Project Risk Management Procedure

MANAGEMENT SYSTEM
PROCEDURES
0 20 SEP 07 INITIAL ISSUE
A 12 SEP 07 ISSUE FOR REVIEW K. GRAJEK C. WOOD -- T THOMAS
REV DATE DESCRIPTION ORGINATED CHECKED QHSE APPROVED

BY BY APPROVED BY
DOCUMENT TITLE :
PROJECT RISK MANAGEMENT
DOCUMENT NUMBER :
PR-GL-ECD-PC-1390
This document is proprietary to KBR.

Paper copies of this document are UNCONTROLLED. Please refer to the KBR Management System website for the current version
PR-GL-ECD-PC-1390 Rev. 0 Page 2 of 28
TABLE OF CONTENTS
DESCRIPTION PAGE NO.

TABLE OF CONTENTS ............................................................................................................................... 2
1.0 PURPOSE........................................................................................................................................ 3
2.0 SCOPE............................................................................................................................................. 3
3.0 REVISION HISTORY ....................................................................................................................... 4
4.0 DEFINITIONS .................................................................................................................................. 4
5.0 PROCEDURE .................................................................................................................................. 5

5.1 OVERVIEW ............................................................................................................................ 5
5.2 PROCESS APPLICATION GUIDELINES .............................................................................. 5
5.3 RISK STRATEGY................................................................................................................. 10
5.4 RISK IDENTIFICATION........................................................................................................ 11
5.5 RISK ASSESSMENT............................................................................................................ 15
5.6 RISK RESPONSE PLANNING............................................................................................. 18
5.7 RISK MONITORING............................................................................................................. 20
6.0 RESPONSIBILITIES / INTERFACES............................................................................................ 23
6.1 RESPONSIBILITIES ............................................................................................................ 23
6.2 INTERFACES....................................................................................................................... 25
7.0 REFERENCES............................................................................................................................... 27
8.0 ATTACHMENTS............................................................................................................................ 28
8.1 ATTACHMENT A KBR RISK BREAKDOWN STRUCTURE / RBS............................................ 28
8.2 ATTACHMENT B IRC & PRC MAJOR RISK SUMMARY (EXCEL TEMPLATE).......................... 28
8.3 ATTACHMENT C IRC & PRC MAJOR RISK SUMMARY SLIDE (POWERPOINT TEMPLATE) ..... 28
8.4 ATTACHMENT D OPS REVIEW MAJOR RISK SUMMARY (EXCEL TEMPLATE)........................ 28
8.5 ATTACHMENT E OPS REVIEW MAJOR RISK SUMMARY SLIDE (POWERPOINT TEMPLATE) ... 28
8.6 ATTACHMENT F PSR MAJOR RISK SUMMARY (EXCEL TEMPLATE).................................... 28
8.7 ATTACHMENT G RMS REGISTER UPLOAD TEMPLATE (EXCEL TEMPLATE) ......................... 28
8.8 ATTACHMENT H RMS SUBMITTAL UPLOAD TEMPLATE (EXCEL TEMPLATE)........................ 28

1.0 PURPOSE
The purpose of this procedure is to establish a basis of understanding for all project
team members and corporate personnel in fulfilling the requirements of the Project Risk
Management process when executing projects in accordance with The KBR Vision,
Mission and Values.
The goals of this procedure are to provide guidance when executing the Project Risk
Management (PRM) process such that;
• Risks can be identified, quantified and managed prior to award and

throughout project execution.
• Appropriate project risk provisions can be developed, in relation to cost,
schedule, commercial terms, project, and primary business objectives prior to
contract commencement.
• Threats can be proactively managed throughout a project’s life cycle as a
means to reduce the probability of occurrence or to minimize their impact.
• Opportunities can be proactively managed throughout a project’s life cycle as
a means to increase the probability of occurrence or to maximize their impact.
• The changing risk profile can be monitored throughout the project life cycle.
• The Company can better deliver predictable results that support the business
strategy and increase Shareholder value.
2.0 SCOPE
This Procedure is applicable to all of KBR’s Energy & Chemicals Division. Any deviation
from this Procedure must be formally approved by the Vice President, ECD Project
Controls.
The PRM process applies at varying levels of input detail and output deliverables to all
projects performed by KBR as defined by PRM Guidelines GD-GL-ECD-PM-1202, GD-
GL-ECD-PM-1203, GD-GL-ECD-PM-1206. The methods outlined in this procedure shall
be executed in accordance with process requirements unless superseded by an
approved alternate by KBR Corporate Management.
Those accountable for the process implementation are the Sales Leaders, Sales
Managers, Proposal Leaders, Proposal Managers, Project Managers, and Business
Managers responsible for obtaining or managing projects. Those responsible for
executing the process include all personnel of the Energy & Chemicals Division.
It is not intended that this procedure be a "stand alone document"; throughout this
procedure are references to locations within the KBR Intranet. The Project Risk
Management Procedure is accessible to all company personnel via the Energy &
Chemicals EPC Project Management and Project Controls web sites.
Revisions to this Procedure require Project Risk Management Departmental approval.

Suggestions for improvement to the procedure should be directed to the Director, ECD
Project Risk Management or to the Vice President, ECD Project Controls.

3.0 REVISION HISTORY
Rev- 0 Initial Issue 20-SEP-07

Rev. A Issued for Review 12-SEP-07
4.0 DEFINITIONS
Definitions can be found in the Project Controls Glossary of Terms, PR-GL-ECD-PC-

1399, and supporting work methods to this procedure.
KBR has adopted both the risk and risk management definitions stated in the Project
Risk Analysis and Management (PRAM) Guide published by the Association for Project
Management (APM) Risk Specific Interest Group (SIG) 2004.
A Risk is defined as, “an uncertain event or set of circumstances that, should it occur,
will have an effect on the achievement of the project’s objectives” APM PRAM GUIDE 2004.
Risks are viewed as threats or opportunities arising from uncertainty that affect the
project objectives. This definition of a risk, as an “uncertain event”, recognizes the
potential for both positive and negative Project Risk impacts. The Risk Management
process manages both threats and opportunities with the objective to minimize losses
and to maximize gains.
Risk Management is “the process whereby responses to the risks are formulated,
justified, planned, initiated, progressed, monitored, measured for success, reviewed,
adjusted and closed”. APM PRAM GUIDE 2004

