MODULE 11:- Manage Safety and Environmental Protection

LO 1. Determine areas of potential risk in the building and construction

workplace
Construction is a relatively hazardous undertaking. As Table 13-1 illustrates, there are significantly
more injuries and lost workdays due to injuries or illnesses in construction than in virtually any other
industry. These work related injuries and illnesses are exceedingly costly. The Construction Industry
Cost Effectiveness Project estimated that accidents cost $8.9 billion or nearly seven percent of the
$137 billion (in 1979 dollars) spent annually for industrial, utility and commercial construction in the
United States. Included in this total are direct costs (medical costs, premiums for workers'
compensation benefits, liability and property losses) as well as indirect costs (reduced worker
productivity, delays in projects, administrative time, and damage to equipment and the facility). In
contrast to most industrial accidents, innocent bystanders may also be injured by construction
accidents. Several crane collapses from high rise buildings under construction have resulted in
fatalities to passersby. Prudent project managers and owners would like to reduce accidents, injuries
and illnesses as much as possible.

TABLE 13-1 Nonfatal Occupational Injury and Illness Incidence Rates

Industry 1996 1997 1998

Agriculture, forestry, fishing 8.7 8.4 7.3
Mining 5.4 5.9 4.4
Construction 9.9 9.5 8.6
Manufacturing 10.6 10.3 9.2
Transportation/public utilities 8.7 8.2 7.3
Wholesale and retail trade 6.8 6.7 6.1
Finance, insurance, real estate 2.4 2.2 1.8
Services 6.0 5.6 4.9

Note: Data represent total number of cases per 100 full-time employees
Source: U.S. Bureau of Labor Statistics, Occupational injuries and Illnesses in the United States by
Industry, annual

As with all the other costs of construction, it is a mistake for owners to ignore a significant category of
costs such as injury and illnesses. While contractors may pay insurance premiums directly, these costs are
reflected in bid prices or contract amounts. Delays caused by injuries and illnesses can present significant
opportunity costs to owners. In the long run, the owners of constructed facilities must pay all the costs of
construction. For the case of injuries and illnesses, this general principle might be slightly qualified since
significant costs are borne by workers themselves or society at large.
However, court judgments and insurance payments compensate for individual losses and are ultimately
borne by the owners.
The causes of injuries in construction are numerous. Table 13-2 lists the reported causes of accidents in
the US construction industry in 1997. A similar catalogue of causes would exist for other countries. The
largest single category for both injuries and fatalities are individual falls. Handling goods and
transportation are also a significant cause of injuries. From a management perspective, however, these
reported causes do not really provide a useful prescription for safety policies. An individual fall may be
caused by a series of coincidences: a railing might not be secure, a worker might be inattentive, the
footing may be slippery, etc. Removing any one of these compound causes might serve to prevent any
particular accident. However, it is clear that conditions such as unsecured railings will normally increase
the risk of accidents. Table 13-3 provides a more detailed list of causes of fatalities for construction sites

1
alone, but again each fatality may have multiple causes.

TABLE 13-2 Fatal Occupational Injuries in

All accidents 1,107 1,190
Rate per 100,000 workers 14 14
Cause Percentage
Transportation incidents 26% 27%
Assaults/violentacts 3 2
Contact with objects 18 21
Falls 34 32
Exposure 17 15

TABLE 13-3 Fatality Causes in Construction, 1998

Cause Deaths Percentage
Fall from/through roof 66 10.6%
Fall from/with structure (other than roof) 64 10.2
Electric shock by equipment contacting power source 58 9.3
Crushed/run over non-operator by operating construction equipment 53 8.5
Electric shock by equipment installation or tool use 45 7.2
Struck by falling object or projectile (including tip-overs) 29 4.6
Lifting operation 27 4.3
Fall from/with ladder (includes collapse/fall of ladder) 27 4.3
Crushed/run over/trapped operator by operating construction equipment 25 4.0
Trench collapse 24 3.8
Crushed/run over by highway vehicle 22 3.5

Source: Construction Resource Analysis

Various measures are available to improve jobsite safety in construction. Several of the most important
occur before construction is undertaken. These include design, choice of technology and education. By
altering facility designs, particular structures can be safer or more hazardous to construct.
Choice of technology can also be critical in determining the safety of a jobsite. Safeguards built into
machinery can notify operators of problems or prevent injuries. For example, simple switches can prevent
equipment from being operating when protective shields are not in place. With the availability of on-
board electronics (including computer chips) and sensors, the possibilities for sophisticated machine
controllers and monitors has greatly expanded for construction equipment and tools. Materials and work
process choices also influence the safety of construction.
Educating workers and managers in proper procedures and hazards can have a direct impact on jobsite
safety. The realization of the large costs involved in construction injuries and illnesses provides a
considerable motivation for awareness and education. Regular safety inspections and safety meetings
have become standard practices on most job sites.
Pre-qualification of contractors and sub-contractors with regard to safety is another important avenue for
safety improvement. If contractors are only invited to bid or enter negotiations if they have an acceptable
record of safety (as well as quality performance), then a direct incentive is provided to insure adequate
safety on the part of contractors.

