36.10  Management of risk

The Service Provider shall:

(a)  establish and maintain effective policies, procedures and systems for the effective ongoing management of significant strategic and operational risks throughout the Contract Period so as to minimise the potential impact of any such risk on the Authority, the Service Provider and the Project Network;

(b)  provide to the Authority Representative on request information on the Service Provider's policies, procedures and systems for managing risk, such information to include without limitation:

(i)  details of the structure of the ownership of risk within the organisation and where responsibility for the management of significant strategic and operational risks lies;

(ii)  details of policies, procedures and systems for identifying, profiling, controlling and monitoring all significant strategic and operational risks; and

(iii)  details of the monitoring and reviewing of policies, procedures and systems for the management of the risks to ensure effectiveness in practice.