BSBPMG632 Manage program risk
Practical Task
Executive Summary
The purpose of this document is to provide a management framework to ensure that levels of
Risk and uncertainty are properly managed for the remainder of the program. As risk
management is an ongoing process over the life of a program, the Risk Register must be
considered a ‘snapshot’ of relevant risks at one point in time.
This document will achieve this by defining the following:
• the process that will be/has been adopted by the Program to identify, analyse and evaluate
isks during the remainder of the program;
• how risk mitigation strategies will be developed and deployed to reduce the likelihood and/or
impact of risks;
• how often risks will be reviewed, the process for review and who will be involved;
• roles and responsibilities for risk management;
• how reporting on risk status, and changes to risk status, will be undertaken within the Program
and to the Steering Committee;
• a complete Risk Register containing all risks identified for the Program, their cu
ent gradings
and the identified risk mitigation strategies to reduce the likelihood and seriousness of each Risk.
Introduction
The purpose of risk management is to ensure levels of Risk and uncertainty are identified and
then properly managed in a structured way, so any potential threat to the delivery of outputs
(level of resourcing, time, cost and quality) and the realisation of outcomes
enefits by the
Business Owner(s) is appropriately managed to ensure the program is completed successfully.
The objectives of the risk management approach in the Construction Projects are to identify,
assess and mitigate risks where possible and to continually monitor risks throughout the
emainder of the program as other risks or threats emerge or a risk’s impact or likelihood
changes.
As risk management is an ongoing process over the life of a program, this Risk Management
Plan and Risk Register must be considered a ‘snapshot’ of relevant risks at one point in time.
Where required, the process of risk identification, assessment and the development of
countermeasures will involve consultation with the Steering Committee members, the
Construction Projects Reference Group, other relevant stakeholders and Program team
members.
Risk Management
Risk Assessment
Identification:
Risk identification involves determining which risks or threats are likely to affect the program. It
involves the identification of risks or threats that may lead to program outputs being delayed or
educed, outlays being advanced or increased and/or output quality being reduced or
compromised.
For most large/complex programs, a number of high-level risks should have been identified
during the program initiation stage – these should be used as the basis for a more thorough
analysis of the risks facing the program.
One of the most difficult things is ensuring that all major risks are identified. A useful way of
identifying relevant risks is defining causal categories under which risks might be identified. For
example, corporate risks, business risks, program risks and infrastructure risks. These can be
oken down even further into categories such as environmental, economic, political, human,
etc. Another way is to categorise in terms of risks external to the program and those that are
internal.
See the Program Management Risk Identification Tool for some useful prompts in identifying
program risks. The Australian Standard for Risk Management AS/NZS 4360: 2004 Appendix D
efers to generic sources of Risk.
The wording or articulation of each Risk should follow a simple two-step approach:
1. Consider what might be a ‘trigger’ event or threat (e.g., ‘Poor quality materials cause costs to
ise’) – several triggers may reveal the same inherent Risk; then
2. Identify the Risk - use a ‘newspaper headline’ style statement – short, sharp, and snappy (eg.
‘Budget blow out’) then describe the nature of the Risk and the impact on the program if the Risk
is not mitigated or managed (e.g., program delayed or abandoned, expenditure to date wasted,
outcomes not realised, government emba
assed etc).
Use the Risk Register to document the results.
For large or complex programs, it can be beneficial to use an outside facilitator to conduct a
number of meetings or
ainstorming sessions involving (as a minimum) the Program Manager,
Program Team members, Steering Committee members and external key stakeholders.
Preparation may include an environmental scan, seeking views of key stakeholders etc.
For a small program, the Program Manager may develop the Risk Register perhaps with input from
the Program Sponso
Senior Manager and colleagues, or a small group of key stakeholders.
It is very easy to identify a range of risks that are outside the program and are risks to the business
area during output delivery, transition or once operational mode has been established. These are
not program risks and should not be included in the Program Risk Register but refe
ed to the
elevant Business Owner. It may be appropriate to submit an Issues Paper to the Steering
Committee recommending formal acceptance by the relevant Business Owner for ongoing
monitoring and management of specific risks.
See the Program Management Fact Sheet: Developing a Risk Management Plan and the Risk
Identification Tool for more information on how to undertake risk identification.
In this section specify:
• what risk identification process has been undertaken (i.e.,
ainstorm, facilitated session, scan
y Program Manager etc);
• any categories used to assist in the identification or relevant risks;
• when the risk identification process occu
ed; and
• who was involved.
Analysis and Evaluation:
Once risks have been identified they must be analysed by determining how they might affect the
success of the program. Generally, the impact of a risk will realise one or any combination of the
following consequences:
• Program outcomes (benefits) are delayed or reduced;
• Program output quality is reduced;
• Timeframes are extended;
• Costs are increased.
Once analysed, risks should be evaluated to determine the likelihood of a risk or threat being
ealised and the seriousness, or impact, should the Risk occur.
'Likelihood' is a qualitative measure of probability to express the strength of our belief that the
threat will emerge (generally ranked as Low (L), Medium (M) or High (H)).
'Seriousness' is a qualitative measure of negative impact to convey the overall loss of value from a
program if the threat emerges, based on the extent of the damage (generally ranked as Low (L),
Medium (M), High (H) or Extreme).
Template 1:
This practical task aims to understand and identify the risks you may face in construction projects, as
shown in Figure 1.
The workers in this construction site are not working very safely, and some fundamental safety issues
are missed.
According to Health and Safety Organisations, the most common risks that occur and are reported in
such projects are working at heights, slip and fall, improper use of Personal Protective Equipment
(PPE), and use of ladders.
Based on the provided information, identify five risks for the following risk categories and complete
the data in Table 1 according to a typical Risk Matrix:
• Residual Risk
• Inherent Risk
• Secondary Risk
Figure 1: A typical construction site.
Table 1: Risk Assessment
No. Risks Risk
likelihood
Risk
consequence
Risk rating Risk Control
Residual Risk
1.
2.
3.
4.
5.
Secondary Risk
1.
2.
3.
4.
5.
Inherent Risk
1.
2.
3.
4.
5.
Answer sheet
Table 1: Risk Assessment
No.
Risks
Risk likelihood
Risk consequence
Risk rating
Risk Control
Residual Risk
1.
2.
3.
4.
5.
Secondary Risk
1.
2.
3.
4.
5.
Inherent Risk
1.
2.
3.
4.
5.