Risk Management Plan

CITISCAPE
Project Name: Golf Course Main Works Documents No. GC-CS-DS-RMP-001
Revision No. 00
RISK MANAGEMENT PLAN
Date 13/06/2021
Date issue Prepared by Approved by
Name Barend Name Barend Vermeulen

13/6/2021 Vermeulen
Signature Signature
Page 1
CITISCAPE
Revision No. 00
Date 13/06/2021
Document Change Record
Revision Date Change Description Author

00 13/6/2021 First submission Barend
Vermeulen
Page 2
CITISCAPE
Revision No. 00
Date 13/06/2021
INDEX
1. PURPOSE .............................................................................................................................4
2. SCOPE OF WORKS ...........................................................................................................4
3. EXECUTIVE SUMARRY...................................................................................................6
4. RISK MANAGEMENT STATEGY ..................................................................................7
5. APPRENDIX A……………………………........ .........................................…………….14
6. APPEDIX B ……………………………........ ..............................................…………….15
Page 3
CITISCAPE
Revision No. 00
Date 13/06/2021
1. PURPOSE
This plan documents the processes, tools and procedures that will be used to manage and control
those events that could have a negative impact on Wadi Safar Golf Course project. It’s the
controlling document for managing and controlling all project risks. This plan will address:
• Risk identification
• Risk Assessment
• Risk Mitigation
• Risk Contingency Planning
• Risk Tracking and Reporting
•
Appendix A will present the risk impact assessment matrix and appendix B will present the risk
register.
2. SCOPE OF WORK
2.1 Client introduction
The Diriyah Gate Development Authority (DGDA) was established in July 2017, by royal order,
to preserve Diriyah’s history, celebrate its community and develop the historic site into one of the
world’s greatest gathering places, creating a hub for Saudi Arabian culture and heritage.
The DGDA aspires to develop Diriyah into a global gathering place by creating rich experiences that
narrate the stories of our history, instilling a sense of Saudi Arabian pride and creating globally
renowned destinations and landmarks.
Given the significant heritage and cultural importance of development with regard to Vision 2030,
this project has been described as the “jewel of the Kingdom”.
DGDA is directly funded by the Ministry of Finance and has had their budget approved for the
development of this prestigious project.
2.2 Overall Project introduction

Wadi Safar Golf Course is strategically located in Riyadh. It forms part of the Diriyah Gate
Development Authority’s jurisdiction area. It is a geographic area and wadi system near the
UNESCO World Heritage-listed Al-Turaif district and forms a natural branch from the central
portion of Wadi Hanifa.
Page 4
CITISCAPE
Revision No. 00
Date 13/06/2021
Project Location
2.3 Specific Scope of Work

The scope of the project is to develop a World Class Championship Golf Course (18 holes),
Academy Golf course (9 holes), Short game practice area and Practice driving range.
Golf Course – Projected View

Wadi Safar is to be developed as a mix of residential, leisure and commercial land use including
residential farm plots, hotels, branded hotel villas, golf course and other leisure and entertainment
facilities. Excellent facilities to the highest standards integrated into the community. The Golf course
is designed by Greg Norman, includes an 18-hole signature Championship course and a 9-hole
Academy course, short game practice academy and practice driving rang. The following work items
to be executed in this project:
• Selective clearing and grubbing
• Selective hand clearing
• Earthwork (grading and shaping of all Golf course and Landscape features including
surrounds)
• Placement of sands and finishing works.
• Topsoil replacement
• Green construction
• Tee construction
• Fairway / Rough construction
Page 5
CITISCAPE
Revision No. 00
Date 13/06/2021
• Cart path installation

