KBR Risk Management:People & Process Achieving the Loss Free Goal

Tuesday 5th December 2006

2

Today’s Agenda

Q&A

Overall Summary

Risk Management at KBR- Sales- Financial- Legal

Project Risk Management at KBR

KBR Work Process

Introduction

3

Risk

4

KBR Value - Injury Free

2000

1.2

1.0

.8

.6

.4

.2

0

2001 2002 2003 2004 2005

Inju

ry R

ate

Risk: Injury – Loss …a business perspective

TimeLo

ss

KBR Value - Loss Free

5

Risk Management Balance

6

Lump Sum Definition

Fixed-price, Fixed-schedule and Fixed-quality(Including performance)

• Security of payment• Clear scope definition &

execution responsibilities• Clear & acceptable liabilities

• Differentiation• Ability to successfully

execute

7

Summary

• Risk – Understood & Managed

• Market – Large, Demanding & Rewarding

• Competitors – Focused & Active

8

KBR Work Process

• Overview

• Phase 1: Pre-Sales & Positioning

• Phase 2: IRC (Inquiry Review Committee) & Bidding

• Phase 3: Award & Execution EPC-CS(Engineering, Procurement, Construction, Commissioning, Start-up)

• Summary

9

Work Process

10

Work Process – Pre-Sales & Positioning

11

Work Process – ITB (Invitation to Bid) Screening & Bidding

12

Work Process – EPC-CS

13

Work Process – Management Reviews

14

Work Process Summary

• Process driven

• Comprehensive & exhaustive

• Pervasive

• Reduces risk to acceptable levels

• Delivers results

15

Risk Management at KBR - Agenda

• Process overview

• Sales

• IRC

• Technical Proposal

• Commercial Proposal– Financial

– Legal

• Execution (EPC-CS)

• Summary

16

Pre-Sales Positioning & Shaping

CompetitivelyBid Lump Sum

Negotiated Reimbursable

17

Pre-Sales Positioning & Shaping

Competitively Bid Lump Sum

Competitively Won Lump Sum on KBR Terms

CompetitivelyBid Lump Sum

Negotiated Reimbursable

18

Pre-Sales & Positioning – Summary

• Disciplined

• Focused

• Strategically Selective

• Results driven

19

IRC Meetings

• Formal Disciplined Process

– Divisional Level– Executive Level

• Strategy Evaluated• Risks Evaluated• Bid or Decline Decision

20

Technical & Commercial ITB Review

21

Financial Review of ITB

Contracting Strategies-Legal Entities

Tax

Divisional Financial Risk Memo

Cash Flows

KBR CFO Business Risk Assessment

Treasury: Bonds, LOC, Security of Payment, Payment Terms, Parent Co Guarantees

22

Legal Review of ITB

Review Invitation to Bid

Prepare risk summary for management

Propose contract changes to client

Negotiations

Insurance

23

Legal Review of ITB

7. Warranty for Vendors and Subcontractors

6. a. Warranty Obligationsb. Warranty Remedy

5. Proprietary Rights/Patent Infringement Liability

4. Performance Guarantees

3. Schedule Incentives/Penalties

2. Price Adjustments / Variation Orders and Notice

1. “Rely-Upon”/Soils/Project Design Data

KBR PositionRequest For Quotation PositionIssue

Contract Terms and Conditions

Contract Risk Summary

24

Fade this and highlight PRC/negotiate at first click

Pricing Review Committee, Proposal & Negotiations

25

Outcome

26

EPC-CS:Engineering, Procurement, Construction, Commissioning, Start-up

27

• Life Cycle• People, Processes & Management Reviews• Successful Projects• KBR Culture & Commitment

Risk Management – Summary

28

Project Risk Management at KBR - Agenda

• What is a risk?

• Process Summary

• Practices, Systems and Tools

• Maturity

• Summary

29

Risk

• RISK“An uncertain event or set of circumstances that, should it occur, will have an effect on the achievement of the project’s objectives”

• RISK MANAGEMENT“The process whereby responses to the risks are formulated, justified, planned, initiated, progressed, monitored, measured for success, reviewed, adjusted and closed”

PRAM Guide 2004PRAM Guide 2004

30

Risk Management Process

31

Risk Register Concept

Disc./ Dept. Risk

Synopsis

Project Risk Register

Estimate Cost Risk Synopsis

Project Team Risk ID Inputs

Major Risk

Summary

Listing of Major Risks from contract T & C risks to project execution risks that are presented at OP’s, PRC & Project Reviews.

Document/Database that holds all the project risks. Used in the daily management of risks along entire project life cycle.

Project Team Risk identification generated through workshop sessions or risk ID forms.

A Synopsis that documents estimate cost risks.

