Document Title: Risk Management Plan Document No.

: OP-704

Rev.: 1 Issue Date: 15 July, 2010

Copyright:
The copyright of this document is the property of RW Armstrong and must not be copied. However, blank forms from appendices may be copied. Disclosure to any person outside RW Armstrong or usage for any purpose other than that for which it has been prepared is not permitted without prior written consent.

Page 2 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

Revision Schedule: Issue No

1 2

Rev. No
0 1

Date
18/05/09 15/07/10

Pages of the Amendment

N/A All

Reviewed by / Signature
Khaled Zaghloul Tarek Hozayan

Authorized by / Signature
Mona Salem Mona Salem

Page 3 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

Contents: 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0

8.1 8.2 8.3

Purpose/Scope ................................................................................ 5 References ..................................................................................... 5 Abbreviations .................................................................................. 5 Definitions ..................................................................................... 5 General ......................................................................................... 6 Responsibilities ............................................................................... 6 Flow Chart ..................................................................................... 6 Process Description .......................................................................... 7
Risk Management Planning ........................................................................ 7 Risk Management Execution ...................................................................... 7 Risk Close out ...................................................................................... 12

8.0 9.0

Records ........................................................................................ 12 Appendicess .................................................................................. 12

Page 4 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

1.0

Purpose/Scope

This RMP provides consistent methods to manage risks, ensuring the success of any given project. Risks are related to an event that might occur during any given time that may impact project schedule, scope, budget, or performance. Risk management process attempts to identify and manage the risk events that might occur during the implementation of the project. It minimizes the impact, manages the responses, and provides contingency funds for the risk events that might occur in the project. Risk management process has to go through four major steps in order to effectively decrease the amount of risks and control risks during the construction process. These steps are: risk identification, risk assessment, risk response, and risk response control.

2.0

References
Documents Control Procedure Communication Procedure Site Supervision operations procedures Project Contract RWA QHSE Manual Project Management Plan Project Communication Plan Management of Tender Process Project Controls System Project at Close-out Project Document Control Ref.: GP-103 Ref.: GP-102 Ref.: IMS Group- 6 Ref.: Specific to project Ref.: QHSE-001 Ref.: OP-701 Ref.: OP-703 Ref.: OP-708 Ref.: OP-710 Ref.: OP-713 Ref.: OP-717

3.0

Abbreviations
PMC: RMP: CPMS: CA: CC: SOS: SOW: NOC: LOA: Project Management Consultant Risk Management Plan Contract for Project Management services Consultancy Agreement Construction Contract Scope of Services Scope of works No Objection Certificate Letter of Award

4.0

Definitions
Risk Originator: RW Armstrong team member who is assigned to initiate risk management report. Risk Owner: The company/entity in which the risk event derived from and will affect it. Probability of Occurrence: The likelihood of the occurrence of a specific event. Probability of Impact: The severity of damage/destruction of a specific risk.

Page 5 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

5.0

General

Risks are measured in terms of likelihood of occurrence and their impact as they relate to any given project. Every project has inherent risks. Almost no project in construction is a risk free project; moreover, no amount of planning can overcome risks. A risk may be negative such as mistakes in the design fault or positive such as a sudden decrease in the material prices. Some risks can be identified before the projects starts, and some risks just cannot be anticipated. Specific RMP shall be set to the project according to contract agreement and scope of services (SOS). RWA Project Manager has to adopt this procedure to suite with the specific project`s requirements and scope, as per the Project Management consultancy agreement.

6.0

Responsibilities

RWA Project Manager is responsible to implement this procedure. The project team members to implement the procedures related to the tasks. RWA H.O QA/QC Section Manager will plan, prepare and perform the internal auditing to ensure the implementation of RWA IMS manual and procedures.

7.0

Flow Chart
RISK EXECUTION PROCES FLOW-CHART

Definingtheprojectscope

Riskidentification.