During the construction process itself, the most important safety related measures are to insure vigilance
and cooperation on the part of managers, inspectors and workers. Vigilance involves considering the risks
of different working practices. In also involves maintaining temporary physical safeguards such as
barricades, braces, guy lines, railings, toe boards and the like. Sets of standard practices are also
important, such as:
 Requiring hard hats on site.
2
 Requiring eye protection on site.
 Requiring hearing protection near loud equipment.
 Insuring safety shoes for workers.
 Providing first-aid supplies and trained personnel on site.
While eliminating accidents and work related illnesses is a worthwhile goal, it will never be attained.
Construction has a number of characteristics making it inherently hazardous. Large forces are involved in
many operations. The jobsite is continually changing as construction proceeds. Workers do not have fixed
worksites and must move around a structure under construction. The tenure of a worker on a site is short,
so the worker's familiarity and the employer-employee relationship are less settled than in manufacturing
settings. Despite these peculiarities and as a result of exactly these special problems, improving worksite
safety is a very important project management concern.

Effects of Project Risks on Organization

The uncertainty in undertaking a construction project comes from many sources and often involves many
participants in the project. Since each participant tries to minimize its own risk, the conflicts among
various participants can be detrimental to the project. Only the owner has the power to moderate such
conflicts as it alone holds the key to risk assignment through proper contractual relations with other
participants. Failure to recognize this responsibility by the owner often leads to undesirable results. In
recent years, the concept of "risk sharing/risk assignment" contracts has gained acceptance by the federal
government. Since this type of contract acknowledges the responsibilities of the owners, the contract
prices are expected to be lower than those in which all risks are assigned to contractors.
In approaching the problem of uncertainty, it is important to recognize that incentives must be provided if
any of the participants is expected to take a greater risk. The willingness of a participant to accept risks
often reflects the professional competence of that participant as well as its propensity to risk. However,
society's perception of the potential liabilities of the participant can affect the attitude of risk-taking for all
participants. When a claim is made against one of the participants, it is difficult for the public to know
whether a fraud has been committed, or simply that an accident has occurred.
Risks in construction projects may be classified in a number of ways. One form of classification is as
follows:
1. Socioeconomic factors
 Environmental protection
 Public safety regulation
 Economic instability
 Exchange rate fluctuation
2. Organizational relationships
 Contractual relations
 Attitudes of participants
 Communication
3. Technological problems
 Design assumptions
 Site conditions
 Construction procedures
 Construction occupational safety
The environmental protection movement has contributed to the uncertainty for construction because of
the inability to know what will be required and how long it will take to obtain approval from the
regulatory agencies. The requirements of continued re-evaluation of problems and the lack of definitive
criteria which are practical have also resulted in added costs. Public safety regulations have similar
effects, which have been most noticeable in the energy field involving nuclear power plants and coal
mining. The situation has created constantly shifting guidelines for engineers, constructors and owners as
projects move through the stages of planning to construction. These moving targets add a significant new
dimension of uncertainty which can make it virtually impossible to schedule and complete work at
budgeted cost. Economic conditions of the past decade have further reinforced the climate of uncertainty
with high inflation and interest rates. The deregulation of financial institutions has also generated
unanticipated problems related to the financing of construction.

