PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 1 of 13
Rev. Date: 14 Apr 2008

TABLE OF CONTENTS
SECTION

PAGE NO.

1.0

PURPOSE AND SCOPE.................................................................................................. 2

2.0

DEFINITIONS................................................................................................................... 2

3.0

REFERENCES................................................................................................................. 3

4.0

PROCEDURE................................................................................................................... 5

5.0

RECORDS...................................................................................................................... 13

6.0

FORMS AND EXHIBITS................................................................................................. 13

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212
Page 2 of 13

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Rev. Date: 14 Apr 2008

1.0

PURPOSE AND SCOPE

The purpose of this procedure is to provide a consistent approach to identify, document, analyze,
mitigate, and manage project risks. This procedure defines the requirements for preparation, approval,
revision, and retention of the Project Risk Management Plan. The procedure applies to all types of
projects including Engineer-Procure-Construct projects, Construction Management projects, and O&M
projects.
2.0

DEFINITIONS

2.1

Uncertainty

The set of all possible outcomes, both favorable and unfavorable, that exists for a given situation.
2.2

Project Risk

Any uncertainty that could negatively impact the ability to complete the project within stated objectives.
Risk is an unfavorable outcome of uncertainty.
2.3

Project Opportunity

A project opportunity is a favorable outcome to a risk or uncertainty identified through risk analysis and
project management.
2.4

Risk Identification

Ongoing, continual processes where all project team members identify and communicate risk factors that
are likely to impact the project objectives such as work scope, quality, schedule, safety and cost.
2.5

Project Risk Management

The practice of identifying, assessing and addressing, (i.e. taking action to reduce risk to acceptable
levels) potential project risk on a regular basis throughout the life of a project and in the best interest of
the project objectives. Specifically,
Identifying risk (see paragraphs 2.2 and 2.4)
Evaluating the probability of each identified risk being realized
Evaluating the severity (impact) of each identified risk
Mitigating adverse impacts by exercising influence over project risks through management
strategies.
Maximizing the likelihood of achieving favorable impacts of project opportunities.
2.6

Project Risk Management Plan

Documents the processes associated with identifying, analyzing and addressing project risk. The Plan
will vary with project size and complexity. Plan goals include:

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 3 of 13
Rev. Date: 14 Apr 2008

Ensuring risks and opportunities are identified and effective management strategies are developed,
implemented, and monitored.
Maximizing the project opportunities while minimizing the consequences of risk
Considering the cost of proposed management strategies. Costs should be significantly less than
the realized risk
2.7

Contingency

A specific allocation of resources added to the estimate for unknowns due to an evaluation of the
possibility, probability, risk and consequence for overrunning the base estimate. Contingency is not
hidden profit, it is an anticipated cost. Key questions in the evaluation are:

2.8

How sound/firm is the technology, the overall design basis and the engineered
equipment performance basis?

How sound/firm are the execution strategy and the staffing plan?

How sound/firm are the schedule durations and logic, etc.?

How sound are the estimate quantities and prices?

How firm are the production rates and labor availabilities?

How well defined and documented are the site conditions?

How volatile are the market conditions (local, national, global)?

How reasonable / negotiable are the contract terms, conditions and owner
representatives?
Issue Authorization and Maintenance for Use

The Project Management Functional Leader is responsible for the maintenance of this procedure and will
review the procedure annually to determine any necessary updates. Should an individual employee have
a suggestion for improvement or modification to this procedure, he or she may mark-up a copy of the PEP
and send to the Project Management Functional Leader for review. The Project Management Functional
Leader will review the recommended changes and respond back to the employee on plans to address the
suggestions. Changes to the procedure will be distributed to other Corporate Department Managers and
Corporate Functional Leads for their concurrence. When the reviews are complete, the Project
Management Functional Leader will consolidate and recommend changes to this PEP to the Vice
President, Project Operations who has the authority to issue revisions to this PEP.
3.0

REFERENCES

3.0

Project Execution Management Program

3.1

PEP 200, Project Initiation

CONFIDENTIAL AND PROPRIETARY
Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 4 of 13
Rev. Date: 14 Apr 2008

