National Project Management System Directive on Risk Management for Real Property Projects

1. Effective date

April 20, 2017 (updated October 11, 2017)

2. Cancellation

This directive supersedes the National Project Management System (NPMS) Real Property Procedure on Risk Management that came into effect in December 2010.

3. Authority

This directive is issued under the authority of the Director General (DG), Service Lead, Project Management Service Line, Real Property Branch (RPB), Public Services and Procurement Canada (PSPC).

4. Context

PSPC Policy on Integrated Risk Management (082) (2015) (available on Government of Canada network only), established the department’s commitment to employ integrated risk management (IRM) to address uncertainty and maximize opportunity in decision-making, priority setting and the achievement of organizational objectives with respect to internal projects. The policy is also applied to the management services provided by PSPC in their delivery of other government department’s (OGD) projects. The policy applies to all of the department’s projects, programs, activities (strategic, operational and transformational) and to the responsibilities and activities of all PSPC employees. IRM is defined as a continuous, proactive and systematic process to understand, manage and communicate risks from an organization-wide perspective. This policy refers to the PSPC Risk Management Guide (July 2014) and the PSPC Departmental Risk Profile for its application.

For the majority of projects delivered by PSPC, the principles and methodology for the management of projects are defined in the department’s National Project Management System (NPMS). The PSPC Policy on the National Project Management System (106) (available on Government of Canada network only) states that the Branch/Agency Heads and Regional Director Generals (RDGs) are responsible for reporting on project performance and risks. Risk identification is one of the NPMS principles that is applicable to all projects being delivered by PSPC as an assessment of the solution undertaken in order to ensure value and to meet internal business objectives and clients’ project requirements.

This directive is to be implemented in conjunction with the PSPC Policy on the National Project Management System (106) (available on Government of Canada network only), and the other related PSPC and RPB policy instruments that are noted within this directive.

5. Scope

This directive applies to all employees performing project management related activities for any projects that are funded by PSPC or OGD and that follow NPMS.

6. Purpose

In order to support the requirement for the consideration of risk, this directive has been prepared to provide the principles and the directions for risk management in the delivery of projects by PSPC employees. The outcome from the application of this directive is an effective management of risk that meets the requirements from the Treasury Board (TB) and PSPC, as well as improved decision-making, better allocation of resources, consistent and defendable risk management practices, and effective management of OGD’s projects.

7. Details of the directive

7.1 Risk management process

Risk management is an essential component in the delivery of projects. Its primary objective is to ensure that the risks to the outcome of a project are identified and managed in such a manner so that the negative effect(s) of the specific risk events can be reduced or avoided, and be controlled in a systematic manner throughout the project life. Conversely, the positive effects of risks should be exploited in order to enhance any opportunities. Although the intent of PSPC is to consider risks from the aspect of both its opportunity and threat, this directive will mainly address the negative (threat) effects of risks.

Risk management is a pro-active and continuous process that is applied systematically throughout all phases of a project. The process is described in the PSPC Risk Management Guide, which identifies five steps, consisting of communication and consultation, establishing the context, assessing the risks, responding to the risks, and monitoring and reviewing, as illustrated in Figure 1: Extract from Risk Management Guide.

Further details on the key objectives and considerations for each of the 5 steps of the risk management process can be found in Annex A: Risk Management Process in the Delivery of Projects. This annex also includes examples of the where to find the information within project documentation in order to fulfill the requirement of the risk management process, as well as the resulting risk documentation and deliverables.

Figure 1: Extract from Public Services and Procurement Canada Risk Management Guide

Figure 1: Extract from PSPC Risk Management Guide – Image description below.