A Synopsis that documents Technology, Discipline (i.e. Process) or Departmental risks.

Risk Assessment

Report

Report that records the details of the risk assessment results. Generated at OP’s and major review points.

Schedule Time Risk Synopsis

A Synopsis that documents schedule/ planning risks.

PRE BID EXECUTIONBID PRE-AWARD PLANNING COMMISSIONING/START-UP

Project Life Cycle of Risk ManagementProject Inception

ContractComplete

© 2005 Kellogg Brown & Root, Inc., a Halliburton Company.

Technology Risk

Synopsis

Sales Team Risk

Synopsis

A Synopsis that documents Contracts, Sales, Execution and other prospect risks presented first at IRC.

Process Owner: Project Risk Management Dept.Guideline: GD-GL-ECD-PM-1206

Rev. 6, October 2005

CLOSEOUT

32

RISK RESPONSE PLANS

Risk ID No.

Risk Short Title Cause Risk Effect Status

CommentsRisk

StatusDate

RaisedDate

Updated Risk Owner Risk Ranking Risk TreatmentRisk Response Plan Summary

(RRP)example

PRC-5.07Vendor Shop Capacity

Due to worldwide demand for compressor vendor's shop and product

there is a risk that the vendor will be unable to meet schedule for the project during 2005

JV may have to pay a premium to meet deadlines, overall project may be delayed and quality could be reduced

1.Jim is working toward plan dates and hiring a new expeditor this week

Open 15-Jan-05 28-Feb-05 Jim Smith Probability

Manageability

Cost ImpactSchedule Impact

HSE ImpactReputation Impact

etc.

ThreatsAvoid

TransferMitigateAccept

OpportunitiesExploitShare

EnhanceAccept

1. Develop contract terms that share schedule delay. 09MAY05

2. Hire an additional expeditor for procurement reviews. 02APR05

RISK STATEMENT

Who is best able to manage the risk?

What is the uncertainty that matters to the project?

What are the facts or requirements?

What is the effect on the project objectives?

Is the risk improving, worsening or the same?

What is the status of plan implementation and effectiveness?

What is the risk treatment?

Risk Register

Primary risk management treatment. For Threats: Avoid, Transfer, Mitigate, Accept. For Opportunities: Exploit, Share, Enhance, Accept.Risk Treatment

A three part, structured description of a risk, incorporating cause, risk and effect.Risk Statement

Definite events or circumstances which give rise to uncertainty on the project. Causes are factual and certain. Cause

An uncertain event or set of circumstances that, should it occur, will have an effect on the achievement of the project’s objectives.Risk

Unplanned variations from project objectives, either positive or negative, resulting from the occurrence of risks. Effect

The individual charged with managing the risk on behalf of the project.Risk Owner

The individual assigned to perform a specific action of the risk response plan under the management of the Risk Owner.Risk Action Owner

The ranking developed from evaluating a risk against probability, manageability and impact criteria to determine what risks warrant prioritized management attention.Risk Ranking

An active document recording all identified project risks describing risk details, assessment, ownership, response plans and other risk management data.Risk Register

Definitions

Risk Statement: Cause-Risk-EffectExample: Due to the new DCS hardware requirement (cause), there is a risk of unexpected system integration errors

that may occur (risk), which would lead to additional time delays and rework (effect).

© 2005 Kellogg Brown & Root, Inc., a Halliburton Company.Rev. 6, October 2005

PRM Practices, Systems and Tools

34

Cause

Risk Identification- How do we state a risk?

C E-- R

C-R-E

- Effect- Risk

35

Risk Identification C-R-E

Why C-R-E ?

• Uncertainties (Risks) must be differentiated from facts (Causes);

• Separating Causes from Risks focuses attention on the source of the threat or opportunity;

• The Cause is the starting point for managing the potential impact of a risk.

36

Cause – Fact or RequirementExample: Due to limited space at site for staging

material.

Risk – Uncertain event or circumstancesExample: There is a risk that materials might not be

available at site to support the path of construction.

Effect – Potential consequence against project objectivesExample: Lower productivity – increased costs and

schedule delays.

Risk Identification C-R-E

37

Risk

Risk Identification- How do we organize our risks?

R S-- B

R-B-S

- Structure- Breakdown

38

What is a Risk Breakdown Structure?What is a Risk Breakdown Structure?• RISK BREAKDOWN STRUCTURE

“A Risk Breakdown Structure ("RBS") is a source-oriented grouping of risks that organizes and defines the total risk exposure of a project.” APM

• CHARACTERISTICS– Hierarchical – Descending levels are more detailed– Risks assessments can be summarized to the next level

• OBJECTIVES– Organize threats and opportunities within a common framework to assess

the risk exposure of a project.– Support strategic and tactical decision making when managing risks.– Enhance risk identification

• OUTCOMES– Summary reports can be generated across multiple projects.– Project risk profiles can be compared and benchmarked.– Risks can be categorized within a common corporate structure.

