Managing risk in projects - Application guidelines

IEC 62198:2013 provides principles and generic guidelines on managing risk and uncertainty in projects. In particular it describes a systematic approach to managing risk in projects based on ISO 31000, Risk management - Principles and guidelines. Guidance is provided on the principles for managing risk in projects, the framework and organizational requirements for implementing risk management and the process for conducting effective risk management. This standard is not intended for the purpose of certification. This second edition cancels and replaces the first edition, published in 2001, and constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition:
- major restructure and rewrite of the first version;
- now aligned with ISO 31000, Risk management - Principles and guidelines. Key words: managing risk and uncertainty, ISO 31000

Gestion des risques liés à un projet - Lignes directrices pour l'application

L'IEC 62198:2013 donne les principes et lignes directrices génériques en matière de management des risques et des incertitudes dans les projets. Elle présente en particulier une démarche systématique de management des risques en s'appuyant sur l'ISO 31000 Management du risque - Principes et lignes directrices. Les lignes directrices s'appuient sur les principes de management des risques liés aux projets, le cadre et les exigences organisationnelles de mise en oeuvre du management des risques et le processus d'exécution efficace de management des risques. La présente norme n'est pas destinée à la certification. Cette deuxième édition annule et remplace la première édition, parue en 2001, et constitue une révision technique. Cette deuxième édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente:
- une restructuration majeure de la première version;
- maintenant aligné avec l'ISO 31000, Management du risque - Principes et lignes directrices. Mots clés: management des risques et des incertitudes, ISO 31000

General Information

Status
Published
Publication Date
26-Nov-2013
Technical Committee
Drafting Committee
Current Stage
PPUB - Publication issued
Start Date
30-Nov-2013
Completion Date
27-Nov-2013
Ref Project

Buy Standard

Standard
IEC 62198:2013 - Managing risk in projects - Application guidelines
English and French language
89 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

IEC 62198
®

Edition 2.0 2013-11
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside

Managing risk in projects – Application guidelines


Gestion des risques liés à un projet – Lignes directrices pour l'application
IEC 62198:2013

---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2013 IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.


Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni
utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les
microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.
Si vous avez des questions sur le copyright de la CEI ou si vous désirez obtenir des droits supplémentaires sur cette
publication, utilisez les coordonnées ci-après ou contactez le Comité national de la CEI de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch

About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

Useful links:

IEC publications search - www.iec.ch/searchpub Electropedia - www.electropedia.org
The advanced search enables you to find IEC publications The world's leading online dictionary of electronic and
by a variety of criteria (reference number, text, technical electrical terms containing more than 30 000 terms and
committee,…). definitions in English and French, with equivalent terms in
It also gives information on projects, replaced and additional languages. Also known as the International
withdrawn publications. Electrotechnical Vocabulary (IEV) on-line.

IEC Just Published - webstore.iec.ch/justpublished Customer Service Centre - webstore.iec.ch/csc
Stay up to date on all new IEC publications. Just Published If you wish to give us your feedback on this publication
details all new publications released. Available on-line and or need further assistance, please contact the
also once a month by email. Customer Service Centre: csc@iec.ch.


A propos de la CEI
La Commission Electrotechnique Internationale (CEI) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications CEI
Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possédez
l’édition la plus récente, un corrigendum ou amendement peut avoir été publié.

Liens utiles:

Recherche de publications CEI - www.iec.ch/searchpub Electropedia - www.electropedia.org
La recherche avancée vous permet de trouver des Le premier dictionnaire en ligne au monde de termes
publications CEI en utilisant différents critères (numéro de électroniques et électriques. Il contient plus de 30 000
référence, texte, comité d’études,…). termes et définitions en anglais et en français, ainsi que
Elle donne aussi des informations sur les projets et les les termes équivalents dans les langues additionnelles.
publications remplacées ou retirées. Egalement appelé Vocabulaire Electrotechnique
International (VEI) en ligne.
Just Published CEI - webstore.iec.ch/justpublished
Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications de la CEI.
Just Published détaille les nouvelles publications parues. Si vous désirez nous donner des commentaires sur
Disponible en ligne et aussi une fois par mois par email. cette publication ou si vous avez des questions
contactez-nous: csc@iec.ch.