Image description

Steps, performed iteratively, as warranted:

Continuous activities:

7.2 Risk management plan

The key deliverable in the risk management process is a risk management plan (RMP), which serves to identify the approach, the management components, and the resources required to manage risks to the project. Due to the progressive nature of project development, with increasing amounts of information and levels of detail becoming exposed as project evolves from one phase to the next within the NPMS model, the RMP must be adaptable throughout the life of the project to encompass these changes. To ensure continuity and evolution in the consideration of risks to projects throughout each of the NPMS phases, the RMP must incorporate the following risk management process steps that form the mandatory deliverables of this directive:

  1. Risk assessment
    Risk assessment is a continuous process involving the identification, analysis and evaluation of risks, in order to determine the inherent risk profile of projects. It applies the risk assessment matrix (RAM) for the analysis of the identified risks, according to their likelihood of occurrence and the level of their impact on the project’s objectives. The acceptable RAM uses the departmentally-adopted approach that is based on a 5x5 configuration, with 5 levels or measure of likelihood and impact: low, medium-low, medium, medium-high and high. Risk assessment for any project is required to support the decision-making processes during the NPMS Inception and Identification stages and/or the development of the project plan during the NPMS Planning phase within the Delivery stage.
  2. Risk response plan
    A risk response plan is the next process after risk assessment. It involves the identification of a specific risk response, potential risk response strategies, and then followed by the re-assessment of the risk events after application of the chosen response strategies. The outcome of this process is the resultant risk profile of the project, which provides the following:
    • the reference point from which risks to the project shall be managed and monitored
    • sufficient information in order to determine an appropriate contingency value (risk allowance - refer to section 7.3 Managing risk allowances) that will be used to offset the impact of the risks should they occur
  3. Monitoring and review
    The monitoring and review process is a continuous task that is required throughout the life of the project to assess the effectiveness and efficiency of the applied risk response plan. This process also enables the identification any changes/revisions in the risk profile of projects.

In order to meet the above requirements in the development of a RMP, it is necessary to have a consistent methodology and documentation that clearly demonstrate the 3 key processes. For this reason, the Risk Management Plan Guide has been prepared as a supplement to this directive. It provides detailed guidance and information on the use of the templates in the development of the RMP, which includes a combination of a project risk assessment and/or a risk register, and a monitoring record.

Further direction on the specific conditions for mandatory completion of the RMP documentation, and their acceptable contents, can be found in Annex B: National Project Management System deliverables for risk management.

It is important that the RMP be viewed as an evolving document that changes throughout the life of the project, with the risks increasing, decreasing, and/or lapsing/expiring. Therefore, continuous reviews and updates to its documentation (i.e. the combination of a project risk assessment and/or risk register) at the applicable and recommended project milestones (refer to section 7.4 Risk management process by National Project Management System phase) are critical in order to reflect the latest status of the risk events and the risk response strategies. The monitoring record must also be maintained and updated, as applicable, to reflect the changes made in the project risk assessment and/or risk register. Together, they enable effective planning and management of the project within its set objective(s), and baseline cost and time target(s).

7.3 Managing risk allowances

Risk allowances are the impact that risk events have on the project’s objective. In order to respond to risks, the values in terms of financial and/or time required to offset the risk event occurring must be quantified to provide the total potential impact on the project’s budget and/or schedule. Contained within the listing of all applicable risks to the project (as documented in a risk register), the risk allowances are developed for the risk events both before applying the risk response (that is the inherent risk allowance) and after the risk response (residual risk allowance). The latter is the key value that is taken into consideration when developing or confirming the project budget and/or schedule.

In order to effectively manage risk allowances, their definition and purpose must be clearly specified so that they can be understood in the same manner by all stakeholders. Each must be distinguishable from, and not duplicate, all other contingencies or allowances that may be included within the project budget. This helps in the continuous review and update of the risk register where timely identification of the sufficiency and validity of each residual risk allowance is crucial for the successful completion of the project. For example, any remaining residual risk allowance (funds) for risks that are no longer valid (lapsed/expired) and/or have been successfully mitigated may either be reassigned to an updated or new risk, or be released from the project budget altogether.