RiskAssessment

Application of RiskResponseStrategies and selecting Techniques

DevelopingandDocumentingaRiskMitigatingPlan

Controlling(feedbackand reporting)

Risk Close out

Page 6 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

8.0

Process Description

To identify specific objectives of RMP; the goal of RMP is to proactively identify and address risks as early as possible in the project and through the design/construction process in order to avoid any surprises and reduce/eliminate impacts of risks early on. Ensure critical risks impacting scope, schedule budget, and/or change management are clearly identified, communicated, and mitigated in a timely manner. Facilitate attention to risks impacting the project and individual teams. Produce information that allows project management to channel efforts on the right risks with an effective coordination of effort. Ensure that project client and stakeholders are well informed; if applicable, participate in the mitigation process. Record and document all risk management issues for future references. 8.1 Risk Management Planning

Primary Activities: Establish the risk management organization for the project and assign roles and responsibilities for team members. Select a risk tracking tool that adequately supports collection, management, and risks reporting. This tool will integrate risk description, assignment of severity scores, and capture of mitigation actions, plan, and results. Determine if a risk model is relevant for the project and select the specific model classes of projects. It contains risk factors organized into categories for ease of administration and reporting. Evaluate the capability and availability of project team members to perform risk assessment to independent auditor task. Develop planning to have an initial assessment and periodic monitoring/audits. 8.2 Risk Management Execution This section describes step by step the risk management process from identification to completion. The RMP is a continuous cycle; it is performed initially during the project planning and updated throughout the project stages. Step 1: A clear definition of the project and scope Project undestanding and scope of works shall be studied. Step 2: Risk identification Define risks through brainstorming sessions, communicating with team members, and sharing past experiences. New risks might arise from a variety of sources including but not limited to: New risks previously missed or unforeseen from previous projects New risks arising as a result of a change in circumstances such as: new stakeholders, resource turnover, resources availability, etc. New risks that arise from an approved change order (variation order) where cost, scope, or schedule may be amended, impacting critical path. New risk arising from a result of escalation of major project issues. New risks from current risks whose response requires further investigations.

Page 7 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

New risks arising from the outcome or consequence of another risk occurrence.

Step 3: Risk Assessment: The risk originator is responsible for the initial risk assessment. The risk assessment activity includes the following: Risk description Risk area Probability of Occurrence: For each risk element on the list, determine if the likelihood of it actually materializing is High, Medium, or Low. If numbers absolutely have to be used, then figure Probability on a scale from 0.00 to 1.00. 0.01 to 0.33 = Low, 0.34 to 0.66 = Medium, 0.67 to 1.00 = High. Note: If the probability of an event occurring is ZERO, then it will be removed from consideration. Theres no reason to consider things that simply cannot happen.

H M L N/A TBD
Table:1

High Medium Low Not Available To Be Determined

Exhibits the high risk cures, has happened frequently, has a very significant chance in happening in the future; or for a single event ,has already happened has happened occasionally or has a reasonable but not completely expected chance of happening in the future

has happened very infrequently or is expected not to happen except infrequently

Irrelevant to this project of operation

Impossible to determine probability with current information available; additional study required. Consider High probability until otherwise identified.

Probability of Impact: In general, assign impact as High, Medium, or Low based on some established guidelines. If numbers will be used, then figure impact on a scale from 0.00 to 1.00. (0.01 to 0.33 = Low, 0.34 to 0.66 = Medium, 0.67 to 1.00 = High). Note: If the probability of an event occurring is ZERO, then it will be removed from consideration. Theres no reason to consider things that irrelevant regardless of the probability.

H M L N/A TBD
Table:2

High Medium Low Not Available To Be Determined

The Issue will have a major impact on the project and is likely to cause significant disruption; a very visible event. The issue will have some impact on the project and be visible to a number of users; a possible disruption in the project. No major disruption or negative effects on the project; any minor impact that could be corrected without significant effort or visibility.

Irrelevant to this project of operation.

Impossible to determine probability with current information available; additional study required. Consider High Impact until otherwise identified.

