The purpose of this document is to provide a stand-alone risk management framework for the development of post-secondary capital infrastructure projects in British Columbia. The framework is suitable for projects that range in size from under $5 million to over $50 million1.
The risk management framework is constantly independent of factors including the project’s size, cost, and complexity, rather as these factors increase the effort to implement the system increases proportionally. The risk management framework is best described as qualitative and independent.
For projects exceeding $50 million, additional work is required beyond this framework. Larger projects need to integrate the risk management framework into its larger project management plan, as discussed in Appendix A. It is recommended that large, complex projects use an integrated and quantitative risk management framework with a foundation identical to the framework provided in this document.
The essence of risk management is to:
- Reduce the variability of project cost, scope, and schedule outcomes
- Increase the understanding of the forces that affect project outcomes
- Improve decision-making to increase the delivery of project value
The objective of these documents is to provide a risk management framework that can be used to increase the chances of project success in terms of scope, schedule, and budget.
The methodology provided in this framework aligns with the Project Management Body of Knowledge.
Benefits of Risk Management
Effective risk management increases the likelihood of project success. Projects with effective risk management are more likely to:
- Finish on time
- Remain within budget
- Meet stakeholders’ performance expectations
While each project is by definition unique, all projects consist of only three items:
Risk is defined as
A possible, unplanned change to the project that has a potential impact on scope, schedule, or budget.
Risks are defined as project changes with a negative impact. Opportunities are defined as project changes with an advantageous impact. This framework only addresses risks but could be adapted for opportunities.
Two key elements are mentioned in risk: probability and impact. Probability relates to the notion that the future is not certain, and events are not guaranteed to occur. Impact relates to the likely consequences of a risk should it actually occur. The expected impact of a risk is: Expected Value = Probability x Impact
Project management activities may change a risk’s probability of occurrence and adjust the consequences its impact.
Risk Management has five key process steps:
- Risk Planning
- Risk Identification
- Risk Evaluation
- Risk Response
- Risk Monitor and Control
The relationship between process steps is shown below. A detailed workflow.
Defines the project’s approach to risk management captured in the Risk Management Plan. This plan includes probability and impact tables, risk tolerance, risk breakdown structure, schedule, and roles and responsibilities.
Is the process of locating and defining the risks of a project. Risks are identified five times during a project life cycle at Risk Identification Meetings. Each risk is defined by a description, a trigger, and possible consequences on scope, schedule, and budget. The level of effort required for risk identification is proportional to the project’s complexity. Information is documented in the Risk Register.
Is the process of assessing a risk’s probability of occurrence and the severity of its consequences should it be realized. Recorded in the Risk Register, a risk’s probability and impact are multiplied to provide its expected value or risk ranking. All risks with risk rankings exceeding the project’s risk tolerance must be addressed.
is the process to develop responses to unacceptable risks and make them acceptable. Risk responses include mitigation, avoidance, transference, and acceptance. Once a response is developed, it is re-evaluated assuming effective risk response actions. This process is repeated until the risk’s ranking is acceptable. Information is recorded in the Risk Register.
Risk Monitoring and Control
is the most important part of the risk management framework. Here planned risk responses are tracked to ensure corrective actions are occurring and having the desired effect.