RISK MANAGEMENT PLAN Document Number: HSE-DAM-000005

Document Type: HSE

System/Subsystem:

Approved by: CHAIRMAN/CEO

RISK MANAGEMENT PLAN

RISK MANAGEMENT PLAN

TABLE OF CONTENT

RISK MANAGEMENT PLAN

This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 1 of 10

RISK MANAGEMENT PLAN Document Number: HSE-DAM-000005

Document Type: HSE

System/Subsystem:

Approved by: CHAIRMAN/CEO

RISK MANAGEMENT PLAN

1.
1.1

Scope and Purpose......................................................................................................... 3

Our Approach .....3

2. Risk Management Procedure ...................................................................................... 3

2.1 Risk Management Planning Process .......................................................................... 3
2.2

Risk Identification.................................................................................... ........................ 4

2.3

Risk Analysis

2.4

Risk Response Planning................................................5

............................................................................................................ 5

2.5 Risk Monitoring, Controlling, And Reporting...6

3.0 Risk Management Assignments ......................................................................... 6

4.0 Risk Classification.................................................................................................... .7
5.0 Risk Mitigation Plan ... ..9
6.0 Risk mitigation strategies....................................................................................................10

RISK MANAGEMENT PLAN

This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 2 of 10

1.0 SCOPE AND PURPOSE

A risk is an event or condition that, if it occurs, could have a positive or negative effect on a projects
objectives. Risk Management is the process of identifying, assessing, responding to, monitoring, and
reporting risks. This Risk Management Plan defines how risks associated with the Supply of Linepipes
for the Zabazaba Project will be identified, analyzed, and managed. It outlines how risk management
activities will be performed, recorded, and monitored throughout the lifecycle of the project and provides
templates and practices for recording and prioritizing risks.
The Risk Management Plan is created by the project manager in the Planning Phase of the Project and
is monitored and updated throughout the project.
The intended audience of this document is the Nigeria Agip Oil Company, Project Team and
Management.
1.1 OUR APPROACH
The project team will undertake a systematic approach to risk management that will include the creation
and maintenance of a risk register. Risk reviews will be incorporated into the routine
project meetings as an agenda item to address risks with an approaching due date (two weeks)
and into the Contract review meetings once they have begun to provide a more frequent review of
the items that could affect project success.
Process Owners will be identified and assigned to all risks where they will have the responsibility to
develop triggers to monitor the risk and response plans appropriate for each item identified.
Each risk owner may, at their discretion, assign someone to develop the response plans and monitor
the triggers, but the owners will maintain the responsibility to monitor and report the
status of all risk items back to the project team.
At project completion, during the closing process, the project manager and team will assess the
risk management process and will identify any improvements that can be made for future
projects. Proposed improvements, as well as the final risk register, will be captured as part of the
lessons learned knowledge base.
The product of risk management planning will be the Risk Register. The Risk Register will
document the various risks with their classification, mitigation and handling strategies, impact on
cost and schedule, and action items.
2

RISK MANAGEMENT PROCEDURE

2.1

Risk Management Planning Process

Risk management planning is the process of determining how to approach and conduct risk
activities for the project. Planning is critical to establish the importance of risk management,
allocating proper resources and time to risk management and establish the basis for evaluating
risk. The project manager working with the project team, and project sponsors will ensure that
risks are actively identified, analyzed, and managed throughout the life of the project. Risks will
be identified as early as possible in the project so as to minimize their impact. The steps for
accomplishing this are outlined in the following sections. The project manager will serve as the
Risk Manager for this project.

RISK MANAGEMENT PLAN

This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 3 of 10

2.2

Risk Identification

Risk identification will involve the project team, appropriate stakeholders, and will include an evaluation
of the project management plan including the project scope & complexity, environmental factors,
staffing, technology, organizational culture and staffing. Careful attention will be given to the project
deliverables, inspection and testing of the pipes, assumptions, constraints, WBS, cost/effort estimates,
resource plan, and other key project documents.
A Risk Management Register will be generated and updated as needed and will be stored electronically
in the document control center.
A baseline set of risks will be created and entered into the project Risk Register. These baseline risks
will be identified through the normal course of the project planning process. Risk statements will be
written for each identified risk. Risk statements will be clear concise and contain only one risk condition
and one or more consequences of that condition.
All project stakeholders are responsible for identifying new risks. New risks identified during project
related meetings shall be captured and added to the Risk Register within two working days of the
meeting. It will be the responsibility of the DAMAGIX NIGERIA Limited Project Manager to make sure
this is accomplished.
DAMAGIX NIGERIA Limited brings years of experience to the project in implementing similar systems
which has provided DAMAGIX NIGERIA Limited with a unique insight to common operation and
system risks. Some of the common risks are documented in the table below. This table is not intended
to be an exhaustive list.
Risk Area
Project Scope and Complexity

