As an employee (planner, designer, auditor, etc) As a manager (responsible for safety of employees, for a project, etc) As a business owner (responsible for statutory and legal compliance, commercial success, etc)

What aspects of project management are qualitative risk analyses used?

All aspects - planning, design, construction, maintenance, operations, etc

Where are you likely to participate in risk management in the delivery of capital works ?

Planning stage (pre-feasibility study, etc) Delivery stage (detailed design and procurement, construction, etc)

Where are you likely to participate in risk management in the operational stage of projects?

Planning stage (revenue forecasts, operation cost estimates) Operations stage (emergency management, operations management)

Give examples of human risks

Poor judgement, error, illness, death, injury or loss of a key individual/

Give examples of operational risks

Disruption to supplies and operations, loss of access to essential assets, or failures in distribution.

Give examples of reputational risks

Loss of customer of employee confidence, or damage to market reputation.

Give examples of procedural risks.

Failures of accountability, internal systems, or controls or from fraud.

Give examples of project risks.

Going over budget, taking too long on key tasks, or experiencing issues with product or service quality.

Give examples of financial risks.

Business failure, stock market fluctuations, interest rate changes or non-availability of funding.

Give examples of technical risks.

Advances in technology, or from technical failure.

Give examples of natural risks.

Weather, natural disasters or disease.

Give examples of political risks.

Changes in tax, public opinion, government policy, or foreign influence.

Give examples of structural risks.

Dangerous chemicals, poor lighting, falling boxes, or any situation where staff, products, or technology can be harmed.

What is the different between business and corporate risks?

Business Risk is sometimes limited to just commercial matters whereas Corporate Risk usually refers to all aspects of establishing and operating a business

What is a business/corporate risk?

A future possibility that may prevent you from achieving a business/corporate goal. Can be beyond your control.

What is a competitive risk?

The risk that your competition will gain advantages over you that prevent you from reaching your goals. For example, competitors that have a fundamentally cheaper cost base or a better product.

What is an economic risk?

The possibility that conditions in the economy will increase your costs or reduce your sales.

What is an operational risk?

The potential of failures related to the day-to-day operations of an organization such as a customer service process. Some definitions of operational risk claim that it is the result of insufficient or failed processes. However, operational processes that are deemed to becomplete and successful also generate risk

What is a legal risk?

The chance that new regulations will disrupt your business or that you will incur expenses and losses due to a legal dispute

What is a compliance risk?

The chance that you will break laws or regulations. In many cases, a business may fully intend to follow the law but ends up violating regulations due to oversights or errors

What is a strategy risk?

The risks associated with a particular strategy

What is a reputational risk?

Reputational risk is the chance of losses due to a declining reputation as a result of practices or incidents that are perceived as dishonest, disrespectful or incompetent. The term tends to be used to describe the risk of a serious loss of confidence in an organization rather than a minor decline in reputation.

What is a program risk?

The risks associated with a particular business program or portfolio of projects

What is a project risk?

The risks associated with a project. Risk management of projects is a relatively mature discipline that is enshrined in major project management methodologies.

What is an innovation risk?

Risk that applies to innovative areas of your business such as product research. Such areas may require adapting your risk management practices to fast paced and relatively high risk activities

What is a country risk?

Exposure to the conditions in the countries in which you operate such as political events and the economy

What is a quality risk?

The potential that you will fail to meet your quality goals for your products, services and business practices

What is a credit risk?

The risk that those who owe you money to fail to pay. For the majority of businesses this is mostly related to accounts receivable risk.

What is an exchange rate risk?

The risk that volatility in foreign exchange rates will impact the value of business transactions and assets. Many global businesses have high exposure to a basket of currencies that can add volatility to financial results such as operating margins.

What is an interest rate risk?

The risk that changes to interest rates will disrupt your business. For example, interest rates may increase your cost of capital thus impacting your business model and profitability

What is a taxation risk?

The potential for new tax laws or interpretations to result in higher than expected taxation. In some cases, new tax laws can completely disrupt the business model of an industry.

What is a process risk?

The business risks associated with a particular process. Processes tend to be a focus of risk management as reducing risks in core business processes can often yield cost reductions and improved revenue

What is a resource risk?

The chance that you will fail to meet business goals due to a lack of resources such as financing or the labour of skilled workers.

What is a political risk?

The potential for political events and outcomes to impede your business.

What is a seasonal risk?

A business with revenue that's concentrated in a single season such as a ski resort.

How is risk management handled in large corporations or government organisations?

A documented framework is used to identify key business risks & provide a common approach across all operating divisions. Use AS ISO 31000:2018

What is a risk owner?

A person or entity responsible for managing threats and vulnerabilities that they might exploit. Each risk owner should be someone for whom the risk is relevant to their job and who has the authority to do something about it.

What is risk appetite?

The amount and type of risk that an organization is prepared to pursue, retain or take

What is the difference between risk tolerance and risk appetite?