Additionally, as part of the business process for the PSPC financial system SIGMA, the residual risk allowances for RPB projects is required to be reported in SIGMA as per the Real Property Business Rules: Risk Allowance Planning and Forecasting.

7.4 Risk management process by National Project Management System phase

Described in the following sub-sections are the processes that must be considered at each of the nine NPMS phases. It is important to refer to the National Project Management System Directive for Real Property Projects for the relevant NPMS phases that apply to the project stream that is being considered. For example, for the projects carried out for, and funded by, OGDs, the applicable NPMS phases for the risk management process will normally begin at the Planning phase (section 7.4.6 Planning phase).

7.4.1 Definition phase

A preliminary risk assessment must be conducted based on consultation with the key stakeholders and the assessment of the problem/opportunity presented. The result from the preliminary risk assessment at this NPMS phase is used to support the decision on whether the project should be initiated, and must therefore include, as a minimum, the identification of the following:

The results from the risk assessment are documented in the Risk consideration section of the statement of requirements (SoR). In addition, the SoR must identify the potential impacts of not proceeding with the project. The impacts of not proceeding with the project are not usually related to the project risk considered in the preliminary risk assessment.

During this phase, a communication and approval protocol relating to the planning and management of the identified risks should be established as part of the risk management process. This information should be used to supplement the NPMS deliverables: SoR, project charter, and preliminary project plan (PPP).

7.4.2 Initiation phase

The preliminary risk assessment from the Definition phase must be reviewed in order to verify and update the risks, taking into consideration the project’s objective, and the approach to be taken to develop the solution. Key considerations when reviewing and updating the preliminary risk assessment are:

The Risk management section within the PPP must be completed to verify the key risks identified in the SOR, as well as to identify other potential risks.

7.4.3 Feasibility phase

During this phase, the project’s requirements are finalized and viable options for the solution are developed. The risk assessment completed in the Initiation phase must be re-validated, taking into consideration any new or additional information gathered to support the definition of the project’s requirements.

For each of the proposed viable options, a risk assessment in terms of scope, time, cost, and other considerations surrounding the project must be conducted, including, for example, the physical structure, location, infrastructure, technical compatibility, security, and economic, political, legal, organizational, and/or social factors. Other special requirements must also be taken into account if they exist, such as whether the project includes: work on a heritage building; enhanced security requirements of a highly sensitive department; or whether clients’ accommodation includes special purpose space (SPS).

The completed risk assessment for each viable option provides valuable information regarding the inherent risks and the key differences between the selected options. The risk assessment of each option is to be documented in the Analysis of non-financial factors / Preliminary risk assessment section of the feasibility report.

7.4.4 Analysis phase

All of the key risk events and their possible risk response strategies identified in the risk assessment for all options must be considered during completion of this phase (as applicable to the project). The risk assessments provide valuable information to aid in the evaluation and the selection of a preferred option. The risk assessments must also take into account any revised project parameters, and any new information such as the building condition reports.

The updated risk assessment for the preferred option must be attached to support the completion of the Risk assessment section in the investment analysis report (IAR) for the project.

Once the preferred option is identified, the risk response plan process must be carried out to identify the response strategies and the monitoring requirements for each assessed risk event. This process must be documented using the project risk assessment or risk register template (refer to Annex B: National Project Management System deliverables for risk management for direction). Some of the main considerations when completing the risk response plan for the project include departmental and Government of Canada current priorities, the pressures of project constraints, sources of funding, fixed timelines, assumptions made, and other sources of uncertainty and vulnerability in the delivery (including consultants’ services and construction works) and operation of the project solution. The completed risk response plan must be attached to the IAR.

The Risk management section in the PPP must also be updated to provide a summary of the key risk factors based on the latest risk assessment and the completed risk response plan.

The project cost plan and schedule are to be validated to ensure that they account for the appropriate contingencies and the residual risk allowances calculated as part of the risk response plan. There must be no duplication between the residual risk allowances and any other contingencies included within the project budget.

