TAM – Risk Management Guideline 31 Case #5 Tender risk assessment Project familiarisation The project involved demolition of an overhead roadway where significant implications for continuing use of adjoining infrastructure arose. These implications included loss of life and disruption to major services. The objectives of the project were the timely and safe removal of the obsolescent roadway, at the lowest practical cost. Tenders had been called and assessment criteria included compliance with tender requirements, capacity to meet programming deadlines and restricted site access and procedures to minimise adverse risk impacts. The key elements of the project concerned the main phases of work and precautions proposed by tenderers to address the sensitive aspects of the demolition. These included cranage provisions, removal of debris and excess material, precautions to retain structural integrity and preparatory measures prior to site access. Risk analysis As part of the tender documentation, major risks of the demolition project were identified by agency staff, impacts assessed and likelihoods estimated. These risks included damage to adjoining infrastructure, protracted interruption to services, failure to complete within time frame and injury to works personnel. Reference to these factors was included within tender documentation. As part of the tender evaluation an assessment was made of how well each tenderer addressed these factors and the risk measures proposed. An additional measure outlined in tender submissions was also considered. An outline of the principal risks and minimum measures is presented in the following table. Risk Management The selection of the preferred tenderer took into account how well the risk implications associated with the work were addressed and any additional measures that reduced potential liabilities, within the context of meeting time and cost constraints. Tender acceptance was made conditional on these procedures being observed or completed during execution of the works. TAM – Risk Management Guideline 32 Risk Management table: Tender assessment Risk Consequences Risk measures Work not completed to deadline Delays to adjoining services Additional costs Adverse publicity Detail preparatory work Assured method of temporary span holding Establish reserve cranage capacity for contingencies Power lines damaged Loss of service Additional costs Adequate protection of wiring Method of work to minimise likelihood of line interference Damage to rail or signalling Loss of service Adverse publicity Additional costs Protection for signalling Security of span lift Minimisation of debris from lift activities Derailment due to debris on the track Injury or loss of life Damage to equipment Loss of service Plan to minimise debris Preventive measures to exclude debris from service easement Collapse of roadway segment in easement Injury or loss of life Loss of service Damage to equipment Adverse publicity Lighten span to reduce likelihood of failure No loading of span after first section removed Injury or fatality to contractor personnel Injury / loss of life Delay to works Adverse publicity Reduction of personnel in danger areas Precaution measures / training Barriers to access to live equipment Coordination with service agency TAM – Risk Management Guideline 33 Appendix C1 Risk action schedule - Typical format Risk action schedule 1 Recommended Risk Management actions 1A Summary 1B Impact 2 Risk identification and assessment 2A Activity description 2B Risk identification 3 Respon ResponRespon Responses to risk 3A Alternative courses of action 3B Consequences of alternatives 4 Implementation 4A Proposed actions 4B Resource requirements 4C Responsibilities 4D Timing 4E Reporting TAM – Risk Management Guideline 34 Appendix C2 Risk action schedule Case study This appendix provides a simplified risk action schedule from a Government procurement project. The project is concerned with the provision of integrated communication facilities for a large fleet of vehicles that must operate in several regions. Details are provided for two major risks and the associated responses. Risk action schedule - Integration software 1 Recommended Risk Management actions 1A Summary The Project Manager will contact her counterpart in Northern Region to establish a joint team to liaise on system specification and operations across the regional boundary. The Engineering Manager will set system specifications and commence development of common modules. He will obtain advice and assistance for managing software development, and monitor requirements for additional rack space. The Quality Manager will review and monitor the implementation of software development procedures by the contractor. 