---------------------- Page: 2 ----------------------
IEC 62198

®


Edition 2.0 2013-11




INTERNATIONAL



STANDARD




NORME



INTERNATIONALE
colour

inside









Managing risk in projects – Application guidelines






Gestion des risques liés à un projet – Lignes directrices pour l'application

















INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE

PRICE CODE
INTERNATIONALE

CODE PRIX X


ICS 03.100.01 ISBN 978-2-8322-1192-2



Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 3 ----------------------
– 2 – 62198 © IEC:2013
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Managing risks in projects . 9
5 Principles . 11
6 Project risk management framework . 12
6.1 General . 12
6.2 Mandate and commitment . 13
6.3 Design of the framework for managing project risk . 14
6.3.1 Understanding the project and its context . 14
6.3.2 Establishing the project risk management policy . 14
6.3.3 Accountability . 15
6.3.4 Integration into project management processes . 16
6.3.5 Resources . 16
6.3.6 Establishing internal project communication and reporting
mechanisms . 16
6.3.7 Establishing external project communication and reporting
mechanisms . 17
6.4 Implementing project risk management . 17
6.4.1 Implementing the framework for managing project risk . 17
6.4.2 Implementing the project risk management process . 17
6.5 Monitoring and review of the project risk management framework . 17
6.6 Continual improvement of the project risk management framework . 18
7 Project risk management process . 18
7.1 General . 18
7.2 Communication and consultation . 19
7.3 Establishing the context . 20
7.3.1 General . 20
7.3.2 Establishing the external context . 20
7.3.3 Establishing the internal context . 21
7.3.4 Establishing the context of the project risk management
process . 21
7.3.5 Defining risk criteria . 22
7.3.6 Key elements . 22
7.4 Risk assessment . 23
7.4.1 General . 23
7.4.2 Risk identification . 23
7.4.3 Risk analysis . 24
7.4.4 Risk evaluation . 25
7.5 Risk treatment . 25
7.5.1 General . 25
7.5.2 Selection of risk treatment options . 25
7.5.3 Risk treatment plans . 26
7.6 Monitoring and review . 26
7.7 Recording and reporting the project risk management process . 27

---------------------- Page: 4 ----------------------
62198 © IEC:2013 – 3 –
7.7.1 Reporting . 27
7.7.2 The project risk management plan . 28
7.7.3 Documentation . 28
7.7.4 The project risk register . 28
Annex A (informative) Examples . 30
A.1 General . 30
A.2 Project risk management process . 30
A.2.1 Stakeholder analysis (see 7.2) . 30
A.2.2 External and internal context (see 7.3.4) . 31
A.2.3 Risk management context (see 7.3.4) . 33
A.2.4 Risk management context for a power enhancement project . 33
A.2.5 Risk criteria (see 7.3.5). 34
A.2.6 Key elements (see 7.3.6) . 34
A.2.7 Risk analysis (see 7.4.3) . 36
A.2.8 Risk evaluation (see 7.4.4) . 40
A.2.9 Risk treatment (see 7.5) . 40
A.2.10 Risk register (see 7.4.2 and 7.7.4) . 41
Bibliography . 42

Figure 1 – Principal stakeholders in a project . 11
Figure 2 – Relationship between the components of the framework for managing risk,
adapted from ISO 31000 . 13
Figure 3 – Project risk management process, adapted from ISO 31000 . 19
Figure A.1 – Risk management scope for an open pit mine project . 34
Figure A.2 – Distribution of costs using simulation . 40

Table 1 – Typical phases in a project . 10
Table A.1 – Stakeholders for a government project . 30
Table A.2 – Stakeholders and objectives for a ship upgrade . 31
Table A.3 – Stakeholders and communication needs for a civil engineering project . 31
Table A.4 – External context for an energy project . 32
Table A.5 – Internal context for a private sector infrastructure project . 33
Table A.6 – Criteria for a high-technology project . 34
Table A.7 – Key elements for a communications system project. 35
Table A.8 – Key elements and workshop planning guide for a defence project . 36
Table A.9 – Key elements for establishing a new health service organization . 36
Table A.10 – Example consequence scale . 37
Table A.11 – Example likelihood scale . 38
Table A.12 – Example of a matrix for determining the level of risk . 38
Table A.13 – Example of priorities for attention . 40
Table A.14 – Example of a treatment options worksheet . 41
Table A.15 – Simple risk register structure . 41