7.4.5 Identification close out phase

During this phase, an identification close out document (ICOD) must be prepared so that it identifies the completion, and the file location, of the current RMP (include a combination of a project risk assessment and/or risk register and a monitoring record) which clearly define the risks and their response strategies for the chosen option. These documents must take into account the project approval /expenditure authority (PA/EA) decision obtained in the Analysis phase.

7.4.6 Planning phase

The risk assessment and risk response plan must be revalidated at this phase to ensure that all key risks events, risk responses, and residual risk allowances are clearly defined, and are still relevant for the remaining phases in the Project Delivery stage. The RMP documentation (i.e. the project risk assessment and/or risk register) must be updated accordingly.

Note

For OGD projects, this phase is the usual starting point of the NPMS process, and therefore the first RMP for the project is completed during this phase. Even though this is a later phase in a project life, a risk assessment is still required as the initial process in the completion of a RMP. Refer to Annex B: National Project Management System deliverables for risk management for specific deliverable requirements and the process map.

Some of the key considerations in this phase when developing or reviewing and updating the RMP are:

Within the project management plan (PMP), the risk management section must be completed and accompanied by the latest RMP documentation.

The project cost plan and schedule must be re-validated, as necessary, to ensure that that they account for the appropriate contingencies and the residual risk allowances without any duplication.

7.4.7 Design phase

In light of the design development work to be undertaken in this phase, and taking into consideration the involvement of other service providers such as consultants that are usually engaged for project during this phase, the updated risk assessment must be reviewed to ensure that all potential risks have been identified, assessed and appropriately quantified. It is also important that the risk response plan is re-evaluated for its effectiveness, as well as to verify the validity and adequacy of the residual risk allowances. The RMP (i.e. the project risk assessment and/or risk register, and monitoring record) must be updated accordingly, following the review and re-evaluation.

The review of the risk assessment and risk response, and updating of the RMP should take place at two separate events: once prior to the procurement of consultant services, and the other after the completion of the design development documentation.

7.4.7.1 Procurement of consultant services

Key risk factors for consideration in preparing for the procurement of consultant services for design include the potential constraints and impacts related to:

7.4.7.2 Design development documentation

Key risk factors to be considered during the completion of the project design development documentation include the potential constraints and impacts related to:

The Real Property Contracting Directorate (RPCD), of the Procurement Branch, must be consulted for their procurement requirements, which may require the provision of a separate risk register for risks attributable to the contracting of services.

For approval of the project expenditure authority (EA), if required, the PMP must have updated content contained within the Risk management section and include the up-to-date RMP.

The project cost plan and schedule must be revalidated again to ensure that that they account for the appropriate contingencies and the residual risk allowances, without any duplication in the project budget.

7.4.8 Implementation phase

During this phase, the construction work is tendered in order to select the contractor who will perform the work according to the completed design. The majority of the effort for risk management during this phase is on the monitoring of the RMP (i.e. the project risk assessment and/or risk register, and monitoring record).

When preparing to tender the construction work, RPCD must be consulted for their procurement requirements, which may require the provision of a separate risk register for risks attributable solely to the contracting of services.

Before the commencement of construction, the risk assessment and risk response plan are to be reviewed, and the RMP updated as needed. The following factors that may affect the risks must be considered:

During construction, the project must be monitored in order to respond to risks as needed. It is important that the RMP is updated regularly to reflect:

A change order log must be maintained to facilitate cost control on contracts, as well as to monitor the remaining residual risk allowances to ensure that:

Upon issuance of the Certificate of Substantial Performance, the Risk management section of the PMP must be updated. The following must be documented in the PMP:

7.4.9 Delivery close out phase

Once the project is complete, the RMP (i.e. the project risk assessment and/or risk register, and monitoring record) must be updated to summarize all risks that occurred during the project, as well as how they were addressed according to the risk response strategies undertaken. Completion of the updated RMP, along with its file location, must documented on the Close Out Document (COD).This will form the basis of the final lessons-learned document.