Technology

Staffing

Culture
Project Management

Potential Risk
Scope is not understood
Requirements not documented properly
Requirements not agreed upon by customer
Complexity not understood in terms of:
Technology
Adapters needed
Number of users
Business process
Technology not proven Unreliable performance
record of vendors
Inexperience with the technologies to be used
Vendor infrastructure is not sound
Inadequate resources committed to the project
Project team does not contain members that
have experience with similar projects
Resources pulled from project before completion
Users not willing to make business process
changes
Customeroversight
does not committee
make a strong
Executive
is notcommitment
actively
engaged in project
Project issues are not addressed

RISK MANAGEMENT PLAN

This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 4 of 10

2.3 Risk Analysis

DAMAGIX Nigeria Limited will use a qualitative approach to Risk Analysis. This methodology uses a risk
level matrix based on probability and impact. This allows for an independent assessment of probability
and consequence of risk. All risks identified will be assessed to identify the range of possible project
outcomes. Qualification will be used to determine which risks are the top risks to pursue and respond
to and which risks can be ignored
Each risk shall be evaluated to determine impact, probability of occurrence, and timeframe. Each risk
shall be examined to determine its relationship to other risks identified. Initially, the identifier of the risk
shall provide an estimate of these attributes. The Project Manager shall be responsible for further
analyses and prioritization of the risks. The criteria for analyzing risks are established later in the Risk
Classification section of this plan.
2.3.2 Qualitative Risk Analysis
The probability and impact of occurrence for each identified risk will be assessed by the project
manager, with input from the project team using the following approach:
Probability
High Greater than <70%> probability of occurrence
Medium Between <30%> and <70%> probability of occurrence

Impact

High Risk that has the potential to greatly impact project cost, project
schedule or performance

Medium Risk that has the potential to slightly impact project cost, project
schedule or performance
Low Risk that has relatively little impact on cost, schedule or performance
Risks that fall within the RED and YELLOW zones will have risk response
planning which may include both a risk mitigation and a risk contingency plan.

Impact

Low Below <30%> probability of occurrence

H
M
L
L

M H

Probabi
lity

2.3.2 Quantitative Risk Analysis

Analysis of risk events that have been prioritized using the qualitative risk analysis process and their
effects on project activities will be estimated, a numerical rating applied to each risk based on this
analysis, and then documented in this section of the risk management plan.
2.4 Risk Response Planning
Risk handling is the identification of a course of action or inaction selected for the purpose of effectively
managing a given risk. All identified risks shall be handled. Specific handling methods should be
selected after the probable impact on the project has been determined.
DAMAGIX NIGERIA Limited Project Manager will determine what action should be taken for each risk as it
brought to his attention through weekly team meetings and database reports. The DAMAGIX NIGERIA
Limited Project Manager shall determine whether to keep the risk, delegate responsibility, or transfer
the risk responsibility up the project organization chain. The Project Manager, if necessary, may transfer a
risk(s) to external organizations if that organization is best suited to handle the risk.
RISK MANAGEMENT PLAN
This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 5 of 10

