The Contract Management Manual should include procedures for maintaining a risk register or log so that the Contract Management Team can effectively anticipate, mitigate and manage the impact of events which might otherwise cause the projects to fail to deliver the benefits sought by the Authority.
The procurement risk register may be a useful starting point for the post close risk register but this will need to be updated to exclude risks that fall away at Contract signature and to include new risks that arise during the planning, construction and operational periods. A risk workshop can be an effective way to identify a wide range of real and perceived risk which can then be distilled down to an initial set of core risks that need to be managed. For each risk register there should be an estimate of the likelihood of the risk crystallising and the impact on the project if it did crystallise.
The post close risk register should identify the risks the project faces, the probability of them occurring and the impact which they would have. It will also provide information on how the likelihood can be reduced and/or the impact mitigated. Each risk should have a named individual responsible for the management and mitigation of the risk. This risk owner is responsible for ensuring that actions are taken and for reporting back to the owner of the risk register. However it does not follow that the risk owner needs to take all the actions themselves. Effective counter measures are likely to require input from more than one person.
The risk register should be a dynamic document which is kept up to date at all times. New and emerging risks should be added and the register should be reviewed regularly to make sure there is an accurate and up to date assessment of each risk and a counter measure assessment. The formal procedures for doing this should be recorded in a Risk Management Strategy for the project which should be incorporated into the Contract Management Manual To ensure that the procedures are actually followed in practice, risk management should be on the agenda for each meeting of the Contract Management Board. If these meetings are relatively infrequent then alternative processes may be needed to ensure that risks are monitored on a sufficiently regular basis.
A realistic level of resources will be needed to deliver the countermeasures identified and record on the Register that actions have been implemented.
Given the shared interest with the Contractor and the funder the Authority should consider the case for sharing some or all of the risk register with the Contractor so that, at the Liaison Committee, both parties can discuss the risks recorded and contribute to the development of counter measures.
From time to time a risk will crystallise and become an issue for the project that needs to be managed. In the same way that risks need to be tracked issues will need to be logged once identified and there should be a process for managing and regularly assessing project issues.