e&ig risk category definitions - department of defence€¦ · the risk categories do not...

UNCLASSIFIED – INTERNAL USE ONLY

1

Defence SAP E&IG Risk Categories

ESTATE & INFRASTRUCTURE GROUP

DEFENCE SAP E&IG RISK CATEGORY DEFINITIONS

Date Issued 14 September 2016

Version No. 1.0

Status Draft

Objective Location Ref:

AF26312408 https://drms-deakin/id:AF26312408/document/versions/published

Document Owner Sean Cummins

Security Classification Unclassified/Internal Use Only Commercial in Confidence

https://drms-deakin/id:AF26312408/document/versions/published

https://drms-deakin/id:AF26312408/document/versions/published


2


Background

The Garrison and Estate Management System’s Risk Management module in Defence SAP will provide functionality for the management of risks and will enable a standardised approach and process for the identification, assessment, review, monitoring, and reporting of risks. Risk Information can be used across Defence estate management to inform the prioritisation of work and the allocation of financial and non-financial resources. It is intended that GEMS Risk Management will be implemented from the strategic through to operational level.

The GEMS Risk Management module allows users to identify and assess risks both throughout the project lifecycle and the Environmental Factor Management process. Users can develop risk mitigation plans and collect key risk information that contributes to the risk profiling of the Defence Estate.

When risks are recorded in Defence SAP (see Figure 1), there are two mandatory fields that must be filled:

1. Risk Category: classifies the type of the risk

2. Organisation Unit: identifies what part of the business is responsible for the risk.

These fields are used to classify, filter, analyse and report on risk information.

Both fields are populated by making a choice from a dropdown box. The available options are defined by Defence SAP’s risk breakdown structure (RBS) and risk organisation structure (ROS) respectively, and each is a hierarchy of choices that the business must define.

This document provides the structure of the risk breakdown structure and the definition of the risk categories for E&IG.

Note

The risk breakdown structure and risk organisation structure are managed as ‘master data’ within Defence SAP, which means they can be modified by nominated users after Defence SAP is deployed.


3


Figure 1 Defence SAP risk record, showing Organisation Unit and Risk Category fields.

Risk Categories

The Defence SAP risk categories are used to group risks according to where they might arise (the risk event). They are assigned to a risk during its creation, and can then be used for filtering and reporting.

Risk categories are recorded in the risk breakdown structure, a hierarchy of categories and subcategories. Each descending level represents an increasingly specific risk category. Once risks are assigned to a category, you can run reports that filter out risks based on whichever category or categories are of interest.

Risk categories are used to provide a standard terminology to describe risks, and facilitate the understanding, communication and management of risks. The categories help to identify the distribution of risk, areas requiring special attention, recurring risk themes and risk ‘hot spots’. Risk categories also make it easier to compare risks across projects, services and business activities.

Each category captures what the risk is about, answering the question ‘where could things go wrong?”. The risk causes and impacts are not considered as part of the category choice, as these are categorised separately. The risk categories do not replicate the eight E&IG Risk Management Framework (RMF) risk impact categories - capability, delivery of services, environment, financial, legislative compliance, reputation, safety, or security; these are assigned during the impact assessment.

For example, take the risk description “Design errors occur that lead to the construction of a building that does not comply with legislative requirements.” Here, the potential categories of ‘design’, and ‘legislative compliance’ could be considered. However, if we look at the risk description and ask the question ‘where could things go wrong?’, the answer would be ‘the design’. Hence this risk would be best categorised under ‘design’ for the most appropriate controls to reduce its likelihood.

Risk categories can also be used as a prompt to consider what could go wrong within each business area. They serve to ensure that no one area of the business is overlooked when risks to achieving business objectives are being identified. Additionally, where a risk has already been identified the risk category selected should represent the area of business where it would most likely materialise.


4


Objectives

The risk categories must meet the following objectives:

1. Categorise, or help identify, business, project and technical/specialist risks across E&IG.

2. Organise risk information for meaningful filtering, analysis and reporting.

3. Provide groupings that are meaningful at all levels of risk – operational (project and directorate), business (branch, division) and strategic (group).

4. Be easily understood.

5. Be kept to a minimum number.

6. Be as simple and concise as possible.

Risk Naming Convention

For reporting purposes, risks must be named with a prefix that indicates which part of the organisation they belong to:

