PROJECT RISK REGISTER Guidance Notes

The Risk Register is a tool to assist Project Managers in identifying likely sources of risk and the impact they may have on achieving Objective 2 target expenditure. It seeks to build upon more general risk assessment guidance that has been provided by other regeneration programmes. Even early guidance provided for the SRB Challenge Fund (Guidance Note No. 3 Project Appraisal and Approval Dec 1995) acknowledged the need to identify and consider each component of risk. Later guidance (New Deal for Communities and Single Regeneration Budget Approval and Appraisal Oct 2000) went on to identify two main levels of risk firstly, risks that might prevent an option delivering anticipated results or outputs on the ground and, secondly, risks that might prevent outputs and results from being translated into long-term outcomes. Risk management is now seen as an integral part of good project and programme management and a robust assessment of risk needs to be undertaken to ensure that target spend (or claim) is achieved together with successful project implementation. The following Guidance Notes set out a recommended approach to risk assessment and a guide to the completion of the Risk Register. It is appreciated that a number of APPs already have risk management procedures in place. This Guidance is designed primarily to help other APPs in establishing their own systems, but it should also be used to ensure that any existing system is sufficient to meet GONWs expectations. Effective risk management will be part of GOs audit remit when looking at project management, in EPS six monthly monitoring visits, for example. The Guidance is structured around completing a risk register, in accordance with the process set out in the slides which accompanied the APP workshops held on 24th/25th February. It assumes a project-by-project approach but APPs may wish to deal with similar projects in groups. A proforma risk register is included at Annex A.

RISK IDENTIFICATION WORKSHOP

The first recommended step is to convene a workshop involving the project manager, project team members and, if possible, key stakeholders. Ideally, an APP representative should also attend to input any programme level risks, provide guidance and ensure consistency of approach between projects. For the purposes of the risk form, focus should be on risks to claim value and timing, rather than on risks to outcomes and outputs. Outcome/output risks should however be considered as part of good risk management practice. Brainstorming Session After a brief introduction as to the process to be followed, the risk workshop opens with a brainstorming session, identifying any risks which could affect the project. Some categories of risks are suggested at Annex B, to help structure the process. The first list comprises generic risks, potentially applicable to all projects, whilst the second contains additional risks specific to Prioirty 3 (or physical) projects. An APP or project may identify other categories for consideration: these lists are not exhaustive. It is important that the risks identified by workshop participants are clearly defined rather than described in general terms, so that the precise nature of the risk is understood and can be actioned. Risks identified should be logged on a risk register. You may find it useful to give each a unique identification number: this is useful in tracking risks and can help to group them by type if an alphanumeric code is used (eg F3: funding risk no 3). For Priority 3 projects you should note to which claim element the risk relates. The timing of the risk in terms of which phase of the project is likely to be impacted should be considered. In order to comply with the Risk Form input requirements, the pro forma Risk Register suggests that risks be noted as possible to occur in the next quarter by year end (Dec 2003), or later in the project life
PROJECT NAME ID Risk F3 Title concerns delay sale

Claim element
next 1/4

Stage
Dec-03 whole life

Acquisition

Risk Impact Assessment The impact of the risk, should it occur, needs to be considered in time, cost and quality terms, as follows: Time: the impact on project programme (and particularly the timing of a claim) think in days/weeks/months Cost: the impact on claim value think in s Quality: the impact on outcomes or outputs think in terms of m2 office space, no of jobs, etc.

For each impact type, rate and score the likely effect as being Very low Low Medium High Very high 1 2 3 4 5

You may wish to set some parameters to define what you mean by each of these terms if different workshop participants are likely to have differing views on impact severity. The parameters might % impact or absolute (eg 5-10% of total cost or 2,500-5,000). Generally, zero or insignificant impact will score 1, whilst project-critical impact (ie so severe that it threatens to stop the project) will score 5 across one or more dimensions. You can then get a total impact score by simply adding up the values in the time, cost and quality columns. The Impact score will be a value between 3 and 15.
PROJECT NAME ID Risk F3 Title concerns delay sale

Time (T)
1-5

Cost (C)
1-5

Quality (Q) Impact (I)

1-5 T+C+Q

Risk Probability Assessment This considers the likelihood of the risk occurring and is rated in terms of percentage chance. Again, a five-point scoring system is used. Very low Low Medium High Very high 1 2 3 4 5

A score of 1 would imply that the risk is very unlikely to happen, a medium score might imply a 50/50 chance, and a score of 5 would apply to a risk which is very likely to be realised. Risk Severity and Ranking The combined effect of impact and probability needs to be assessed to rate the overall severity of each risk. This is done by simply multiplying the Impact and Probability scores. The higher the resulting figure, the more significant the risk, and so risks can be prioritised and ranked accordingly
PROJECT NAME ID Risk F3 Title concerns delay sale C1 Weather delays construction M4 Initial estimates too low

T
1-5

C
1-5

Q Impact (I) Probability (P) Severity

1-5 T+C+Q 1-5 IxP

Ranking 2 1 3

4 3 1

1 2 3

1 1 4

6 7 8

3 4 2

18 28 16

RISK MANAGEMENT AND RISK REVIEW

The Risk Register has an important role to play in ongoing management of risk and should be used not only to identify risks but also to actively work to reduce them and review progress regularly. Using the risk ranking, prioritise risks so that the most severe are tackled first. Then decide what mitigating action can be taken to alleviate the risk. The mitigation may Reduce the severity of the impact should the risk occur, and/or Reduce the likelihood of the risk occurring Some risks may have more than one mitigating action. The nominated risk owner is responsible for ensuring that action is taken and reviewed by the agreed date.

Ranking Mitigation 1 2 3 Transfer weather risks to contractor Engage lawyer early Get QS to review estimates

Owner J Bloggs A N Other P Manager

Deadline 23/04/2003 28/02/2003 14/03/2003

Maintenance of the risk register should be the responsibility of the Project Manager. Regular reviews should ensure that any new risks are captured and that mitigating actions are undertaken to address risks which remain current. Consideration should be given to reassessing the impact and probability scores for risks as the project progresses and as mitigating actions are completed: they are likely to change over time and risks should be re-ranked accordingly. Management effort can then be redirected to always focus on the most important risks at any point in time.

ANNEX A RISK REGISTER pro-forma

ANNEX B
GENERIC RISKS (ALL PROJECTS) SUB-CATEGORY Number of match funding sources Type of match funding sources Extent of commitment Partner approval or support State Aid approval Statutory approval (such as planning and highways) Funding approval Management capability Staffing capacity Failure to submit or process claims Obtaining suitable accommodation or equipment Maintaining accommodation or equipment Poor initial cost estimates Inflationary cost increases Insufficient demand for product or service 3rd Party actions leading to delay Under-spend Under-claim No claim Weather delays Costs associated with transfer of control to the private sector

CATEGORY Funding

Political Risk/Approvals

APP or Project Management Capacity and Capability to Deliver Accommodation and Equipment Cost Escalation & Over-run Market Risk Other Risks (please specify)

ADDITIONAL RISKS TO PRIORITY 3 & PHYSICAL PROJECTS CATEGORY SUB_CATEGORY Land Acquisition - Delay in completion of acquisition - Failure to acquire - Cost increases Unanticipated Site Issues Legal Risk Poor ground conditions Contamination Pollution Poor title rd Wayleaves/3 party rights Liabilities (such as environmental) Failure of contractors Under-performance of contractors Transfer of control and risk to private sector

Contractual Risk