5.0 PROCEDURE
5.1 OVERVIEW
As stated in the Project Risk Management Guideline GD-GL-ECD-PM-1203,

KBR recognizes risk as a condition that exists in all project endeavors. As a
result, KBR Energy & Chemicals Division’s Risk Management philosophy is the
systematic process of identifying, assessing, and proactively responding to risk
throughout the entire project life cycle from “prospect” through “contract close-
out”.
The project leadership team led by the Project Manager and other contributing
groups (i.e. Sales, Proposals, Finance, etc.) must be fully committed to formally
managing risk throughout the project. Project Risk includes both threats to the
project’s objectives as well as opportunities to improve on those objectives.
Successful risk management leverages the experience of all project
participants while maximizing the probability and consequences of positive
events and minimizing the probability and consequences of adverse events to
achieve the project objectives.
The Project Risk Management Process is composed of five steps: Strategize,

Identify, Assess, Respond and Monitor.
The process includes the creation of a risk strategy, identification of potential

risks, assessment of risk severity, development of risk response plans, and
monitoring of risk status. The process is iterative and is used across the project
organization throughout the project’s life cycle. Figure 5.1 shows the five steps
of the PRM Process and the underlying objectives.
Figure 5.1 – PRM Five Steps
5.2 PROCESS APPLICATION GUIDELINES
The purpose of this section is to provide guidance when determining what

deliverables are required and what resources are needed to execute the PRM

process from prospect to contract close-out. The section offers further

explanation of the general requirements presented in PRM Guideline GD-GL-
ECD-PM-1202 and GD-GL-ECD-PM-1203. It is highly recommended that the
project leadership team, reference Project Risk Management Guideline GD-GL-
ECD-PM-1203 in conjunction to the details found within this procedure to gain a
good overall perspective as to the expectations and interdependencies of the
PRM process.
KBR executes a multitude of project types with varying scopes of work,
complexities, contracts and budgets. To ensure the most value from the PRM
process, it is important that the process be commensurate with the project
requirements. When determining the resources and deliverables for the PRM
process, the following are the primary criteria listed in hierarchical order:
1. Estimate classification
2. Estimate accuracy
3. Usage
4. Contract type (lump sum/fixed unit rate or reimbursable etc.)
5. Project Value – the total installed cost (TIC) of the project that is inclusive of
all contractor and owner costs for the project.
6. Contract Revenue – the dollar amount of project work that will be / is
contracted to KBR.
For lump sum or fixed unit rate contract types, the process is required and
resources must be allocated to match project requirements.
For reimbursable contracts, it is desirable to acquire client funding of proposal
development including the proposal phase of the PRM process when ever
possible. If approved, resources should be allocated to match the desired level of
project risk management requested by the client. Exception should be sought
from the IRC if the deliverables differ from the PRM proposal phase deliverables
as defined in Tables 5.2 and 5.3.
In any case, client approval of the PRM process after award should be actively
pursued. If the client approves the PRM post-award process, resources should
be allocated to match the desired level of project risk management requested by
the client and appropriately priced in the proposal.
As a minimum, KBR is to execute the PRM process at the appropriate level
to evaluate all risks directly related to KBR’s business regardless of
contract type or whether a client is funding the effort.
The PRM requirements are defined as follows:
• Tables 5.2 and 5.4, segregated by Project Value, show the primary
deliverables and approximate hours for a typical EPC project during the -
proposal phase.
• Tables 5.3 and 5.5, segregated by Contract Revenue, show the primary
deliverables for ITBs for studies, service contracts, technology licensing and
for FEEDs where the work is potentially not leading to a KBR pursuit of an
EPC project during the proposal phase.

Table 5.2 PRM Proposal Phase EPC Project
Estimate Expected Project Value Risk ID Project Risk Management

Usage Lead
Classification Accuracy $MM Method Deliverables
Order of Feasibility Studies, < $20 R R X

Magnitude +/- 30 - 50% Project Screenings,
< $100 R R X
Pre-FEEDs, FEEDs,
Factored +/- 15 - 25% Budget Approvals,
< $500 R R X
etc.
> $500 R R X
FEED, < $20 R R R R R O O X

Conceptually
Lump Sum Bidding,
Defined +/- 10 - 15%
Reimbursable Funding, < $100 R R R R R R O O O X
Estimates,
Definitive +/- 5 - 10%
Unit Rate, < $500 R O R R R R R R R X
etc.
> $500 R R R R R R R R R O X
Legend:
R = Required for Lump Sum / Fixed Unit Rates
Required for Reimbursable KBR Exposure as Appropriate
O = Optional
Risk Response Plans

Major Risk Summary
KBR Risk Facilitator

X = Primary Lead
3rd Party Facilitator
KBR Est. / Controls

Risk ID Workshop
KBR is to execute the PRM process at the appropriate level to evaluate all risks
Risk Mgmt. Plan
Schedule Model
directly related to KBR’s business regardless of contract type or whether a
Risk ID Survey
Risk Synopsis
Risk Register
client is funding the effort. The table shows project risk process deliverables
Cost Model
for EPC projects that KBR is planning or executing. Requirements are a
function of project installed cost and the project phase, as defined by the level
of estimate. The project risk process is to be recommended as a service to
clients when the client or others have liability for the installed cost. If client
approves, cost process in ITB response.
Table 5.3 PRM Proposal Phase Non-EPC and Service Contracts
Estimate Expected Contract Risk ID

Usage PRM Proposal Deliverables Lead
Classification Accuracy Revenue $MM Method
Studies, ITB Pre-FEED, ITB

N/A N/A
FEED, Tech. Package etc. < $50 R R X
Conceptually < $5 R R O O X
Defined +/- 10 - 15% Service Contracts,
< $50 R O R R R O O O X
Operations & Mainten.,
Definitive +/- 5 - 10% etc.
< $200 R O R R R O O R O X
> $200 R O R R R R O R O O O X
Legend:
R = Required for Lump Sum / Fixed Unit Rates
Risk Response Plans
Major Risk Summary
Required for Reimbursable KBR Exposure as Appropriate

KBR Risk Facilitator
3rd Party Facilitator
KBR Est. / Controls

Risk ID Workshop
O = Optional
Risk Mgmt. Plan
Schedule Model
X = Primary Lead
Risk ID Survey
Risk Synopsis
Risk Register
Cost Model
KBR is to execute the PRM process at the appropriate level to evaluate all risks
directly related to KBR’s business regardless of contract type or whether a
client is funding the effort. This table is for Non-EPC & Service Proposals.
Execute PRM Proposal Deliverables commensurate with KBR contract scope of
work.

