Risk Management Flashcards
What is risk
Risk is defined as the uncertainty of outcome, whether positive opportunity or negative threat, of actions and events
Risk Management Process
- Identify risk (initial and continuous)
- Assess risk e.g. non-financial matrix (possibility x severity)
- Address risk- tolerate (accept), treat (manage to acceptable level), transfer (to someone else e.g. insurance, subcontractor), terminate (avoid the risk)
- Monitor- review and report risks e.g. via risk register and update actions as appropriate
How risk is allocated on NEC A Priced Contract with Activity Schedule
Greater financial risk on the contractor but requires scope certainty.
How risk is allocated on NEC B Priced Contract with Bill of Quantities
Greater financial risk on the contractor but requires scope certainty.
How risk is allocated on NEC C Target Contract with Activity Schedule
Shared financial risk but still requires scope certainty to set an accurate target cost.
How risk is allocated on NEC D Target Contract with Bill of Quantities
Shared financial risk but still requires scope certainty to set an accurate target cost.
How is risk allocated on NEC E Cost Reimbursable Contract
the developer/ client will largely take on the financial risk.
How is risk allocated on NEC F Management Contract
the client takes on the financial risk.
How traditional procurement route deals with risk
Clients architect takes design responsibility so greater risk on client
How D&B procurement route deals with risk
D&B contractor takes design risk so greater risk on them
How Management procurement route deals with risk
nearly all risk with the client
RICS risk guidance note
Principles of risk; Definition of risks, issues and types of risk (consequential, political, programme
Mitigation; avoidance (terminate), reduction (treat), transfer, share, retain
Quantification; probability tree’s, monte carlo, probability x severity, sensitivity analysis
How was portfolio risk register managed
Portfolio risk register with portfolio wide risks (inflation, resource shortage, etc.) as well as project specific risks.
Quarterly risk workshops held to identify new risks, with description, cause, effect, probability, min, max, expected cost, EMV (expect x probability) and min, expected and max time impact. Mitigation actions with owners and dates were identified. Existing risks were reviewed at the workshops to monitor actions and update any details as appropriate.
I would chair the meetings, contribute to risk identification, quantification, etc. and then upload to ARM (Active Risk Management System) which would calculate the risk score based on the probability and EMV, and categorise the risk register into high, medium and low risks.
Risk reports could be downloaded from the system and information used to assess level of risk to be attributed to the portfolio.
Quantifying risk using Estimated Monetary Value
Assessment of the max, min, expected costs would be identified with expected cost x probability used to calculate the estimated monetary value.
How to identify successful risk mitigations
Successful risk mitigations would be reviewed during the risk workshops assessing if they have successfully mitigated or reduced the impact of the risks, and new actions identified if the risk has not been completely mitigated
How to use ARM (Active Risk Manager)
A risk area is produced by a central team for projects (the portfolio was allocated an area as a whole). In the project area there is a function to add new risk with mandatory fields to be populated based on the description, cause, effect, the chosen TfL assessment method (cost & time impact & EMV) probability and actions and owners.
There is a section which details various reports that can be downloaded, this is automatically done by the system although there is a function to edit the parameters.
TfL’s Enterprise Risk Management Framework
Enterprise risks - any risks to the achievement of TfL’s strategic objectives affecting more than one business area
The ERMF provides a structured and consistent approach to risk management across TfL.
TfL 8 step risk management process
- Establishing the scope, the context and objectives helps to customise the risk management approach, enabling effective risk assessment and appropriate risk treatment.
- Risk identification including describing the risks (threats and opportunities) that might prevent or help TfL to achieve its organisational objectives.
- Risk assessment and analysis to provide an input into risk evaluation, helping to decide on whether the risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods
- Risk evaluation is to support decisions and determine whether additional mitigating actions may be required. Assessing whether a risk sits outside of acceptable corporate risk tolerance levels is one way of deciding whether to prioritise specific mitigating actions on a risk.
- Risk treatment is to select and implement options for addressing risk (treat, terminate, transfer and tolerate)
- Record and report risks through appropriate mechanisms to ensure risk management activities and outcomes are communicated at various levels of TfL and to inform the decision-making processes.
- Communication and consultation with appropriate external and internal stakeholders must take place throughout all steps of the risk management process
- Monitoring and review must take place in all stages of the risk management process. Ongoing monitoring and reviews of the risk and its outcomes should be planned, and responsibilities clearly defined.
Risk assessment tools
Qualitative and quantitative probability and severity matrices
Failure modes and effects analysis- identifying where and how it might fail and to assess the relative impact of different failures, in order to identify the parts of the process that are most in need of change
How to quantify risk
NRM1 sets out estimating risk values.
QRA
- Quantitative Risk Analysis split into two parts may (Quantitative Schedule Risk Analysis & Quantitative Cost Risk Analysis)
- involves the probability of each risk and an assessment of their cost / time impact e.g min, max and most likely
- a probability curve is then produced showing the probability of the overall time/ cost impacts
What is the Monte Carlo simulation?
- a mathematical technique that predict the probability of a variety of outcomes of an uncertain event based on different variables