• Bunker construction
• Golf course drainage
• Golf course irrigation and pump station
• Planting of Grassing and Turf Grow-in maintenance
• Irrigation lake construction (incl. liner install)
• Flood Lighting supply and install.
• Site wide infrastructure power, water, waste distribution lines, pump stations (all utilities
required to enable a fully functional golf course)
• Landscape plantations
• Landscape Lighting
• Comfort stations and Starter houses
• Site briefings will be undertaken to induct all personnel in the detail of this method statement,
any specific Risk Assessment.
3. Executive Summary
Risk is defined as an event that has a probability of occurring and could have either a positive (at that
case called opportunity) or negative impact to a project should that risk occur. A risk may have one
or more causes and, if it occurs, one or more impacts. For example, a cause may be requiring an
environmental permit to do work, or having limited personnel assigned to design the project. The
risk event is that the permitting agency may take longer than planned to issue a permit, or the
assigned personnel available and assigned may not be adequate for the activity. If either of these
uncertain events occurs, there may be an impact on the project cost, schedule or performance. All
projects assume some element of risk, and it’s through risk management where tools and techniques
are applied.
to monitor and track those events that have the potential to impact the outcome of a project.
Risk management is an ongoing process that continues through the life of a project. It includes
processes for risk management planning, identification, analysis, monitoring and control. Many of
these processes are updated throughout the project lifecycle as new risks can be identified at any
time. It’s the objective of risk management to decrease the probability and impact of events adverse
to the project. On the other hand, any event that could have a positive impact should be exploited.
The identification of risk normally starts before the project is initiated, and the number of risks
increase as the project matures through the lifecycle. When a risk is identified, it’s first assessed to
ascertain the probability of occurring, the degree of impact to the schedule, scope, cost, and quality,
and then prioritized. Risk events may impact only one or while others may impact the project in
multiple impact categories. The probability of occurrence, number of categories impacted and the
degree (high, medium, low) to which they impact the project will be the basis for assigning the risk
priority. All identifiable risks should be entered into a risk register and documented as a risk
statement.
As part of documenting a risk, two other important items need to be addressed.
Page 6
CITISCAPE
Revision No. 00
Date 13/06/2021
The first is mitigation steps that can be taken to lessen the probability of the event occurring. The
second is a contingency plan, or a series of activities that should take place either prior to, or when
the event occurs. Mitigation actions frequently have a cost. Sometimes the cost of mitigating the risk
can exceed the cost of assuming the risk and incurring the consequences. It is important to evaluate
the probability and impact of each risk against the mitigation strategy cost before deciding to
implement a contingency plan. Contingency plans implemented prior to the risk occurring are pre-
emptive actions intended to reduce the impact or remove the risk in its entirety. Contingency plans
implemented after a risk occurs can usually only lessen the impact.
Identifying and documenting events that pose a risk to the outcome of a project is just the first step. It
is equally important to monitor all risks on a scheduled basis by a risk management team, and
reported on in the project status report.
4. Risk Management Strategy

4.1 Risk Identification
A risk is any event that could prevent the project from progressing as planned, or from successful
completion. Risks can be identified from several different sources. Some may be quite obvious and
will be identified prior to project kickoff.
Others will be identified during the project lifecycle, and a risk can be identified by anyone
associated with the project. Some risk will be inherent to the project itself, while others will be the
result of external influences that are completely outside the control of the project team.
Wadi Safar Golf Course Project Manager has overall responsibility for managing project risk.
Project team members may be assigned specific areas of responsibility for reporting to the project
manager.
Throughout all phases of the project, a specific topic of discussion will be risk identification. The
intent is to instruct the project team in the need for risk awareness, identification, documentation and
communication.
Risk awareness requires that every project team member be aware of what constitutes a risk to the
project and being sensitive to specific events or factors that could potentially impact
the project in a positive or negative way.
Risk identification consists of determining which risks are likely to affect the project and
documenting the characteristics of each.
Risk communication involves bringing risk factors or events to the attention of the project manager
and project team.
Wadi Safar Golf Course project manager will identify, and document known risk factors during
creation of the Risk Register.
It is project manager’s responsibility to assist the project team and other stakeholders with risk
identification, and to document the known and potential risks in the Risk Register. Updates to the
risk register will occur as risk factors change.
Risk management will be a topic of discussion during the regularly scheduled project meetings.
The project team will discuss any new risk factors or events, and these will be reviewed with the
project manager.
Page 7
CITISCAPE
Revision No. 00
Date 13/06/2021
The project manager will determine if any of the newly identified risk factors or events warrant
further evaluation. Those that do will undergo risk quantification and risk response development, as
appropriate, and the action item will be closed.
At any time during the project, any risk factors or events should be brought to the attention of the
project manager using Email or some other form of written communication to document the item.
The project manager is responsible for logging the risk to the Risk Register. Notification of a new
risk should include the following Risk Register elements:
• Description of the risk factor or event, e.g., conflicting project or operational initiatives that
place demands on project resources, unexpected study outcomes, delays, etc.
• Probability that the event will occur. For example, a 50% chance that the vendor will not have
a specific material that meets the criteria available.
• Schedule Impact. The number of hours, days, week, or months that a risk factor could impact
the schedule. As an example, the material requires an additional 3 months to be fabricated.
• Scope Impact. The impact the risk will have on the envisioned accomplishments of the project.
Lack of material with the required specification may result to change the design to
accommodate the available specs.
• Quality Impact. A risk event may result in a reduction in the quality of work or products that
are developed. As an example, lack of funding caused by cost overruns may result in the
reduction of the study size and impact statistical empowerment
• Cost Impact. The impact the risk event, if it occurs is likely to have on the project budget.
4.2 Risk Responsibilities