3.2

PEP 201, Scope of Work Document

3.3

PEP 202, Project Execution Plans

3.4

PEP 206, Lessons Learned Program

3.5

PEP 301, Estimating

3.6

PEP 303, Contingency Preparation and Management

3.7

Administration Bulletin 12.1, Risk Management Policy

3.8

PEP 211, Project Definition Rating Index (PDRI)

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212
Page 5 of 13

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Rev. Date: 14 Apr 2008

4.0

PROCEDURE

4.1

Process Work Flow Chart

Request for Proposal
Initial Risk Identification

PEP 211, PDRI

All Business Unit and

Project Functions
Initial Risk Assessment

Communicate any Unique

Identified Risks to Lessons
Learned

No
Bid

Bid/
No Bid
Bid

Input to Bid Estimate and

Schedule
(Contingency Plans)

Develop Risk
Management Plan
Approval of Plan

Evolving
Project
Conditions

Continual Identification
of Risk
Continual Assessment
of Risk

Continual Monitoring
of Plan

Periodically Update and

Maintain Risk Management
Plan

Risk Response

Management
Strategy

Contingency
Preparation &
Management
(PEP 303)

Plan Implemented
As part of
Project Execution
Plan
Request for Proposal.ppt 08_03

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 6 of 13
Rev. Date: 14 Apr 2008

4.2

Process Work Flow

The process for preparing, approving, issuing and maintaining the Project Risk Management Plan is
outlined in Section 4.1, Process Work Flow Chart
A. Initial Risk Identification
Action By

Action

Business Unit and Project

Functions assigned to
proposal

1. Prior to Bid/No Bid decision, identifies risks associated with

Proposal Manager

2. Documents all identified risks.

Legal

3. Review Terms & Conditions and document Contract risk factors

proposed project. Scope definition risks shall be identified per PEP

211, Project Definition Rating Index (PDRI)

B. Initial Risk Assessment

Action By

Action

Business Unit and Project

Functions assigned to
proposal

1. Prior to Bid/No Bid decision, assesses risks identified with

proposed project (probability, severity and category).
2. Recommends Bid/No Bid. Decision based on an assessment that
an identified risk as such that the project should be avoided (See
Risk Avoidance in 212-06 (M))
Note: Risk is only one factor in making bid/no bid decision.

Proposal Manager

3. Documents assessments and presents it to Business Unit

Management to support Bid/No Bid Decision.

C. Develop Risk Management Plan

(If Decision is to Bid)
Action By

Action

Project Manager/ Proposal

Manager

1. Utilizing the risk assessments develops risk management

strategies for all high risks and very high risks as part of project
planning prior to submitting the bid. (See 4.3.B.1)
Note: Risk management strategies are developed for moderate
risks at the discretion of the Project Team (See 4.3.B.1)
2. Verifies that the management approach and work processes in the
Project Execution Plan, adequately address all identified risk
elements.

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212
Page 7 of 13

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Rev. Date: 14 Apr 2008

Action By

Action

All Project Functions

3. Supports the Project Manager/Proposal Manager in developing

the appropriate risk management strategies.
4. Provides the data (e.g., cost element ranges and probabilities and
task duration ranges) necessary to support quantitative risk
responses (cost and schedule contingency analysis).

Estimating Manager/ Project

Control Manager

5. Performs contingency analysis

Preparation and Management)

(PEP

303,

Contingency

Project Manager

6. Utilizing all inputs, solicits input from company Risk Management

resources or personnel regarding mitigation actions related to
insurance, etc., documents all risk responses in Risk Management
Plan and submits for approval.

D. Approval
Action By

Action

Business Unit Manager

1. Approves Risk Management Plan prior to bid submittal and returns

to Project Manager for implementation

Project Document Control

Center

2. Maintains and distributes Project Risk Management Plan per

Project Distribution Matrix.

E. Periodic Update and Maintenance of Project Risk Management Plan

Action By

Action

All Project Functions and

Business Unit Management

1. Continuously monitor project conditions to identify new or

changing risk factors.

