Benefits of proactive risk management:
The application of risk management is an integral part of project development and execution.
Consideration of risk and the application of risk management should begin at the earliest possible point in the project lifecycle, ie compilation of the strategic case. Project Managers should take note of risk management guidance provided in the Transport Agency’s corporate documentation.
The Project Manager has six primary responsibilities with regard to risk management throughout the project lifecycle:
A Project Manager taking on the management of a project is well advised to familiarise themselves with Transport Agency documentation, approach and requirements for risk management (both corporate and HNO). A sound understanding of the principles and practices of the discipline will amplify the Project Manager’s ability to guide project delivery from inception.
During the early phases of project development (strategic case) the principles of good risk management practice should be applied as part of project development, although it is unlikely that formal risk management documentation will exist. As the project moves forward into the phases involving contracted suppliers, the application of a more formal approach to risk management and development of the associated documentation should be a reflection of the project's increasing maturity.
Z/44 is applicable only within HNO Capital Projects and M&O contracts delivered through the SM030 suite of Contract Proforma. It provides suppliers with HNO specific requirements for the conduct of risk management. The intent of the standard is to promote consistent delivery from suppliers with regard to risk management services; including reporting and deliverables.
Project Managers must decide which approach to analysis is most appropriate to the project under consideration. Z/44 provides guidance, but this is solely based on project value, with the general approach being the default. However, the Project Manager must consider the level of risk perceived to exist to successful project delivery and therefore the level of detail considered appropriate in the representation of risk data and its subsequent analysis.
The general approach is applied in the early stages of the project lifecycle when maturity of project and risk data is low and application of the advanced approach with its greater degree of detail and complexity of analysis would not provide value for money. As the project evolves its low value, or more likely, low risk, may mean continued application of the general approach is the most suitable and cost effective solution. The general approach is characterised by the assignment of semi-quantitative risk scores which represent a consequential likelihood banding system whereby risks can be ranked by importance.
Contingency estimates utilising this approach are formed from assessment by specialist interpretation.
The advanced approach includes the general approach (to enable ranking of risks) but looks at the risks in more detail using quantitative risk likelihood and consequence data. This data is used as input for computerised statistical analysis modelling from which contingency values can be determined for use in cost estimates.
The focus at this early phase of the project lifecycle will be around the strategic fit of the proposal. Risks identified will be high level, and data will be immature and lack detail. Sound application of risk management from this early phase is one of the factors that contribute to successful transition through the business case process to project implementation.
Through this early phase the Project Manager should:
This phase, (typically) directly executed by HNO staff, leads into the programme business case phase at which point external resources are likely to be engaged to deliver the subsequent phases.
As the project lifecycle transitions through the business case phases the increasing maturity of programme data and clarity of understanding should be reflected in an increasing depth of maturity in the level of risk management data and application of risk management practices.
Inclusion of formal risk management, associated processes, practices and reporting will form part of the risk management discussion within the management case. Contracts for the delivery of programme, indicative and the detailed business cases as well as the resultant implementation phases of the project will be placed with external suppliers through the SM030 series of Contract Proforma. Risk management requirements for external suppliers are provided for through Minimum standard Z/44 - risk management.
The diagram below reflects the relationship between the minimum standard, SM030 proforma and the Transport Agency suite of risk management documents.
If the Project Manager has applied appropriate risk management from project initiation along with good maintenance of risk data, then the transition to (and from) an external resource should be enabled with minimum disruption. A pragmatic approach to risk management should be taken at all times and the first point of reference for Project Managers should be Minimum standard Z/44 – risk management.
Although Z/44 is a minimum standard the emphasis is on the Project Manager making decisions on and being fully engaged with, the degree of application and the conduct of risk management internally and by external suppliers as the project matures. The intent being to identify, analyse and evaluate risks at the earliest point in time thus aiding in the reduction of exposure by encouraging proactive consideration and implementation of treatment solutions.
Relationship between NZ Transport Agency suite of risk management documents and Z/44 – Risk Management
It is the Project Manager’s responsibility to ensure risk management practices are effectively applied both in their role as a Transport Agency employee and as the manager for a HNO project in so far as their level of delegated authority enables.
Contract documentation for the provision of services by external suppliers is provided through the Transport Agency’s contract proforma suite, namely SM030, SM031 and SM032. Minimum standard Z/44 is referenced within these proforma. Project Managers should ensure familiarity with Z/44 to ensure they are able to appropriately state their desired requirements for its application within the contract.
SM030 has content that stipulates requirements placed on the Professional Services provider regarding contractual compliance with Z/44.
SM031 has content that stipulates requirements placed on the contractor to liaise with the Professional Services provider to enable fulfilment of their contractual requirements under SM030 regarding compliance with Z/44.