EIG – Estate & Infrastructure Group risks

ID – Infrastructure Division risks

SDD – Service Delivery Division risks


Risk Categories – Risk Breakdown Structure

E&IG Risk CategoriesRisk Breakdown Structure

3 Service Delivery Division – Products and

Services

8.2 Strategic Estate Risk

4 Engineering Integrity

5 Environment and Sustainability Management

6 Special Interest

1 Business

1.1 Business Strategy

2.1 Internal Stakeholders

1.3 Operations and Business Process

1.4 People /Workforce

1.5 Policy

1.6 Legislative Compliance

2.2 External Stakeholders

5.1 Protected Species, Community

or Wetland

5.2 Degradation of Land and/or

Vegetation Condition

1.8 Financial

Estate and Infrastructure Group (E&IG) Risk Categories

1.2 Technology

2.3 Communications

7.1 Procurement

7.2 Contract Management

7 Commercial

6.1 Mining Exploration

6.2 Mining

6.3 FIRB

6.4 Native Title

6.5 Offshore Petroleum

5.3 Established Pest, Weed or Disease

5.5 Excessive Resource

Consumption

5.6 Bushfire Hazard

5.4 New Pest, Weed or Disease

5.7 Pollutant Discharge

5.8 Noise or Dust Pollution

5.9 Excessive Waste Production

5.10 Indigenous Heritage

5.11 Natural Heritage

5.12 Historic and Built Heritage

1.7 Business Integration

8 Delivery

2 Stakeholders

5.13 Contaminated Sites

7.3 Industry Capability and

Supplier Viability

8.1 Project Management

8.1.1 Scope

8.1.2 Schedule

8.1.3 Cost

8.1.4 Project Integration

8.1.5 Quality

8.1.6 Resources

8.1.7 Design

9 Other

2.2.1 Whole of Government

2.2.2 State Governments

2.2.3 Industry

2.2.4 Community Groups

2.4 Community Impacts

2.4.1 Health

2.4.2 Infrastructure

2.4.3 Commercial

2.2.5 Other

3.1 SDD1 Access Control

3.2 SDD2 ADF

Accommodation

3.3 SDD3 ADF Canteen Services & Funds

3.4 SDD4 Housing

3.5 SDD5 Relocations & Removals

3.6 SDD6Fuel Including

Air Craft Refuelling

3.7 SDD7 Airfield

Operations Support

3.8 SDD8Asset Provision

(OP&E)

3.9 SDD9Base Registries

3.10 SDD10Base

Reprographics

3.11 SDD11 Cleaning &

Housekeeping Services

3.12 SDD12Commercial Operations Woomera

3.13 SDD13 Cleaning &

Housekeeping Services

3.14 SDD14 Defence Home Ownership Assistance Scheme

3.15 SDD15 Environmental & Sustainability

3.16 SDD16 Estate Planning & Development

3.17 SDD17Estate Upkeep

3.18 SDD18Fresh Rations

3.19 SDD19Hospitality & Catering Services

3.20 SDD20Joint Operations

Support

3.21 SDD21Land

Management Services

3.22 SDD22Laundry & Dry

Cleaning Services

3.23 SDD23Library &

Information Access Services

3.24 SDD24Mail Services

3.25 SDD25Records & Archives

3.26 SDD26Pest & Vermin Management

Services

3.27 SDD27Petrol, Oils & Lubricants

3.28 SDD28Philanthropic

Services

3.29 SDD29Project Delivery

Services

3.30 SDD30Property Services

3.31 SDD31Public Private Partnership

3.32 SDD32Rescue & Fire

Fighting

3.33 SDD33Retail Stores

3.34 SDD34SASR Special Training Facilities

3.35 SDD35 Sport &

Recreation Services

3.36 SDD36Training Area &

Range Management

3.37 SDD37Transport Services

3.38 SDD38Utilities/Energy Management

3.39 SDD39Waste

Management Services

3.40 SDD40Base Support Operations

3.41 SDD41Estate Appraisal

3.42 SDD42Estate

Maintenance Program

3.43 SDD43PERMT

4.1 Range Design and Compliance

4.2 Electrical Infrastructure

4.3 Airfield Lighting

4.4 Aircraft Pavements

4.5 Fire Protection Engineering and Fire

Safety

4.6 Emergency Power

4.7 Mechanical Services

4.8 Electrical Services

4.9 Other Engineering Services

3.44 SDD44Management of Integration &

Co‐ordination of Base Services

3.45 SDD45Insurance

Claims 7& Advice

3.47 SDD47Travel Services

3.46 SDD46Publishing &

Printing Services


1. Business

Risk events associated with management and organisation of the business.

ID Category Description Includes Excludes

1.1 Business Strategy Risks associated with the adequacy and effectiveness of current business strategy and its implementation that affect the organisation’s ability to achieve its objectives.

ambiguity, instability or lack of clarity in the definition of the Business Strategy

incomplete understanding of business objectives

poorly defined corporate objectives and realisation strategy

organisational stability

responding to change

formulation and execution of decisions

strategic planning

leadership

organisational management

1.2 Technology Risks associated with the use and implementation of technology.

Refer to the DSTG Technical Risk Assessment Handbook for guidance (http://intranet.dsto.defence.gov.au/functions/PAA/resources/tra/).

understanding of the requirements for the technology

research and development requirements

maturity of the technology

Defence’s experience with, and knowledge of, the technology

Engineering Integrity

6



7



support available from partners, industry and academia

obsolescence

impacts on business

ability to achieve business strategy

compatibility with industry partners

security impacts

1.3 Operations and Business Processes

Risks associated with systems, processes, inputs and outputs associated with day-to-day management.