3
Uncertainty stemming from regulatory agencies, environmental issues and financial aspects of
construction should be at least mitigated or ideally eliminated. Owners are keenly interested in achieving
some form of breakthrough that will lower the costs of projects and mitigate or eliminate lengthy delays.
Such breakthroughs are seldom planned. Generally, they happen when the right conditions exist, such as
when innovation is permitted or when a basis for incentive or reward exists.
However, there is a long way to go before a true partnership of all parties involved can be forged.
During periods of economic expansion, major capital expenditures are made by industries and bid up the
cost of construction. In order to control costs, some owners attempt to use fixed price contracts so that the
risks of unforeseen contingencies related to an overheated economy are passed on to contractors.
However, contractors will raise their prices to compensate for the additional risks.
The risks related to organizational relationships may appear to be unnecessary but are quite real.
Strained relationships may develop between various organizations involved in the design/construct
process. When problems occur, discussions often center on responsibilities rather than project needs at a
time when the focus should be on solving the problems. Cooperation and communication between the
parties are discouraged for fear of the effects of impending litigation. This barrier to communication
results from the ill-conceived notion that uncertainties resulting from technological problems can be
eliminated by appropriate contract terms. The net result has been an increase in the costs of constructed
facilities.
The risks related to technological problems are familiar to the design/construct professions which have
some degree of control over this category. However, because of rapid advances in new technologies
which present new problems to designers and constructors, technological risk has become greater in many
instances. Certain design assumptions which have served the professions well in the past may become
obsolete in dealing with new types of facilities which may have greater complexity or scale or both. Site
conditions, particularly subsurface conditions which always present some degree of uncertainty, can
create an even greater degree of uncertainty for facilities with heretofore unknown characteristics during
operation. Because construction procedures may not have been fully anticipated, the design may have to
be modified after construction has begun. An example of facilities which have encountered such
uncertainty is the nuclear power plant, and many owners, designers and contractors have suffered for
undertaking such projects.

If each of the problems cited above can cause uncertainty, the combination of such problems is often
regarded by all parties as being out of control and inherently risky. Thus, the issue of liability has taken
on major proportions and has influenced the practices of engineers and constructors, who in turn have
influenced the actions of the owners.
Many owners have begun to understand the problems of risks and are seeking to address some of these
problems. For example, some owners are turning to those organizations that offer complete capabilities in
planning, design, and construction, and tend to avoid breaking the project into major components to be
undertaken individually by specialty participants. Proper coordination throughout the project duration and
good organizational communication can avoid delays and costs resulting from fragmentation of services,
even though the components from various services are eventually integrated.
Attitudes of cooperation can be readily applied to the private sector, but only in special circumstances can
they be applied to the public sector. The ability to deal with complex issues is often precluded in the
competitive bidding which is usually required in the public sector. The situation becomes more difficult
with the proliferation of regulatory requirements and resulting delays in design and construction while
awaiting approvals from government officials who do not participate in the risks of the project.

LO 2. Inspect and report on areas of specific risk

Safety Inspections and Checklists
Even if safety inspections were not strongly recommended, they are an excellent way for the department
to reference the commitment to safe work practices, provide practical training in safety awareness and
minimize hazards at the workplace. These inspections provide a systematic method for involving
supervisors, employees, safety coordinators, and/or safety committees in the process of eliminating
workplace hazards.