---------------------- Page: 5 ----------------------
– 4 – 62198 © IEC:2013
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

MANAGING RISK IN PROJECTS –
APPLICATION GUIDELINES

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62198 has been prepared by IEC technical committee 56:
Dependability.
This second edition cancels and replaces the first edition, published in 2001, and constitutes
a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) major restructure and rewrite of the first version;
b) now aligned with ISO 31000, Risk management – Principles and guidelines.

---------------------- Page: 6 ----------------------
62198 © IEC:2013 – 5 –
The text of this standard is based on the following documents:
FDIS Report on voting
56/1529/FDIS 56/1539/RVD

Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.

---------------------- Page: 7 ----------------------
– 6 – 62198 © IEC:2013
INTRODUCTION
Every project involves uncertainty and risk. Project risks can be related to the objectives of
the project itself or to the objectives of the assets, products or services the project creates.
This International Standard provides guidelines for managing risks in a project in a systematic
and consistent way.
Risk management includes the coordinated activities to direct and control an organization with
regard to risk. ISO 31000, Risk management – Principles and guidelines, describes the
principles for effective risk management, the framework that provides the foundations and
organizational arrangements for designing, implementing, monitoring, reviewing and
continually improving risk management throughout an organization and a process for
managing risk that can be applied to all types of risk in any organization. This standard shows
how those general principles and guidelines apply to managing uncertainty in projects.
This standard is relevant to individuals and organizations concerned with any or all phases in
the life cycle of projects. It can also be applied to sub-projects and to sets of inter-related
projects and programmes.
The application of this standard needs to be tailored to each specific project. Therefore, it is
considered inappropriate to impose a certification system for risk management practitioners.
The guidance provided in this standard is not intended to override existing industry-specific
standards, although the guidance can be helpful in such instances.

---------------------- Page: 8 ----------------------
62198 © IEC:2013 – 7 –
MANAGING RISK IN PROJECTS –
APPLICATION GUIDELINES



1 Scope
This International Standard provides principles and generic guidelines on managing risk and
uncertainty in projects. In particular it describes a systematic approach to managing risk in
projects based on ISO 31000, Risk management – Principles and guidelines.
Guidance is provided on the principles for managing risk in projects, the framework and
organizational requirements for implementing risk management and the process for
conducting effective risk management.
This standard is not intended for the purpose of certification.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
ISO 31000, Risk management – Principles and guidelines
3 Terms and definitions
For the purpose of this document, the following terms or definitions apply.
3.1
project
unique process consisting of a set of coordinated and controlled activities, with start and
finish dates, undertaken to achieve an objective conforming to specific requirements,
including the constraints of time, cost and resources
Note 1 to entry: An individual project may form part of a larger project structure.
Note 2 to entry: In some projects the objectives are updated and the product characteristics defined progressively
as the project proceeds.
Note 3 to entry: The project’s product is generally defined in the project scope. It may be one or several units of
product and may be tangible or intangible.
Note 4 to entry: The project’s organization is normally temporary and established for the lifetime of the project.
Note 5 to entry: The complexity of the interactions among project activities is not necessarily related to the
project size.
1
[SOURCE: ISO 10006:2003, 3.5] [1]
3.2
project management
planning, organizing, monitoring, controlling and reporting of all aspects of a project and the
motivation of all those involved in it to achieve the project objectives
___________
1
References in square brackets refer to the Bibliography.

