Sajal Faheem

14006151006
MPM
Submitted to: Sir Amir Butt
Assignment: Professional consultancy for the construction of
LUMS academic block by Nayyir Ali Dada of amount
PKR.350million.
Risk management Plan for the consultancy.

1. Risk Identification
Sr.N
o

Risk

Impact(0 Probabili
-5)
ty (0-5)

Description(How to
mitigate)

Scope of
services

Terms of
reference
(TOR)

Statement of
work (SOW)
Scope of
work/
Deliverable
Milestone
Project scope
checklist
Payment
terms
Penalties

Included in TORs. The result of scope of

services not being defined properly can
be devastating for the project but the
probability of that happening is very
low. The risk can be covered by hiring a
professional to draft the TORs.
Terms of reference are not a risk as
such. But if they are not defined
properly there is a risk that scope of the
project will deviate. TORs include
statement of work, deliverables, scope
of services, milestone, project scope
checklist, penalties, Termination, breach
of contract, communication failure &
KPIs.
Included in TORs.

Included in TORs

Included in TORs
Included in TORs

Project
duration

Work
breakdown
structure
(WBS)
Risk

Payment terms must be clearly defined

in the contract
The only way to mitigate penalties is
that both parties should abide by the
contract rules.
This risk can be handled by going
according to the project plan. If there
are any changes the stakeholders
should be informed immediately. Time
can be reduced them by project
crashing techniques and changing the
sequencing of activities.
WBS should be updated according to
any changes in the project. And should
be drawn carefully

5
6
7
8

10

11

RBS is not a risk but a tool to identify

12

Breakdown
structure
(RBS)
Cost

risk in activities but it can be a risk if

not drawn out properly
5

Time of
payment
Quality of
work
Bank
guarantee

16

Insurance

17

Forex

18

Security
conditions
Boarding
&lodging
Environment
al factors

Scope
variation
Health &
safety

23

Responsibilit
y matrix

24

Cost variance

25

Termination

26

Breach of
contract/
remedial
action
Force
Majeure

Confidentialit
y clause/

13
14
15

19
20

21
22

27

28

Cost can be managed by controlling the

scope and time of the project and
avoiding gold plating.
Should be made clear in the contract at
first and confirmed by both parties.
bY monitoring and controlling the
project
Do not accept bank guarantees if
possible. Otherwise make satisfactory
investigation and collect security.
Insurance is not a risk itself but if the
company does not have any insurance
then it can have adverse effect.
Forex risk can be avoided by fixing the
rate
By providing proper and sufficient
security
by making the arrangements as agreed
in the contract
By having acceptance certificate from
relevant authorities and keeping in view
the forecast
Controlling the scope by variance
analysis
BY abiding the proper health and safety
standards and implementation of those
standards.
It should be defined clearly so that the
person responsible for every task can
be identified individually.
The estimations should be based on
reality basis and an expert should be
hired if possible. Because if the costs of
the project are wrongly estimated it can
cause result in disputes
Included in TORs. The termination
clauses should be defined clearly.
Breach of contract will result in delays
and can be covered by following the
relevant penalty and remedial clauses
in the contract.
bY collecting related past information of
10-20 years and taking necessary
actions.
By adding a proper confidentiality
clause in the contract.

29

nonDisclosure
Communicati
on Failure

Technical
risk/Failure
Key
performance
Indicators
(KPIs)
Subcontracting
Business
workplace
Fairness in
dealing
Adherence of
applicable
government
laws
Govt. duties

Change
management
board
Company
code of
conduct

Indemnificati
on
Implementati
on of risk
strategy
Contingencie
s

42

Conflict of
interest

43

Financial
implications

44

Arbitration

30
31

32
33
34
35

36
37

38

39
40

41

If any information regarding the project

is not communicated properly it will
affect the project. So the
communication should be made clear
and effective
BY doing the proper maintenance and
inspection of the machines
BY drafting the proper KPIs for the
project that indicates the performance
properly
BY including clauses defining the
subcontracts that will be made.
BY providing the workplace which is
necessary for effective performance
Both parties should deal fairly with each
other and maintain transparency.
All relative government laws should be
abided by the company. The company
should fulfill all requirements of the
project y the government
bY keeping an eye on the trend of the
market
It is not a risk. Change management
board approves the changes in the
project and documents it.
The companys code of conduct should
be maintained and followed by the
employees or any other person working
on the project for the company.
bY applying the required health and
safety standards
By making sure your risk strategy
covers all aspects and by having an
expert judgment on it.
BY having proper contingency plans and
backup plans. In case of strategy failure
those plans can work in place.
By not appointing any biased person on
key post who have any kind of conflict
of interest
BY keeping in view all the financial
implications of the project and drafting
cash flows of the project and updating
them.
It is not a risk because it is done by an
impartial referee agreed upon by both

45

Capacity/
Capability

46

Co-operation
in handover

47

Assumption

48

Waivers

parties.
Selection criteria of a consultant must
be defined clearly and a consultant
should be hired who is capable and as
the capacity to fulfill the requirements.
All the work should be recorded and
documented and when the person
leaves he/she must hand it over to the
company. In the absence of handover it
will take the new person a while to
understand everything.
Clearly define any assumptions made in
the contact
By including the waivers in the contact.

2. Risk assessment
Risk assessment is done through categorizing risk by:

Severity- The impact of the risk on the organization

Probability- the likelihood of the risk actually occurring

This is done through risk mapping