Table 5.4 shows the approximate EPC hours associated with the PRM process deliverables
shown in Table 5.2 PRM Proposal Phase EPC Project.
Table 5.4 PRM Proposal Phase Workhour Budgets EPC
Approximate EPC Hours

Estimate Project PRM Project Total
Estimate Classification
Accuracy Value Project Risk Management Deliverables Dept. Team PRM
Usage
Ranges $ MM Hrs Hrs Hrs
Order of Magnitude-Factored +/- 50% < $20 1. Major Risk Summary 0 25 25

Feasibility Studies, Proj. Screenings, Pre-FEED, FEED, to
Budget Approvals +/- 15%
Order of Magnitude-Factored +/- 50% < $500 1. Major Risk Summary 5 25 30
Order of Magnitude-Factored +/- 50% > $500 1. Major Risk Summary 5 25 30
Conceptually Defined-Definitive +/- 15% < $20 1. Major Risk Summary 0 80 80

FEED to EPC, Lump Sum Bidding, Reimbursable to 2. Risk Register
Funding, Estimates, Unit Rate etc. +/- 5% 3. Abbreviated Risk Response Plans
4. Abbreviated Risk Synopsis
5. Optional Proposal Risk Mgmt. Plan
6. Optional Cost Model
Funding, Estimates, Unit Rate etc. +/- 5% 3. Risk Response Plans
4. Risk Synopsis
5. Proposal Risk Mgmt. Plan
7. Optional Schedule Model
4. Risk Synopsis
6. Cost Model
7. Schedule Model
8. Optional Risk ID Workshop
Conceptually Defined-Definitive +/- 15% > $500 1. Major Risk Summary 160 590 750
4. Risk Synopsis
6. Cost Model
7. Schedule Model
8. Risk ID Workshop

Likewise, Table 5.5 shows the approximate Non-EPC and Service Contract workhours
associated with the PRM process deliverables shown in Table 5.3 PRM Proposal Phase Non-EPC
and Service Contracts.
Table 5.5 PRM Proposal Phase Workhour Budgets Non-EPC and Service Contracts
Approximate Service Hours

Estimate Contract PRM Project Total
Estimate Classification Project Risk Management Proposal
Accuracy Revenue Dept. Team PRM
Usage Deliverables
Ranges $ MM Hrs Hrs Hrs
N/A N/A < $50 1. Major Risk Summary 0 10 10

Studies, ITB Pre-FEED, ITB FEED, Technology
Package etc.

Service Contracts, Operations & Maintenance etc. to 2. Optional Risk Register
+/- 5% 3. Optional Risk Response Plans
Service Contracts, Operations & Maintenance etc. to 2. Risk Register
+/- 5% 3. Abbreviated Risk Response Plans
4. Optional Risk Synopsis
+/- 5% 3. Risk Response Plans
4. Optional Risk Synopsis
6. Cost Model
7. Optional Risk ID Workshop
Conceptually Defined-Definitive +/- 15% > $200 1. Major Risk Summary 120 280 400
+/- 5% 3. Risk Response Plans
4. Risk Synopsis
6. Cost Model
7. Risk ID Workshop
8. Optional Schedule Model
If Post-Award Execution Phase workhours are required for budgeting, consult with the Project
Risk Management Department to develop an approximate estimate that reflects project
requirements.

5.3 RISK STRATEGY
Within PRM, the Risk Strategy step is the process of deciding how to approach,
plan and implement the project risk management activities for a project or
program. As a minimum, the step is to be executed immediately following the
Proposal Kickoff Meeting and again following the Proposal Handover Meeting.
The Project Risk Management Strategy Document and Project Risk Management
Detail Work Plans are to be continuously updated throughout the project’s life
cycle to ensure the project risk management process is effective.
The objectives of the Risk Strategy step are:

• Evaluate project requirements for a given project phase.
• Review project objectives, success criteria, business strategy and scope.
• Identify, define and align all stakeholder expectations.
• Review project timeline and constraints.
• Define PRM process scope of work, deliverables and budget.
• Clearly communicate the overall approach to risk management that a
project team will utilize at each project phase in managing risk
• Document the PRM Strategy.
• Create subsequent PRM Detail Work Plans and supporting documents.
The Risk Strategy, a jointly developed document between the Project Team and
the PRM Department, must address how the PRM process will be deployed for
the Proposal Phase and Post-Award Execution Phases of the project life cycle.
The Risk Strategy document serves as the basis for the subsequent PRM
“Proposal Write-ups” during the Proposal Phase and Project Execution Plans
(PEP) during the Post-Award Execution Phases. The level of detail in the Risk
Strategy document is dependent upon the Project phase and scope
requirements. The Risk Strategy is to summarize the Project Objectives, the
associated PRM Objectives and the resources required to achieve those
objectives for each project phase.
During the Proposal Phase after the Proposal Kickoff Meeting, the Proposal
Leader / Project Manager, Sales Leader, Project Risk Coordinator, Project Risk
Analyst, Client / JV Partner (where applicable) and other team members as
required, gather to develop a PRM Strategy that matches the needs of the
proposal effort. Tables 5.2, and 5.3 as well as KBR’s Business Development and
Oversight (BDO) Procedure P-GL-KBR-BDO-1702 should be referenced to aid in
determining the overall Risk Strategy and subsequent PRM Detail Work Plans to
implement the Strategy.
Additionally, the Proposal Phase may require the Project Team to develop a
“Proposal Write-up” about the PRM work process reflecting client PRM
requirements found in the proposal submittal documents. The Project Risk
Analyst from the PRM Department working in close collaboration with the
Proposal Team is to lead and facilitate all these activities.
After project award, during the Proposal Handover Meetings, the Proposal Team
is to brief the Project Execution Team about the Strategy used during Proposal

development and negotiation stages. Once the Proposal PRM Strategy is

“handed over”, a Post-Award Execution PRM Strategy is to be created reflecting
the intent of the Proposal efforts for the project. From this Strategy, a Project
Execution Plan (PEP) is to be developed by the Project Risk Analyst working in
close collaboration with the Project Risk Coordinator (PRC) and Project
Management Leadership. The PRM PEP is to provide the detail as to how the
PRM objectives and strategies are to be achieved. The PEP is to serve as the
daily PRM procedure for the project.
To ensure a successful Strategy, it is critically important that the PRM activities

be part of the overall project planning and schedule development to ensure
resources and Project Team priorities can be properly established. This
integration also serves to effectively communicate the series of PRM tasks
relative to the other project work that often serves as inputs into the PRM
process. The Project Risk Analyst, working with Project Controls and the PRC,
is to ensure the key PRM activities and milestones are placed in the Overall
Project Plan / Schedule for each phase.
Finally, the Project Risk Analyst and PRC are to fully support the Project Team
and to ensure they understand and execute the PRM process. As the project
matures along its life cycle, the PRM Strategy needs to be revised to ensure the
PRM process meets the project requirements. The PRC and PRM Analyst are to
regularly communicate and lead the revision of these PRM documents prior to
major project phase changes as required.
5.4 RISK IDENTIFICATION
Within PRM, the Risk Identification step is the continuous process of

determining and defining all risks inherent in a project or program. The primary
objective of the Risk Identification effort is to clearly identify threats and
opportunities as early as possible in the project life-cycle.
In order to aid the identification, description, organization and general
management of Risk Items, KBR utilizes a Risk Breakdown Structure (RBS).
The RBS is a source-oriented way of classifying risk that organizes and defines
the total risk exposure of a project. Like a conventional WBS, each descending
level represents an increasingly detailed definition, which helps define the
various risk sources and provides insight into the Risk Profile of a project.
The KBR RBS is organized by Section and Category. The seven sections are:
T TECHNOLOGY / TECHNICAL
C COMMERCIAL / CONTRACTUAL
K MANAGEMENT ORGANIZATION
P PROJECT OPERATIONS
S COUNTRY / REGION
M MARKETS FOR MATERIALS, EQUIPMENT AND LABOR
H HEALTH, SAFETY, ENVIRONMENT

