Your assessor will observe you participate in parts of this task to manage program risk on at least one occasion.

To do this, you will perform the task and demonstrate your ability to:

direct the planning of program risk management, including:

• assessing and selecting risk methods to suit the risk context
• executing identification, documentation, and analysis of risks as the basis for planning
• directing, supporting, and mentoring project managers in analysing, evaluating and treatment of risks
• confirming risk management is transparent and timely
• developing and maintaining a risk management system across the program

manage program risk, including:

• managing the program
• reviewing progress, analysing variance, and initiating risk responses
• confirming risks are assigned and monitored across the program at agreed intervals
• assessing issues are for impact and remedial actions

assess project and program risk-management outcomes, including:

• identifying and documenting residual risk
• reviewing and analysing program risk outcomes
• documenting, analysing, and recommending lessons learned
• respond to risk within complex programs that are subject to unpredictable contextual pressures.

When you see this icon, your assessor will observe you perform this part of the task using the assessor observation checklist

You are the Civil Project Manager/Construction Project Manager for a civil construction organisation. Your job is to project manage large construction projects (annex 1). You are required to manage risks that might affect the program deliverables and organisational objectives. For this task, you will be directing the planning and management of program risks, managing risks to the overall program, and assessing risk management outcomes for the program and the organisation.

1.1 You are managing program risk on at least one occasion from the project outlines provided (annex 1). You will develop and maintain a program risk-management system for effective leadership and communication of risks, controls, treatments and outcomes to stakeholders across the program.

To do this, direct planning of the program risk management for one project (annex 1) and develop a risk management plan (appendix 1).

1.1.1 Prepare for the brainstorming meeting by reading the risk management policy and procedure (annex 2) and the project best practice case studies (Annex 1)

Note: You should apply appropriate strategies to construct meaning from complex texts

1.1.1 Hold a brainstorming session to create a formal program in consultation with the project team, the project sponsor and two other key stakeholders (4 classmates). Open the brainstorming meeting as follows:

• To complete the risk management plan and identify the requirements of meaningful communication exchanges, selecting appropriate channels, format and content to suit the purpose and audience
• Develops systems and plans (refer to appendixes 1 - 7) for complex, high impact activities that involve a diverse range of stakeholders with potentially competing demands
• Set the scope for the risk assessment by identifying what you are assessing (annex 1)
• Define the broad objectives. Identify the reason for the risk assessment (introduce the projects -annex 1)
• Gather background information from your team and relevant stakeholders. Where possible, consider both the strategic and operational contexts so that complete pictures obtained.
• Establish the context as this sets the framework for the risk assessment undertaken,
• ensure the reasons for carrying out the risk assessment are known
• Provide the backdrop of circumstances against which risks are identified and assessed.
• Aim for an appropriately inclusive process from the outset: be sure to identify the areas that are, or might be, impacted and seek their input.
• Make sure that appropriate delegations are being exercised even at this early stage.
• Identify all the possible scenarios that could affect the project at hand (select at least five risks, taking into consideration the potential sources of risks most common to civil construction:
• Safety Risk: Any construction site risks or hazards that can lead to worker accidents
• Financial Risk: Factors that impact your financial flow, including lack of sales, problems with the economy, unexpected cost increases, and competition with other firms.
• Legal Risk: Potential disputes in the fulfilment of contracts with clients
• Project Risk: Project hazards such as poor management of resources, miscalculation of time, lack of adequate policies, or misunderstanding of project deliverables.
• Environmental Risk: Floods, earthquakes, and other natural phenomena that damage construction sites and make work inaccessible.
• Identify the risks that might have an impact on the objectives. In identifying the risk, consider these kinds of questions:
• What could happen: what might go wrong, or what might prevent achieving the relevant goals or targets? What events or occurrences could threaten the intended outcomes?
• How could it happen: is the risk likely to occur at all or happen again? If so, what could cause the risk event to recur or contribute to it happening again?
• Where could it happen: is the risk likely to occur anywhere or in any environment/place? Or is it a risk that is dependent on the location, physical area or activity?
• Why might it happen: what factors would need to be present for the risk to happen or occur again? Understanding why a risk might occur or repeated to manage the risk.
• What might be the impact: if the risk were to eventuate, what impact or consequences would or might this have? Will the impact be felt locally, or will it impact the whole University? Areas of impact to consider include:
• education or research program/activity;
• human impact;
• service delivery;
• financial consequences;
• compromise to legal or contract compliance;
• adverse effects on brand and reputation for failure to meet or achieve our strategic objectives.
• Who does or can influence this partnership, program, project or event? Ensure that those with delegations, control, influence, resources and budgets are informed if not actively involved. This becomes important when considering the treatments for the risk.
• Explain the methodology used. For example - use Acme's risk management method. It is a simple four-step method that is repeated continuously through the project lifecycle. Once a risk identified, assess it, responses to manage the risk agreed upon, and progress monitored:
• Identify - risks identified on an ongoing basis, through formal risk identification workshops and during the day to day activities.
• Assess - Once identified, assess the risk to establish the likelihood of it occurring and its impact if it happens.
• Respond -take several possible actions to reduce the likelihood of a risk occurring or the risk impacts, for example, transferring, avoiding, and mitigating. In this step, suitable responses agreed upon, and the budget approved if needed.
• Monitor - progress of the risk responses needs to be monitored and controlled, with corrective action taken if required. Typically, improvement assessed via project team meetings.