The responsibility for managing risk is shared amongst all the stakeholders of the project.
However, decision authority for selecting whether to proceed with mitigation strategies and
implement contingency actions, especially those that have an associated cost or resource requirement
rest with the Project Manager who is responsible for informing the funding agency to determine the
requirement for a contract modification. The following tables details specific responsibilities for the
different aspects of risk management.
• Risk Identification: All project stakeholders

• Risk Registry: Project Manager
• Risk Assessment: defined project stakeholders
• Risk Response Options Identification: defined project stakeholders
• Risk Response Approval: PM with concurrence from PMO/OD/COO/CEO
• Risk Contingency Planning: Project Manager
• Risk Response Management: Project Manager
• Risk Reporting: Project Manager
Page 8
CITISCAPE
Revision No. 00
Date 13/06/2021
4.3 Risk Assessment

Risk assessment is the act of determining the probability that a risk will occur and the impact that
event would have, should it occur. This is basically a “cause and effect” analysis. The “cause” is the
event that might occur, while the “effect” is the potential impact to a project, should the event occur.
Assessment of a risk involves two factors. First is the probability which is the measure of certainty
that an event, or risk, will occur. This can be measured in several ways, but for Wadi Safar Golf
Course project will be assigned a probability as defined in the table below.
Probability of Occurrences
Definition Meaning Value
• Occurs frequently 5
Frequent • Will be continuously experienced unless
action is taken to change events
• Occur less frequently if process is corrected 4
• Issues identified with minimal audit activity
Likely
• Process performance failures evident to
trained auditors or regulators
• Occurs sporadically 3
Occasional • Potential issues discovered during focused
review.
• Unlikely to occur 2
Seldom • Minimal issue identification during focused
review
Improbable • Highly unlikely to occur 1
The second factor is estimate of the impact on the project. This can be a somewhat subjective
assessment, but should be quantified whenever possible. The estimated cost, the duration of the
potential delay, the changes in scope and the reduction in quality are in most cases factors
that can be estimated and documented in the risk statement and then measured using the standard
project management tools (i.e. project plan, budget, statements of work). Rather than detailed impact
estimates the Risk Register contains five ratings for impact;
Catastrophic (A)
Regulatory/Compliance violations/issues Inability to validate data
Withdrawal of product manufacturer
Tainted product Materials breech Production delays
Technical miscommunications
Security/confidentiality breeches
Critical (B)
A non-compliance finding resulting in process, or operational degradation
A security finding requiring immediate corrective action prior to continued operation
Reoccurring violation of any safety regulation resulting in serious injury
Production errors containing regulatory violations that pose direct consequence to the operation
Page 9
CITISCAPE
Revision No. 00
Date 13/06/2021
Moderate (C)
Security finding requiring a Corrective Action Plan
Production element errors that may pose indirect consequences to the operation
Minor (D)
No regulatory action anticipated
No compliance impact anticipated
No evident security threat affected
Minor errors in completed Company policy & procedures
Production errors containing quality system and / or opportunities for improvement
Negligible (E)
No regulatory/compliance violation
No security/confidentiality element affected
On time production validated experiments “Clean” product
Properly executed communications
For each of the impact categories the impact assessment should include consideration of the
following areas of impact also:
• Cost – This impact is usually estimated as a SAR amount that has a direct impact to the project.
However, cost is sometimes estimated and reported as simply additional resources, equipment,
etc. This is true whenever these additional resources will not result in a direct financial impact
to the project due to the fact the resources are loaned or volunteer, the equipment is currently
idle and there is no cost of use, or there are other types of donations that won’t impact the
project budget. Regardless of whether there is a direct cost, the additional resources should be
documented in the risk statement as part of the mitigation cost.
• Scope – Whenever there is the potential that the final product will not be completed as
originally envisioned there is a scope impact. Scope impact could be measured as a reduction
of the number of studies completed, or not providing a deliverable such as an IND.
• Schedule – It is very important to estimate the schedule impact of a risk event as this often
results is the basis for elevating the other impact categories. Schedule delays frequently result
in cost increases and may result in a reduction of scope or quality. Schedule delays may or may
not impact the critical path of the project and an associated push out of the final end date.
• Performance/Quality – Performance/Quality is frequently overlooked as an impact category
and too often a reduction in quality is the preferred choice for mitigation of a risk. “Short
cuts” and “low-cost replacements” are ways of reducing cost impacts. If not documented
appropriately and approved by the project sponsor, mitigation strategies that rely upon a
reduction in quality can result in significant disappointment by the stakeholders.
Most risks will be assigned one category, but some might be assigned more than one, or all.
Page 10
CITISCAPE
Revision No. 00
Date 13/06/2021
4.4 Risk Response