Project Manager

2. Facilitates continual risk identification and development of risk

management strategies with assistance from key project team
members.
3. Continually monitors project execution to assure risk management
strategies documented in Risk Management Plan are being
implemented and are effective.
4. Manages contingency per PEP 303, Contingency Preparation
and Management. Assures it is only being used to address
realized risk and not to address scope issues or poor
performance.
Note that contingency may be used for scope issues if ill-defined
scope is a recognized risk. It may also be used for prior
performance,
e.g.,
craft
labor
productivity
or
late
equipment/material delivery, if such poor performance is a
recognized risk to the project.

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 8 of 13
Rev. Date: 14 Apr 2008

Action By

Action
5. Include the status of the risk strategies and an assessment of the
need to update the Risk Management Plan in the internal project
meetings (home office, field, etc.) and project status reports to
Business Unit Management.
6. During the internal project meetings, new opportunities/risks shall
be identified and assessed by the project team utilizing 212-07
(MM). The completed form(s) shall be attached to the Risk
Management Plan and become part of the update.
7. Periodically updates and reissues the Risk Management Plan in
response to new or changing risks but not less than monthly. (All
issues are designated by the next revision number, 0,1,2)
8. A typical update will include providing the completed on-going Risk
Assessment Forms (212-07 (MM)) and statused Risk Mitigation
Plans (212-05 (S)).

Business Unit Management

9. Monitors the implementation of the Risk Management Plan and

assesses if the plan is accomplishing the stated goals.
10. Approves all revisions to the Risk Management Plan and returns
to Project Management for implementation.

Project Document Control

Center (PDCC)
4.3

11. Maintains and distributes Project Risk Management Plan per

Project Execution Procedures.

Instructions

The following instructions relate to the activities outlined in the Process Work Flow Chart (Section 4.1).
Disciplined team brainstorming supplemented by review of project documents (Contract, Plans,
Specifications, Geotechnical Reports, Estimate Assumptions, Contingency Allocation, Change Requests,
Change Orders) and lessons learned/experience, is a primary tool used to identify risks.
4.3.A

Risk Identification (Initial and Continual)

Each function involved with the proposal of a project and the subsequent execution of the project shall
participate in the identification and assessment of project risks. A disciplined approach should be
employed dividing the project life cycle into assessable elements such as function or scope segment to
ensure the entire project is considered. Project risks shall be categorized in the following 11 project
areas. A sample checklist (to be expanded as appropriate) is provided as form 212-04 (S).

Technical and

Cost/Schedule

Programmatic (Obtaining and utilizing resources outside the control of the project
manager)

Support

Safety

Contracts

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 9 of 13
Rev. Date: 14 Apr 2008

Owner (Client)

Regulatory / Permitting

Site (Including Location)

Commissioning and Startup

Shutdown, Turnover and Outage

4.3.B

Risk Assessment (Initial and Continual)

Once risks and opportunities have been identified, the project functions then categorize the identified risks
by probability and severity (consequences) of impact as outlined below.
Risk Event Probability
1.

Very Unlikely: The risk event is very unlikely

to occur in the life of the project. If we ran this project a hundred times, it would not be expected
to occur once.

2.

Unlikely: The risk event might occur once if

we ran this project 10 times, but is unlikely to occur during this project.

3.

Possible: The risk event could occur once

during the project.

4.

Likely: The risk event is likely to occur at

least once during the project. More often than not, on a similar project, it will occur.

5.

Very Likely: The risk event is very likely to

occur at least once and probably will occur multiple times. It is likely that it will occur during the
life of the project.

Risk Event Severity

1.

Negligible: Safety, cost, and schedule impact would be insignificant,

very little impact on scope and quality issues would barely be noticeable.

2.

Marginal: Safety, cost, and/or schedule impact would be less than

5% (total project or for large scale O&M, use the annual budget), scope would be affected in only
minor areas or the quality impact would be noticeable in only the most demanding applications.

3.

Significant: Safety, cost, and/or schedule impacts would be in the 5%

to 10% range (total project or for large scale O&M, use the annual budget), major areas of scope
would be affected or quality reductions would require Owner/Client approval.