At the meeting, take a collaborative and consultative team approach - through co-creation - is more likely to:

• Help establish the context appropriately;
• Ensure that the interests of all stakeholders are understood and considered;
• Ensure risks are adequately identified;
• Bring together different areas of expertise when assessing or analysing risks;
• Appropriately consider different, and sometimes opposing, views when defining risk criteria and in evaluating risks;
• Help secure endorsement and support for a treatment plan; and
• Enhance any change management processes associated with the risk.

Note: When conducting the brainstorming meeting, ensure that all participants contribute their knowledge and expertise. Ensure when communicating and participating in verbal exchanges, you use clear and detailed language and appropriate features to provide relevant information and use active listening and questioning techniques to confirm understanding

Your assessor will observe you perform this part of the task using the assessor observation checklist - 1.1.1 brainstorming meeting

1.2 Then formally document the decisions and results of consultations clearly and accurately to inform the risk-management planning by completing the risk management plan (appendix 1) for each risk identified (5 risks). Document the risk-management outcomes using format and terminology appropriate to the audience.

Ensure the risk management plan (appendix 1) outlines the risks (3 top risks), probability, and solutions for the identified risks. Formally establishing the results of the risk planning step will help direct the planning of program risk management, including:

• assessing and selecting risk methods to suit the risk context
• executing identification, documentation and analysis of risks as the basis for planning
• directing, supporting and mentoring project managers in analysing, evaluation and treatment of risks by implementing a mentoring action plan (appendix 2)
• confirming risk management is transparent and timely
• developing and maintaining a risk management system across the program

Ensure The Risk Management Plan (appendix 1)

• supports risk management.
• It sets out the organisation's risk management policy, roles and responsibilities for managing risk (annex 2)
• It sets out any budgetary considerations and
• It sets out the tools, techniques and templates used.

Ensure when developing the risk management plan (appendix 1) you::

• Identify potential, actual and residual risks
• Select and modify program risk methodology to match the context for risk by assessing and selecting risk methods to suit risk context (annex 1) and prioritising the risks in order of importance
• direct identification, documentation and analysis of risks as the basis for planning
• Confirm risk management is transparent and timely
• Outlines sequences and schedules complex activities, monitors implementation and adjusts activities or resources as required

Complete the:

• risk management plan (appendix 1) for three risks identified in the brainstorming meeting (Appendix 2)
• mentoring action plan (appendix 2)

Note: When documenting results of consultations clearly and accurately inform risk-management planning. Ensure when documenting risk-management outcomes, you use to format and terminology appropriate to the audience

1.3 Now that the risk has been identified (3 risks) and the context, causes, contributing factors and described in the project management plan, look at the strengths and weaknesses of existing systems and processes designed to help control the risk. Knowing what controls are already in place and whether they are effective helps identify what - if any - further action is needed.

1.3.1 Direct management of the program following agreed on program risk-management plans. To do this, create a risk matrix (appendix 3). Review the progress, analyse variance and initiate and direct risk responses to actuated program risk to achieve program objectives as found in dynamic risk environments. Before finalising the risk management matrix (appendix 3), ensure you confirm remedial actions are authorised with impact analysis according to program objectives.

1.3.1.1 Analyse, evaluate the risks and:

• Identify the existing controls - determine what rules are already in place to mitigate the impact of the risk
• Assess the likelihood - the likelihood of the risk occurring is described as rare, unlikely, possible, likely, or almost certain to occur.
• Assess the consequence - the consequences or potential impact if the risk event occurred as insignificant, minor, moderate, major or extreme.
• Rate the level of risk:
• Decide whether the risk is acceptable or unacceptable. Use your understanding of the risk to make decisions about future actions.
• Reviews outcomes considering results from a range of perspectives and identifying key concepts and principles that may be adaptable to future situations

Complete the risk management matrix (appendix 3)

1.4 Treat the risks. Ensure that effective strategies are in place to minimise the frequency and severity of the identified risk. Develop actions and implement treatments that aim to control the risk. Where treatment options are available and appropriate, record those treatment options as part of the risk treatment plan. To complete the risk management treatment plan (appendix 4), follow the below process:

• Decide if specific treatment is necessary or whether the risk can be adequately treated in the course of standard management procedures and activities; that is, embed the treatment into day-to-day practices or processes. In assessing what treatments could be implemented, it is useful to consider how standard methods already serve as a control or ways in which those traditional practices are modified to control the risk adequately.
• Work out what kind of treatment is desirable for this risk - determine what the goal is in treating this particular risk; is it to:
• avoid it altogether,
• reduce the likelihood or consequence,
• transfer the risk (to someone else, such as an insurer or contractor, or accept the level of risk based on existing information?
• Identify and design a preferred treatment option once the goal of treatment is known
• Evaluate treatment options and assess their feasibility relative to the tolerance for risk. Do the controls selected appear to have the desired treatment effect? That is, will they eliminate or reduce the risk.
• Document the risk treatment plan (appendix 4)
• Assess the level of residual risk. Document the residual risk, monitor and review. Where appropriate, further treatment might be prudent. Having a good awareness of residual risk is essential in monitoring and reviewing risk on an ongoing basis.