---------------------- Page: 9 ----------------------
– 8 – 62198 © IEC:2013
[SOURCE: ISO 10006:2003, 3.6]
3.3
project management plan
document specifying what is necessary to meet the objective(s) of the project
Note 1 to entry: A project management plan should include or refer to the project’s quality plan.
Note 2 to entry: The project management plan also includes or references such other plans as those relating to
organizational structures, resources, schedule, budget, risk management (3.5), environmental management, health
and safety management and security management, as appropriate.
[SOURCE: ISO 10006:2003, 3.7]
3.4
risk
effect of uncertainty on objectives
Note 1 to entry: An effect is a deviation from the expected — positive and/or negative.
Note 2 to entry: Objectives can have different aspects (such as financial, health and safety, and environmental
goals) and can apply at different levels (such as strategic, organization-wide, project (3.1), product and process).
Note 3 to entry: Risk is often characterized by reference to potential events and consequences, or a combination
of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated likelihood of occurrence.
Note 5 to entry: Uncertainty is the state, even partial, of deficiency of information related to understanding or
knowledge of an event, its consequence, or likelihood.
[SOURCE: ISO Guide 73:2009, 1.1] [2]
3.5
risk management
coordinated activities to direct and control an organization with regard to risk
[SOURCE: ISO Guide 73:2009, 2.1]
3.6
risk management framework
set of components that provide the foundations and organizational arrangements for
designing, implementing, monitoring, reviewing and continually improving risk management
throughout the organization
Note 1 to entry: The foundations include the policy, objectives, mandate and commitment to manage risk (3.4).
Note 2 to entry: The organizational arrangements include plans, relationships, accountabilities, resources,
processes and activities.
Note 3 to entry: The risk management framework is embedded within the organization's overall strategic and
operational policies and practices.
[SOURCE: ISO Guide 73:2009, 2.1.1]
3.7
risk management policy
statement of the overall intentions and direction of an organization related to risk
management
[SOURCE: ISO Guide 73:2009, 2.1.2]

---------------------- Page: 10 ----------------------
62198 © IEC:2013 – 9 –
3.8
risk management plan
scheme within the risk management framework specifying the approach, the management
components and resources to be applied to the management of risk
Note 1 to entry: Management components typically include procedures, practices, assignment of responsibilities,
sequence and timing of activities.
Note 2 to entry: The risk management plan can be applied to a particular product, process and project (3.1), and
part or whole of the organization.
[SOURCE: ISO Guide 73:2009, 2.1.3]
3.9
risk management process
systematic application of management policies, procedures and practices to the activities of
communicating, consulting, establishing the context, and identifying, analysing, evaluating,
treating, monitoring and reviewing risk
[SOURCE: ISO Guide 73:2009, 3.1]
3.10
risk treatment
process to modify risk
Note 1 to entry: Risk treatment can involve:
– avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
– taking or increasing risk in order to pursue an opportunity;
– removing the risk source;
– changing the likelihood;
– changing the consequences;
– sharing the risk with another party or parties (including contracts and risk financing); and
– retaining the risk by informed decision.
Note 2 to entry: Risk treatments that deal with negative consequences are sometimes referred to as “risk
mitigation”, “risk elimination”, “risk prevention” and “risk reduction”.
Note 3 to entry: Risk treatment can create new risks or modify existing risks.
[SOURCE: ISO Guide 73:2009, 3.8.1]
4 Managing risks in projects
Every project involves uncertainty that can lead to risk. These risks can relate to the
objectives of the project itself (for example to complete the project within a specified time
frame and budget) or to the requirements of the assets, products or services that the project
creates (for example for a product to be safe, dependable and environmentally sustainable).
The consequences that could arise from uncertainty in a project can be beneficial as well as
detrimental, so project risk management is directed not only to avoiding or reacting to
problems but also to identifying and capturing opportunities. Taking account of project risks
contributes to better decisions, better project outcomes and increased value for the
stakeholders.
This standard is relevant to individuals and organizations concerned with any or all phases in
the life cycle of projects. To obtain maximum benefit, risk management activities are initiated
at the earliest possible phase of a project and continued through subsequent phases.
However, project risk management can be initiated successfully at any point in the life cycle,
providing appropriate preliminary work is undertaken. The process is scalable, so it can be

---------------------- Page: 11 ----------------------
– 10 – 62198 © IEC:2013
used with both small and large projects and to individual phases of projects. It can also be
applied to sub-projects and to sets of inter-related projects and programmes.
A typical set of project phases and their characteristics is shown in Table 1.
Table 1 – Typical phases in a project
Phase Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6
Phase label Identify Select pre- Design and Deliver Operate and Abandon
feasibility develop maintain
Concept Implement Dispose
feasibility
Install
Purpose Appraising Selecting Defining the Delivering the Realisi
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.