EN 62198-2014 en Managing risk in projects - Application guidelines.pdf

1、BSI Standards PublicationManaging risk in projects Application guidelinesBS EN 62198:2014National forewordThis British Standard is the UK implementation of EN 62198:2014. It is identical to IEC 62198:2013. It supersedes BS IEC 62198:2001 which is withdrawn.The UK participation in its preparation was

2、 entrusted to TechnicalCommittee DS/1, Dependability.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisions ofa contract. Users are responsible for its correct application. The British

3、 Standards Institution 2014.Published by BSI Standards Limited 2014ISBN 978 0 580 78138 4ICS 03.100.01Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 31 March 2014

4、.Amendments/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS EN 62198:2014EUROPEAN STANDARD EN 62198 NORME EUROPENNE EUROPISCHE NORM February 2014 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komite

5、e fr Elektrotechnische Normung CEN-CENELEC Management Centre: Avenue Marnix 17, B - 1000 Brussels 2014 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 62198:2014 E ICS 03.100.01 English version Managing risk in projects - Applicat

6、ion guidelines (IEC 62198:2013) Gestion des risques lis un projet - Lignes directrices pour lapplication (CEI 62198:2013) Risikomanagement fr Projekte - Anwendungsleitfaden (IEC 62198:2013) This European Standard was approved by CENELEC on 2014-01-01. CENELEC members are bound to comply with the CEN

7、/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Cen

8、tre or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same stat

9、us as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania

10、, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 62198:2014EN 62198:2014 - 2 - Foreword The text of document 56/1529/FDIS, future edition 2 of IEC 62198, prepared by IEC/TC 56 “Dependability“

11、 was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as EN 62198:2014. The following dates are fixed: latest date by which the document has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2014-10-01 latest date by which

12、the national standards conflicting with the document have to be withdrawn (dow) 2017-01-01 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CENELEC and/or CEN shall not be held responsible for identifying any or all such patent rig

13、hts. Endorsement notice The text of the International Standard IEC 62198:2013 was approved by CENELEC as a European Standard without any modification. In the official version, for Bibliography, the following notes have to be added for the standards indicated: IEC 60812 NOTE Harmonized as EN 60812. I

14、EC/ISO 31010 NOTE Harmonized as EN 31010. BS EN 62198:2014- 3 - EN 62198:2014 Annex ZA (normative) Normative references to international publications with their corresponding European publications The following documents, in whole or in part, are normatively referenced in this document and are indis

15、pensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. NOTE When an international publication has been modified by common modifications, indicated by (mod), the rele

16、vant EN/HD applies. Publication Year Title EN/HD Year ISO 31000 - Risk management - Principles and guidelines - - BS EN 62198:2014 2 62198 IEC:2013 CONTENTS INTRODUCTION . 6 1 Scope 7 2 Normative references 7 3 Terms and definitions 7 4 Managing risks in projects . 9 5 Principles 11 6 Project risk m

17、anagement framework 12 6.1 General 12 6.2 Mandate and commitment 13 6.3 Design of the framework for managing project risk . 14 6.3.1 Understanding the project and its context . 14 6.3.2 Establishing the project risk management policy . 14 6.3.3 Accountability . 15 6.3.4 Integration into project mana

18、gement processes 16 6.3.5 Resources 16 6.3.6 Establishing internal project communication and reporting mechanisms . 16 6.3.7 Establishing external project communication and reporting mechanisms . 17 6.4 Implementing project risk management 17 6.4.1 Implementing the framework for managing project ris

19、k 17 6.4.2 Implementing the project risk management process 17 6.5 Monitoring and review of the project risk management framework 17 6.6 Continual improvement of the project risk management framework 18 7 Project risk management process 18 7.1 General 18 7.2 Communication and consultation 19 7.3 Est

20、ablishing the context . 20 7.3.1 General 20 7.3.2 Establishing the external context 20 7.3.3 Establishing the internal context . 21 7.3.4 Establishing the context of the project risk management process . 21 7.3.5 Defining risk criteria 22 7.3.6 Key elements 22 7.4 Risk assessment 23 7.4.1 General 23

21、 7.4.2 Risk identification . 23 7.4.3 Risk analysis 24 7.4.4 Risk evaluation . 25 7.5 Risk treatment . 25 7.5.1 General 25 7.5.2 Selection of risk treatment options 25 7.5.3 Risk treatment plans . 26 7.6 Monitoring and review 26 7.7 Recording and reporting the project risk management process . 27 BS

22、 EN 62198:201462198 IEC:2013 3 7.7.1 Reporting 27 7.7.2 The project risk management plan 28 7.7.3 Documentation . 28 7.7.4 The project risk register 28 Annex A (informative) Examples 30 A.1 General 30 A.2 Project risk management process 30 A.2.1 Stakeholder analysis (see 7.2) 30 A.2.2 External and i

23、nternal context (see 7.3.4) 31 A.2.3 Risk management context (see 7.3.4) . 33 A.2.4 Risk management context for a power enhancement project . 33 A.2.5 Risk criteria (see 7.3.5). 34 A.2.6 Key elements (see 7.3.6) 34 A.2.7 Risk analysis (see 7.4.3) . 36 A.2.8 Risk evaluation (see 7.4.4) . 40 A.2.9 Ris

24、k treatment (see 7.5) . 40 A.2.10 Risk register (see 7.4.2 and 7.7.4) 41 Bibliography 42 Figure 1 Principal stakeholders in a project 11 Figure 2 Relationship between the components of the framework for managing risk, adapted from ISO 31000 . 13 Figure 3 Project risk management process, adapted from