8. Responsibilities

All parties responsible for developing RMPs are strongly encouraged to consult with other project leaders/managers and senior project directors when developing the RMP. It is also recommended to seek advice from relevant technical experts, as required, according to the project scope, including areas like Heritage and conservation, Environment, Cost Management, Risk Management, and Project Time Management.

Individuals performing a project leader role are responsible for:

In the absence of a Project Leader, the Project Manager would typically take on this role. Individuals performing a project manager role are responsible for:

9. Definitions

Certificate of Substantial Performance
means a certificate issued by Canada when the work reaches Substantial Performance (refer to General Condition (GC) 1 - General Provisions - Construction Services of the Standard Acquisition Clauses and Conditions (SACC) Manual).
Class 'B' (substantive) estimate
developed during the NPMS Design phase, this estimate must be in elemental cost analysis format latest edition issued by the Canadian Institute of Quantity Surveyors and based on design development drawings and outline specifications, which include the design of all major systems and subsystems, as well as the results of all site/installation investigations.
Financial risks
are risk events that can be quantified by monetary values. These risks directly impact the budget of a project and are key events that require mitigation.
Non-financial risks
are risk events that cannot be quantified by monetary values and may not be able to be quantified at all. They include schedule risks (time values) and all other non-quantifiable risks including strategic risks.
Non-quantifiable risks
are risk events that cannot be quantified by either monetary or schedule values. These risks can only be rated a level or score based upon their risk assessment of likelihood and impact.
Quantifiable risks
are risks that can be quantified by values, either monetary or time. These risks include only the schedule and cost risks that have a direct impact on the budget and schedule of the project.
Real property projects
include all real property asset acquisitions or improvements, including entering into a lease, fit-up of accommodation space, and construction, renovation and remediation of a built-work (building, bridge, dam, road, etc.) or Crown-owned land.
Risk
the uncertainty that surrounds the achievement of an objective. It is typically expressed in terms of the likelihood and impact of an event, with the potential to positively or negatively influence the achievement of the objective.
Risk allowance
the estimated cost or duration that quantitatively covers in full the effect of the risk exposure. Risk allowance is expressed in two ways: inherent risk allowance and residual risk allowance (RRA), which respectively represent the estimate before and after the application of the risk response plan strategies (mitigation). The RRA is typically used as a contingency in the approved project budget.
Risk assessment
involves analysing or quantifying any risks identified, and ranking them by priority. It includes three main processes: the identification of the risks, followed by their analysis/quantification (in terms of likelihood and impact, using the risk assessment matrix), and then an evaluation to determine their priority ranking.
Risk assessment matrix (RAM)
the analysis tool to process the likelihood and impact of a risk and derive the overall rating of the risk event. This directive uses the 5x5 configuration that consists of the 5 levels or measures of the likelihood and impact (that is low, medium-low, medium, medium-high and high).
Risk management plan (RMP)
provides information on the approach, the management components, and the resources to be applied to the management of risks. It is made up of three essential steps of the risk management process, namely the risk assessment, risk response, the monitoring and review, as well as a narrative as to the planned frequency of reviews, reviewing bodies, and key management concepts or processes.
Risk profile (of a project)
an overview of a project’s risk events based on the completed Risk Assessment. It identifies the key risks (and opportunities), along with each of the risk triggers, their potential consequences, and possible risk responses. The risk profile is generally communicated as a single risk overall grading and/or score that can be related back to the RAM.
Risk rating
the quantification of the risks though the risk assessment that defines the overall grading of the risk events as either negligible, minimal, moderate, considerable or significant. Depending upon where the risk falls within the RAM, it can also be assigned a numerical value to accommodate the five risk levels, and to indicate severity within the level.
Risk register
an output from the risk identification process, the risk register documents the potential risks, including the risk statements, and identifies the source and symptoms of the risk (that is “how will we know when the risk is going to manifest, or has arisen”), as well as the probability and the consequences/impacts of the risk occurring. It is a dynamic document that must be updated as the project progresses so as to reflect the latest information on the risks. As a key document to support management of risks, the risk register must include as much detail as possible. Some of the pertinent information pertaining to the risk events may include owner of the risk, the risk response strategies, the risk profile, the estimated effects on schedule, costs and quality (that is risk allowance), and the duration of the risk or the cessation date of the risk’s effect.
Risk response
the possible strategies that can be undertaken to address risk that has been identified. For the purpose of this directive, the possibilities have been narrowed to 4: avoid/eliminate, mitigate/control, transfer/share, or retain/accept.
Risk response plan
is the complete identification of the risk response, the controls and mitigation strategies applied for that response, a re-assessment of the risk event after application of the controls and mitigation strategies, and the residual risk allowance (% and/or value) that remains of the inherent risk allowance as a result of the application of the risk response.
Stakeholder
any individual, group or organization that may affect, be affected by, or perceive itself to be affected by, the risk event.