Governance, assurance and performance management

quality, clarity and availability of business processes

appropriateness or effectiveness of business process

appropriateness and effectiveness of control mechanisms

development and adherence to processes

data and information

systems (management, risk, governance, credit, financial, market, etc)

supply chain and logistics

customer service

outputs of business

inputs to business (including appropriateness, flexibility, standards, workforce)

policies, manuals, strategies, guidelines, rules and regulations (see 1.5 Policy)


8



1.4 People & Workforce Risks associated with workforce capability and capacity, including staff, contractors and subcontractors. Includes workforce behaviour, actions and decisions.

internal fraud

skills

behaviour

organisational culture

morale

strategic awareness

availability/capacity

corporate knowledge

diversity

training progression

employer of choice

incorrect application of, or disregard for, policies, manuals, strategies, guidelines, rules and regulations

2.3 Communication


1.5 Policy

1.5 Policy Risks associated with the effectiveness, adequacy and observance of Defence policy.

disregard of policy

quality, clarity and availability of policies

relevance

appropriateness or effectiveness of policy and policy implementation

appropriateness and effectiveness of control mechanisms



1.6 Legislative Compliance Risks associated with Defence’s failure to meet its federal, state or local legal obligations, exposing Defence or its

potential breach of legislation

inappropriate or ineffective implementation/management

1.5 Policy

compliance that is not mandated by legislation


9


ID Category Description Includes Excludes officers to fines, penalties, lawsuits, injury or negative publicity.

inappropriate or ineffective use of control mechanisms

national and international legal obligations


1.7 Business Integration Risks associated with aligning technology, systems, processes and culture with business strategy and goals.

business processes

business partners

industry capability

customers

cross-organisational initiatives

cross-organisational dependencies

mutual obligations between providers and customers

competing priorities

8.1.4 Project Integration

1.8 Financial Risks associated with budget and finance for the business unit. Includes loss of assets or financial resources.

planning and resource allocation

financial reporting

tax

budget contingency

available funds

degree of confidence in budget estimates

benchmarking and validation of budget

overspend and underspend

flexibility to manage budget

project costs (8.1.3 Cost)


2. Stakeholder Management

Risk events associated with stakeholder actions and behaviour, and impacts to stakeholders as a result of Defence actions.


2.1 Internal Stakeholders

Risks associated with the behaviour, actions, commitment and decisions of internal stakeholders, and Defence’s support of internal stakeholders. Internal stakeholders are those within Defence.

management, Defence committees, customers, steering groups, partners

stakeholder identification

understanding expected benefits of stakeholders

stakeholder reliability

change of policy

1.4 People & Workforce

2.3 Communications

2.2 External Stakeholders

Risks associated with the behaviour, actions, commitment and decisions of external stakeholders, and Defence’s support of external stakeholders. External stakeholders are those from outside of Defence.

stakeholder identification

understanding expected benefits of stakeholders

stakeholder reliability

stakeholder capacity, skills, capability and knowledge

federal, state and local government policy

political pressure

industrial policy

change of government

international considerations and politics

1.4 People & Workforce

2.3 Communications


As above, applied to Non-Corporate Commonwealth Entities (Departments, Offices, etc)

As above

10



11



2.2.2 State Governments As above, applied to State Governments

As above

2.2.3 Industry As above, applied to Industry As above

2.2.4 Community Groups As above, applied to Community Groups

As above

2.2.5 Other As above, applied to external stakeholders not named in a separate sub-category

As above

partners, local government, local community, public, media, marketplace, suppliers


2.2.2 State Governments

2.2.3 Industry

2.2.4 Community Groups

2.3 Communications Risks associated with communication and engagement with business stakeholders.

workforce/staff

external stakeholders (capability managers, Government, central agencies)

social, cultural and organisational differences

communications across and among stakeholders

understanding management direction

expectations/requirements

2.4 Community Impacts Risks associated with issues or problems that may arise for communities as a result of Defence’s actions.

Impacts to communities Community impacts on Defence (use External Stakeholders instead)

2.4.1 Health As above, in relation to impacts on community health.


12



2.4.2 Infrastructure As above, in relation to impacts on community infrastructure.

2.4.3 Commercial As above, in relation to impacts on community finance.

3. Service Delivery Division – Products and Services

ID Category Description Includes Excludes 3.1 Access Control Risks associated with the provision of

Access Control services on Defence establishments.

Staffing of access control points,

Access control to Defence establishments,

Access control to Ranges/training areas,

Emergency Management including alarm management & incident response,

Asset surveillance operations & incident response

These risks will be derived from the Base Security Plans.

3.2 ADF Accommodation Risks associated with the provision of temporary & permanent accommodation services to ADF members.

