1、BS EN 9239:2016Aerospace series ProgrammeManagement Guide for therisk managementBSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS EN 9239:2016 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN 9239:2016. The UK participation in it
2、s preparation was entrusted to TechnicalCommittee ACE/1, International and European Aerospace Policy and Processes.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract
3、. Users are responsible for its correct application. The British Standards Institution 2016 .Published by BSI Standards Limited 2016ISBN 978 0 580 84983 1 ICS 49.020 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authori
4、ty of the Standards Policy and Strategy Committee on 31 May 2016.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dBS EN 9239:2016EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 9239 May 2016 ICS 49.020 English Version Aerospace series - Programme Management - Guide for
5、the risk management Srie arospatiale - Management de Programme - Recommandations pour la mise en oeuvre du management des Risques Luft- und Raumfahrt - Programme Management - Richtlinien zur Durchfhrung des RisikomanagementThis European Standard was approved by CEN on 13 May 2016. CEN members are bo
6、und to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the
7、CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre
8、 has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
9、 Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey andUnited Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 B
10、russels 2016 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 9239:2016 EBS EN 9239:2016EN 9239:2016 (E) 2 Contents Page 1 Scope 4 2 Normative references 4 3 Terms and definitions . 5 4 Framework of Risk Management in the programme
11、. 6 4.1 General 6 4.2 Customers requirements 6 4.3 Roles and Responsibilities. 6 4.4 Multidisciplinary groups 7 5 Risk Management process . 7 5.1 Steps of risk management 7 5.2 Process synoptic 13 5.3 Consolidation of risk 14 5.4 Maturity of programme Risk Management approach . 14 6 Risk Management
12、tools . 14 7 Awareness and Training 15 8 Documentation 15 9 Opportunity management concept . 16 9.1 Opportunity management process . 16 9.2 Identification of opportunities 16 9.3 Assessment and prioritization of opportunities . 16 9.4 Opportunity treatment . 16 9.5 Secondary risks . 16 Annex A (info
13、rmative) List type per category . 17 Annex B (informative) Example of risk sheet 19 Annex C (informative) Example of qualitative and quantitative assessments 20 Annex D (informative) Example of 3 colour code criticality and acceptability matrix: general risk mapping 22 Annex E (informative) Example
14、of Risks Portfolio 23 Annex F (informative) Risk assessment report 24 Annex G (informative) Maturity of programme risk management: assessment criteria 25 Bibliography . 29 BS EN 9239:2016EN 9239:2016 (E) 3 European foreword This document (EN 9239:2016) has been prepared by the Aerospace and Defence
15、Industries Association of Europe - Standardization (ASD-STAN). After enquiries and votes carried out in accordance with the rules of this Association, this Standard has received the approval of the National Associations and the Official Services of the member countries of ASD, prior to its presentat
16、ion to CEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by November 2016, and conflicting national standards shall be withdrawn at the latest by November 2016. Attention is drawn to the possibili
17、ty that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bo
18、und to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portug
19、al, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 9239:2016EN 9239:2016 (E) 4 Introduction Risk Management forms an integral part of programme management. It should be implemented right from the start of the project feasibility phase and continue until
20、 material disposal. The ultimate goal is to contribute to an appropriate definition of programme objectives (costs, schedules and performances ) and to continuously ensure that they are met or enhanced, despite any events likely to affect the programme through its lifecycle. By implementing methods,
21、 the programme manager can manage risks in another way than by using intuitive and non-formalised procedures. The aim of this document is to describe the implementation of Risk Management within the Programme Management framework. It complements programme management guidelines EN 9200. This document
22、 is to be used as a basis, for any given programme, for negotiating the requirements and relationships between customers and suppliers; they should comply with to ensure Management of Risk. 1 Scope This document enables to answer specific needs in the field of Aeronautics although it does not presen
23、t any sectorial characteristic and may therefore apply to the needs of other areas. However, the specificity of some areas can lead to the use of existing sectorial standards such as EN ISO 17666 Space systems Risk management (ISO 17666:2003). This document: proposes the main steps for setting up Ri
24、sk Management framework within programme Management. This guideline may serve as a basis for writing a Risk Management specification; describes a process for controlling programme risks within the defined boundaries that are considered as tolerable. This standard process can be used as a methodologi
25、cal guide for writing the programme Risk Management Plan; recognises the need for knowledge management related to Risk Management, in order to capitalize and to share lessons learnt with other programmes, as well as the maturity assessment of the Risk Management; identifies useful documents for Risk
26、 Management; proposes an example of a typical checklist of risks related to a programme; in addition: addresses opportunities. An opportunity is an uncertain event with positive consequences on the programme. 2 Normative references The following documents, in whole or in part, are normatively refere
27、nced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 9200, Aerospace series Programme management Guidelines for project manag
28、ement specification BS EN 9239:2016EN 9239:2016 (E) 5 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 risk uncertain event or circumstance which could have a negative impact on the objectives of the programme 3.2 cause event which is at the o