4
Types of Safety Inspections
There are several ways to perform safety inspections of a workplace, task or job. The most popular ways
include using checklists, general knowledge, and risk mapping. To be effective, safety inspections must
be individualized or tailored to meet the needs of a specific workplace, task or job.
Safety Checklist Inspections
A checklist is very good for the regular inspection of specific items. However, they may not be as useful
in identifying previously unrecognized hazards.
Many different checklists are available from a variety of sources. Unfortunately, since these readymade
checklists are generic, they rarely meet the needs of a specific workplace, task or job. However, you may
find them useful to inspect a part of your area. For instance, the owner's manual for a table saw may have
a checklist that works perfectly for inspecting the saw in a department shop. Taking parts of several
ready-made checklists and putting them together may be an easy method of beginning the development of
your customized checklist.
Risk Mapping Safety Inspections
The third inspection method is called risk mapping. It is a good method to use at a safety meeting where
everyone there is familiar with the workplace or process. This technique uses a map/drawing of the
workplace or a list of steps in a process. People in the group then tell the leader the hazards they
recognize and where they are located in the workplace or process. The leader uses different colors or
symbols to identify different types of hazards on the map or list of steps. This type of inspection is
valuable for involving all employees in identifying and resolving safety hazards.
Workplace Inspections Procedure
To outline the activities required to ensure a consistent, planned, systematic appraisal of the workplace to
identify hazards and/or review established controls.
Workplace inspections ensure that:
 Identify hazardous conditions and review hazard control measures
 monitor and evaluate the effectiveness of health and safety practices and procedures
 Improve health and safety practices and procedures
 Measure Occupation Health and Safety (OHS) compliance
 Check new facilities, equipment, processes
 Collect information that identifies potential new safety initiatives
 Maintain interest in health and safety through consultation
 Display management commitment to health and safety
 Empower staff to ensure a safe work environment.
Managers, in consultation with their staff and the OHS representatives, are responsible for developing and
implementing a system of workplace inspections, consistent with the work area’s risk profile.
Workplace inspections involve the following steps:
 Identifying the hazards
 Assessing and rating the risks
 Controlling the risks (using the Hierarchy of Control)
 Implementing the risk controls
 Monitoring and reviewing the risk controls
 Documenting the results
Property has specific responsibility for inspecting building infrastructure, essential services, grounds
and walkways, plant and equipment and security.
DETERMINE THE WORKPLACE TO BE INSPECTED
Determine the workplace to be inspected and nominate an OHS Committee Workgroup.
Inspections will need to be undertaken:
 Where equipment or layout of any work area is altered and increases risk
 If a new plant or work process is introduced
 Prior to commencement of work
The aim should be to complete a minimum of two inspections a year.
Individual work areas may elect to increase the number of inspections if there is an identified need or
increased risk profile.
OHS Committee
5
Workgroup
Form an Inspection Team
Form an inspection team which includes the following:
 A staff member(s) familiar with the work area
 A management representative or their delegate
 An OHS representative
 A delegate from the Health and Safety Unit.
At least one of the inspection team must be trained in the University process for workplace inspections.
Obtain Checklists
A range of Workplace Inspections Checklists is available to assist in the inspection process. The
checklists are based on the hazard register for each area and have been reviewed by staff in the relevant
area. They also assist in recording information and triggering questions during the inspection.
INSPECT THE WORKPLACE
Consider the following factors when inspecting:
Workplace Design (i.e. the physical workplace, both internal and external environment)
 Is the area suited to the work being carried out?
 Does it provide adequate space for occupants?
 Ensure the design meets relevant legislative requirements.
 Does it comply with the OHS Act and Regulations?
Systems of Work
 Are Policies and Procedures available?
 Are Safe Operating Procedures written and accessible?
 Is important information available to workers re hazards eg Hazard Register, Material Safety
Data Sheets?
Environment
Behavior
Identify risks
Assess and rate a risk
Report
Document the outcomes of your risk assessments on the Risk
Assessment Form Prepare a Workplace Safety Inspection Summary Report to the Executive Dean/ Head
of Office for action.
Provide a copy of the report to the Central OHS Committee.
Document the results
Document all assessments on the Risk Register Form and forward this, along with copies of any
completed Checklists and/or notes to the following people:
 Executive Dean
 Head of Department
 Health & Safety Unit
 OHS Representative
 Central OHS Committee Executive Dean/Head of Office

LO.3 Advice on implementation of control measures at the building and construction workplace

Managing potential risk

The best way to manage risks in international trade is to anticipate, reduce or avoid them. Seek legal
advise and develop a risk management plan that is shared with your staff.

Process

According to the standard ISO 31000 "Risk management – Principles and guidelines on implementation,
the process of risk management consists of several steps as follows:

6
Establishing the context

This involves:

1. identification of risk in a selected domain of interest

2. planning the remainder of the process
3. mapping out the following:
o the social scope of risk management
o the identity and objectives of stakeholders
o the basis upon which risks will be evaluated, constraints.
4. defining a framework for the activity and an agenda for identification
5. developing an analysis of risks involved in the process
6. mitigation or solution of risks using available technological, human and organizational resources.

Identification

After establishing the context, the next step in the process of managing risk is to identify potential risks.
Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the
source of problems, or with the problem itself.

 Source analysis - Risk sources may be internal or external to the system that is the target of risk
management.

Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an
airport.

 Problem analysis- Risks are related to identified threats. For example: the threat of losing money,
the threat of abuse of confidential information or the threat of accidents and casualties. The
threats may exist with various entities, most important with shareholders, customers and
legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the events that can lead
to a problem can be investigated. For example: stakeholders withdrawing during a project may endanger
funding of the project; confidential information may be stolen by employees even within a closed
network; lightning striking an aircraft during takeoff may make all people on board immediate casualties.