Providing service residences in Australia with dependents in support of Defence capability requirements

Providing allocation, re-allocation


13


ID Category Description Includes Excludes & tenancy management services for members with dependents

Administering the payment of Rent Allowance to members renting private accommodation & housing

Providing Choice Accommodation for members without dependents & members with dependents (unaccompanied)

Manage the Single Living Environment & Accommodation Precincts projects delivered through Public Private Partnerships (PPP).

Relocation Administration Services & Removal Services

3.3 ADF Canteen Services & Funds

Risks associated with the management of the Agreement between Department of Defence & Army & Air Force Canteen Services (AAFCANS).

Provision of Canteen Services on Army & Air Force bases in accordance with the Defence Agreement

3.4 Housing Management of risks associated with the provision of temporary & permanent accommodation services to ADF members.

Through contract arrangements with Defence Housing Authority provide Housing Services that include providing service residences in Australia to members with dependents in support of Defence capability requirements, providing allocation, re-allocation & tenancy management services


14


ID Category Description Includes Excludes for members with dependents, administering the payment of Rent Allowance to members renting private accommodation & housing & providing Choice Accommodation for members without dependents & members with dependents (unaccompanied).

3.5 Relocations & Removals Risks associated with the provision of Relocations & Removals.

Provision of relocation administration,

Removal of furniture & effects & vehicles & related services to the ADF & eligible APS in Australia & internationally

3.6 Fuel including Aircraft Refuelling

Risks associated with the provision of aircraft refuelling & fuel installation services.

Aircraft refuelling & fuel installation services

Facilities & training areas

Supplies & major systems

3.7 Airfield Operations Support

Risks associated with the provision of Airfield Operations Support.

Search & Rescue coordination

Aviation Safety

Aircraft crash response

Airfield management

Coordination & reception of visiting aircraft

Landing area maintenance

Airfield terminal management &

Aircraft Refuelling


15


ID Category Description Includes Excludes operation

Aircraft, passenger & cargo/baggage support

Ground handling for civil & military aircraft

Inspection & sweeping of all movement areas

3.8 Asset Provision – Other Plant & Equipment (OP&E)

Risks associated with the through life management of OP&E.

Scoping requirement

Purchasing

Maintenance

Disposal

3.9 Base Registries Risks associated with the provision of Base Registries.

Creation & management of active physical corporate records

Transfer

Custody

Sentencing

Archiving

Secure storage

3.10 Base Reprographics Risks associated with reprographics & printing services.

Reprographic & printing services

Technical publications management (including auditing)

3.11 Cleaning Services Risks associated with the provision of cleaning & housekeeping services.

Cleaning

General cleaning of Office areas, living & working amenities, ablution areas, building facades, stairwells,

Range infrastructure /equipment

Training Area infrastructure /equipment


16


ID Category Description Includes Excludes external furniture & fixtures, accommodation rooms, common areas & equipment, sporting facilities & equipment & air terminal facilities;

Specialist cleaning of hospital wards, medical & dental surgeries, clinical areas & operating theatres, medical laboratories, forensic cleaning, museum & museum artefacts, computer/electronic equipment rooms, scientific laboratories & clean rooms, aircraft hangars & shelters, maintenance facilities & workshops, armouries & magazines, HAZMAT storage areas, indoor & outdoor training, trial & range facilities, Special Forces training areas, Ships, Boats & submarines, & dog breeding kennels;

Housekeeping

Room inventory management;

Room condition reporting

Reception services

Key management

Housekeeping services

Management of leasing/tenancy agreements

Woomera


17



Manage living in accommodation leasing requirements

3.12 Commercial Operations Woomera

Risks associated with the provision of a range of support to Defence Estate Woomera (DEW).

Accommodation

Hospitality

Supermarket & recreational services

3.13 Customer Access Management

Risks associated with the provision of Customer Access Management.

1800DEFENCE (Defence Service Centre Cooma)

E&IG Online

Regionally located Customer Service Centres (CSCs)

3.14 Defence Home Ownership Assistance Scheme

Risks associated with the provision of the Defence Home Ownership Assistance Scheme.

Provide eligible ADF members with access to a subsidy on the interest incurred on their home loan

3.15 Environment Management

Risks associated with the provision of Environment & Sustainability.

Implementation of, & continuous improvement on, sustainable development

Energy management

Water management

Waste management reporting

Site environmental Working Groups

Development of planning strategies for new building proposals & refurbishments


18



3.16 Estate Planning & Development

Risks associated with the provision of Estate Planning & Development.

Input to estate planning & development activities

Input to strategic estate planning, base master planning & zone planning

Input & support to the planning & delivery of major, medium & minor capital works & infrastructure projects

Site specific advice

Sitting approvals

Maintenance of estate information

Development & prioritisation of activities regarding estate appraisal

Develop Corporate Services & Infrastructure Requests (CSIRs)

Allocation of space & buildings to user groups

3.17 Estate Upkeep Risks associated with Estate Upkeep. Maintenance, conservation & preservation of the Defence estate including

Facilities & infrastructure maintenance

Environment

Heritage

Stewardship of estate resources


19


ID Category Description Includes Excludes & infrastructure

Planned & reactive general building & facilities maintenance & estate works

3.18 Fresh Rations Risks associated with the provision of Fresh Rations.

Manage the Standing Offer Panel for the provision of fresh rations, including the delivery of foodstuffs to Defence establishments or training/exercise locations.