Further descriptions for each Section and Category are provided within
Attachment A KBR Risk Breakdown Structure / RBS.
All risks identified for a project shall be assigned to one Section and Category.
This structure can support strategic and tactical decisions for managing Threats
and Opportunities during a project's life cycle. All KBR projects shall use the
KBR RBS in recording their risk items in support of Project and Corporate Risk
Profile reporting requirements.
To document and clearly communicate a risk, KBR projects shall structure the
risk description into three parts Cause-Risk-Effect (C-R-E). It is very important
to use the C-R-E structure so that uncertainties (Risks) are differentiated from
facts (Causes). C-R-E is an acronym for Cause-Risk-Effect where:
Cause - The Cause is a definite event or factual circumstance which gives rise to
uncertainty (Risk) on the project. Causes are factual and certain.
Risk - The Risk is an uncertain event or set of circumstances that, should it

occur, will have an effect on the achievement of the Project’s Objectives.
Effect - The Effect is the unplanned variation from Project Objectives resulting
from the occurrence of the Risk. The effect can be beneficial or damaging to
objectives depending on the nature of the risk.
An example:
Due to a change in governmental policies after the election in May of 2008 --
there is a risk that the project funding may be stopped -- which may result in
premature close-out of the contract.
Separating Causes from Risks allows the Project Team to focus on the source of
the Threat or Opportunity rather than the effects or symptoms. If properly
described, the Cause is the best target in developing Risk Response Plans to
manage specific risks.
There are two tools that can be used to assist with the identification and
recording of Project Risks. The primary tool is the KBR Risk Management
System or RMS for short. RMS is a web based repository and reporting tool for
Project Risk data. The system operates 24/7 across all operating centers for
users with access to the KBR intranet.
For those persons working outside the KBR network or for those persons who
are in the early stages of a proposal prior to IRC, an Excel spreadsheet template
is available which mimics RMS functionality. The risks gathered in this template
allow the PRC or PRM Department to upload entries into RMS at the appropriate
later date to satisfy PRM Corporate Requirements. Reference Attachment G
RMS Register Upload Template (Excel template). This template is typically used
on an interim basis in the early Proposal stages of a project. With consent from
the PRM Department, it may be used for very small projects in rare instances.

The characteristics of a project and the advancement along its life cycle will
determine the appropriate risk identification effort. Within KBR, there are two
methods for risk identification: one is the use of risk identification forms, known
as a “Risk ID Survey”; the second is to hold a workshop, known as a “Risk ID
Workshop”.
The Risk Identification Survey method is most suited to the following

scenarios:
1. Early stages of the proposal approval cycle (e.g. IRC approval).
2. For very small projects that will not be using RMS.
3. Services Only &/or Factored Estimates.
The Risk ID Survey Method is typically a series of survey forms that act as
prompts for Risk Identification, but without a formal facilitated gathering of project
personnel in a workshop setting. The Risk ID Survey is conducted by the Project
Team using the information provided from the Risk Identification & Qualitative
Assessment Work Method that supports this procedure.
As a minimum, all proposals and projects are required to identify risks using the
survey method. If the Project Team is not using RMS, as a minimum, all risks for
the Risk Identification Survey Method are to be documented in Attachment G
RMS Register Upload Template (Excel template). The Excel RMS Register
Upload Template is the standard for KBR when not engaging RMS. All other
forms of risk registers shall not be used when recording or managing risk
information unless approved by the Director, ECD Project Risk Management or
the Vice President, ECD Project Controls.
If a small project was approved in using the template and later warrants a more
appropriate tool for managing their risk information beyond the RMS Register
Upload Template, the project team is to consult with the KBR PRM Department
to implement the KBR Risk Management System (RMS). Reference the PRM
Identification & Qualitative Assessment Work Method that supports this
procedure for further details and information.
After documenting the risks in the either the KBR Risk Management System
(RMS) or the Excel RMS Register Upload Template, the risks are to be stated in
the appropriate IRC and C-10 form’s sections as prescribed by the BDO, Sales
and Proposal Procedures. After IRC approval, the project team needs to consult
Section 5.2 of this procedure, for further Risk Management requirements.
The second method is a “Risk Identification Workshop”. The Risk ID
Workshop is a formal gathering of key project team members. This is the primary
method used to identify risks for KBR’s large complex project types. The method
is typically used for Super Major to Major Proposals, but can be used on all
project sizes.
Additionally, the method is used throughout the Post-Award Execution phases to
effectively identify and communicate risk to large project teams. The majority of
KBR’s Energy and Chemical Projects utilize the Risk Workshop method to
establish and update the Risk Register during the proposal phase, during the

project handover / set-up phase and during post-award project risk update efforts
at key milestones.
The workshop is structured for both content and time, and typically is facilitated
by an experienced PRM Department Risk Analyst or Project Risk Coordinator.
The Project Team uses such information sources as the KBR RBS, Lessons
Learned Database and other prompt lists to help stimulate and record within
RMS what are known as “Pre-workshop risk ideas” prior to the workshop. The
ideas are then collected and consolidated for use in the workshop by the PRM
Risk Analyst. These items serve as the starting point for risk identification and
clarification discussions. The workshop also includes exercises to capture new
risks originating from the discussions as well as scoring and ranking of risks.
A typical formal risk identification workshop is one to two separate half-day
sessions, held in a neutral location. A neutral location helps ensure participants
are allowed to focus fully on the task of risk identification without interruption from
normal day–to-day activities.
The workshop is attended by key members of the project team to ensure that all
facets of the execution strategy are represented. Participants should be drawn
from the project team and any other stakeholders to form a group that will
represent the full potential range of risks facing the project.
As a minimum, the following sample list should be considered when assembling
a group of participants for a risk ID workshop:
• Project Manager
• Commercial Manager
• Legal Staff
• Financial Analyst
• Discipline Leads
• Project Controls Personnel
• Construction Manager
• Key Construction & Installation Personnel
• Engineering Manager
• Procurement Manager
• Commissioning Manager
• Specialist Contractors (where appropriate)
• Client (where appropriate)
• JV Partners (where appropriate)
• Operations staff (where appropriate)
• Managerial staff (where appropriate)
The primary deliverable from of the risk identification workshop is a clearly

described list of ranked risks. From this list of risks, a risk register is established
within RMS.
Following the Risk ID Survey or Risk ID Workshop a Major Risk Summary is to

be created. The Major Risk Summary is a listing of major risks from contract
terms and conditions to project execution risks that are presented at IRC, OP’s,
PRC, ERC and Project Status Review meetings. Reference these Attachments
for the appropriate Major Risk Summary format. Populate the Excel templates
then paste into the Power Point templates.