For each identified risk, a response must be identified. It is the responsibility of the project team
to select a risk response for each risk. The project team will need the best possible assessment of the
risk and description of the response options in order to select the right response for each risk. The
probability of the risk event occurring, and the impacts will be the basis for determining the degree to
which the actions to mitigate the risk should be taken. One way of evaluating mitigation strategies is
to multiply the risk cost times the probability of occurrence. Mitigation
strategies that cost less than risk probability calculation should be given serious consideration. The
possible response options are:
• Avoidance – Change the project to avoid the risk. Change scope, objectives, etc.
• Transference – Shift the impact of a risk to a third party (like a subcontractor). It does not
eliminate it, it simply shifts responsibility.
• Mitigation – Take steps to reduce the probability and/or impact of a risk. Taking early action,
close monitoring, more testing, etc.
• Acceptance – Simply accept that this is a risk. When choosing acceptance as a response the
IMPD is stating that given the probability of occurring and the associated impact to the project
that results, they are not going to take any actions and will accept the cost, schedule, scope, and
quality impacts if the risk event occurs.
• Deferred – A determination of how to address this risk will be addressed at a later time. The
results of the risk assessment process are documented in each Risk Statement and summarized
in the Risk Register which will be reported on a monthly basis.
4.5 Risk Mitigation

Risk mitigation involves two steps:
• Identifying the various activities, or steps, to reduce the probability and/or impact of an adverse
risk.
• Creation of a Contingency Plan to deal with the risk should it occur.
Taking early steps to reduce the probability of an adverse risk occurring may be more effective and
less costly than repairing the damage after a risk has occurred. However, some risk mitigation
options may simply be too costly in time or money to consider.
Mitigation activities should be documented in the Risk Register, and reviewed on a regular basis.
They include:
• Identification of potential failure points for each risk mitigation solution.
• For each failure point, document the event that would raise a “flag” indicating that the event or
factor has occurred or reached a critical condition.
• For each failure point, provide alternatives for correcting the failure.
Page 11
CITISCAPE
Revision No. 00
Date 13/06/2021
4.6 Risk Contingency Planning