The chosen method of identifying risks may depend on culture, industry practice and compliance. The
identification methods are formed by templates or the development of templates for identifying source,
problem or event. Common risk identification methods are:

 Objectives-based risk identification- Organizations and project teams have objectives. Any event
that may endanger achieving an objective partly or completely is identified as risk.
 Scenario-based risk identification - In scenario analysis different scenarios are created. The
scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of
forces in, for example, a market or battle. Any event that triggers an undesired scenario
alternative is identified as risk.
 Taxonomy-based risk identification - The taxonomy in taxonomy-based risk identification is a
breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a
questionnaire is compiled. The answers to the questions reveal risks.
 Common-risk checking - In several industries, lists with known risks are available. Each risk in
the list can be checked for application to a particular situation.
 Risk charting - This method combines the above approaches by listing resources at risk, threats to
those resources, modifying factors which may increase or decrease the risk and consequences it is
wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can
7
 begin with resources and consider the threats they are exposed to and the consequences of each.
Alternatively one can start with the threats and examine which resources they would affect, or
one can begin with the consequences and determine which combination of threats and resources
would be involved to bring them about.

Risk Assessment

Once risks have been identified, they must then be assessed as to their potential severity of impact
(generally a negative impact, such as damage or loss) and to the probability of occurrence. These
quantities can be either simple to measure, in the case of the value of a lost building, or impossible to
know for sure in the case of the probability of an unlikely event occurring. Therefore, in the assessment
process it is critical to make the best educated decisions in order to properly prioritize the implementation
of the risk management plan.

Even a short-term positive improvement can have long-term negative impacts. Take the "turnpike"
example. A highway is widened to allow more traffic. More traffic capacity leads to greater development
in the areas surrounding the improved traffic capacity. Over time, traffic thereby increases to fill available
capacity. Turnpikes thereby need to be expanded in a seemingly endless cycles. There are many other
engineering examples where expanded capacity (to do any function) is soon filled by increased demand.
Since expansion comes at a cost, the resulting growth could become unsustainable without forecasting
and management.

The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical
information is not available on all kinds of past incidents. Furthermore, evaluating the severity of the
consequences (impact) is often quite difficult for intangible assets. Asset valuation is another question
that needs to be addressed. Thus, best educated opinions and available statistics are the primary sources of
information.

Potential risk treatments

Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of
these four major categories:

 Avoidance (eliminate, withdraw from or not become involved)

 Reduction (optimize – mitigate)
 Sharing (transfer – outsource or insure)
 Retention (accept and budget)

Risk avoidance

This includes not performing an activity that could carry risk. An example would be not buying a
property or business in order to not take on the legal liability that comes with it. Another would be not
flying in order not to take the risk that the airplane were to be hijacked. Avoidance may seem the answer
to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the
risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of
earning profits.

Hazard prevention

Hazard prevention refers to the prevention of risks in an emergency. The first and most effective stage of
hazard prevention is the elimination of hazards. If this takes too long, is too costly, or is otherwise
impractical, the second stage is mitigation.

8
Risk reduction

Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss
from occurring. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire.
This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire
suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy.

Acknowledging that risks can be positive or negative, optimizing risks means finding a balance between
negative risk and the benefit of the operation or activity; and between risk reduction and effort applied.

Modern software development methodologies reduce risk by developing and delivering software
incrementally. Early methodologies suffered from the fact that they only delivered software in the final
phase of development; any problems encountered in earlier phases meant costly rework and often
jeopardized the whole project. By developing in iterations, software projects can limit effort wasted to a
single iteration.

Risk sharing

Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from a risk, and
the measures to reduce a risk."

The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer
a risk to a third party through insurance or outsourcing. In practice if the insurance company or contractor
go bankrupt or end up in court, the original risk is likely to still revert to the first party. As such in the
terminology of practitioners and scholars alike, the purchase of an insurance contract is often described as
a "transfer of risk." However, technically speaking, the buyer of the contract generally retains legal
responsibility for the losses "transferred", meaning that insurance may be described more accurately as a
post-event compensatory mechanism. For example, a personal injuries insurance policy does not transfer
the risk of a car accident to the insurance company. The risk still lies with the policy holder namely the
person who has been in the accident. The insurance policy simply provides that if an accident (the event)
occurs involving the policy holder then some compensation may be payable to the policy holder that is
commensurate to the suffering/damage.

Some ways of managing risk fall into multiple categories. Risk retention pools are technically retaining
the risk for the group, but spreading it over the whole group involves transfer among individual members
of the group. This is different from traditional insurance, in that no premium is exchanged between
members of the group up front, but instead losses are assessed to all members of the group.

Risk retention

Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self insurance falls in this
category. Risk retention is a viable strategy for small risks where the cost of insuring against the risk
would be greater over time than the total losses sustained. All risks that are not avoided or transferred are
retained by default. This includes risks that are so large or catastrophic that they either cannot be insured
against or the premiums would be infeasible. War is an example since most property and risks are not
insured against war, so the loss attributed by war is retained by the insured. Also any amounts of potential
loss (risk) over the amount insured is retained risk. This may also be acceptable if the chance of a very
large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the
goals of the organization too much.