Each major risk (those falling in the Red & Yellow zones) will be assigned to a project team member for
monitoring purposes to ensure that the risk will not fall through the cracks.
For each major risk, one of the following approaches will be selected to address it:
Avoid eliminate the threat by eliminating the cause
Mitigate Identify ways to reduce the probability or the impact of the risk
Accept Nothing will be done
Transfer Make another party responsible for the risk (buy insurance, outsourcing, etc.)
Risk planning requires a decision to perform further research, accept the risk (document acceptance
rationale in the Risk Register and close the risk), watch the risk attributes and status (define tracking
requirements, document in the Risk Register, and assign a "watch" action), or mitigate the risk (create a
Mitigation Plan, assign action items, and monitor the activities and risk).
Mitigation activities shall be documented on the Risk Register or by creating a separate Mitigation Plan. A
Mitigation Plan shall be written for any effort that requires re-allocation of project resources. The Project
Manager shall determine when to use a Mitigation Plan.
For each risk that will be mitigated, the project team will identify ways to prevent the risk from occurring or
reduce its impact or probability of occurring. This may include prototyping, adding tasks to the project
schedule, adding resources, etc.
For each major risk that is to be mitigated or that is accepted, a course of action will be outlined for the
event that the risk does materialize in order to minimize its impact.
2.5 Risk Monitoring, Controlling, And Reporting
Risk information and metrics defined during planning shall be captured, tracked and analyzed for trends.
The person assigned responsibility for the risk shall provide routine trend and status reports on research
and/or mitigation activities to the DAMAGIX NIGERIA Limited Project Manager during the weekly project
meetings. Watched risks shall be reported on during the monthly project meetings. The Risk Register shall
be used to report summary status, and a Stoplight Status Report shall be used by the DAMAGIX
NIGERIA Limited Project Manager to report progress to senior management at the monthly reviews.
Decisions shall be made by the Project Manager during the weekly and monthly meetings as the level of
risk on the project will be tracked, monitored and reported throughout the project lifecycle.
All project change requests will be analyzed for their possible impact to the project risks.
Management will be notified of important changes to risk status with a report to close risks, continue to
research, mitigate or watch risks, re-plan or re-focus actions or activities, or invoke contingency plans. This
is also the time when the Project Manager authorizes and allocates resources toward risks.
3.0 RISK MANAGEMENT ASSIGNMENTS
The following table describes the responsibilities of the project stakeholders:
Who
Individual Members

Responsibilit
ies
Identify new risks
Estimate probability of risk, impact, and time frame
Classify risk
Recommend Action
Assist in prioritizing
risk

RISK MANAGEMENT PLAN

This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 6 of 10

DAMAGIX
NIGERIA Limited
Project Manager

Executive Oversight
Committee

Collect all risk information from individuals

Ensure accuracy of probability, impact and time frame
Build the Risk Register
Collect and report risk measures and metrics
Report risk to senior management
Prioritize Risk
Authorize expenditures of resources for mitigation
Authorize additional cost or time to mitigate risk.

The following table describes the criteria for communicating and documenting risk
Who
Individual Members
to Project Manager

Project Manager to
Executive Oversight
Committee

Responsibiliti
es performance
Any risk that impacts
Any risk that impacts >10 percent of budget
Any risk that exceeds schedule milestones
Any risk that needs to be transferred to another team
Mitigation activity status
Any risk that impacts mission success
Any risk that causes the project budget to be
exceeded by more that 10 percent
Any risk that may negatively impact Damagix
Risk status

4.0 RISK CLASSIFICATION

Risk shall be analyzed qualitatively using impact, likelihood and timeframe classifications
defined in this section. Impact is based on project success, resources, cost, and
schedule. Likelihood is used to provide an order of magnitude based on quantitative data and
qualitative experience.
Impact
classification
High
Schedule Slip Slip of delivery beyond two month of milestone schedules.
Cost Overrun - > 10% increase in budget allocation.
Technical Loss of critical function or major objective.
Political Bad press for TOHS, DIR, TDEx, or other entities
Significant
Schedule Slip - > 1 month <2 months delivery from milestone
schedules
Cost Overrun - > 5% but < 10% increase to
budget

Technical - Major function objective not fully met.