Risk tolerance is the level of risk that an organization can accept per individual risk, whereas risk appetite is the total risk that the organization can bear in a given risk profile, usually expressed in aggregate

What is the typical risk analysis process?

1. Establish the context. 2. Identify risks. 3. Analyse risks. 4. Evaluate risks. 5. Treat risks.

What is included in "establishing the context"?

The internal context; The external context; The risk management context, Develop criteria; Define the structure (Many organisations have a risk management policy, identified priority risk categories and corresponding risk management strategies defined in a corporate framework document; AS ISO 31000:2018)

What is included in "identify risks"?

What can happen? When and where? How and why? Best suited to a workshop environment.

What is included in "analyse risks"?

Identify existing controls. Determine Consequences; Determine Likelihood; Determine level of risk

What is included in "evaluate risks"?

Compare against criteria; Set priorities

What is included in "treat risks"?

Identify options; Assess options; Prepare and implement treatment plans; Analyses and evaluate residual risk

What is a hazard?

An event, situation or state that may give rise to a risk.

What is a risk?

The chance of something happening that will have an impact an organisation or person’s ability to achieve business or personal objectives.

What is a control measure?

An action taken to reduce the frequency and/or the severity of a risk.

What is the consequence of a risk occurring quantified by?

-commercial terms (loss of $ value, replacement value), -environmental terms(such as contamination of a wetlands), -social terms (loss of amenity). Monetising all consequences is useful for combining a total impact. However, some consequences are difficult to monetise. (such as loss of an ecological species).

How are risks ranked?

Using the likelihood and consequence of a risk occurring (each 1-5) Rated from extreme, high, medium to low.

What is the hierarchy of control measures in order of effectiveness?

1. Eliminate or avoid the hazard or issue that is creating the risk 2. Control the risk to an acceptable level & manage 3. Transfer the risk to another party who can better manage the risk 4. Accept the risk and manage it closely

What does AS ISO 31000:2018 say about dealing with risk?

Risk treatment options are not necessarily mutually exclusive or appropriate in all circumstances. Options for treating risk may involve one or more of the following: – avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; – taking or increasing the risk in order to pursue an opportunity; – removing the risk source; – changing the likelihood; – changing the consequences; – sharing the risk (e.g. through contracts, buying insurance); – retaining the risk by informed decision

What does ALARP stand for?

As low as reasonably practicable

What are the four risk ratings?

Active management, Control critical, Periodic monitoring, No major concern

What is "active management"?

•Unsatisfactory controls in place. •High likelihood & consequence ratings. •Must have documented action plan.

What is "control critical"?

•Good controls in place. •High likelihood & consequence ratings. •Careful management to maintain controls effectiveness. •Must have documented action plan.

What is "periodic monitoring"?

•Satisfactory to poor controls in place. •Low likelihood & consequence ratings. •May have documented action plan.

What does "no major concern" involve as a risk rating?

•Good controls in place. •Low likelihood & consequence ratings. •Documented action plan if other benefits accrue.

What does a risk register involve?

• It can be used to filter risks, track progress, document action plans; • It is useful for risk owners, auditors, managers, directors; • It can be tailored to a reader’s particular need for detail; • Each business group within an organisation can have it’s own risk register, linked upwards to corporate policy level risks.

How are control measures classified?

“Proactive” (affect the likelihood of an event occurring), or “Reactive” ( affect the level or duration of consequences)

What resources can you use to undertake the risk analysis process?

•People with particular knowledge & previous relevant experience; • Corporate policy, guidelines and manuals (context); •Records of previous events or incidents (such as historical records, insurance reports, legal or governmental enquiries); •Reports about the planning & implementation of similar projects; • Outputs from brain-storming workshops using people with a wide range of expertise & experience.

Why use a workshop methodology?

• No one in the project team knows ALL the possible implementation hazards, risks, likelihood or consequences. • No one in the project team knows ALL the operational hazards, risks likelihood or consequences. • No one in the project team knows ALL the third party hazards, risks likelihood or consequences.

Give examples of quantitative risk analysis techniques.

• Decision Tree Analysis • Expected Monetary Value (EMV) • Monte Carlo Analysis • Sensitivity Analysis • Modelling and Simulation • Multi-criteria Analysis

What actions should you take as phase 1 (pre-risk workshop) of a risk analysis workshop?

•Develop your relationship with attendees as early as possible. •Fully understand the key objectives of the risk workshop. •Brief yourself with existing information including Risk Management Policy, Framework, Guideline, Risk Register, •Through your meetings/conversations with individuals try to capture some risks and opportunities and their expectation of this exercise. •Consolidate all captured information into the Risk Register and then share it with everyone prior to the workshop. •Identify and plan for potential attendees with dominant personality. •Be aware and plan for risk of group thinking •Arrange for having a proper room for workshop •Number of attendees (10-15)

Give examples of quantitative risk analysis techniques.