1B Impact These measures will minimise the impact of delay in specifying integration protocols in the adjoining region and assist in maintaining project milestones. 2 Risk identification 2A Item description The “Integration Software” item consists of the software necessary to integrate the new communications system with the operating protocols in the adjoining region. 2B Risk identification and assessment No. Risk description Priority assessment 1 Requirements unknown at contract start date Major problem, high likelihood due to specification delays and high impact risk. 2 Installation and integration problems. Major risk. 3 Fleet compatibility problems during changeover. Minor risk, acceptable. 4 Difficulties in measuring software performance. Moderate risk (high likelihood but low impact). 5 Lack of in-house software management skills. Moderate risk. 6 Time for extended reliability testing not available. Moderate risk. 7 Requirement for hardware upgrades. Moderate risk. TAM – Risk Management Guideline 35 3 Responses to risk 3A Alternative courses of action for major risks Risk 1 Requirements not specified fully Response no. Description 1.1 Liaise with adjoining region to obtain advance specifications from project team and contractor. 1.2 Create joint specification team with adjoining region. 1.3 Delay start of all software development. 1.4 Start development of common system modules, with provisions for delay until specific integration details are available. Risk 2 Installation and integration problems Response no. Description 2.1 Fix specification for “our” side of system. 2.2 Create joint integration team with adjacent region. 2.3 Pre-test modules. 2.4 Specify integration modules with parameters. 3B Consequences of alternatives Risk 1 Requirements not specified fully Response no. Assessment of responses 1.1 Low cost, high effectiveness. 1.2 May not be acceptable to other contractor. 1.3 Only feasible to delay for 4 weeks. 1.4 These should be started, to reduce potential project delay. Risk 2 Installation and integration problems Response no. Assessment of responses 2.1 Should be done, Engineering Manager to action. 2.2 Pursue as part of 1.1. 2.3 This is contractual requirement. 2.4 Only feasible in part; discuss with contractor. TAM – Risk Management Guideline 36 4 Implementation 4A Proposed actions The Project Manager will contact her counterpart in the adjoining region to establish a joint liaison team. This team’s responsibilities should be more extensive than software integration alone. They should cover communication system specifications and protocols. The Engineering Manager will ensure system specifications are fixed as soon as possible (they are already firm for many of the contracted elements). Development of common modules will be started. The Quality Manager will review and monitor the implementation of software development procedures by the contractor. 4B Resources No additional resources required. 4C Responsibilities Manager Responsibilities Project Manager Contact project manager. Nominate members of joint team. Set terms of reference. Engineering Manager Fix system specifications. Specify common modules. Obtain advice and assistance. Monitor requirements for rack space. Quality Manager Monitor software development. 4D Timing Liaison to start immediately. 4E Reporting Managers are to report every two weeks to the Project Management Committee. TAM – Risk Management Guideline 37 Appendix D Examples of sources of risk Planning and feasibility stages Commercial & strategic • competition • market demand levels • growth rates • technological change • stakeholder perceptions • market share • private sector involvement • new products and services • site acquisition Economic • discount rate • economic growth • energy prices • exchange rate variation • inflation • demand trends • population growth • commodity prices Contractual • client problems • contractor problems • delays • force majeure events • insurance and indemnities • joint venture relations Financial • debt/equity ratios • funding sources • financing costs • taxation impacts • interest rates • investment terms • ownership • residual risks for Government • underwriting Environmental • amenity values • approval processes • community consultation • site availability/zoning • endangered species • conservation/heritage • degradation or contamination • visual intrusion TAM – Risk Management Guideline 38 Political • parliamentary support • community support • government endorsement • policy change • sovereign risk • taxation Social • community expectations • pressure groups Project initiation • analysis and briefing • functional specifications • performance objectives • innovation • evaluation program • stakeholder roles and responsibilities Procurement planning • industry capability • technology and obsolescence • private