• Attachment B IRC & PRC Major Risk Summary (Excel template)

• Attachment C IRC & PRC Major Risk Summary Slide (PowerPoint template)
• Attachment D PSR Major Risk Summary (Excel template)
• Attachment E OPs Review Major Risk Summary (Excel template)
• Attachment F OPs Review Major Risk Summary Slide (PowerPoint template)
5.5 RISK ASSESSMENT
Within PRM, the Risk Assessment step is the process of prioritizing and
analyzing the likelihood and effect of risk upon the project or program objectives.
The Risk Assessment step has two sub-components: Qualitative Assessment
and Quantitative Assessment. The Qualitative Assessment subjectively analyzes
risk and the Quantitative Assessment leverages numerical methods to analyze
risk.
The requirements to execute Quantitative Assessments are referenced in
procedures Cost Risk Assessment PR-GL-ECD-PC-1391 and Schedule Risk
Assessment PR-GL-ECD-PC-1392. The typical timing of these assessments is
as follows:
1. Pre-Award prior to Operations Reviews.
2. Negotiation Phase to update KBR risk profile prior to Contract
Signing.
3. Initiate & Planning Phases as estimate and schedule baselines are
established.
4. Execution Phase at First Check Estimate, Production Check Estimate
and approximately every 6 months as the project progresses.
5. As directed by Senior Management to satisfy a corporate requirement.
During a Qualitative Risk Assessment, risks are assessed to determine their

potential likelihood of occurrence, impact and degree of manageability. This
evaluation provides a basis for prioritizing risks and allocating resources to
manage them.
There are primarily three dimensions used to assess the importance of a risk:
Probability – The likelihood that a risk will occur,
Impact – The effect that risk will have on the project if the risk occurs (in terms of
Cost, Schedule etc.),
Manageability – The extent of control or influence the project team has over a
risk.
Each of these dimensions is estimated subjectively by the Project Teams. To
facilitate this effort, KBR has two PRM Corporate Scoring Matrices, one for
Threats and one for Opportunities. The Scoring Matrices include parameters in
five gradations for each dimension. All projects within KBR shall use the PRM
Corporate Scoring Matrices to prioritize risks. To establish the Cost and

Schedule parameters within the Matrices consult the ECD Project Risk
Management Department. The PRM Department will develop the proper
matrices to suite a given project size and complexity. Figure 5.6 shows example
matrices.
Figure 5.6 – PRM Example Scoring Matrices

Risks shall be prioritized under the following Standard PI (Probability & Impact)
score levels. See Table 5.7.
Table 5.7 - Standard PI Score Bands
Color Threats Opportunities Std PI Score
Red Critical Critical 25 to 50 max
Amber Significant Significant 13 to 24
Green Monitor Monitor 1 to 12
The “Standard PI” score is calculated by adding the Cost and Schedule impact
scores and then multiplying that value by the Probability score. Example 1 below
expresses this calculation as an equation.
EXAMPLE 1 - KBR Standard PI = P(C+S)
Risks shall also be prioritized under the following “Alternate PI” score levels. See
Table 5.8.
Table 5.8 - Alternate PI Score Bands
Color Threats Opportunities Alt PI Score
Red Critical Critical 15 to 25 max
Amber Significant Significant 8 to 14
Green Monitor Monitor 1 to 7
The Alternate PI score is calculated by selecting the greatest impact score from
the available criteria (e.g. Cost, Schedule, Environment, Safety, Reputation etc.)
and then multiplying that value by the Probability score. Example 2 below
expresses this calculation as an equation.
EXAMPLE 2 - KBR Alternate PI = P [Greatest of (C, S, E, Sf, R)]

These scoring bands represent the Risk Rating that is used in the IRC, PRC,
OPS and PSR meetings’ Major Risk Summaries. Major Risks are defined as all
risks, threats or opportunities, which meet one of the following criteria:
1. Risks with a Current Standard PI score greater than 25 rated as

CRITICAL
2. Risks with a Current Alternate PI score greater than 15 rated as
CRITICAL
3. Risks scoring less than the CRITICAL rating that the project team
believes may impact the project.
As a minimum, the Major Risks are those risks rated as CRITICAL in the Red
Zone of the Risk Summary Matrix with a Current PI score greater than 25 or
Current Alternate PI score greater than 15. Other Yellow and Green Zone,
SIGNIFICANT and MONITOR risks may also be part of the Major Risks as
selected by the project team.
The Alternate PI score offers the project the ability to plot a risk against the most
impacted criteria. The Standard PI score offers the project the ability to apply
equal weighting to Cost and Schedule impacts. These scoring methods can be
applied to an Opportunity with the acknowledgement that the risk represents a
positive impact to the Project Objectives. KBR utilizes these two methods to
offer flexibility in reporting the project’s risk profile from varying dimensions and
perspectives. Further details about scoring and ranking risks can be found in the
Risk Identification & Qualitative Assessment Work Method that supports this
procedure.
5.6 RISK RESPONSE PLANNING
Within PRM, Risk Response Planning is the process of identifying, evaluating,

selecting and implementing action plans or techniques that will enhance
Opportunities and reduce Threats to the project or Program Objectives.
The primary objective of Risk Response Planning is to lessen or eliminate the
negative impact posed by Threats and to maximize any benefit posed by a
potential Opportunity through project approved proactive measures. A secondary
objective is to create backup Response Plans (Contingency & Fallback Plans) as
added assurance of proper Risk Management.
The real driver of the management of risks is not just about identifying or even
assessing risks, but doing something about them. It is therefore very
important that appropriate Risk Response Plans are developed to minimize a
Threat or to maximize an Opportunity. This means developing plans that are
neither too detailed, nor too general to be of use.
The development and implementation of the most effective Risk Response Plans
requires a collaborative team effort to be successful. The Risk Owner working
with the Risk Action Owner is responsible for developing and implementing
a risk response plan in a timely and effective manner. Additionally, the Risk
Owner is responsible for progressing and reporting the plan’s status to the

