The Project Manager develops a Risk Management Plan (RMP) and manages it throughout the project. The RMP is regularly updated and reported to the Project Team, Project Sponsor, Project Advisory Committee and/or Major Capital Project Advisory Committee. The type of risk assessment, as identified below, depends on the complexity of the project. Risk Assessment – small, routine low-risk projects require only a Risk Analysis and Evaluation Register, which is used exclusively to identify potential risk events and responses. The risks are identified by the Project Manager or Project Delivery Team, or extracted from other sources requiring only a low level of effort. Refer to Table below: Examples of Systemic and Project-
Specific Risks.
• Qualitative Risk Assessment – used for projects that are not small or routine, and are not of significant concern. A short-form numerical approach and risk identification method may be used. The risks are identified by the Project Manager or Project Delivery Team, or extracted from other sources requiring only a low level of effort.
• Comprehensive Qualitative Risk Assessment – must be completed for projects that have medium to high risks. Detailed scoring and a risk ranking for each risk event are required. A more formal process with participation of a broad range of stakeholders is used, typically in a workshop setting.
• Quantitative Risk Assessment – high-risk projects, or those identified by having a Major Capital Project Advisory Committee, require quantitative risk assessments. The Risk Management Plan must address project delivery risks as well as product risks.
• Project Delivery Risk – addresses threats to project delivery in terms of scope, cost, schedule, and quality. Examples include inadequate budgeting, inadequate resources, or excessive demands from stakeholders.
• Product Risk – addresses the product implementation and the product’s function. Examples include uncertainty of soil conditions, a shortage of skilled Contractors, and use of unproven technology. Just as risk to project delivery may cause costly overruns or start-up delays, risk to the product may cause a poorly functioning product or costly re-work that may far exceed the consequences of project delivery risk. Separating project delivery risk and product risk allows focus and discipline to be maintained for both. Product risks are more likely to be identified by technical staff or others experienced with the product. A separate risk analysis process such as a workshop convened later in the project may
be used. Product risks are updated with a different frequency than are project delivery risks. Risk responses must be identified as part of the risk management process, either during or after the risk assessments. The Risk Management Plan also identifies the frequency of or triggers for
risk reassessments. The Project Manager is responsible for tracking all risks with summary risk reports submitted to the Major Capital Project Advisory Committee and Manager, Major Capital Projects Oversight. The Major Capital Project Advisory Committee is directly involved in reviewing risks, as indicated in Materials Management Administrative Standard. Risk Management Plan updates are included in quarterly reporting on Major Capital Projects and are required for project phase gate and/or control point approvals.
The Risk Management Plan should also consider opportunities, which are simply risks with positive impacts. Although not described in detail in this Project Management Manual, the processes and procedures for considering opportunities are similar to those for considering
threats.