3.19 Hospitality & Catering Services

Risks associated with the provision of Hospitality & Catering Services.

Hospitality & catering services at designated Defence properties including;

Meals

Beverages

Catering support services

Bar services

Catering for functions

Food for defence animals

Support to Defence Mess committees

Labour to support ADF managed catering services & cafeteria services

3.20 Joint Operations Support

Risks associated with the provision of Joint Operations Support.

3.21 Land Management Risks associated with monitoring, managing & maintaining of areas

Grassed areas / trees & shrubs


20


ID Category Description Includes Excludes Services included in land management. Landscape condition

Bio-security

Over abundant native, domestic, feral & invasive species

Animals & birds on airfields

Garden areas / sporting fields

Outdoor recreational & training areas

Outdoor training facilities

Bush regeneration

Bush fire monitoring & management

Drainage infrastructure

Conservation areas

Significant environmental & cultural sites

Designated specialist areas

Environmental hazards

Removal of dead wildlife & livestock

3.22 Laundry & Dry Cleaning Services

Risks associated with the provision of laundry & dry cleaning Services.

Provide laundry, dry cleaning & treatment of designated linen, Defence clothing & equipment

Sewing & repair service

Collection & delivery service


21



3.23 Library & Information Access Services

Risks associated with the provision of Library & Information Access Services.

Provide library & information services & resources

Manage library services related Standing Offers & Contracts

Management of the Integrated Library Management System (ILMS)

3.24 Mail Services Risks associated with the provision of Mail Services.

Internal mail & small parcel receipt & despatch service (up to 16KG) for Defence official mail

Administrative mail delivery & receipt

Outwards & inwards business mail

Personal mail delivery to personnel living on base

Commercial courier deliveries between mailrooms

Domestic Non-operational Safehand mail services

Standard mail services

3.25 National Archives Risks associated with the provision of Records & Archives.

Manage archived corporate files.

Manage ADF active & inactive health records (physical, dental & psychological.

Manage inactive personnel records.


22



3.26 Pest & Vermin Management Services

Risks associated with the management of pest & vermin services.

Develop a Pest & Vermin Program (PVP).

Deliver pest & vermin eradication activities.

Development of Marine Pest Monitoring Programs (MPMP)

Provide & maintain plant, equipment, stores & consumables.

Provide (& map) responsive pest & vermin services, including plague response(s).

Manage & remove injured & dead wildlife

Provide expert pest & vermin advice.

Overabundant species management

Removal of animal/bird excrement at designated locations

Customer requested work

Euthanasia or management of pest & vermin or other animal species outside Defence properties

3.27 Petrol, Oils & Lubricants (POL)

Risks associated with the provision of stores management & management of risks associated with the provision of petrol, oils & lubricants.

Manage DFI ground (G).

Day-to-day management & operation of Defence curb side facilities.

Prevention & management of fuel spills

Fuel support services in the field.

Management of packaged POL products

Refuelling infrastructure (contained in Infrastructure Management)

3.28 Philanthropic Services Risks associated with the provision of Philanthropic Services.

Develop & maintain Defence policy & support to Defence accredited philanthropic


23


ID Category Description Includes Excludes organisations.

3.29 Project Delivery Services

Risks associated with the provision of Project Delivery Services.

Develop estate projects & sub-programs including detailed scope, design & specifications.

Manage estate projects & sub-programs including detailed scope, design & specifications.

Deliver estate projects & sub-programs including detailed scope, design & specifications.

Manage contracted works.

Manage project financial commitments.

3.30 Property Services Risks associated with the provision of Property Services.

Develop & deliver less complex leasing solutions.

Manage deeds

Support the management of complex & strategic property leases.

Support the management of licensing agreements.

3.31 Public Private Partnership (PPP)

Risks associated with the provision of Public Private Partnership (PPP).

Delivery of various facilities & services to Defence

3.32 Rescue & Fire Fighting Services

Management of risks associated with the provision of Rescue & Fire Fighting

Provide rescue & fire fighting services to protect human life &


24


ID Category Description Includes Excludes Services. assets.

Structural Rescue & fire fighting

Airfield rescue & fire fighting

Fire equipment services

Training services

3.33 Retail Stores Risks associated with the provision of Retail Stores.

Retail Stores

Asset, equipment & inventory management

Procurement support

Stores accounting

Warehousing

Receiving

Inventory control & accuracy

Inventory maintenance

Issuing

Support to exercises & activities

Disposal

Local distribution & workshop services

Refuelling infrastructure (contained in Infrastructure Management)

3.34 Special Air Service Regiment Training Facilities (SASRTF)

Risks associated with the provision of SASR Special Training Facilities.

