OP-704-Risk Management Plan Rev.1

Document Title: Risk Management Plan Rev.: 1

Document No.: OP-704 Issue Date: 15 July, 2010

Page 2 of 12.

Copyright: The copyright of this document is the property of RW Armstrong and must not be copied. However, blank forms from appendices may be copied. Disclosure to any person outside RW Armstrong or usage for any purpose other than that for which it has been prepared is not permitted without prior written consent.



Page 3 of 12.

Revision Schedule:

Issue No

Rev. No Date Pages of the

Amendment Reviewed by /

Signature Authorized by /

Signature

1 0 18/05/09 N/A Khaled Zaghloul Mona Salem

2 1 15/07/10 All Tarek Hozayan Mona Salem



Page 4 of 12.

Contents: 1.0 Purpose/Scope ................................................................................ 5

2.0 References ..................................................................................... 5

3.0 Abbreviations .................................................................................. 5

4.0 Definitions ..................................................................................... 5

5.0 General ......................................................................................... 6

6.0 Responsibilities ............................................................................... 6

7.0 Flow Chart ..................................................................................... 6

8.0 Process Description .......................................................................... 7

8.1 Risk Management Planning ........................................................................ 7

8.2 Risk Management Execution ...................................................................... 7

8.3 Risk Close out ...................................................................................... 12

8.0 Records ........................................................................................ 12

9.0 Appendicess .................................................................................. 12



Page 5 of 12.

1.0 Purpose/Scope

This RMP provides consistent methods to manage risks, ensuring the success of any given project. Risks are related to an event that might occur during any given time that may impact project schedule, scope, budget, or performance.

Risk management process attempts to identify and manage the risk events that might occur during the implementation of the project. It minimizes the impact, manages the responses, and provides contingency funds for the risk events that might occur in the project.

Risk management process has to go through four major steps in order to effectively decrease the amount of risks and control risks during the construction process. These steps are: risk identification, risk assessment, risk response, and risk response control.

2.0 References • Documents Control Procedure Ref.: GP-103 • Communication Procedure Ref.: GP-102 • Site Supervision operations procedures Ref.: IMS Group- 6 • Project Contract Ref.: Specific to project • RWA QHSE Manual Ref.: QHSE-001 • Project Management Plan Ref.: OP-701 • Project Communication Plan Ref.: OP-703 • Management of Tender Process Ref.: OP-708 • Project Controls System Ref.: OP-710 • Project at Close-out Ref.: OP-713 • Project Document Control Ref.: OP-717

3.0 Abbreviations • PMC: Project Management Consultant • RMP: Risk Management Plan • CPMS: Contract for Project Management services • CA: Consultancy Agreement • CC: Construction Contract • SOS: Scope of Services • SOW: Scope of works • NOC: No Objection Certificate • LOA: Letter of Award

4.0 Definitions • Risk Originator:

RW Armstrong team member who is assigned to initiate risk management report.

• Risk Owner: The company/entity in which the risk event derived from and will affect it.

• Probability of Occurrence:

The likelihood of the occurrence of a specific event.

• Probability of Impact: The severity of damage/destruction of a specific risk.



Page 6 of 12.

5.0 General Risks are measured in terms of likelihood of occurrence and their impact as they relate to any given project. Every project has inherent risks. Almost no project in construction is a risk free project; moreover, no amount of planning can overcome risks. A risk may be negative such as mistakes in the design fault or positive such as a sudden decrease in the material prices. Some risks can be identified before the projects starts, and some risks just cannot be anticipated. Specific RMP shall be set to the project according to contract agreement and scope of services (SOS). RWA Project Manager has to adopt this procedure to suite with the specific project`s requirements and scope, as per the Project Management consultancy agreement.

6.0 Responsibilities

• RWA Project Manager is responsible to implement this procedure. • The project team members to implement the procedures related to the tasks. • RWA H.O QA/QC Section Manager will plan, prepare and perform the internal auditing to

ensure the implementation of RWA IMS manual and procedures.