Contingency planning is the act of preparing a plan, or a series of activities, should an adverse
risk occur. Having a contingency plan in place forces the project team to think in advance as to a
course of action if a risk event takes place.
• Identify the contingency plan tasks (or steps) that can be performed to implement the mitigation
strategy.
• Identify the necessary resources such as money, equipment and labor.
• Develop a contingency plan schedule. Since the date the plan will be implemented is unknown,
this schedule will be in the format of day 1, day 2, day 3, etc., rather than containing specific
start and end dates.
• Define emergency notification and escalation procedures, if appropriate.
• Develop contingency plan training materials, if appropriate.
• Review and update contingency plans if necessary.
• Publish the plan(s) and distribute the plan(s) to management and those directly involved in
executing the plan(s).
Contingency may also be reflected in the project budget, as a line item to cover unexpected expenses.
The amount to budget for contingency may be limited to just the high probability risks. This is
normally determined by estimating the cost if a risk occurs and multiplying it by the probability. For
example, assume a risk is estimated to result in an additional cost of SR50,000,
and the probability of occurring is 80%. The amount that should be included in the budget for this
one item is SR40,000.
Associated with a contingency plan, are start triggers and stop triggers. A start trigger is an event that
would activate the contingency plan, while a stop trigger is the criteria to resume normal operations.
Both should be identified in the Risk Register and can be embedded, example; the stop trigger can be
included in the contingency plan field.
4.7 Tracking and Reporting

As project activities are conducted and completed, risk factors and events will be monitored to
determine if in fact trigger events have occurred that would indicate the risk is now a reality.
Based on trigger events that have been documented during the risk analysis and mitigation processes,
the project team or project managers will have the authority to enact contingency
plans as deemed appropriate. Day to day risk mitigation activities will be enacted and directed by the
project managers.
Contingency plans that once approved and initiated will be added to the project work plan and be
tracked and reported along with all of the other project activities.
Risk management is an ongoing activity that will continue throughout the life of the project. This
process includes continued activities of risk identification, risk assessment, planning for newly
identified risks, monitoring trigger conditions and contingency plans, and risk reporting on a regular
basis. Project status reporting contains a section on risk management, where new risks
are presented along with any status changes of existing risks. Some risk attributes, such as
probability and impact, could change during the life of a project and this should be reported as well.
Page 12
CITISCAPE
Revision No. 00
Date 13/06/2021
4.8 Processes to Address Immediate Unforeseen Risks

The individual identifying the risk will immediately notify the project managers. The individual
notified will assess the risk situation.
If required, the project managers will identify a mitigating strategy, and assign resources, as
necessary.
The project manager will document the risk factor and the mitigating strategy.
Page 13
CITISCAPE
Revision No. 00
Date 13/06/2021
5. APPENDIX A – EXAMPLE RISK ASSESSMENT MATRIX
Page 14
Appendix A – Example Risk Assessment Matrix
Probability of Occurrences Catastrophic Critical Moderate Minor Negligible