SM032 has content that stipulates requirements placed on the contracted party(ies) regarding contractual compliance with Z/44.
Whichever contract proforma is utilised the Project Manager should consult Z/44 for guidance as to the level of application of risk management. Section 1 of Z/44 provides the following guidance:
The Project Manager must take a pragmatic approach to the application of Z/44 within each project under their management. For instance some projects may be considered low cost but may be high risk, typically for reasons relating to new/high technology or innovative content, or high profile/output criticality.
Z/44 has been written as a minimum standard, should the Project Manager wish to alter aspects of this, these amendments will need to be accommodated within the contract. It is anticipated that the minimum standard will satisfy the expectations of the Project Manager without the need for amendment clauses.
A component of the client supplied information to Tenderers under SM030 and 32 is the provision of the current Activity Risk File (ARF). As a project evolves through the early phase of the Business Case process (strategic), it is the Project Manager’s responsibility to create and maintain the ARF and its contents (however immature). As a project moves through its lifecycle, ownership of the ARF and therefore responsibility for its content and management will transfer between the Project Manager (as client) and the supplier. At all times the ARF is to be viewed as live and is to be maintained as such.
When reviewing tender submissions the Tender Evaluation Team (TET) is tasked with reviewing the submissions against the issued Request for Tender (RFT). It is incumbent upon the TET to ensure thorough evaluation of tender submissions in relation to the requirements stipulated for risk management within the RFT. It is fully appreciated that a tenderer's response to risk management requirements will not determine who the winning bidder is. The value placed upon risk management within the tender evaluation process is minimal, however, it should also be appreciated that the existence of risk is unavoidable and its management therefore has an important part to play in aiding successful project delivery. If the awarded supplier’s tender submission indicates a clear understanding of the risk management requirements within the RFT and a commitment to delivering good practice then the Project Manager can anticipate entering into a contractual arrangement with confidence regarding the conduct of risk management. However, if the winning bidder’s submission did not provide a good degree of confidence then the Project Manager must anticipate the need for a closer level of management and scrutiny of the supplier in this area of the contract. It is anticipated that Z/44 will drive the outcomes HNO require for risk management whatever the capabilities of the supplier, although a greater degree of Project Manager input may be required.
Particular attention by the TET should be given to:
Throughout the contract execution period the Project Manager is expected to monitor the supplier’s risk management conduct, ensuring not only that contractual requirements are being met ie in compliance with Z/44, but also that the services, documents, data and innovations offered within the supplier’s tender are being delivered.
The PACE system enables the Project Manager to provide feedback both internally to HNO and to the supplier on their conduct of risk management within the contract.
Estimates will be required throughout the project lifecycle and will therefore need to consider a value of contingency defined by the risks identified at the time of the estimate. The maturity of estimates will be matched by the maturity of the risk data and that maturity will be reflected in the value of contingency proposed.
Estimates are generally undertaken by external suppliers as part of their engagement.
SM030 and SM032 require the provision of risk management related contract deliverables from the supplier, these are defined within Z/44 and are to be held within the Activity Risk File (ARF).
Z/44 requires the maintenance and delivery at contract completion of the ARF. The ARF contains the risk related documentation and data associated with the project. The ARF will be maintained by, and passed between, client and supplier depending where the project is in its lifecycle.
All risk related documentation is to be contained within an ARF, where there is no existing ARF the Project Manager must initiate the creation of the ARF and ensure risk related data is captured and maintained. The expected content of an ARF is described within section 3 of Z/44.
At all times the ARF is to be viewed as live and is to be maintained as such.
Project Managers must ensure that the content of the ARF is as complete and up to date as is reasonably practicable prior to both hand over to a supplier and when taking delivery of same from suppliers. Failure to ensure the validity of the content of the ARF is likely to lead to downstream problems, particularly when ARF responsibility is transferred to a supplier or Project Manager who has not previously been involved in the project.
Escalation is the upward promotion of risk from one management level to another. This promotion is intended to engender consideration of, and where appropriate direction on, significant risks by a higher level of management. For HNO contracts this means the escalation of risks to a Regional Management Team (RMT) or Decision Making Team (DMT).
Responsibility for initiation and management of risk escalation is the sole responsibility of the Project Manager. It is the Project Manager’s responsibility to review the project risk register and identify against the NZ Transport Agency corporate risk scoring system those risks requiring escalation.
Escalation within HNO contracts should be initiated where a risk:
Escalated risks are to remain within the contract risk register, and dependent on the delegated authority of the Project Manager may continue to be managed at the contract level, or management may transfer to a higher level within the Transport Agency.
The images in the hierarchy tab reflect the HNO review and reporting hierarchies for each of the regions and show the escalation path and review expectations for risks that exist within the two HNO work streams.
For further information contact firstname.lastname@example.org.