Capital Insight Pty Limited ABN Berry Street North Sydney NSW 2060 t f Risk management in projects CI Chat Room July 2014

boring

Risk management – the boring bits We’re obliged to do it – one of the 7 Gateway Review criteria (Australia-wide) – part of business case templates across all tiers of government – usually part of PM proposals “How do you manage risk?” – governments and most large public agencies have risk policies and procedures – part of PMBOK (1 of 10 core competencies and PM elements) – there are international standards for risk management (optional) – CI has a risk policy and procedures (not optional) culture

Risk management – CI history and culture RM was part of Capital Insight’s approach/culture from day 1 project risk was new in 1992; we brought a sophisticated approach one of the first applications was on the Sydney Hospital/Sydney Eye Hospital project imported the program to Australia to run Monte Carlo simulations RM is a continuing aspect of Capital Insight’s culture – 2 accredited practitioners* – multiple methodologies* – broad range of application e.g. business continuity, project risk, contingency, contracts* science people technology i good, cheap

Risk management – what’s your approach? objectives

Objectives move the everyday risk culture of Capital Insight into projects move further towards an embedded project risk culture (and away from a tick-the-box compliance approach) examples of the application of risk identify some of the available resources i ISO process

Risk management – ISO 31000:2009 familiar? useful? Establish context Identify risks Analyse risks Evaluate risks Treat risks Monitoring and review Communication and consultation ISO alternative

ISO 31000:2009 reinterpreted what area/s are to be examined? what are your risks? how exposed are you? can you live with it? if not, what to do? who needs to have input? who needs to know the outcomes? have treatments been done? what’s the new, current risk state? The better the risk management, the fewer issues to deal with context identification analysis (L x C) evaluation treatment consultation communication monitoring reporting application

Application different exposure areas considered during planning assist stakeholder awareness of risks and processes* risk-based contingency planning* (how much is appropriate?) – HQJOC power supply $400,000 – protocols for using contingency and ajusting it over time approaches based on considerations of – project phase – client’s risk appetite* – nature, scale and complexity of the project i college

approach Not one of ours!

General approach facilitated workshop with stakeholders at commencement – building on risk register in business case* – list of common or typical risks relevant to project* – focus areas e.g. operational risk for Lifehouse* risk framework* and risk management plan* (mandatory for CI PPs) NOT FINISHED contract risk allocation* special conditions, schedules e.g. liquidated damages, delay rates regular updates to risk register* (quarterly, milestones) regular review (when preparing project reports*) – inform client, seek directions, secure resources, assign responsibilities – process – sign-offs, recording approvals, tracking decisions – internal – CI Director, external – cost plans, programs i wires

say

Risk management – what we say input to project governance structure stakeholder planning – impact, influence* preparation of project risk management plans* development of plans for managing client-side risks e.g. WHS, security, service disruption, operational disruption/business continuity, stakeholder communications and media management project risk reporting* risk-based calculation of project contingency* facilitation of risk workshops during planning, design development and construction* development and maintenance of risk registers* facilitation of risk control groups* work to proactively manage design development, design coordination and approvals risks* do

Risk management – what do we do? Risk management is a journey governance meetings and reports – standing agenda item? – standard heading in reports? how and when are risk reviews and updates done? what ongoing assessment of the risk environment? what planning is done, based on that assessment? what detection processes are in place? once a risk materialises, what response planning and resources are available? you’re now dealing with an issue i rear view

RISK risk RISK RISKRISK risk CRMP

Risk management – recent developments Commonwealth Risk Management Policy – policy – framework – responsibility – systematic risk in project processes – communicating and consulting – understanding and managing shared risk – maintaining capability – reviewing and improving management of risk CI risk management (CIMS) – proposal review* – Project Risk Review* (... identify and manage project risks in the best interests of the Client, the company and staff...) – delivery – mandatory and structured risk review at startup and major milestones* – reporting* – budget, program, quality – risks and issues registers* – SWMS* i square

boring