Page 8 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

Project Risk Owner In assessing the risk, the Risk originator first assesses the Probability of Occurrence using Table 2 as a reference. Then the Risk Originator assesses the Probability of Impact in each of the 5 impact areas noted in Table 2. The overall Probability of Impact equates to the highest of the individual assessed areas. Example: If some identified risk is assessed and then it can have the following impact properties at the range of; Scope = Low Budget = Medium Schedule = High

In this example the overall Probability of Impact is "High", since "High" is the highest of the individual assessed areas. Once the Risk Originator determines the Probability of Occurrence and the Probability of Impact, the Risk Originator determines the Risk Severity Level based on the following table.

Probability of Impact High Medium Low

Risk Assessment Severity Level Matrix Medium High Low Medium Very Low Low Low Medium Probability of Occurrence Very High High Medium High

Example : A risk has been identified and assessed with a Probability of Occurrence of 'medium' and a Probability of Impact of 'high'. The Risk Severity Level is 'high'. Once the risk is identified and assessed, the team performs a check on the risk to ensure the risk fits the RMP definition of a risk. Should the team have any questions or need further clarification, the Risk Originator is contacted to provide the necessary information. If the risk does not fit within the risk definition or is a duplicate of another risk, the team cancels the risk and notifies the Risk Originator of the cancellation. In addition, the team updates risk status in the risk-tracking database to "Cancelled. Note that the risk assessment severity level matrix could be expanded to be 4x4 or 5x5 depending on the diversity of risks involved. Step 4: (Risk Response Strategies/ Techniques) After successful identification and assessment, a response strategy will be integrated into each and every risk item. The following table will explain techiniques and the main responses used.

Page 9 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

TECHNIQUE
ACCEPTANCE

DESCRIPTION This technique recognizes the risk and its uncontrollability. Acceptance is a passive technique that focuses on allowing whatever outcome to occur without trying to prevent that outcome. This technique is normally used for low or very low risks where a scope efficient means of reducing the risk is not apparent. This technique uses an approach that avoids the possibility of risk occurrence. Avoidance can be thought of as nullifying the risk by changing the contract parameters established between the Client and Consultant/Contractor. The following items represent ways of avoiding risks: 1. Work Scope Reduction 2. Changing the requirements and/or specifications 3. Changing the Scope of Work (SOW) 4. Changing the Technical Baseline 5. Developing and submitting Waivers and Deviations This technique is made up of actions that are to be taken that reduce the risk likelihood or impact. Control-based actions occur at all points throughout the project's lifecycle and are typically the most common response. They typically identify an action or product that becomes part of the work plans, and which they are monitored and reported as part of the regular performance analysis and progress reporting of the Project. This technique defers all actions until more work is done and/or facts are known. Investigation-based responses do not define any mitigation for reducing an individual risk. They are responses to risks where no clear solution is identified and further research is required. Investigation may include root cause analysis. Investigative responses immediately and directly lead to a greater aggregated Program risk. This is because the probability quantifier for each risk includes the effect of the applied response, for which there is none, and the level of control quantifier indicates the level of influence to apply that response, which is low. Reduction is the active lowering of risk by a planned series of activities. Techniques include: Advance design models Simulation
Rapid Prototyping Early multi-discipline involvement Consultant and/or specialist reviews Modeling Trade Studies Team Workshops Reduce Dependencies Client involvement Joint Applications development groups

AVOIDANCE

CONTROL

INVESTIGATION

REDUCTION

TRANSFERENCE

Transference is the process of moving something from one place to another or from one party to another. In this, the risk can be transferred to the customer or to the contractor. Typically, transference includes the sub-contracting to specialist contractor/consultant who are able to reduce the overall risk exposure. This technique is best utilized during the proposal/planning stage. Transfer can also include the use of third party guaranties such as insurance backed performance bonds.
Page 10 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