Political - Senior Management has concerns about project success or development progress

RISK MANAGEMENT PLAN

This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 7 of 10

Low
Schedule Slip - > 2 weeks <1-month delivery from milestone schedules
Cost Overrun - < 5% increase to budget
Technical Some wanted or desired functions are not met.
Negligible
Schedule Slip - < 2 weeks delivery from milestone schedules
Cost Overrun minor impact
Technical Small impact to technical performance
Likelihood Classification
High (>70% chance of occurrence)
Occurrence is very likely and may
processes, procedures and plans.

not

be

controlled

by

following existing

Significant (40% - 70% chance of occurrence)

Occurrence is likely and may not be entirely controlled by following existing
processes, procedures and plans.
Low (20% - 39% chance of occurrence)
Occurrence is unlikely and may not be entirely controlled by following existing
processes, procedures and plans.
Negligible (<20% chance of occurrence)
Occurrence is very unlikely and is generally controlled by following existing
processes, procedures and plans.
Timeframe Classification
Near - Action or mitigation needs to take place within the next 4 months
Mid - Action or mitigation needs to take place between 2 months and 4 months
Far - Action or mitigation needs to take place beyond 4 months

RISK MANAGEMENT PLAN

This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 8 of 10

RED

High

Significant

YELLOW

Low

GREEN
Negligible

Negligible

Low

Significant

High

Once risk items are entered they will be assigned an exposure grade red, yellow, or green
based on the following combinations of impact/likelihood:
Risk Classification Chart
Green - Items classified as green are acceptable without further mitigation and will be
routinely tracked.
Yellow - Items classified as yellow may require mitigation. For these items, alternative
dispositions will be identified and trade-offs conducted to determine the mitigation
required.
Red - Items classified as red are considered primary risk drivers. For these items, mitigation
options will be developed. Red risks will be assessed for impact to budget reserves and will
be tracked to closure.
Timeframe is used in conjunction with the Risk Classification Chart to determine priorities,
establish when risks need to have actions taken, and how long risks may need to be
watched or tracked before they no longer are a concern or can be closed.
Each project review meeting will result in an update to the project Risk Register that will be
sent to all project personnel.
5.0 RISK MITIGATION PLAN
Risk Mitigation Planning:
Planning for risk mitigation is the activity of
eliminate a threat posing a risk; if and when
accomplished through technological means
effective risk mitigation plan is the clear
facility/installation/process or project.

examining courses of action that decrease or

the risks becomes a reality. Mitigation can be
or process and procedures. Critical to an
delineation of the risk profile of a given

Risk Mitigation Implementation and Plan of Action:

Risk management does not end with the collection of ideas of what can be done with the risks
identified and assessed. The decision makers will decide and act on the priorities established
and implement their actions. Part of the decision-making process will be an evaluation of what
RISK MANAGEMENT PLAN
This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 9 of 10

effect the decisions have on the future operation of the system and what new exposures may
be created because of their actions.
Risk Management Plan Tracking:
The effects of the actions to be implemented will be monitored to see if the goal was achieved,
or modifications will be made to the implementation plan. In addition, any changes to project
plan or performance will be monitored as the environment surrounding the project changes.
While monitoring the response to the implemented plan, analysts would determine if the
reaction is a positive or negative result of actually mitigating the identified risk or other
changes.
6.0 Risk mitigation strategies for this project include:
The monitoring of action items which involves identification of a need to evaluate new risks,
and the re-evaluation of changes to previous risks.
Risk reporting which shall include the documentation of risk identification, risk
quantification, risk mitigation and contingency plans and risk closure. The reporting process
will be aligned to the specific needs of the client or project, at the time of implementation.
The continuous tracking and monitoring of the status of the risk. The affected parties are
communicated where the risk is impacted. Completion dates are tracked with action
items and status is updated through risk closure.
The Risk Mitigation Plan shall be reviewed during project monitoring reviews meetings
conducted by the management team or Project Management Office which will be formed
during the start-up of the engagement. This ensures that all stakeholders of the project
are kept abreast of all significant issues in the projects on a regular basis.
1.4 Types of Risk:
There are different types of risk depending on what system or process on which the level of
risk is being analyzed and at what level of the system or process is being analyzed.
Process Risk

The risk by an organizations internal activities, arising, in direct or indirect

manner, from the people, systems and processes through which a
company operates.

Environmental
Risk

This comes from the activities of an organization which have adverse effects
on
living organisms and environment by emissions, wastes, resource depletion,
etc which could be Actual or potential threats.

Personnel
Risk

The losses arising from the death, injury, disability, or departure of employees.

RISK MANAGEMENT PLAN

This document is the property of Damagix Nig. Limited who will safeguard its rights according to the civil and penal provisions of the law.
Page 10 of 10