project’s Project Risk Coordinator (PRC), Risk Review Committee (RRC), Project
Manager and Senior Management as appropriate.
During the Pre-Award Proposal Phase, fully detailed Risk Response Plans are to
be generated by the Risk Owners for all the Major Risks of the project. These
plans are to be documented within the KBR Risk Management System (RMS) as
appropriate to match project requirements and lifecycle phase of development. A
Major Risk is defined as a risk rated as “Critical” or a Risk that has been
specifically selected by the project team needing focused management
attention. Those risks not considered Major Risks are to have a Plan Overview
developed and in place, at a minimum.
For the Post-Award Execution Phases, fully detailed Risk Response Plans are to
be generated for all Risks of the project. For more information defining a “fully
detailed Risk Response Plan”, reference the PRM Risk Response Planning Work
Method that supports this procedure.
KBR has defined Risk Treatment Options for both Threats and Opportunities to
aid in developing the appropriate Risk Response Plan. The Risk Treatment
documents KBR’s position as selected by the Project Management Leadership
Team. The treatment represents the primary method to manage the risk.
Listed in order of preference, the Threat Treatment Options are:

• Avoid – Seeking to eliminate the source of uncertainty,
• Transfer – Seeking to transfer ownership and/or liability to a third party,
• Mitigate – Seeking to reduce the size of the risk exposure to below an
acceptable risk threshold,
• Accept – Recognizing residual risk and developing responses to monitor
them.
Listed in order of preference, the Opportunity Treatment Options are:

• Exploit – Seeking to eliminate the source of uncertainty by ensuring that
the opportunity has the highest probability of occurring,
• Share – Seeking to allocate ownership to a third party who is best able to
maximize probability of occurrence and benefit of the opportunity,
• Enhance – Seeking to increase the probability and benefit impact by
identifying and maximizing key opportunity drivers,
• Accept – Recognizing an opportunity, but developing no plans to
promote its occurrence.
Finally, developing proactive Risk Response Plans can assist already lean
Project Teams in dealing with the inherent uncertainty that exists on every
project. With project resources already stretched thin, Risk Response Plans,
when developed early in the project life-cycle, help a Project Team to more
efficiently manage and understand risk during the life of the project.

5.7 RISK MONITORING
Within PRM, Risk Monitoring is the process of monitoring, updating and

evaluating the effectiveness of risk response plans throughout the project or
program life cycle.
The Risk Monitoring phase marks the last step of the PRM process and the point
at which the PRM process recycles. Monitoring and tracking an approved risk is
an essential Risk Management function to ensure that Risks Response Plans are
being implemented and decisions associated with the risk are being made in a
timely fashion.
The PRM Risk Monitoring step includes the primary activities of reviewing and
updating risks, managing the implementation of Response Plans, updating the
Risk Register and reporting the project Risk Profile. As the project progresses,
the risk profile will change as new risks emerge and existing risks are managed
and updated. The risk monitoring activities give the project team the ability to
maintain the most current risk profile.
Unless otherwise noted, monitoring efforts shall be ongoing and continuous
throughout the project life-cycle with reporting and analysis occurring on a
monthly basis. Greater effort is typically expended to support company quarterly
reporting requirements.
Monitoring requirements include but are not limited to:
• Ensuring each risk has a dedicated and current Risk Owner.
• Ensuring Action Items and Action Owners are current and appropriate.
• Verifying that Response Plans are current.
• Validating that both Target Scores and Current Scores are current.
• Ensuring the Risk Register is populated with all appropriate Risks and
those entries are current.
• Conducting periodic project Risk Review Committee meetings with
Project Stakeholders in attendance.
• Maintaining active RMS accounts for authorized personnel.
• Supporting clear lines of communication about the Project’s Risk Profile
throughout its life-cycle.
A Risk shall be updated on a monthly basis or more often as required to reflect
its current Risk Status. The Project Risk Register shall be the forum to document
and communicate the status of all Risks and to progress the effectiveness of the
Risk Response Plans.
When updating an existing risk, these fields shall be reviewed for relevance and
clarity. The fields include:
• Cause-Risk-Effect,
• Risk Owner,
• Project Risk Window Dates,
• Risk Status,

• Risk Response Plan Overview,

• Risk Actions Items,
• Current and Target Scores.
Additionally, as Risk Response Plans are implemented, the Risk Scores are to
be reassessed as appropriate to reflect management status. More detailed
information about Risk Monitoring of these fields and several others can be found
in the PRM Risk Monitoring Work Method that supports this procedure.
During the Proposal Phase and Post-Award Execution Phases, the Risk
Response Plans for the Major Risks shall be monitored on a weekly basis. For
proposals, the status shall be communicated at Mid-Point Review, Operations
Review and Pricing Review Committee or as requested by Senior Management.
For Post-Award Execution Phases, the status shall be reported to the
Stakeholders on a monthly basis during Project Status Review meetings or as
requested by Senior Management. Reference these links for the appropriate
Major Risk Summary format.
• Attachment B IRC & PRC Major Risk Summary (Excel template)
• Attachment C IRC & PRC Major Risk Summary Slide (PowerPoint template)
• Attachment D PSR Major Risk Summary (Excel template)
• Attachment E OPs Review Major Risk Summary (Excel template)
• Attachment F OPs Review Major Risk Summary Slide (PowerPoint template)
Beyond the updating activities associated with existing risks, it is important that
the Project Team always ask the question, “Are there any new risks to the
project?” Every project team member is responsible for alerting the Project
Team to new risks that may impact the Project Objectives. Risks should be
submitted in accordance with the PRM Risk Identification practices at anytime
during the project life cycle.
As the project progresses, the Risk Profile changes and with this change the
allocation of Cost Contingency. The management of Cost Contingency is an
important aspect of ensuring that cost provisions for risks are allocated for a
given period of time and for a given set of risks. As risks are closed, the
retirement of contingency is to reflect the change in the Risk Profile. The
cost model and the schedule model can be tools to help assess the changing
Risk Profile as well as other Project Controls Best Practices in forecasting.
For further information, refer to Project Controls procedure Contingency
Management PR-GL-ECD-CC-1369, Cost Risk Assessment PR-GL-ECD-PC-
1391, and Schedule Risk Assessment PR-GL-ECD-PC-1392.
The process of periodically reporting and reviewing the status of risk is the
principle mechanism for implementing effective Risk Management on a
project. As the project progresses the Risk Profile continuously changes,
therefore, it is important to provide up-to-date information that reflects these
changes. Risk Review Meetings are essential to the PRM process of
managing Project Risk. The scope and frequency of the meetings will depend