• Decision Tree Analysis • Expected Monetary Value (EMV) • Monte Carlo Analysis • Sensitivity Analysis • Modelling and Simulation • Multi-criteria Analysis

What actions should you take as phase 2 (during risk workshop) of a risk analysis workshop?

•Have a short presentation for project scope, its current status, risk management process, project specific requirements, objectives of the workshop, agenda, •Focus on top risks first then low risks •Use available time during workshop for risk identification and high level analysis. •Differentiate between “Issues” and “Risks”.

Give examples of quantitative risk analysis techniques.

• Decision Tree Analysis • Expected Monetary Value (EMV) • Monte Carlo Analysis • Sensitivity Analysis • Modelling and Simulation • Multi-criteria Analysis

What actions should you take as phase 3 (post risk workshop) of a risk analysis workshop?

•Have follow up sessions with individuals after the workshop as early as possible. •Discuss, evaluate and further develop the Risk Register then communicate it with the whole team •Circulate the updated Risk Register to everyone for review and comment

Give examples of quantitative risk analysis techniques.

• Decision Tree Analysis • Expected Monetary Value (EMV) • Monte Carlo Analysis • Sensitivity Analysis • Modelling and Simulation • Multi-criteria Analysis

What does making a trade-off mean?

A trade-off is a situation in which you accept something you do not like or want in order to have something that you want. A trade-off is a balance achieved between two desirable but incompatible features; a compromise. 'a trade-off between objectivity and relevance'.

Give examples of quantitative risk analysis techniques.

• Decision Tree Analysis • Expected Monetary Value (EMV) • Monte Carlo Analysis • Sensitivity Analysis • Modelling and Simulation • Multi-criteria Analysis

Who determines what is a reasonably practicable trade-off?

The Risk Owner will make the trade-off recommendation on behalf of: o The Project Owner (an individual or a corporation), if it is a “private” project. o The delegated “Project Owner”, if it is a public or community-owned project. o In all cases the Risk Owner will consult with selected stakeholders in the project to ensure that there is general support for the proposed trade-off. o These stakeholders may include a Regulator (such as for an environmental risk); a finance company and/or insurer for a commercial trade-off.

Give examples of quantitative risk analysis techniques.

• Decision Tree Analysis • Expected Monetary Value (EMV) • Monte Carlo Analysis • Sensitivity Analysis • Modelling and Simulation • Multi-criteria Analysis

What are tolerable risks?

• Risks that society is willing to live with so as to secure certain benefits; • Risks that society does not regard as negligible (broadly acceptable) or something it might ignore; • Risks that society is confident are being properly managed by the owner; and • Risks that the owner keeps under review and reduces still further if and as practicable

What are advantages of qualitative risk analysis?

• Is relatively quick and easy • Provides rich information in addition to financial impacts such as health & safety and reputation • Is well understood by employees who may not be trained in quantitative techniques

What are disadvatanges of qualitative risk analysis?

• Gives limited difference between levels of risk • Is imprecise – risk in the same risk rating can represent very different amounts of risks • Cannot numerically integrate and address risk interactions • Provides limited ability to perform cost-benefit analysis

What are the advantages of quantitative risk analysis?

• Allows numerical integration • Permits cost-benefit analysis of risk response options • Enables risk-based capital allocation to business activities

What are the disadvantages of quantitative risk analysis

• Can be time-consuming and costly especially during model development • May overlook qualitative impacts as it requires units of measure • May imply greater precision than the uncertainty of inputs warrant • Working and assumptions may not be apparent

Give examples of quantitative risk analysis techniques.

• Decision Tree Analysis • Expected Monetary Value (EMV) • Monte Carlo Analysis • Sensitivity Analysis • Modelling and Simulation • Multi-criteria Analysis

What is included as part of preventative maitenance?

-predetermined maintenance (follows factory schedule) -condition-based maintenance (occurs when a situation of condition indicates maintenance is needed)

What is included as part of preventative maitenance?

-predetermined maintenance (follows factory schedule) -condition-based maintenance (occurs when a situation of condition indicates maintenance is needed)

What is included as part of preventative maitenance?

-predetermined maintenance (follows factory schedule) -condition-based maintenance (occurs when a situation of condition indicates maintenance is needed)

What is included as part of preventative maitenance?

-predetermined maintenance (follows factory schedule) -condition-based maintenance (occurs when a situation of condition indicates maintenance is needed)

What is included as part of preventative maitenance?

-predetermined maintenance (follows factory schedule) -condition-based maintenance (occurs when a situation of condition indicates maintenance is needed)

What is included as part of preventative maitenance?

-predetermined maintenance (follows factory schedule) -condition-based maintenance (occurs when a situation of condition indicates maintenance is needed)

What is artificial intelligence (AI)?

Artificial intelligence (AI) is a popular branch of computer science that concerns with building “intelligent” smart machines capable of performing intelligent tasks.

What is machine learning?

Field of study that gives computer the ability to learn without being explicitly programmed.

What is deep learning?

A subfield of machine learning that is concerned with algorithms inspired by the brain’s structure, such as artificial neural network.