Note: Ensure assessing issues are determined for impact and remedial actions

Complete the risk management treatment (Appendix 4)

1.5 Then log the identified risks (X3 -refer to appendix 1 risk management Action Plans) on to the project risk register (appendix 5), so you can actively monitor the risk and manage the program. One effective way to monitor project risks is to add those risks with the highest scores to the project schedule with an assigned risk manager. Determine when these risks need to be monitored more closely and when to expect the risk manager to provide status updates at the bi-weekly project team meetings. Create the risk register through the initial project risk management meeting led by you (project manager) in 1.1.1 and refer to your risk management matrix (appendix 30 and risk management treatment plan (appendix 4).

As the log is updated, check the risk register for risks that may impact the programme and escalate those risks. At each sign-off stage, the risk register will be a crucial control document, and at project close, it feeds into the post-project review and lessons learned reporting. Before finalising the risk register, ensure you:

• confirm risks are assigned and monitored across the program at agreed intervals
• Confirm risks are monitored and assessed across the program at agreed intervals

Note: The key to risk monitoring is to ensure that it is continuous throughout the project's life and includes identifying trigger conditions for each risk and thorough documentation of the process.

Complete the Risk management Register (Appendix 5)

1.6 Review the project risk management report (annex 3) and assess, review and analyse the program risk management outcomes to determine the risk-management methodology's effectiveness.

Write a report (appendix 6) of your findings to respond to risk within complex programs subject to unpredictable contextual pressures, including the identified residual risk. When writing your report, take into consideration::

• Problem Analysis:Keep a note of all the events and activities of a risk management plan. Check out the problems arising from their implementation and assess if they severely impact the whole process. Make a note of those that have profound implications.
• Match the Outcomes of a Risk Management Plans with its Objectives:Ends justify means. Check if the possible outcomes of the risk management plan are in tandem with its pre-defined objectives. It plays a vital role in analysing if the program in action is perfect. If it produces desired results, it does not need to be changed. But if it fails to make what is required can be a severe issue.
• Evaluate If All the Activities in the Plan are Effective:It requires a thorough investigation of each risk management plan activity. Checking out all the activities' efficiency and discovering the flaws in their implementation allows you to analyse the whole plan systematically.
• Evaluate the Business Environment:A thorough study and critical evaluation of a business environment where a risk management plan implemented are essential. Take time to assess, analyse and decide what exactly is required.
• Make Possible Changes in Faulty Activities:After evaluating all the activities' effectiveness and efficiency, try to make possible changes in the action plan to get desired results. It may be very time-consuming, but it is necessary to implement your revised risk management plan successfully.
• Review the Changed Activities:After making changes in already existing activities and events of a risk management plan, go for a final review. Try to note down the changed activity's possible outcomes and match them with the primary objectives' risk management plans. Go ahead in case they are in line with them.

1.6.1 As part of your reporting requirements, you need to analyse and document a response to lessons learned for the three identified risks. Detail your response in your report (appendix 6) to address continuous improvement in applying the risk management process for future programs/projects. Consider results from a range of perspectives and identifying key concepts and principles that may be adaptable to future situations when reviewing outcomes.

Complete the report (Appendix 6)

1.7 Then, seek feedback from your CEO (assessor). You are meeting with your CEO (assessor) regarding your risk management outcomes. At the meeting, respond to relevant stakeholders (CEO -your assessor) on risk management lessons. Ensure you communicate to stakeholders present at the meeting any transferred liability required at program completion, and make at least three (3) recommendations for each of the identified risks. Your meeting focus is to aim to improve future risk management activity. Complete the lessons learned, register and allocate actions as required.

1.7.1 Ensure that all participants at the meeting contribute their knowledge and expertise and when communicating and participating in verbal exchanges you:

• use clear and detailed language and appropriate features to provide relevant information
• use active listening
• use questioning techniques to confirm understanding
• document feedback in the lessons learned register that is factual and relevant
• share the back
• offer suggestions and explain consequences
• relinquish control and allow freedom of choice
• focus on the quality of the risk management processes and performance and be specific
• focuses on the quality of the work and is specific

Your assessor will observe you perform this part of the task using the assessor observation checklist - 1.7.1 Feedback meeting

Finalise the outcomes of the meeting and record recommendations and responsibilities on the lessons learned register (appendix 7)