10. References

Treasury Board publications

Public Services and Procurement Canada publications

11. Attachments

12. Enquiries

Please direct enquiries about this directive to sngp.npms@tpsgc-pwgsc.gc.ca.

Annex A: Risk management process in the delivery of real property projects

5 steps in the risk management process
(as per Risk Management Guide, 2014)
Key objectives and considerations Examples of the source of information Examples of the outcomes and resulting documents

1. communication and consultation

To identify key stakeholders of the project and to establish ongoing communication and approval protocols relating to the planning for, and the management of, risks to the project.
  • project charter
  • statement of work
  • organization of the project team
  • project plans

2. establish context

To understand and define the overall risk management context for the project that is to determine the broad parameters to be taken into account when assessing and managing the risks. To consider the following:
  • the department’s strategic plans, programs or initiatives
  • the stakeholders’ responsibilities and their risk tolerance
  • any external factors that may have impacts on the project’s objectives
  • PSPC departmental risk profile that is identifying the department’s risk appetite and tolerance
  • building management plans
  • project approval requirements
  • project charter
  • project statement of work
  • current and anticipated conditions of the economy, political and legal influences, industry trends
  • meetings and discussions with stakeholders
  • project risk and complexity assessment (PCRA) (limited to projects > $1 M per TB requirement)
  • investment analysis report (IAR) for the project – risk statement
  • risk taxonomy

3. risk assessment

a) risk identification

To identify and understand the events that might threaten or enhance the achievement of the project’s objectives. The overall risk management context and parameters, is used to develop the relevant risk statements that is “There is a risk that …” Key considerations include:
  • consultations with the project’s key stakeholders - their inputs and consensus on the risks identified
  • the project’s objectives, scope, complexity and its exposure to risks
  • links to the risk statement to certain drivers and potential impact(s) on the project objectives
It is important to have a systematic methodology for registering the identified risks, which will facilitate progressive consultations with stakeholders for approval
  • risk taxonomy
  • project approval requirements
  • project charter
  • project statement of work
  • project plans – review of the clarity of the objectives
  • review of the operational restraints
  • other background information on the project for example site/building investigation reports
  • relevant specialists / experts opinions
  • project risk assessment
  • risk register
  • IAR
  • project plan

b) risk analysis

To develop a better understanding of the identified risks and to determine their potential impacts and the possible controls over them. The analysis enables rating of the risks based on the likelihood of their occurrence and the level of their impact
  • stakeholders expectations, concerns and risk tolerance
  • lessons learned from similar projects
  • any applicable audit reports
  • relevant specialists / experts opinions
  • PSPC 5x5 risk assessment matrix
  • project approval requirements
  • project risk assessment
  • risk register
  • investment analysis report
  • project plan

c) risk evaluation

To evaluate the risks in order to determine those that require responses.