7.0 Flow Chart

RISK EXECUTION PROCES FLOW-CHART

Risk Close out

Controlling (feedback and reporting)

Developing and Documenting a Risk Mitigating Plan

Application of Risk Response Strategies and selecting Techniques

Risk Assessment

Risk identification.

Defining the project scope



Page 7 of 12.

8.0 Process Description

To identify specific objectives of RMP; the goal of RMP is to proactively identify and address risks as early as possible in the project and through the design/construction process in order to avoid any surprises and reduce/eliminate impacts of risks early on. • Ensure critical risks impacting scope, schedule budget, and/or change management are

clearly identified, communicated, and mitigated in a timely manner. • Facilitate attention to risks impacting the project and individual teams. • Produce information that allows project management to channel efforts on the right risks

with an effective coordination of effort. • Ensure that project client and stakeholders are well informed; if applicable, participate in

the mitigation process. • Record and document all risk management issues for future references.

8.1 Risk Management Planning

Primary Activities: • Establish the risk management organization for the project and assign roles and

responsibilities for team members. • Select a risk tracking tool that adequately supports collection, management, and

risks reporting. This tool will integrate risk description, assignment of severity scores, and capture of mitigation actions, plan, and results.

• Determine if a risk model is relevant for the project and select the specific model classes of projects. It contains risk factors organized into categories for ease of administration and reporting.

• Evaluate the capability and availability of project team members to perform risk assessment to independent auditor task. Develop planning to have an initial assessment and periodic monitoring/audits.

8.2 Risk Management Execution This section describes step by step the risk management process from identification to completion. The RMP is a continuous cycle; it is performed initially during the project planning and updated throughout the project stages. Step 1: A clear definition of the project and scope Project undestanding and scope of works shall be studied. Step 2: Risk identification Define risks through brainstorming sessions, communicating with team members, and sharing past experiences. New risks might arise from a variety of sources including but not limited to: • New risks previously missed or unforeseen from previous projects • New risks arising as a result of a change in circumstances such as: new stakeholders,

resource turnover, resources availability, etc. • New risks that arise from an approved change order (variation order) where cost,

scope, or schedule may be amended, impacting critical path. • New risk arising from a result of escalation of major project issues. • New risks from current risks whose response requires further investigations.



Page 8 of 12.

• New risks arising from the outcome or consequence of another risk occurrence.

Step 3: Risk Assessment: The risk originator is responsible for the initial risk assessment. The risk assessment activity includes the following: • Risk description • Risk area • Probability of Occurrence: For each risk element on the list, determine if the

likelihood of it actually materializing is High, Medium, or Low. If numbers absolutely have to be used, then figure Probability on a scale from 0.00 to 1.00. 0.01 to 0.33 = Low, 0.34 to 0.66 = Medium, 0.67 to 1.00 = High. Note: If the probability of an event occurring is ZERO, then it will be removed from consideration. There’s no reason to consider things that simply cannot happen.

H High Exhibits the high risk cures, has happened frequently, has a very significant chance in happening in the future; or for a single event ,has already happened

M Medium has happened occasionally or has a reasonable but not completely expected chance of happening in the future

L Low has happened very infrequently or is expected not to happen except infrequently

N/A Not Available Irrelevant to this project of operation

TBD To Be Determined Impossible to determine probability with current information available; additional study required. Consider High probability until otherwise identified.

Table:1 • Probability of Impact: In general, assign impact as High, Medium, or Low based on

some established guidelines. If numbers will be used, then figure impact on a scale from 0.00 to 1.00. (0.01 to 0.33 = Low, 0.34 to 0.66 = Medium, 0.67 to 1.00 = High). Note: If the probability of an event occurring is ZERO, then it will be removed from consideration. There’s no reason to consider things that irrelevant regardless of the probability.

H High The Issue will have a major impact on the project and is likely to cause significant disruption; a very visible event.

M Medium The issue will have some impact on the project and be visible to a number of users; a possible disruption in the project.

L Low No major disruption or negative effects on the project; any minor impact that could be corrected without significant effort or visibility.

N/A Not Available Irrelevant to this project of operation.