Create a risk management plan

Select appropriate controls or countermeasures to measure each risk. Risk mitigation needs to be
approved by the appropriate level of management. For instance, a risk concerning the image of the
9
organization should have top management decision behind it whereas IT management would have the
authority to decide on computer virus risks.

The risk management plan should propose applicable and effective security controls for managing the
risks. For example, an observed high risk of computer viruses could be mitigated by acquiring and
implementing antivirus software. A good risk management plan should contain a schedule for control
implementation and responsible persons for those actions.

According to ISO/IEC 27001, the stage immediately after completion of the risk assessment phase
consists of preparing a Risk Treatment Plan, which should document the decisions about how each of the
identified risks should be handled. Mitigation of risks often means selection of security controls, which
should be documented in a Statement of Applicability, which identifies which particular control
objectives and controls from the standard have been selected, and why.

Implementation

Implementation follows all of the planned methods for mitigating the effect of the risks. Purchase
insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that
can be avoided without sacrificing the entity's goals, reduce others, and retain the rest.

Review and evaluation of the plan

Initial risk management plans will never be perfect. Practice, experience, and actual loss results will
necessitate changes in the plan and contribute information to allow possible different decisions to be
made in dealing with the risks being faced.

Risk analysis results and management plans should be updated periodically. There are two primary
reasons for this:

1. To evaluate whether the previously selected security controls are still applicable and effective
2. To evaluate the possible risk level changes in the business environment. For example,
information risks are a good example of rapidly changing business environment.

Risk management activities as applied to project management

In project management, risk management includes the following activities:

 Planning how risk will be managed in the particular project. Plans should include risk
management tasks, responsibilities, activities and budget.
 Assigning a risk officer – a team member other than a project manager who is responsible for
foreseeing potential project problems. Typical characteristic of risk officer is a healthy
skepticism.
 Maintaining live project risk database. Each risk should have the following attributes: opening
date, title, short description, probability and importance. Optionally a risk may have an assigned
person responsible for its resolution and a date by which the risk must be resolved.
 Creating anonymous risk reporting channel. Each team member should have the possibility to
report risks that he/she foresees in the project.
 Preparing mitigation plans for risks that are chosen to be mitigated. The purpose of the mitigation
plan is to describe how this particular risk will be handled – what, when, by whom and how will
it be done to avoid it or minimize consequences if it becomes a liability.
 Summarizing planned and faced risks, effectiveness of mitigation activities, and effort spent for
the risk management.

10
LO.4 Establish and review communications and educational programs
Risk management and business continuity

Risk management is simply a practice of systematically selecting cost effective approaches for
minimizing the effect of threat realization to the organization. All risks can never be fully avoided or
mitigated simply because of financial and practical limitations. Therefore all organizations have to accept
some level of residual risks.

Whereas risk management tends to be preemptive, business continuity planning (BCP) was invented to
deal with the consequences of realized residual risks. The necessity to have BCP in place arises because
even very unlikely events will occur if given enough time. Risk management and BCP are often
mistakenly seen as rivals or overlapping practices. In fact these processes are so tightly tied together that
such separation seems artificial. For example, the risk management process creates important inputs for
the BCP (assets, impact assessments, cost estimates etc.). Risk management also proposes applicable
controls for the observed risks. Therefore, risk management covers several areas that are vital for the BCP
process. However, the BCP process goes beyond risk management's preemptive approach and assumes
that the disaster will happen at some point.

Risk communication

Risk communication is a complex cross-disciplinary academic field. Problems for risk communicators
involve how to reach the intended audience, to make the risk comprehensible and relatable to other risks,
how to pay appropriate respect to the audience's values related to the risk, how to predict the audience's
response to the communication, etc. A main goal of risk communication is to improve collective and
individual decision making. Risk communication is somewhat related to crisis communication.

Seven cardinal rules for the practice of risk communication

 Accept and involve the public/other consumers as legitimate partners (e.g. stakeholders).
 Plan carefully and evaluate your efforts with a focus on your strengths, weaknesses,
opportunities, and threats (SWOT).
 Listen to the stakeholders specific concerns.
 Be honest, frank, and open.
 Coordinate and collaborate with other credible sources.
 Meet the needs of the media.
 Speak clearly and with compassion.

11