4.

Critical: Safety, cost, and/or schedule impacts would be in the 10% to

20% range, scope impacts would be unacceptable to the Owner/Client or quality impacts would
be unacceptable to the Owner/Client.

5.

Crisis: Safety, cost, and/or schedule impacts would be greater than

20 % or the project deliverable is effectively useless or unusable.

Therefore, the most serious risks (Very High Risk) would have a Very Likely probability of occurrence
with Crisis severity (consequences).

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212
Page 10 of 13

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Rev. Date: 14 Apr 2008

Risk Grading Matrix

The project team shall utilize judgment and experience to evaluate each risk element and assess its
severity and probabilities. As shown in the table Risk Grading Matrix below, for each event, the team
must categorize each risk based on its severity and probability resulting in Risk grading from 1 (Very Low
Risk) to 5 (Very High Risk) as explained below.
Risk Grading Matrix
Probability/Severity

Negligible

Marginal

Significant

Critical

Crisis

Very Likely

Likely

Possible

Unlikely

Very Unlikely

Risk Categories
1.

Very

Low

Risk:

Normal

management

practices are sufficient

2.

Low Risk: Normal management practices

should be sufficient, but project team awareness should be maintained.

3.

Moderate Risk: Project team should

consider each risk event and should exercise their best judgement. Strong consideration should
be given to address the risk elements in the Risk Management Plan with actions deemed
appropriate by the project team.

4.

High Risk: The project team shall perform

sufficient analysis to assure the event is understood and appropriate mitigation(s) identified. Risk
handling actions are mandatory and shall be addressed in the Risk Management Plan. Continual
tracking of these risks and their mitigating actions is appropriate.

5.

Very High Risk: The project team shall

perform sufficient analysis to assure the event is understood and appropriate mitigation(s)
identified. Risk handling actions are mandatory and shall be addressed in the Risk Management
Plan. Continual tracking of these risks and their mitigating actions is appropriate.

Risk Management
A risk management strategy is developed for each High and Very High Risk element and for
Moderate risk elements at the discretion of the Project Manager. The risk management approach is
documented in the Project Risk Management Plan. For Low and Very Low risk elements, and
Moderate risk elements not judged to require documented mitigation plans, the Project Manager shall
assure that they are controlled through the normal management functions and work processes.

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 11 of 13
Rev. Date: 14 Apr 2008

4.3.C

Develop Risk Management Plan

1.

Project Risk Management Plan Format

Project Risk Management Plans shall be prepared using the following standard forms for
each plan. The specific contents and level of detail may vary based on the scope of the
project.
Cover Page

212-01 (M)
Table of Contents
212-02 (M)
Template

212-03 (MM)

2.

Preparation of Project Risk Management

Plan
The purpose of the Project Risk Management Plan is to document and communicate a
strategy that will enable the early identification of and proactive response to, High and Very
High risk items and Moderate risk items as selected by the Project Manager. The goal of
the Plan is to develop individual strategies to respond to risks while eliminating uncertainties
we are not prepared to accept. The ultimate goal is to improve project performance.
The key to successful project performance still remains effective project execution (scope
definition, change management, organization, forecasting, quality control, etc.). The Project
Risk Management Plan is meant to ensure that those identified items of Moderate to Very
High risk are kept in focus. To that end, all projects shall employ an assessment of risk and
have individual strategies to manage the risks (Risk Mitigation Plans) within the Project Risk
Management Plan.
Risk management strategies should be produced with the participation of all project functions
utilizing the what if approach. Mitigation could be as simple as seeing that an executive
level relationship is established with the Client, to as complex as replanning a project activity
to maintain adequate schedule float in the face of schedule liquidated damages. General
categories of responses to risk are as follows:

Avoidance
Reduction
Transfer
Sharing
Acceptance
Mitigation

These are summarized in 212-06 (M). Response to risk should fall within these categories
but actions required in the Plan should be more specific.
Adequate cost, time and resources must be included in the Project Execution Plan to carryout
the risk management strategies. If a mitigation plan cannot be implemented, it is likely that
we cannot control results within tolerable limits. This type of uncertainty must be avoided.
Some examples of Moderate, High or Very High items along with examples of proposed
mitigation measures are provided in 212-05 (S).
In order to determine the effectiveness of the Risk Management Plan, the areas of Moderate
(as determined by the Project Team), High and Very High risks shall be monitored. In
addition, periodic reassessments of projects shall be performed to determine if new areas of
risk have surfaced.