Provide services specific to SASR Special Training Facilities.

3.35 Sport & Recreation Services

Risks associated with the provision of sports & recreation services.

Pool Lifeguards.

Sporting facility management,

Gymnasiums

Gymnasium equipment


25



Sporting ovals including bookings

Maintain & line mark sporting ovals.

Cleaning/maintaining courts

Equipment management, inspection & maintenance

Obstacle courses

3.36 Training Area & Range Management Operations

Risks associated with the management of training areas & ranges.

Production of instructions, orders, publications, manuals or Range Standing Orders (RSO) related to the operation of the TAR.

Support & apply emergency management plans such as medical, fire, bushfire management, ammunition explosions & incidents.

Ensuring safe, secure & efficient operation of TAR

Coordinating airspace & maritime usage req

Approving activities in regards to safety & compliance on the TAR.

Controlling access to TAR, including response to trespass

Coordination of UXO management on TAR

Conducting Range Siting & Range Safety Boards

Range infrastructure /equipment

Training Area infrastructure /equipment


26



Aircraft Refuelling 3.37 Transport Services Risks associated with the provision of Transport Services.

Transport booking service

Operational management of designated fleet vehicles

Medical related transport including patients, medical samples & documents

Transport of personnel

Transport of material & equipment including mail & courier services

Provide vehicle recovery services at designated locations

3.38 Utilities / Energy Management

Risks associated with the provision of Utilities / Energy Management.

Electricity

Gas

Water

Sewerage

3.39 Waste Management Services

Risks associated with the management of Waste Management Services.

Removal & disposal of waste from Defence establishments & water borne vessels

Sharps

Hazardous waste

Provision & maintenance of containers

Hygiene services

Explosive Ordnance waste collection


27



3.40 Base Support Operations / Base Planning & Coordination Services

Risks associated with Base Support Operations & Base Planning & Coordination Services.

Provide principle link between E&IG Product & Service Manager & Head of Resident Unit.

Preparation of base-wide Security & Emergency Management (EM) Plans

Facilitate the testing of (Security & Safety) incident response procedures

3.41 Estate Appraisal Risks associated with Estate Appraisal.

Undertake Estate Appraisal

3.42 Estate Program Services

Risks associated with the Estate Program Services.

Develop & manage program approvals

Develop maintenance projects

Activity planning & scheduling

Program planning & analysis

Program monitoring & review

Phasing of annual program budgets

Reporting & measurement of performance

Develop large Estate Maintenance projects or sub programs

3.43 Partner Engagement & Relationship Management Tool

Risks associated with the provision of the PERMT.


28


ID Category Description Includes Excludes (PERMT)

3.44 Management Integration & Coordination of Base services

The Directorate of Base Services, Management, Integration & Coordination (DBSMIC) is responsible, on a national level, for ensuring the Estate Maintenance & Operations Services (EMOS) Contractors manage, integrate & coordinate Base Services on behalf of Defence in accordance with Commonwealth, State/Territory & Local Legislation, Regulations, Codes & Guidelines, Australian Standards & Defence Policy.

Management Integration Coordination

Base service Support Centre

Commercial Operations Woomera

Special Forces Training Facilities

3.45 Insurance Claims & Advice

The Defence Insurance Office provides management of the Department's insurance policy arrangements with Comcover & responds to meet customer requirements for insurance services.

Centrally manage all insurable claims.

Provide advice on insurance queries related to Comcover policy coverage.

Issue Comcover Certificates of Currency.

Provide insurance training & insurance education.

Manage Defence's insurance policy including the renewal process.

3.46 Publishing & Printing Provides a range of printing & finishing Business cards


29


ID Category Description Includes Excludes Services services, both paper-based &

electronic. There are generally no costs associated with these services to Defence customers.

Defence diaries

Document formatting

Graphic design

Video production forms

Document templates

3.47 Travel Services Defence Travel facilitates a range of travel for ADF members, including student & recruit travel movements for Army, Navy & Air Force members traveling for training courses, exercises, postings, conditions of service leave, & discharge travel.

Recreational Leave

Reunion Leave

Remote locality Leave

Compassionate Leave

All Domestic Travel

4. Engineering Integrity

Risk events associated with infrastructure integrity and engineering activities.