29、rigin of a potential risk 3.3 severity assessment of the significance of a risk impact with respect to the potential consequences on a programme 3.4 impact effects of a risk on the programme should it occur 3.5 criticality/level of risk characteristic of the risk significance. It enables prioritizat
30、ion of the risks Note 1 to entry: It is generally the combination of the severity and the probability of the risk. 3.6 detectability ability or capacity to detect the direct trace of a risk or the triggering point of one of its causes 3.7 level of risk tolerance criticality value beyond which specif
31、ic actions to treat the risk are required 3.8 likelihood / probability/occurrence of the risk assessment of the probability / likelihood or frequency of a risk to occur 3.9 risk portfolio represented set of identified risks intended to be treated 3.10 lessons learnt - experience feedback collection
32、and exploitation, by all the stakeholders, of information concerning the events which have occurred throughout programme, relating to risk management 3.11 residual risk risk remaining after mitigating actions (protection, prevention, ) BS EN 9239:2016EN 9239:2016 (E) 6 3.12 opportunity uncertain eve
33、nt or circumstance with potentially positive effects on the objectives (improvement) of a programme 4 Framework of Risk Management in the programme 4.1 General The framework of Risk Management in the programme should be set up right from the feasibility phase through to disposal phase. It covers the
34、 whole life cycle of the programme, all its components and activities. It is led by the programme manager, who is responsible for defining the conditions within which it is organised and operated. It is based on multidisciplinary skills (law, technical, finance, logistics, ) in order to identify the
35、 various aspects of risks and take into account the different points of view. All programme stakeholders have a role, and should take an active part in Risk Management. The Risk Management framework is described in a document (a specific chapter of Programme Management Plan or a dedicated Risk Manag
36、ement Plan) approved established by the programme manager. 4.2 Customers requirements The customer should express in the programme management specification his requirements concerning the implementation by his supplier, if necessary, of a risk management framework as well as the rules related to ris
37、k information exchanged between customers and suppliers. The supplier should comply with these requirements in one chapter of his Programme Management Plan. The supplier will detail in this chapter: programme framework in terms of Risk Management, in particular the roles and responsibilities of each
38、 stakeholder in the programme, rules for cascading and or distributing these requirements to sub-contractor level, Risk Management process and associated deliverables (documentation, status reports, ), assessment, prioritization and definition criteria of risk criticality level, rules for sharing ri
39、sk information with the customer. 4.3 Roles and Responsibilities Programme manager: is responsible for managing the programme risks, and therefore is the risks owner. He validates the process to be implemented as well as the assessment criteria for risk prioritization and criticality. He ensures reg
40、ular reviews of risk, validates the action plan for treating the major risks, selects the risks treated at his level among the most critical ones, communicates with the relevant stakeholder internal or external to the company (customers and suppliers especially), and appoints the risk manager, if ne
41、cessary. NOTE Risk decision and acceptance should be addressed at the appropriate level specific to each organisation. Risk manager: defines and implements the Risk Management process under the authority of the Programme manager, runs it in the programme, ensures a global visualisation of all risks
42、identified in the programme, ensures quality of data and manages communication to all those who have a stake in the programme. Risk owner: proposes the risk assessment. He leads the actions defined for risk treatment, ensures that each person in charge of an action is informed of what has to be done
43、 and conducts his action. BS EN 9239:2016EN 9239:2016 (E) 7 Action owner: carries out the assigned action. The above mentioned organisation is to be adapted according to size and configuration of each programme. Others actors can be involved as “watchmen” who have to detect the weak signals coming f
44、rom the environment (economic, technical, ) of the programme(s). 4.4 Multidisciplinary groups As risks are varied by nature, one individual person cannot ensure their complete management. Therefore, using all the employees skills within the company is required during all the phases of the process, f
45、or instance by forming multidisciplinary groups. Resorting to internal skills requires an overall monitoring to avoid dispersion or ineffectiveness and also the setting up of well defined rules. Different group working methods can be involved when appropriate, which include interviews, subject matte
46、r experts (SME), and brainstorming. 5 Risk Management process 5.1 Steps of risk management The main stages of risk management are (see Figure 1): Stage 1 Setting up the framework of risk management Stage 2 Identifying Stage 3 Assessing Stage 4 Treating Stage 6 Capitalizing CommunicatingStage7Monitor
47、ing helping to set up the most appropriate treatment actions. For each risk, it is recommended to assess (probability of occurrence, impact on cost and/or profitability, schedule, performance) a scoring level ranking from “very low” to “very high”. Each level corresponds to a scale of value to be ad
48、justed according to the company (see example of tables in Annex C). 2) Quantitative assessment: frequency and severity scale defined quantitatively This approach makes the qualitative assessment more accurate and allows: a more accurate prioritization of risks, an assessment of the overall programme
49、 risk exposure. See tables in Annex C. It is better to define a scale with an even number of levels which prevents from the tendency to select the medium one. c) How to prioritize the risks: determination of their criticality? The criticality of each risk can be determined by combining both level of occurrence probability and highest impact level among costs, schedule, and performances. A collegial strengthening made by a multi-disciplinary group of the listed risks is necessary at the end of stage 3 “Assessment” to take into accoun