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 12 of 13
Rev. Date: 14 Apr 2008

Each project, regardless of scope or contract type, must address the minimum contents of the
Risk Management Plan as outlined in 212-03 (MM). The level of detail included in each
section will vary with the complexity and risk of the project. Risk Plans may also vary as a
result of Client Requirements.
Cost and schedule contingency analyses, when used as mitigation, are required to be
addressed separately.

The approach to developing cost contingency is described in

PEP 303, Contingency Preparation and Management.

Relative to Schedule Analysis, a Monte Carlo Schedule

Analysis tool, which is available on Company Cornerstone Computer Systems,
determines the project (or task) completion date for a given confidence level. Conversely,
for a given project (or task) completion date, it will provide the level of confidence in
achieving the schedule. Three activity duration values (optimistic, most likely, pessimistic)
form the basic input for the analysis.

Another approach to Schedule contingency may be as

simple as adding resources, re-planning work, and constructability review and
implementation.

The Project Manager or Proposal Manager shall verify that all appropriate Project and
Business Unit (e.g. Business Development) Functions contribute to identification and
assessments of project risks per this procedure. The Project Manager shall produce the Risk
Management Plan in support of estimate and schedule finalization and bid submittal.
Any issues of the Risk Management plan prior to Approval (Section 4.3.D) shall be indicated
as a letter revision, (A, B) and statused as Preliminary
4.3.D

Approval of the Project Risk Management Plan

Business Unit Management shall review the Project Risk Management Plan and approve it prior
to submittal of final bid documents.
Upon initial approval, the Risk Management Plan is designated as Revision 0 and statused as
Approved. Subsequent revisions are designated as 1, 2, 3

4.3.E

Continual Identification and Assessment of Risk

As project conditions evolve, the Project Manager shall revise the risk management strategies to
changing conditions. As significant changes in the Risk Management approach occur, the Project
Manager shall update and reissue the Risk Management Plan but no less than monthly.
Revisions shall include any corrective actions associated with unsuccessful mitigation actions.
Include the status of the risk management strategies and an assessment of the need to update
the Risk Management Plan in the internal project meetings (home office, field, etc.). During the
internal project meetings, new opportunities/risks shall be identified and assessed by the project
team utilizing 212-07 (MM).
To ensure the plan is being reviewed and the management strategies are assessed on a regular
basis, the Project Manager shall include the status and effectiveness of the Risk Strategies and
an assessment of the need to update the Risk Management Plan in the periodic internal project
status reports.

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED

PEP 212

PREPARATION OF PROJECT RISK MANAGEMENT PLANS

Page 13 of 13
Rev. Date: 14 Apr 2008

Business Unit Management shall periodically monitor the implementation of the Risk
Management Plan and assess if the plan is accomplishing the stated goals.
5.0

RECORDS

Distribution, storage and retention shall be per the Project Execution Plan
6.0

FORMS AND EXHIBITS

6.1

212-01 (M) Project Risk Management Plan Cover Page

6.2

212-02 (M) Project Risk Management Plan Table of Contents

6.3

212-03 (MM) Project Risk Management Plan Template

6.4

212-04 (S) Risk Identification Checklist (Sample)

6.5

212-05 (S) Examples of Risk Mitigation Plans (attachment to Project Risk Management Plan)

6.6

212-06 (M) Alternate Responses to Assessed Risk

6.7

212-07 (MM) On-Going Risk Assessment Form (Attachments to Risk Management Plan Updates)

CONFIDENTIAL AND PROPRIETARY

Copyright 2008 Washington Group International, Inc. (Ohio) ALL RIGHTS RESERVED