4.1 Range Design and Compliance

Risks associated with live fire ranges ensuring regulatory compliance with range safety requirements

adequacy of the design and maintenance policy

maintenance - inadequate / inappropriate

training area management


30




inappropriate or ineffective control mechanisms

capability risks


4.2 Electrical Infrastructure

Risks associated with electrical infrastructure




legislative compliance


capability risks


4.3 Airfield Lighting

Risks associated with AGL adequacy of the design and maintenance policy


incorrect application of, or


31


ID Category Description Includes Excludes disregard for, policies, manuals, strategies, guidelines, rules and regulations



capability risks


4.4 Aircraft Pavements

Risks associated with aircraft pavements






capability risks


4.5 Fire Protection Engineering and Fire Safety

Risks associated with fire protection and fire safety





32





capability risks


4.6 Emergency Power Risks associated with emergency power






capability risks


4.7 Mechanical Services Risks associated with mechanical services





33





capability risks


4.8 Electrical Services Risks associated with electrical services

400 hertz and 60 hertz

Hazardous Areas Electrical Installations

Explosives Areas Electrical Installations


Maintenance - Inadequate / Inappropriate




capability risks



34



4.9 Other engineering services

Risks associated with engineering service




capability risks


5. Environment and Sustainability Management

Risk events associated with the management of environment and sustainability matters. These are risks to the environment posed by Defence activities.


5.1 Protected Species, Community or Wetland

Risks associated with deterioration, damage or loss of a protected species, community or wetland.

5.2 Degradation of Land and/or Vegetation Condition

Risks associated with degradation of land and/or vegetation condition.

Disturbance - Community

Disturbance - Explosion

Disturbance - Fire

Disturbance - Flood

Disturbance - Soil - Acid Sulphate


35



Disturbance - Soil - Clean

Disturbance - Soil - Contaminated

Disturbance - Soil - Saline

5.3 Established Pest, Weed, Disease

Risks associated with spread or increase of established pest, weed or disease.

Vertebrate pests (feral)

Invertebrate pests

Weeds

Animal diseases (including those with implications on human health)

Plant diseases

Marine pests and diseases

5.4 New Pest, Weed, Disease

5.4 New Pest, Weed, Disease

Risks associated with establishment of new pest, weed or disease.

Vertebrate pests (feral)

Invertebrate pests

Weeds

Animal diseases (including those with implications on human health)

Plant diseases

Marine pests and diseases

5.3 Established Pest, Weed, Disease

5.5 Excessive Resource Consumption

Risks associated with excessive resource consumption.

Electricity

Gas

Hydrocarbons

Water

Other goods

5.6 Bushfire Hazard Risks associated with bushfire hazard.


36


ID Category Description Includes Exclude

5.9 Waste

s

5.7 Pollutant Discharge Risks associated with discharge of pollutant(s) to the environment. Includes accidental release, leaks and spills.

AFFF

Hazardous Materials

Asbestos

Hydrocarbons

Miscellaneous Materials (Chemicals, Liquids, Solids)

Paints

PCBs

Pesticides

Solvents

Water

Runoff – fertiliser, soil, stormwater

5.8 Noise or Dust Pollution Risks associated with noise or dust pollution.

Particulate matter

Smoke

5.9 Waste Risks associated with excessive waste production.

Green/organics

Hazardous Chemicals

Lead

Effluent

Hazardous liquid waste

Sewage

Washwater

Medical Waste

Obsolete Equipment/Machinery

Office

Paper

5.7 Pollutant Discharge


37



Plastic

Hazardous solid waste Industrial waste Inert waste Municipal waste Unexploded Ordnance

5.10 Indigenous Heritage Risks associated with deterioration, damage or loss of Indigenous heritage values.

5.11 Natural Heritage Risks associated with deterioration, damage or loss of natural heritage values.

5.12 Historic & Built Heritage Risks associated with deterioration, damage or loss of historic or built heritage values.

5.13 Contaminated Sites Risks associated with contaminated sites.

6. Special Interest

Risk events associated with special interest projects and assessments. These are risks to Defence posed by an activity.


6.1 Exploration Risks associated with mineral exploration assessments.

6.2 Mining Risks associated with mining application assessments.


38



6.3 Foreign Investment Review Board (FIRB)

Risks associated with Foreign Investment Review Board (FIRB) application assessments.

6.4 Native Title Risks associated with co-ordination of Defence Interests in Native Title Claims.

6.5 Offshore Petroleum Risks associated with exploration and/or development application assessments.

7. Commercial

Risk events associated with commercial considerations.


7.1 Procurement Risks associated with procurement and commercial considerations.

planning and preparation

product/service

procurement process

probity and ethics

transparency

policy and compliance

risk management

scope management

value for money

tendering

7.3 Industry Capacity & Supplier Viability


39



evaluating offers

tender selection

negotiation

market and supply-chain leverage

market maturity

Defence’s level of experience, market intelligence

level of market competition

security/secrecy

intellectual property

industrial relations

Indigenous business engagement

7.2 Contract Management Risks associated with contract management.

legal flaws

default

disputes

administration

scope management

intellectual property

third-party liabilities

timeframes

payments

terms and conditions

finance

audit


40



7.3 Industry Capacity & Supplier Viability

Risks associated with the quality or amount of resources in an industry, and the sustainability of suppliers.

workforce

factories

technological maturity

financial stability

economic stability

legal stability

management stability

8. Delivery

Risk events associated with project delivery, or producing defined outcomes within restricted timeframes, budgets and scope.