25、 ISO 31000 . 19 Figure A.1 Risk management scope for an open pit mine project . 34 Figure A.2 Distribution of costs using simulation 40 Table 1 Typical phases in a project 10 Table A.1 Stakeholders for a government project . 30 Table A.2 Stakeholders and objectives for a ship upgrade . 31 Table A.3

26、Stakeholders and communication needs for a civil engineering project . 31 Table A.4 External context for an energy project 32 Table A.5 Internal context for a private sector infrastructure project . 33 Table A.6 Criteria for a high-technology project . 34 Table A.7 Key elements for a communications

27、system project 35 Table A.8 Key elements and workshop planning guide for a defence project 36 Table A.9 Key elements for establishing a new health service organization 36 Table A.10 Example consequence scale 37 Table A.11 Example likelihood scale 38 Table A.12 Example of a matrix for determining the

28、 level of risk 38 Table A.13 Example of priorities for attention . 40 Table A.14 Example of a treatment options worksheet . 41 Table A.15 Simple risk register structure 41 BS EN 62198:2014 6 62198 IEC:2013 INTRODUCTION Every project involves uncertainty and risk. Project risks can be related to the

29、objectives of the project itself or to the objectives of the assets, products or services the project creates. This International Standard provides guidelines for managing risks in a project in a systematic and consistent way. Risk management includes the coordinated activities to direct and control

30、 an organization with regard to risk. ISO 31000, Risk management Principles and guidelines, describes the principles for effective risk management, the framework that provides the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving

31、 risk management throughout an organization and a process for managing risk that can be applied to all types of risk in any organization. This standard shows how those general principles and guidelines apply to managing uncertainty in projects. This standard is relevant to individuals and organizati

32、ons concerned with any or all phases in the life cycle of projects. It can also be applied to sub-projects and to sets of inter-related projects and programmes. The application of this standard needs to be tailored to each specific project. Therefore, it is considered inappropriate to impose a certi

33、fication system for risk management practitioners. The guidance provided in this standard is not intended to override existing industry-specific standards, although the guidance can be helpful in such instances. BS EN 62198:201462198 IEC:2013 7 MANAGING RISK IN PROJECTS APPLICATION GUIDELINES 1 Scop

34、e This International Standard provides principles and generic guidelines on managing risk and uncertainty in projects. In particular it describes a systematic approach to managing risk in projects based on ISO 31000, Risk management Principles and guidelines. Guidance is provided on the principles f

35、or managing risk in projects, the framework and organizational requirements for implementing risk management and the process for conducting effective risk management. This standard is not intended for the purpose of certification. 2 Normative references The following documents, in whole or in part,

36、are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 31000, Risk management Principles and guidelines

37、3 Terms and definitions For the purpose of this document, the following terms or definitions apply. 3.1 project unique process consisting of a set of coordinated and controlled activities, with start and finish dates, undertaken to achieve an objective conforming to specific requirements, including

38、the constraints of time, cost and resources Note 1 to entry: An individual project may form part of a larger project structure. Note 2 to entry: In some projects the objectives are updated and the product characteristics defined progressively as the project proceeds. Note 3 to entry: The projects pr

39、oduct is generally defined in the project scope. It may be one or several units of product and may be tangible or intangible. Note 4 to entry: The projects organization is normally temporary and established for the lifetime of the project. Note 5 to entry: The complexity of the interactions among pr

40、oject activities is not necessarily related to the project size. SOURCE: ISO 10006:2003, 3.5 113.2 project management planning, organizing, monitoring, controlling and reporting of all aspects of a project and the motivation of all those involved in it to achieve the project objectives _ 1References

41、 in square brackets refer to the Bibliography. BS EN 62198:2014 8 62198 IEC:2013 SOURCE: ISO 10006:2003, 3.6 3.3 project management plan document specifying what is necessary to meet the objective(s) of the project Note 1 to entry: A project management plan should include or refer to the projects qu

42、ality plan. Note 2 to entry: The project management plan also includes or references such other plans as those relating to organizational structures, resources, schedule, budget, risk management (3.5), environmental management, health and safety management and security management, as appropriate. SO

43、URCE: ISO 10006:2003, 3.7 3.4 risk effect of uncertainty on objectives Note 1 to entry: An effect is a deviation from the expected positive and/or negative. Note 2 to entry: Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at differe

44、nt levels (such as strategic, organization-wide, project (3.1), product and process). Note 3 to entry: Risk is often characterized by reference to potential events and consequences, or a combination of these. Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of a

45、n event (including changes in circumstances) and the associated likelihood of occurrence. Note 5 to entry: Uncertainty is the state, even partial, of deficiency of information related to understanding or knowledge of an event, its consequence, or likelihood. SOURCE: ISO Guide 73:2009, 1.1 2 3.5 risk

46、 management coordinated activities to direct and control an organization with regard to risk SOURCE: ISO Guide 73:2009, 2.1 3.6 risk management framework set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually

47、improving risk management throughout the organization Note 1 to entry: The foundations include the policy, objectives, mandate and commitment to manage risk (3.4). Note 2 to entry: The organizational arrangements include plans, relationships, accountabilities, resources, processes and activities. No

48、te 3 to entry: The risk management framework is embedded within the organizations overall strategic and operational policies and practices. SOURCE: ISO Guide 73:2009, 2.1.1 3.7 risk management policy statement of the overall intentions and direction of an organization related to risk management SOUR

49、CE: ISO Guide 73:2009, 2.1.2 BS EN 62198:201462198 IEC:2013 9 3.8 risk management plan scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk Note 1 to entry: Management components typically include procedures, practices, assignment of responsibilities, sequence and timing of activities. Note 2 to entry: The risk management plan can be applied to a partic