Step 5: Developing and Documenting a Risk Mitigating Plan The Risk Owner to document their Risk Response Strategy/Technique in a step-by-step, sequential plan. The sequential plan contains those steps, that when completed, will lead to the risk being successfully mitigated. When the Risk Owner completes this plan, it becomes the Risk Mitigation Plan. At a minimum, every Risk Mitigation Plan contains Action Item steps that will successfully mitigate the risk to the risk's targeted severity level by the risk's targeted due date. Each Action Item step contains the following elements in addition to the Action Item step to ensure the risk is successfully mitigated: The Action Item Start Date (the date the Action Item is scheduled to start) The Action Item Due Date (the date the Action Item will be completed) The Action Item Target Severity Level (the severity level that will be obtained when the Action Item is completed) The Action Item Owner (the person responsible for performing the Action Item step) The Program's Work Breakdown Structure (WBS) number that corresponds with the Action Item step (if applicable). Tying the Program's WBS number that corresponds to each Action Item step typically avoids or mitigates the identified risk.

Should the Risk Owner need assistance in formulating the Risk Mitigation Plan, the Risk Owner should contact the Project Manager or any member of the PM Team for assistance. Furthermore, examples of appropriate Risk Mitigation Plans are available from the Project Manager. The Risk Owner updates the risk-tracking database with the Risk Mitigation Plan along with associated action items and supporting details to achieve targeted severity level. The status is updated to: Mitigation Plan Created. The Project Manager is responsible for tracking and controlling the RMP and monitoring the progress by each responsible party. Step 6: Controlling (feedback and reporting) The PM Team generates standard reports as part of the risk management process. In preparation for the Risk and Issue Management meeting, the PM Team prepares a Risk Watch List which lists the risks for review (i.e. new, open, and ready-to-complete risks). After the PM Team meets, the PM Team notifies the Client and Risk Owners of the results of the meetings (i.e. status of new risks submitted, new risk assignments, and risks approved for closure) through the Risk and Issue Meeting Report. A summary of standard notices and reports are listed below. Standard Risk Notices and Reports

REPORT
Risk Watch List Risk and Issue Meeting Report

SENDER
PM Team PM Team

TIMING
Prior to the Risk and Issue Management meeting Within 24 hours of the Risk and Issue Management meeting

Page 11 of 12.

Document Title: Risk Management Plan Document No.: OP-704

Rev.: 1 Issue Date: 15 July, 2010

Risk Watch List The PM Team produces a weekly Risk Watch List depicting a point-in-time view of the status of all documented risks and summary-level statistics. Special emphasis is on risks that are: o o o o New Past due (in all severity levels) Very High and High severity risks that are due within the next month Medium, Low, and Very Low severity risks that are due within the next month

Risk & Issue Meeting Report The PM Team publishes a Risk & Issue Meeting report, summarizing all actions taking place at the Risk & Issue Management meeting. This report is published within 24 hours of the meeting to the client. Risk Close out

8.3

At the completion of the Project, the Project Manager is responsible for ensuring successful transition of any open risks and for capturing and harvesting lessons learned for future project work. The primary activities are described below. Validate the completion of identified risks. For any open risks, assess whether there is ongoing operational risks that warrant communication of these risks to the operational transition team. Document remaining open risks and provide access to final report. Produce final risk management metrics and evaluate process effectiveness against established benchmarks. Capture risk factors and risk mitigation plans for inclusion in Risk Reference Models. Produce final Risk Management report including all the risks identified in the project.

9.0

Records
All original records shall be archived and filed by the RWA Document controller. All mentioned documents distribution is being preformed through Document Controller.

10.0 Appendices
OP-704 (A) Appendix 1 OP-704 (B) Appendix 2 OP-704 (C) Appendix 3 OP-704 (D) Appendix 4 OP-704 (E) Appendix 5 OP-704 (F) Appendix 6 OP-704 (G) Appendix 7 Standard Risk Notices and Reports Template. Risk Assesement Matrix Template. Risk Mitigation Plan Template. Risk Watch List Form. Risk Tracking Form. Risk Closing Form. Risk Register Template.

Page 12 of 12.