8.1 Project Management

8.1.1 Scope Risks associated with the ambiguity, instability or lack of clarity in the definition of the requirements.

poorly defined project scope

incomplete understanding of the project boundaries

scope creep

inadequate requirements or Need statement

poor alignment with Defence policy

susceptibility of needs to change


41



degree of flexibility of requirements

availability, reliability and maintainability – requirements and achievability

degree of confidence that requirements will achieve capability needs

8.1.2 Schedule Risks associated with certainty and flexibility in the delivery schedule.

approvals

milestones

decision dependencies

departmental approvals

government approvals

parliamentary approvals

delivery date confidence levels

schedule assumptions

complexity

critical path

committee decisions (see 2.1 Internal Stakeholders)

government or chain of command decisions (see 2.1 Internal Stakeholders)

8.1.3 Cost Risks associated with project specific costs.

scale of the investment (does amount create a financial risk if project is unrealised?)

budget contingency

available funds

degree of confidence in cost estimates

benchmarking and validation of cost estimates

8.1.4 Project Integration Risks associated with internal and external project interfaces and

current Defence and government capability



42


ID Category Description Includes Excludes dependencies within the project’s scope.

internal/external dependencies (tasks, activities, resources, finance, preferences)

virtual or physical technical integration with other projects or systems

interfaces (number, complexity, management, criticality, roles and responsibilities)

security

ownership

fundamental inputs to capability - FICS (number, complexity, management, criticality, roles and responsibilities, costs, scoping/understanding)

8.1.5 Quality Risks associated with the assessment, control, communication and review of quality.

how well outcomes fit the requirements (fit for purpose)

how well outcomes meet expectations

quality assessment criteria and tolerance

quality assessment processes

planning

independence of quality assessment

degree of confidence (assurance)

compliance


43



1.4 People & Workforce 8.1.6 Resources Risks associated with the resources required to complete objectives.

plant, equipment

materials

facilities

logistics

supply chain

support and test equipment

technical data, manuals/references

computer resources, software

business resource planning

1.8 Financial

8.1.7 Design Risks associated with the ambiguity, instability, inaccuracy, or lack of clarity in the design.

design errors

poorly defined design incomplete understanding of

the project boundaries scope creep poor alignment with Defence

policy susceptibility of needs to

change degree of flexibility of design availability, reliability and

maintainability – requirements and achievability

degree of confidence that design will achieve capability needs

8.2 Strategic Estate Risk Created for project prioritisation purposes (primarily for Estate Planning and the Estate Works Program Office in Service Delivery Division). The transport that copies


44


ID Category Description Includes Excludes the risk scores back from GRC into PPM is hard coded in the Defence SAP configuration; hence the number and name of this risk category must not be changed. This risk category should not be used for any other sort of risk because it could interfere with the transport process.

9. Other

Risk events that do not have a logical allocation elsewhere in the risk category tree. Every effort must be afforded to allocating risks to a specific category before selecting this option, to ensure consistency of information and effective reporting.

10. Category Mapping

This table maps the Defence SAP risk categories to the equivalent categories used in other systems.

ID Defence SAP Risk Category Smart Buyer Framework CDMRT

1.1 Business Strategy

1.2 Technology Core Acquisition - Technology Technical Achievability

1.3 Operations and Business Process


45


ID Defence SAP Risk Category Smart Buyer Framework CDMRT

1.4 People/Workforce Project Resources – Workforce

Capability Resources – Workforce

1.5 Policy Compliance – Defence & Service Regulations

1.6 Legislative Compliance Compliance – National & International Laws & Agreements

Compliance – WH&S and Environmental


1.8 Financial Core Acquisition – Financial

Core Sustainment – Financial

2.1 Internal Stakeholders Core Sustainment - Operational

2.2 External Stakeholders Core Acquisition – Strategic

Core Sustainment – Strategic

2.3 Communications

7.1 Procurement Core Acquisition – Commercial

Core Sustainment – Commercial

7.2 Contract Management

7.3 Industry Capacity and Supplier Viability Industry Capacity and Supplier Viability

8.1.1 Scope Core Acquisition – Requirements

Core Sustainment – In-Service

Project Definitions


46


ID Defence SAP Risk Category Smart Buyer Framework CDMRT Requirements

8.1.2 Schedule Core Acquisition – Schedule Project Decisions and Deadlines

8.1.3 Cost Core Acquisition – Financial

Core Sustainment – Financial

8.1.4 Project Integration Core Acquisition – Project Integration

Core Acquisition – Defence Integration

Core Sustainment – FICS

Integration with Current Capability

Integration with Other Projects

Interdependency with Current Capability

Interdependency with Other Projects

8.1.5 Quality

8.1.6 Resources Project Resources

Capability Resources

8.1.7 Design

Core Sustainment – Obsolescence

First Principles Review

e&ig risk category definitions - department of defence€¦ · the risk categories do not...

Documents