This facilitates prioritizing of the effort require to develop corresponding responses to the identified risks. Enables understanding of the risks driver, current controls, possible responses

  • stakeholders expectations, concerns and risk tolerance
  • lessons learned from similar projects
  • any applicable audit reports
  • relevant specialists / experts opinions
  • existing risk register
  • project risk assessment
  • risk register
  • investment analysis report
  • project plan
4. risk responses To decide on the most appropriate responses for the risks, which can be any of the following, where treatment for negative effects of risks is concerned:
  • avoid,
  • transfer/share
  • mitigate/control
  • retain/accept
  • stakeholders expectations, concerns and risk tolerance
  • lessons learned from similar projects
  • any applicable audit reports
  • relevant specialists / experts opinions
  • risk register
  • investment analysis report
  • project plan
5. monitor and review To review progressive status of the risks to the project:
  • ensure each identified risk is up to date - relevancy and adequacy of the risks and their response strategies are verified in relation to the current project status and availability of project information
  • any potential new risks to the project are identified; and
  • the requirement of the residual risk allowances for the remaining duration of the project are review and confirmed
  • latest approved risk management plan
  • latest project management plan
  • project change orders log
  • project cost plan
  • SIGMA financial data on the planned, forecasted and actual project costs
  • iterations of risk register
  • monitoring record on updates to the risk register
  • project cost planning and forecast reports in SIGMA

Annex B: National Project Management System deliverables for risk management

Asset, other government department and tenant service projects
NPMS “Full” NPMS “Lite” NPMS “Ultra-Lite”
Asset & Engineering Asset OGD and Tenant Service Asset & Engineering Asset OGD and Tenant Service Asset & Engineering Asset OGD and Tenant Service
Project risk assessment (PRA) PRAFootnote 2 PRA PRAFootnote 2 PRAFootnote 2 PRAFootnote 2
Full risk register (F–RR) F–RRFootnote 2 S–RR S–RRFootnote 2 S–RRFootnote 2 S–RRFootnote 2
Monitoring record (MR) MR MR MR MR MR
Space projects
NPMS “Full” NPMS “Lite” NPMS “Ultra-Lite”
Lease/ Crown Space Lease Renewal
no fit-up
Leased/ Crown Space Lease Renewal
no fit-up
Leased/ Crown Space Lease Renewal
no fit-up
Project risk assessment (PRA) PRAFootnote 1 PRA PRAFootnote 1 PRAFootnote 2 PRAFootnote 1
Full risk register (F–RR) S–RRFootnote 1 S–RR S–RRFootnote 1 S–RRFootnote 2 S–RRFootnote 1
Monitoring record (MR) MRFootnote 1 MR MRFootnote 1 MR MRFootnote 1

Notes

Independent to these charts, the Acquisition Branch, Real Property Contracting Directorate may requires the provision of individual risk registers to be submitted for the procurement of Service Contracts (consultant and construction) that exceed a specific threshold of the estimated contract value. Please contact Acquisition Branch, Real Property Contracting Directorate for further directions.

Documentation requirements

Project risk assessment must use a mandatory template to provide the following:

“Simplified” risk register must contain the following basic information at minimum:

“Full” risk register must include all of the basic information for “Simplified Risk Register”, as well as the following:

The “Full” risk register must also comply with the format and types of field content as per the template provided in the Risk Management Plan Guide.

Monitoring record must include the following information that is necessary to track updates to the risk allowances:

National Project Management System process map

National Project Management System process map – Image description below.

Image description

Real property project type: Asset and engineering asset project or lease/crown space project

Risk assessment step:

Risk response step:

Initial risk monitoring and management step:

Continual risk monitoring and management step:

Risk management: close-out step:

Project type: Other government department and tenant services project

Risk assessment step:

Risk response step:

Initial risk monitoring and management step:

Continual risk monitoring and management step:

RMP close-out step:

Project type: lease renewal without fit-up project

Risk assessment step:

Risk response step (risk(s) present):

Initial risk monitoring and management step (risk(s) present):

Continual risk monitoring and management step (risk(s) present):

RMP close-out step:

Date modified: