Professional Documents
Culture Documents
GDF 002 (H)_PMC AMP_Risk Management
GDF 002 (H)_PMC AMP_Risk Management
GDF 002 (H)_PMC AMP_Risk Management
RISK MANAGEMENT
Procedure No. X-XX-XX-X-048
Version [v0]
Reviewed by:
Approved by:
1. This policy and procedure is controlled and centralized by the Quality Assurance Department.
2. Only the controlled electronic version is true and correct.
3. All printed or other copied versions are uncontrolled and should be destroyed when finished with.
4. The user is responsible for consulting the latest electronic version online.
CONTROL OF MODIFICATIONS
Version Page Modifications
V0.1
CONTENTS
1. Purpose..........................................................................................................................................4
2. SCOPE............................................................................................................................................4
3. DEFINITIONS AND ABBREVIATIONS...............................................................................................4
4. RESPONSIBILITIES AND AUTHORITIES............................................................................................5
5. POLICY AND PROCEDURE...............................................................................................................6
5.1 RISK MANAGEMENT PROCESS...............................................................................................6
5.1.1 Risk Identification..........................................................................................................6
5.1.2 Risk Analysis...................................................................................................................6
5.1.3 Treatment - Risk Mitigation...........................................................................................8
5.1.4 Update Risk Register....................................................................................................10
5.1.5 Risk Review..................................................................................................................10
5.1.6 Risk Closure..................................................................................................................10
5.1.7 Communication............................................................................................................10
5.1.8 Periodic Status Meetings.............................................................................................11
5.1.9 Lessons Learned...........................................................................................................11
5.2 RISK MEETING......................................................................................................................11
5.3 RISK SOFTWARE TOOLS........................................................................................................11
5.3.1 Preferred Software Tools.............................................................................................11
6. ATTACHMENTS............................................................................................................................12
7. REFERENCES................................................................................................................................12
1. PURPOSE
The purpose of this procedure establishes the Risk Management Process (RMP) for the project. The
purpose of risk management is to identify threats to project success and to mitigate or eliminate the
negative impacts to the project.
2. SCOPE
This Procedure provides guidance on how risks are identified, quantified, analysed and managed
through all phases of the project. In addition, the procedure covers who is responsible for managing
risks, how risks shall be tracked throughout the project and how mitigation and contingency plans
are developed and implemented.
Risk can be defined as a “combination of the probability or frequency of occurrence of a defined
threat or opportunity and the magnitude of the consequences of the occurrence”.
Risk is considered exclusively as a future phenomenon and risk management is a vital, fundamental,
and integral part of the project management process that has a direct impact upon the project’s
probability of success.
The risk strategy shall be to:
Define the risk management team and responsibilities (Section 3.1),
Describe the process i.e. how risks will be identified, quantified, analysed, managed and
controlled (Section 3.2),
Determine the frequency of risk review meetings (Section 3.3),
Stipulate the software tools and techniques to be employed (Section 3.4).
RESIDUAL RISK: the degree of risk left after mitigation factors have been identified.
RISK REDUCTION: A selective application of appropriate techniques and management principles to
reduce either the likelihood of an occurrence or its consequences, or both.
RISK RETENTION: Intentionally or unintentionally retaining the responsibility for loss or financial
burden or loss within the organization.
RISK RESPONSE: The decision to accept a risk, decline a risk, treat, or mitigate a risk or share a risk
with another party
RISK ACCEPTANCE: the informed decision to accept the consequences (impact) and the likelihood of
a particular risk
RISK AVOIDANCE: An informed decision not to become involved in a risk situation
RISK MITIGATION: The processes built into the controls environment, such as policies, frameworks,
accountabilities etc. to lower the residual risk
RISK SHARING: Sharing the responsibility for the impact of a risk with another party such as through
an outsourcing contract or insurance policy
MONITORING AND ACCOUNTABILITY: The processes used to manage the Risk Management
Framework on an on-going basis to reduce risk and take advantage of risk as an opportunity
PROJECT TEAM: The Project Team participates in the risk identification process, and discusses risk
monitoring and mitigation activities at risk workshops and team meetings. The Project Team
comprises stakeholders from PMC team and customer. Representing person will be defined in the
RMP.
THE RISK OWNER: The Risk Owner shall be the entity identified in the Risk Register as responsible for
managing an allocated individual risk with the accountability and authority to take actions to apply
mitigation actions. The Risk Owner may be PMC team member or customer team member. External
Risks (outside control of project) are identified and registered as such.
As a minimum the probability of the risk occurring and five likely impacts of the risk should be
agreed in the workshop. Five likely impacts represent not credible, unlikely, not likely, likely, and
highly likely values of the risks. As far as possible, the impact values should quantified by absolute
values rather than percentages and the Risk Profile Sheet is to be updated with the information.
The cost impact ranges are applied to the overall project budget to calculate the Quantitative
Analysis.
For individual contracts, the risk register is filtered to remove any non-applicable risks and the
Quantitative Analysis applied purely to that contract.
Once the risks have been qualified the results shall be displayed in table format, like in the following
Probability Impact Table (PIT). This provides a conceptual diagram for a risk rating mechanism and
shall be compiled by the Project Risk Manager marking individual risks on the matrix to give an
overall pictorial view of the main risks affecting the project.
Risk Exposure:
impacts on contract or project schedules or budgets shall be monitored and reported in the Monthly
Report.
Individual supplier Contracts include a requirement for the Contractor to produce a Risk Register in
their Monthly Report. The individual contract Managers shall be responsible for reviewing the
Contractor’s Risk Register, filtering, and incorporating emerging risks. The Risk Manager then
updates the project risk register in conjunction with the contract Manager.
5.1.7 Communication
Communications regarding risks are continuous throughout the project’s life cycle both through
verbal and written reports.
The risk management process of review and progress assessment should be undertaken on a regular
periodic basis. Where monthly review meetings are deemed necessary, they may form part of the
project progress meetings under a separate agenda item.
Decisions taken and actions placed are to be recorded on the Risk Register.
using the software for cost modelling e.g. Primavera Monte Carlo, @risk for Excel.
Time contingency calculations should only be calculated after careful consideration of suitability for
the project and by agreement with the Program Management Team. The preferred software for
project time calculations is Primavera Project Planner Enterprise (P6).
6. ATTACHMENTS
See Project Risk Register
7. REFERENCES