upon the complexity of a particular project and the number and severity of the
risks identified.
The Formal Risk Review Committee Meeting (RRC) is the primary project risk
review meeting and shall take place at least once a month at the project level.
It is usually timed to be in support of the monthly PSR but can also be
convened to support other project milestones and deliverables, such as Project
Operations Reviews.
During the Proposal Phase, the committee is less formal with more ad-hoc
meetings to suit the Proposal effort.
As with all Risk Review efforts, the time spent on each risk should be
commensurate to the magnitude of the potential impact. For a formal monthly
review, the team shall focus the majority of their time addressing the Major Risks
(Critical) as ranked in the register.
During the quarterly review that supports of the quarterly stock earnings report to
the SEC, the team is to address the entire Risk Register to ensure the lower
ranking risks have not become Major Risks. Any changes to the Risk
Register, and subsequent Major Risk Summary, are to be reviewed and
approved. The project Risk Register is the tool to document this information.
Finally, the Project Risk Management close-out activities are the last activities
within the PRM Risk Monitoring step. The close-out activities are essential to
continuously improve the company’s knowledge about its projects. The PRM
process has been designed to document risks that may have impact on future
projects. As a means to improve future profitability, it is important to ensure that
successes and failures of the Risk Response Plans are archived for later
leverage.
As a minimum, each Project Team shall document the lessons learned
associated with their project’s Major Risks. The close-out report activities are to
be lead by the PRM Department in close collaboration with the Project Team.

6.0 RESPONSIBILITIES / INTERFACES
6.1 RESPONSIBILITIES
The Project Management Leadership Team led by the Project Manager must be fully
committed to formally identifying, assessing and managing risk throughout the project
life cycle. Risk includes both Threats and Opportunities to the Project Objectives.
Successful Risk Management leverages the experience of all project participants
while understanding the probability and consequences of events that influence the
Project Objectives. The roles described below are limited to reflect those who routinely
participate in the PRM process.
Sales Leader
The Sales Leader is responsible for the commercial activities during the Pre-Award
Phases. The Sales Leader’s responsibilities include:
• Support an appropriate PRM strategy that is to be aligned with company specific

commercial objectives.
• Clarify and communicate the acceptable level of commercial risk for the project.
• Participate in the Risk Identification activities such as scoring and validation.
• Participate in the assignment of Risk Owners to identified Project Risks.
• Develop, review and comment on Risk Response Plans as appropriate.
• Coordinate Risk Management communications between Legal, Financial and
PRM departments.
Proposal Leader / Project Manager

The Proposal Leader / Project Manager is responsible for the Operations activities
during the Proposal Phase and Post Award Execution Phases. The Proposal Leader’s /
Project Manager’s responsibilities include:
• Ensure the ongoing PRM strategy remains aligned with company specific
commercial objectives.
• Execute an appropriate PRM strategy that is to be aligned with project objectives,
environment, size and complexity.
• Review Risk Ownership of the risks.
• Review, provide feedback and approve Risk Response Plans as necessary.
• Clarify and communicate the acceptable level of commercial risk for the project.
• Attend and provide input for the project’s Risk Review Committee (RRC)
Meetings.
• Ensure, through supervision, effective implementation of Risk Monitoring
activities, including periodic project risk meetings.
Project Risk Coordinator (PRC)

The Project Risk Coordinator can be both a functional role as well as a full time project
position role depending on the project’s phase, complexity and size. This person is
designated by the Proposal Leader or Project Manager in agreement with the Director of
Project Risk Management. The PRC’s responsibilities include:
• Chair RRC meetings.

• Review the Project Risk Register regularly to ensure completeness and

determine whether or not the most Critical Risks should be elevated to the next
level of management.
• Analyze, trend, document and report the project’s risk profile to RRC and other
Project Stakeholders.
• Assist Project Team members with entering or modifying risks in RMS and
answering general RMS user’s questions.
• Coach and train the project team about the PRM process.
• During the Project Lifecycle, regularly bring newly submitted risks to the RRC for
review.
• Gather feedback from the Project Team about the PRM process and report back
to the PRM Department.
Risk Owner
As nominated by the Proposal Leader / Project Manager or RRC, the Risk Owner can be
any project team member. Typically the person is the project member who is best able to
develop, maintain and manage the implementation of the Risk Response Plan for a
particular risk. The Risk Owner is accountable for the review, status and progress of a
risk throughout the project life cycle. The Risk Owner is responsible for supporting the
following:
• Ensure that the risks under their responsibility are transparently and accurately
described within the Risk Register as required by the project.
• Assist the Proposal Leader / Project Manager and PRC in the provision of all
data necessary for the effective assessment of risks.
• As appropriate, ensure all contractors / subcontractors under their responsibility
cooperate and are fully informed of the requirements supporting a timely Risk
Response Plan.
• Act as the focal point for their risk(s) by monitoring progress of approved
response actions.
• Report the status of those individuals tasked with implementing a Risk Response
Plan.
• Respond to feedback from the team and implement necessary improvements.
• Close risk if no longer applicable.
• Capture and report lessons learned as related to effectiveness of Risk Response
Plans.
• Ensure the Risk Response Plans remain, at all times, current, accurate and
complete.
Risk Action Owner

The Risk Action Owner is formally selected by the Risk Owner from the project team.
The Risk Action Owner’s responsibilities include:
• Manage and implement Action Items.

• Report status of Response Plan Actions to Risk Owner.
Risk Review Committee (RRC)

The RRC is chaired by the PRC. During the Proposal Phase, the RRC consists of the
Sales Leader, Proposal Leader / Project manager, Project Discipline Managers, Project
Sponsor and other Stakeholders as required. The committee is less formal with more ad-
hoc meetings to suit the Proposal effort.

During the Post Award Execution Phase the committee is formal in nature, meeting at
least once a month and consists of the Project Management Leadership and other
primary Project Stakeholders. With respect to “Risk Monitoring”, RRC responsibilities
include:
• Review and approve Risk Owners.

