant. Poor contract
administration results in serious deficits, and there is a great possibility that the
Contract is not under proper supervision, therefore, the team gives this risk the
likelihood score of 4 and the impact score of 5. The inherent risk is 20 after
calculating, which is an extremely high threat to the organization.
The fourth step is to identify if there are any controls currently in place to
mitigate those risks. If not, develop and document Risk mitigation actions. For those
risks that have been ranked as medium, high or extreme, address with mitigating
actions:
- Medium: Mitigation actions to reduce the likelihood and seriousness should be
identified and appropriate actions to be endorsed at a Divisional level.
- High: If uncontrolled, a risk event at this level may have a significant impact
on the operations of the Company as a whole. Mitigating actions need to be
 very reliable and should be approved and monitored by the contract owner with
reporting to the responsible Dean or Executive Director. Even with mitigating
actions in place, the Executor (contract signatory) should be advised of
identified or potential risks which have been graded at this level.
- Extreme: Activities and projects with unmitigated risks at this level should be
avoided or terminated. Mitigation actions of these types of risks may outweigh
the benefits of the activity to the Company. This is because risk events graded
at this level have the potential to have significant adverse effects to the budget
holder or the Company.
As the score for this risk is 20, the Company takes serious controls such as managing
Contract performance, budget control, maintaining up-to-date procedures and
practices and staff training.
For the Assurance, its aim is to track the effectiveness of the safety control through the
meetings, verification, or internal audit. This risk is managed through assessment,
training, contract checklist, contract performance measurements. The training and
assessment aim to check the professional knowledge, understanding and skills of the
staff, meanwhile the contract checklist is designed to provide valuable insights into
the contract lifecycle management through contract performance measurements such
as annualized contract value, quality/complaints resolved, perfect orders, etc.
The sixth step is to re-assess and re-rank the risks based on residual results.
Residual risk rating is the overall rating given to the hazard based on the likelihood
and consequence after safety controls have been put in place. If the risk rating still
remains high or extreme, there should be the interference of the specialists or third
party consultants. The ranking of the risk after applying the mitigation strategies drops
to 12, which is acceptably in the Medium level.
The seventh step is to identify the name of the position responsible for the
hazard and safety control. There can only be one risk owner per risk in order to avoid
the duplicable responsibility. Head of the Procurement Department is in charge of this
risk. The last one is the risk type. This column shows how the risks are going to affect
which aspects of the Company. Financial risk is risk arising from insufficient funding,
losing monetary resources, spending, fraud or impropriety, or incurring unacceptable
liabilities. Meanwhile, reputational risk is risk from damage to the organization’s
credibility and reputation.