Risk Management: Risk Identification: Risk Hierarchy:

Risk

Project risks within the project scope

Programme risks outside the control of the project, but within the overall programme scope

Funders risks outside the control of the programme, eg. political and scope changes.

The scale and time-critical nature of the ODAs delivery programme give it a unique risk profile. The development of the Olympic Park in particular represents one of the largest construction projects in Europe and needs to be delivered in a comparatively short timescale on a complex brownfield site. The following have been identified as the key risks that need to be managed to ensure successful delivery: Managing stakeholder relationships; Governance; Managing time and cost; Security; and Timely decision making.

Against this backdrop, the familiar large construction programme challenges maximising the efficiency of construction while minimising inevitable problems caused by: Designers or contractors failing to do what they say they would do; Misalignment between client/stakeholders and design, between design and construction and between the different pieces of the construction jigsaw; and Changes caused by inevitable revisions to requirements, construction problems and external factors

took on even greater significance. The ODAs programme was subject to a number of overriding driving forces that are relevant when considering the assurance strategy deployed: An immovable deadline: The opening ceremony of the Games on 27 July 2012. A highly visible public profile.

A large investment from the public purse, with attendant scrutiny from government bodies, the media and the public. Dual objectives of both delivering functional venues for the Games (with the London Organising Committee of the Olympic Games (LOCOG) as client), and lasting benefits after the Games were over (with the Olympic Park Legacy Company and other legacy landowners therefore as clients). Multiple stakeholders, sometimes with conflicting objectives, whose specification of requirements sometimes lagged behind the ODAs construction programme. Significant reputational impacts for the UK and government.

Sources of Risk:

Risk Assessment: Risk register: The programme and project risk registers were established from a wide contingency of stakeholders (internal and external) and recorded in a common format, in a central database, with clear ownership and action responsibility established. Quantified risk analysis: Every risk with a cost and time impact was quantified, and included in a Quantitative Risk Analysis (QRA) at project, programme or Funders level. The results of the QRA for each project and the programme were taken into account for the contingency requirement of the Anticipated Final Cost and to determine the relative importance of each risk across the programme. Each quarter, throughout the programme lifecycle, the amount of contingency held was reduced as the risks reduced, expired or occurred. The use of the risk process has been one of the key elements of forecasting the programme outturn cost, and savings of approximately 470 million have been made through the release of risk. This has still been achieved despite significant draws from contingency as a result of the credit crisis, insolvency and integration across the Park, together with the expected draw downs for scope development uncertainty and gaps. The use of QRA at project and programme level, and its inclusion within the Anticipated Final Cost, gave clarity to the amount of contingency required and sufficient detailed understanding remained high throughout the programme. This enabled potential savings to be realised or budgets maintained as appropriate.

Risk Likelihood, Risk Impact and Expected value consequence: Likelihood (%) Construction C1 Change in client requirements C2 Design does not meet initial requirements C3 Delay in procurement of raw materials Transport Networks & Capacity Building T1 Change in the design plan T2 Delay in availability of raw materials Funds F1 Insufficient funds to pay staff and suppliers Staff S1 Staff shortage S2 Inability to hire/train additional staff S3 Leaving of old staff 10 20 10 20 10 40 2 2 4 5 15 0.75 10 20 40 5 4 1 20 20 30 40 10 10 8 2 3 Impact: Days Late Consequences

Risk Response Planning: The ODA adopted a sophisticated approach to the management of risk and opportunity across the whole programme. Risk management will be embedded in the whole life cycle of each specic contract. The ODA Board and Audit Committee approved a Risk Management Policy and Framework, developed in accordance with the HM Treasurys Orange Book.

ODAs control framework based on risk: The ODA have developed and maintain a Risk & Opportunity Management Policy that sets out the ODAs approach and the associated strategy for managing risk. Core to the ODAs approach is the 3 Lines of Defence model (as below):

1st Line of Defence: The Programme Risk Register is owned and reviewed by Programme Risk Review. Project Risk Registers are owned by the individual projects with review conducted by programme-level management teams (the 1st Line of Defence). To inform each of the programme-level teams within the organisation structure, e.g. Delivery Partner, ODA Transport, the ODA have developed and maintain a Risk & Opportunity

Management Framework that establishes guidelines for implementing risk management across the ODAs programme.

2nd Line of Defence: The Programme Assurance Office is responsible for maintaining an oversight of process execution by the programme-level teams and through participating in executive level, programme and project-level risk management reviews (the 2nd Line of Defence).

3rd Line of Defence: The ODA Risk & Audit group provide an independent and objective review of the adequacy of risk management, control and governance (the 3rd Line of Defence). ODA Risk & Audit and the Programme Assurance Office engage with programme level teams through the Risk & Opportunity Management Review Group. Reporting, assurance, audit and review: Responsibility for risk was held by the project and functional teams, and supported and assured by a central team to ensure consistency and compliance with the process. Reporting and escalation of key risks was achieved through inclusion in the monthly Project Status Reports and programme reports. Risks were then reviewed at the risk, trends and implementation meetings which allowed executive intervention to focus on the key risks and to ensure project managers worried about the right things. This approach generated an honest culture that encouraged project managers to be open about the risks they faced and the contingency they required to manage them. A small central team was responsible for assurance of the risk processes. This included oversight of the process and compliance with it, quality checks of the data produced and support during the monthly or quarterly updates. ODA Risk and Audit group set the policy, audited the outputs and process, and reported to the Audit Committee.

The setting of corporate policy and processes, adequate assurance and audit to confirm compliance, and an independent Core Risk team within the delivery organisation, gave great clarity to the risks being faced. This gave the funders and government confidence that the risks were being consistently and effectively managed.