TBD To Be Determined Impossible to determine probability with current information available; additional study required. Consider High Impact until otherwise identified.

Table:2



Page 9 of 12.

• Project Risk Owner

In assessing the risk, the Risk originator first assesses the Probability of Occurrence using Table 2 as a reference. Then the Risk Originator assesses the Probability of Impact in each of the 5 impact areas noted in Table 2. The overall Probability of Impact equates to the highest of the individual assessed areas. Example: If some identified risk is assessed and then it can have the following impact properties at the range of;

• Scope = Low • Budget = Medium • Schedule = High

In this example the overall Probability of Impact is "High", since "High" is the highest of the individual assessed areas. Once the Risk Originator determines the Probability of Occurrence and the Probability of Impact, the Risk Originator determines the Risk Severity Level based on the following table.

Risk Assessment Severity Level Matrix Probability of Impact

High Medium High Very High Medium Low Medium High Low Very Low Low Medium Low Medium High Probability of Occurrence

Example : A risk has been identified and assessed with a Probability of Occurrence of 'medium' and a Probability of Impact of 'high'. The Risk Severity Level is 'high'. Once the risk is identified and assessed, the team performs a check on the risk to ensure the risk fits the RMP definition of a risk. Should the team have any questions or need further clarification, the Risk Originator is contacted to provide the necessary information. If the risk does not fit within the risk definition or is a duplicate of another risk, the team cancels the risk and notifies the Risk Originator of the cancellation. In addition, the team updates risk status in the risk-tracking database to "Cancelled.” Note that the risk assessment severity level matrix could be expanded to be 4x4 or 5x5 depending on the diversity of risks involved.

Step 4: (Risk Response Strategies/ Techniques) After successful identification and assessment, a response strategy will be integrated into each and every risk item. The following table will explain techiniques and the main responses used.



Page 10 of 12.

TECHNIQUE DESCRIPTION ACCEPTANCE

This technique recognizes the risk and its uncontrollability. Acceptance is a “passive” technique that focuses on allowing whatever outcome to occur without trying to prevent that outcome. This technique is normally used for “low” or “very low” risks where a scope efficient means of reducing the risk is not apparent.

AVOIDANCE

This technique uses an approach that avoids the possibility of risk occurrence. Avoidance can be thought of as nullifying the risk by changing the contract parameters established between the Client and Consultant/Contractor. The following items represent ways of avoiding risks:

1. Work Scope Reduction 2. Changing the requirements and/or specifications 3. Changing the Scope of Work (SOW) 4. Changing the Technical Baseline 5. Developing and submitting Waivers and Deviations

CONTROL

This technique is made up of actions that are to be taken that reduce the risk likelihood or impact. Control-based actions occur at all points throughout the project's lifecycle and are typically the most common response. They typically identify an action or product that becomes part of the work plans, and which they are monitored and reported as part of the regular performance analysis and progress reporting of the Project.

INVESTIGATION

This technique defers all actions until more work is done and/or facts are known. Investigation-based responses do not define any mitigation for reducing an individual risk. They are responses to risks where no clear solution is identified and further research is required. Investigation may include root cause analysis. Investigative responses immediately and directly lead to a greater aggregated Program risk. This is because the probability quantifier for each risk includes the effect of the applied response, for which there is none, and the level of control quantifier indicates the level of influence to apply that response, which is low.

REDUCTION

Reduction is the active lowering of risk by a planned series of activities. Techniques include:

TRANSFERENCE

Transference is the process of moving something from one place to another or from one party to another. In this, the risk can be transferred to the customer or to the contractor. Typically, transference includes the sub-contracting to specialist contractor/consultant who are able to reduce the overall risk exposure. This technique is best utilized during the proposal/planning stage. Transfer can also include the use of third party guaranties such as insurance backed performance bonds.

• Rapid Prototyping • Early multi-discipline involvement• Consultant and/or specialist

reviews

• Simulation • Modeling • Trade Studies • Team Workshops

• Advance design models • Reduce Dependencies • Client involvement • Joint Applications

development groups



Page 11 of 12.

Step 5: Developing and Documenting a Risk Mitigating Plan The Risk Owner to document their Risk Response Strategy/Technique in a step-by-step, sequential plan. The sequential plan contains those steps, that when completed, will lead to the risk being successfully mitigated. When the Risk Owner completes this plan, it becomes the Risk Mitigation Plan. At a minimum, every Risk Mitigation Plan contains Action Item steps that will successfully mitigate the risk to the risk's targeted severity level by the risk's targeted due date. Each Action Item step contains the following elements in addition to the Action Item step to ensure the risk is successfully mitigated: • The Action Item Start Date (the date the Action Item is scheduled to start) • The Action Item Due Date (the date the Action Item will be completed) • The Action Item Target Severity Level (the severity level that will be obtained when

the Action Item is completed) • The Action Item Owner (the person responsible for performing the Action Item

step) • The Program's Work Breakdown Structure (WBS) number that corresponds with

the Action Item step (if applicable). Tying the Program's WBS number that corresponds to each Action Item step typically avoids or mitigates the identified risk.

Should the Risk Owner need assistance in formulating the Risk Mitigation Plan, the Risk Owner should contact the Project Manager or any member of the PM Team for assistance. Furthermore, examples of appropriate Risk Mitigation Plans are available from the Project Manager. The Risk Owner updates the risk-tracking database with the Risk Mitigation Plan along with associated action items and supporting details to achieve targeted severity level. The status is updated to: Mitigation Plan Created. The Project Manager is responsible for tracking and controlling the RMP and monitoring the progress by each responsible party.

Step 6: Controlling (feedback and reporting) The PM Team generates standard reports as part of the risk management process. In preparation for the Risk and Issue Management meeting, the PM Team prepares a Risk Watch List which lists the risks for review (i.e. new, open, and ready-to-complete risks). After the PM Team meets, the PM Team notifies the Client and Risk Owners of the results of the meetings (i.e. status of new risks submitted, new risk assignments, and risks approved for closure) through the Risk and Issue Meeting Report. A summary of standard notices and reports are listed below.

Standard Risk Notices and Reports

REPORT SENDER TIMING Risk Watch List PM Team Prior to the Risk and Issue Management

meeting

Risk and Issue Meeting Report PM Team Within 24 hours of the Risk and Issue Management meeting



Page 12 of 12.

• Risk Watch List The PM Team produces a weekly Risk Watch List depicting a point-in-time view of the status of all documented risks and summary-level statistics. Special emphasis is on risks that are:

o New o Past due (in all severity levels) o Very High and High severity risks that are due within the next month o Medium, Low, and Very Low severity risks that are due within the next month

• Risk & Issue Meeting Report

The PM Team publishes a Risk & Issue Meeting report, summarizing all actions taking place at the Risk & Issue Management meeting. This report is published within 24 hours of the meeting to the client.

8.3 Risk Close out

At the completion of the Project, the Project Manager is responsible for ensuring successful transition of any open risks and for capturing and harvesting lessons learned for future project work. The primary activities are described below.

• Validate the completion of identified risks. For any open risks, assess whether there is ongoing operational risks that warrant communication of these risks to the operational transition team. Document remaining open risks and provide access to final report.

• Produce final risk management metrics and evaluate process effectiveness against established benchmarks.

• Capture risk factors and risk mitigation plans for inclusion in Risk Reference Models.

• Produce final Risk Management report including all the risks identified in the project.

9.0 Records

All original records shall be archived and filed by the RWA Document controller. All mentioned documents distribution is being preformed through Document Controller.

10.0 Appendices

• OP-704 (A) Appendix 1 - Standard Risk Notices and Reports Template. • OP-704 (B) Appendix 2 - Risk Assesement Matrix Template. • OP-704 (C) Appendix 3 - Risk Mitigation Plan Template. • OP-704 (D) Appendix 4 - Risk Watch List Form. • OP-704 (E) Appendix 5 - Risk Tracking Form. • OP-704 (F) Appendix 6 - Risk Closing Form. • OP-704 (G) Appendix 7 - Risk Register Template.