sector involvement • regulations and standards • utility and authority approvals • completion deadlines • cost estimation Project delivery stages Procurement and contractual • contract selection • client commitment • consultant/contractor performance • tendering • negligence of parties • delays - weather, industrial disputes • damages and claims • errors in documentation • force majeure events • insurance and indemnities TAM – Risk Management Guideline 39 Construction and maintenance • buildability • contractor capability • design and documentation • geotechnical conditions • latent conditions • quality controls • equipment availability and breakdowns • obsolescence • industrial action • materials availability • shut-down and start-up • recurrent liabilities • health and safety • accident, injury • OH&S procedures • contamination • noise dust and waste • disease • irradiation • emissions Human factors • estimation error • operator error • sabotage • vandalism Natural events • landslip/subsidence • earthquake • fire • flood • lightning • wind • weather Organisational • industrial relations • resources shortage • scheduling • operational policies • management capabilities • management structures • personnel skills • work practices Systems • communications or network failure • hardware failure • linkages between sub-systems • software failure • policies and procedures TAM – Risk Management Guideline 40 Appendix E Calculating risk factors Two simple techniques are illustrated below for calculating risk factors. Both are essentially based on establishing quantitative criteria in reference to likelihoods and risk consequences. The key objective is to create a means to nominally rank risks and identify the most significant. Example 1 To estimate the likelihood of each risk arising and assess its impacts, initially use verbal scales that are readily understood. The tables show examples. Where necessary, adapt or adjust these to suit the circumstances, or use different scales for different criteria. Convert the verbal assessments to numerical measures. Risk likelihood L Risk impact I Almost certain 0.9 Extreme 0.9 Highly likely 0.7 Very high 0.7 Likely 0.3 Medium 0.3 Unlikely 0.1 Low 0.1 Rare 0.01 Negligible 0.01 Calculate a ‘risk factor’ or combined risk measure for each major risk: L = risk likelihood measure, on a scale 0 to 1 = average of likelihood factors; I = impact measure, on a scale 0 to 1 = average of impact factors; RF = risk factor = L + I - (L x I) The risk factor (RF), varies from 0 (low) to 1 (high). It reflects the likelihood of a risk arising and the severity of its impact. The risk factor will be high if a risk is likely to occur, if its impacts are large, or both. Rank components or work packages in decreasing order of their risk factors, to generate a risk profile. The ranking and the risk factors are used to decide which risks are acceptable and unacceptable, and to enable Risk Management priorities to be set. Risk profile Risk factor (RF) Components ranked in order of decreasing RF Priority area 1.0 0.8 0.6 0.4 0.2 0 [...]... 6 5 4 Critical [6] 7 6 5 4 3 Major [5] 6 5 4 3 2 Minor [4] 5 4 3 2 1 Negligible [3] 4 3 2 1 0 Risk profiles Risk priorities are then allocated as follows: Score Ranking Management Action [5], 6, 7, 8 Major risk Imperative to suppress risk to lower level 4, [5] Medium risk Corrective action required in a reasonable time frame $10 million Scale 7 Critical $1 million < $10 million 6 Major $100,000 < $1 million 5 Minor $10,000 < $100,000 4 Negligible < $10,000 3 In this example, risk factors are calculated by adding the likelihood and impact scores, and risk priorities are assigned on the following score groupings: Risk likelihood Frequent Risk impact Probable Occasional...Example 2 This technique users different quantitative values for likelihoods and consequences and derives risk factor values by simple addition However, the objective, namely to develop a ranking of risks, remains the same Risk likelihood Scale Frequent Likely to occur frequently (several times per year) 1 Reasonably probable Likely to occur several times in life... risk Imperative to suppress risk to lower level 4, [5] Medium risk Corrective action required in a reasonable time frame . requirements 4C Responsibilities 4D Timing 4E Reporting TAM – Risk Management Guideline 34 Appendix C2 Risk action schedule Case study This appendix provides a simplified risk action. unlikely Risk impact [1] [0] [-1] [-2] [-3] Catastrophic [7] 8 7 6 5 4 Critical [6] 7 6 5 4 3 Major [5] 6 5 4 3 2 Minor [4] 5 4 3 2 1 Negligible [3] 4 3 2 1 0 Risk profiles Risk. TAM – Risk Management Guideline 33 Appendix C1 Risk action schedule - Typical format Risk action schedule 1 Recommended Risk Management actions 1A Summary 1B Impact 2 Risk identification