• Review and approve the Major Risk Summary.
• Approve any substantive changes to Risk Response Plans.
• Approve any new risks and the closure of old risks.
• Evaluate the project’s overall Risk Profile.
• Review and approve reports that will communicate the project’s Risk Profile to
Management.
6.2 INTERFACES
Vice President of Project Controls – responsible for authorization of and compliance

with the practices established by this procedure.
Director of Project Risk Management – responsible for the division’s implementation

and compliance verification of the practices established by this procedure. This position
is to interface with all projects and supporting corporate departments to ensure PRM
best practices are established.
Project Risk Analysts- responsible for project implementation and compliance

verification of the practices established by this procedure.
Project Risk Coordinator - responsible for support of project implementation and

compliance verification of the practices established by their respective department and
the project‘s PRM execution plans in support of this procedure.
Project Controls Personnel - responsible for project implementation and compliance of

the practices established by their department in support of this procedure. These project
personnel are responsible for providing risk inputs from their controls’ forecasts and data
systems to support the PRM process in accordance with this procedure.
Estimating Personnel - responsible for project implementation and compliance of the

practices established by their department in support of this procedure. These project
personnel are responsible for providing risk inputs from their estimating data systems to
support the PRM process in accordance with this procedure.
Accounting and Finance (A&F) - responsible for project implementation and

compliance of the practices established by their department in support of this procedure.

The group provides input for financial and contract requirements as specified by the
PRM process and procedures.
Information Technology (IT) – responsible for project implementation and compliance

of the practices established by their department in support of this procedure. The group
provides necessary hardware and software support of RMS.
Procurement – – responsible for project implementation and compliance of the

practices established by their department in support of this procedure. The group
provides risk inputs per the PRM process for such items as pricing, commitments, and
delivery periods of materials/equipment and risk memos etc.
Subcontracts – responsible for project implementation and compliance of the practices

established by their department in support of this procedure. The group provides risk
inputs per the PRM process for such items as unit rates, pricing, commitments,
productivity, contract terms, execution duration and risk memos etc.
Construction – responsible for project implementation and compliance of the practices

inputs per the PRM process for such items as rates, pricing, workhours, commitments,
Engineering – responsible for project implementation and compliance of the practices

inputs per the PRM process for such items as rates, workhours, quantity variations,
Legal & Contracts - responsible for project implementation and compliance of the
practices established by their department in support of this procedure. The group
provides input for legal and contractual requirements as specified by the PRM process
and procedures.

7.0 REFERENCES
PR-GL-ECD-PC-1391 Cost Risk Assessment
PR-GL-ECD-PC-1392 Schedule Risk Assessment
GD-GL-ECD-PM-1202 Risk Management Flow Diagram
GD-GL-ECD-PM-1203 Project Risk Management Guideline
GD-GL-ECD-PM-1206 Risk Register Concept
P-GL-KBR-BDO-1702 Business Development Oversight (BDO)
BP-GL-ECD-SALES-001 Sales Procedure
BP-GL-ECD-PP-1401 Proposal Procedure
DM-GL-KBR-PM-1201 PMDM, Section 4125
PR-GL-ECD-CC-1369 Contingency Management

8.0 ATTACHMENTS
8.1 ATTACHMENT A KBR Risk Breakdown Structure / RBS
8.2 ATTACHMENT B IRC & PRC Major Risk Summary (Excel template)
8.3 ATTACHMENT C IRC & PRC Major Risk Summary Slide (PowerPoint template)
8.4 ATTACHMENT D OPs Review Major Risk Summary (Excel template)
8.5 ATTACHMENT E OPs Review Major Risk Summary Slide (PowerPoint template)
8.6 ATTACHMENT F PSR Major Risk Summary (Excel template)
8.7 ATTACHMENT G RMS Register Upload Template (Excel template)
8.8 ATTACHMENT H RMS Submittal Upload Template (Excel template)


Project Risk Management Procedure

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Project Risk Management Procedure

Uploaded by

Copyright:

Available Formats

MANAGEMENT SYSTEM

0 20 SEP 07 INITIAL ISSUE

A 12 SEP 07 ISSUE FOR REVIEW K. GRAJEK C. WOOD -- T THOMAS

REV DATE DESCRIPTION ORGINATED CHECKED QHSE APPROVED

PROJECT RISK MANAGEMENT

This document is proprietary to KBR.

DESCRIPTION PAGE NO.

3.0 REVISION HISTORY ....................................................................................................................... 4

4.0 DEFINITIONS .................................................................................................................................. 4

5.0 PROCEDURE .................................................................................................................................. 5

This document is proprietary to KBR.

• Risks can be identified, quantified and managed prior to award and

Revisions to this Procedure require Project Risk Management Departmental approval.

This document is proprietary to KBR.

3.0 REVISION HISTORY

Rev- 0 Initial Issue 20-SEP-07

Definitions can be found in the Project Controls Glossary of Terms, PR-GL-ECD-PC-

This document is proprietary to KBR.

As stated in the Project Risk Management Guideline GD-GL-ECD-PM-1203,

The Project Risk Management Process is composed of five steps: Strategize,

The process includes the creation of a risk strategy, identification of potential

Figure 5.1 – PRM Five Steps

5.2 PROCESS APPLICATION GUIDELINES

The purpose of this section is to provide guidance when determining what

This document is proprietary to KBR.

process from prospect to contract close-out. The section offers further

This document is proprietary to KBR.

Table 5.2 PRM Proposal Phase EPC Project

Estimate Expected Project Value Risk ID Project Risk Management

Order of Feasibility Studies, < $20 R R X

FEED, < $20 R R R R R O O X

Risk Response Plans

KBR Risk Facilitator

3rd Party Facilitator

KBR Est. / Controls

Risk Mgmt. Plan

Table 5.3 PRM Proposal Phase Non-EPC and Service Contracts

Estimate Expected Contract Risk ID

Studies, ITB Pre-FEED, ITB

Required for Reimbursable KBR Exposure as Appropriate

KBR Est. / Controls

This document is proprietary to KBR.

Table 5.4 PRM Proposal Phase Workhour Budgets EPC

Approximate EPC Hours

Order of Magnitude-Factored +/- 50% < $20 1. Major Risk Summary 0 25 25

Conceptually Defined-Definitive +/- 15% < $20 1. Major Risk Summary 0 80 80

This document is proprietary to KBR.

Approximate Service Hours

N/A N/A < $50 1. Major Risk Summary 0 10 10

Conceptually Defined-Definitive +/- 15% < $5 1. Major Risk Summary 0 80 80

This document is proprietary to KBR.

5.3 RISK STRATEGY

The objectives of the Risk Strategy step are:

This document is proprietary to KBR.

development and negotiation stages. Once the Proposal PRM Strategy is

To ensure a successful Strategy, it is critically important that the PRM activities

5.4 RISK IDENTIFICATION

Within PRM, the Risk Identification step is the continuous process of

This document is proprietary to KBR.

Risk - The Risk is an uncertain event or set of circumstances that, should it

This document is proprietary to KBR.

The Risk Identification Survey method is most suited to the following

This document is proprietary to KBR.