Definition Meaning Value (A) (B) (C) (D) (E)
• Occurs 5
frequently
• Will be
continuously
Frequent experienced 5A 5B 5C 5D 5E
unless
action is
taken to
change
events
• Occur less 4
frequently if
process is
corrected
• Issues
identified
with minimal
Likely audit activity 4A 4B 4C 4D 4E
• Process
performance
failures
evident to
trained
auditors or
regulators
• Occurs 3
sporadically
Occasional • Potential
3A 3B 3C 3D 3E
issues
discovered
during
focused
review.
• Unlikely to 2
occur
Seldom • Minimal issue 2A 2B 2C 2D 2E
identification
during
focused
review
Improbable • Highly 1 1A 1B 1C 1D 1E
unlikely to
occur
Risk Levels:
• Risk is High for codes 5A, 5B, 5C, 4A, 4B, 3A
• Risk is Medium High for codes 5D, 5E, 4C, 3B, 3C, 2A, 2B
• Risk is Medium Low for codes 4D, 4E, 3D, 2C, 1A, 1B
• Risk is Low for codes 3E, 2D, 2E, 1C, 1D, 1E
CITISCAPE
Revision No. 00
Date 13/06/2021
6. APPENDIX B – RISK REGISTER
Page 15
Risk Register
Project name: Wadi Safar Golf Course
Project manager: B.Vermeulen
ID Date raised Risk description Likelihood of the Impact if the risk Severity Owner Mitigating action Contingent action Progress on actions Status
risk occurring occurs
1 19/04/2021 Project schedule is Low Medium Medium Project Manager Hold scheduling workshops with the project team so they Share the plan and go through Workshops scheduled. Open
not clearly defined understand the plan and likelihood of missed tasks is reduced. upcoming tasks at each weekly
or understood project progress meeting.
2 19/04/2021 Consultant or sub- Medium High High Project Manager Include late penalties in contracts. Escalate to Project Sponsor Lead time from each Open
contractor delays Build in and protect lead time in the schedule. and Contracts Manager. contractor built into the
Communicate schedule early. Implement late clauses. project schedule. Late
Check in with suppliers regularly. Query '90% done'. Ask again and penalties agreed to and
again if they need anything else. contracts signed.
3 26/04/2021 Estimating and/or Medium High High Project Manager Break this risk into two: 'cost estimating' and 'scheduling errors'. Escalate to project sponsor and Contingency agreed by Open
scheduling errors Use two methods of cost estimation, and carefully track costs and project board. Project Board.
forecast cost at completion making adjustments as necessary. Raise change request for
Build in 10% contingency on cost and scheduling. change to budget or schedule.
Track schedules daily and include schedule review as an agenda Pull down contingency.
item in every project team meeting.
Flag forecast errors and/or delays to the Project Board early.
4 01/05/2021 Unplanned work Low High Medium Team Manager Attend project scheduling workshops. Escalate to the Project Team managers attending Open
that must be Check previous projects, for actual work and costs. Manager with plan of action, scheduling workshops.
accommodated Check all plans and quantity surveys. including impact on time, cost
Document all assumptions made in planning and communicate to and quality.
the project manager before project kick off.
5 01/05/2021 Lack of Medium Medium Medium Project Manager Write a communication plan which includes frequency, goal, and Correct misunderstandings Communication plan in Open
communication, audience of each communication. immediately. Clarify areas that progress.
causing lack of Identify stakeholders early and make sure they are considered I are not clear swiftly using
clarity and the communication plan. Use most appropriate channel of assistance from Project
confusion. communication for audience. Sponsor if needed.
6 01/05/2021 Pressure to Low High Medium Project Manager Share the schedule with key stakeholders to reduce the risk of this Escalate to Project Board with Awaiting completion of the Open
arbitrarily reduce happening. assessment of risk and impact schedule.
task durations and Patiently explain that schedule was built using the expertise of of the change.
or run tasks in subject matter experts. Explain the risks of the changes. Share the Hold emergency risk
parallel which Dennis Lock quote at https://www.stakeholdermap.com/plan- management call with decision
would increase risk project/plan-reduction-crashing.html. makers & source of pressure
of errors. and lay out risk and impact.
7 01/05/2021 Scope creep Medium High High Project Manager Document the project scope in a Project Initiation Document or Document each and every Scope clearly defined in PID. Open
Project Charter and get it authorised by the Project Board. Refer to example of scope creep NO
it throughout the project and assess all changes against it also MATTER HOW SMALL in a
ensuring alignment of any changes with the Business Case. change order and get
authorisation from the project
board BEFORE STARTING
WORK. This includes ZERO
COST changes.
8 01/05/2021 Unresolved project Low Medium Medium Project Manager Hold regular project team meetings and look out for conflicts. When aware immediately Project team meetings Open
conflicts not Review the project plan and stakeholder engagement plan for escalate to Project Board and scheduled.
escalated in a potential areas of conflict. gain assistance from Project
timely manner Sponsor to resolve the conflict.
9 01/05/2021 Acts of God for Low High High Project Manager Ensure insurance in place. Familiarise project team with Notify appropriate authorities. Public Liability Insurance Open
example, extreme emergency procedures. Where cost effective put back up systems Follow health and safety confirmed.
weather, leads to in place e.g. generators. procedures. Notify
loss of resources, stakeholders and Project
materials, Board.
premises etc.
10 01/05/2021 Stakeholder action Low High High Project Manager Identify stakeholders, analyse power and influence and create a Notify appropriate authorities Stakeholder Analysis in Open
delays project. stakeholder engagement plan. Project Board to authorise the plan. and follow internal procedures progress.
Revisit the plan at regular intervals to check all stakeholders are e.g. for activist demonstrations.
managed. Consider getting insurance.

Risk Management Plan

Uploaded by

Copyright:

Available Formats

Risk Management Plan

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management Plan

Uploaded by

Copyright:

Available Formats

CITISCAPE

Project Name: Golf Course Main Works Documents No. GC-CS-DS-RMP-001