39

Risk Identification RBSSECTION

Category Description and risk element prompts

T TECHNOLOGY / TECHNICAL

SD Scope Definition Design verification - plant and systems, data inconsistencies, communication of scope, design changes

SY Process Integration and Interfaces Integration with utilities, process feed, existing process systems and other projects. Interface or tie-in requirements with modular components or processes, other licensors, obsolesence

MD Modularization Identification, feasibility, decision and timing.

TE Technology Specifications, standards, hazardous material requirements, licensing

PQ Performance, Reliability and Quality Performance guarantees, unusual quality requirements

HS HSE Operational safety

C COMMERCIAL / CONTRACTUAL

EC Economic Finance and funding, taxes, duties, currency, escalation, payment milestones, liquidated damages, funded liability, warranty, incentives, exposure to claims, furnished equipment, financial impact of performance guarantees

EX Execution Change control, reporting requirements, obligations including commissioning, start-up and performance testing, progress milestones, third-party approvals/inspections, client approvals and decision gates, contract conversion, feedstock availability

40

Risk

PRM- How do we manage our risk information?

R S-- M

R-M-S

- System- Management

41

Risk Management System Risk Management System -- RMSRMS• RISK MANAGEMENT SYSTEM

“An internet enabled data management system that supports the PRM work process”

• CHARACTERISTICS– Practical and intuitive user interface – Flexible and standard framework– Updating and communicating risk information is easy

• OBJECTIVES– Enable a more efficient and timely execution of the PRM process.– Link multiple offices and locations.– Create a mechanism to archive corporate risk data and knowledge.– Provide the tool to enhance a team driven risk management process.

• OUTCOMES– Timely and transparent reporting of a project’s risk profile.– System driven reinforcement of the PRM process.– Better integration of PRM within the project work processes.

42

Risk Management System Risk Management System -- RMSRMS

43

• Project Risk Management Process Diagram

• Project Risk Management Written Guideline

• Risk Register Concept Diagram

• Project Risk Management Desk Manual

• Dedicated PRM Department of risk professionals

• Web Based Risk Management System (RMS)

• Training and Education Programs

PRM Process- Infrastructure

44

Project Risk Management Desk Manual (PRMDM)• Purpose⎯ A manual to assist all project team members manage

project risks.• Scope⎯ Information, templates and guidance along the entire

project life cycle to support the project risk management requirements.

• Location⎯ KBR Connect Website. ⎯ http://kbrconnect.corp.kbr.com/kbr/kbr_gcm/kbrgcm_kbrgcm.asp

PRM Process- Infrastructure

PRM Maturity

46

Risk Management Maturity

HVR & Dr. D.A. Hillson “Towards a Risk Maturity Model”

LEVEL 1 – NAIEVE LEVEL 2 – NOVICE LEVEL 3 – NORMALIZED LEVEL 4 - NATURAL

DEFINITION Unaware of the need formanagement of riskNo Structured approach to dealingwith uncertaintyRepetitive and reactivemanagement processesLittle or no attempt to learn frompast or to prepare for future

Experimenting with riskmanagement through a smallnumber of individualsNo generic structured approach inplaceAware of potential benefits ofmanaging risk, but ineffectiveimplementation, not gaining fullbenefits

Management of risks built intoroutine business processesRisk management implemented onmost or all projectsFormalized generic risk processesBenefits understood at all levels ofthe organization, although notalways consistently achieved

Risk aware culture, with proactiveapproach to risk management in allaspects of the businessActive use of risk information toimprove business processes andgain competitive advantageEmphasis on opportunitymanagement (“positive risk”)

CULTURE No risk awarenessResistant/reluctant to changeTendency to continue with existingprocesses

Risk process may be viewed asadditional overhead with variablebenefitsRisk management used only onselected projects

Accepted policy for riskmanagementBenefits recognized and expectedPrepared to commit resources inorder to reap gains

Top-down commitment to riskmanagement, with leadership byexampleProactive risk managementencouraged and rewarded

PROCESS No formal processes No generic formal processes,although some specific formalmethods may be in useProcess effectiveness dependsheavily on the skills of the in-houserisk team and availability ofexternal support

Generic processes applied to mostprojectsFormal processes, incorporated intothe quality systemActive allocation and managementof risk budgets at all levelsLimited need for external support

Risk management based businessprocesses“Total-risk-management”permeating entire businessRegular refreshing and updating ofprocessesRoutine risk metrics with constantfeedback for improvement

EXPERIENCE No understanding of risk principlesor language

Limited to individuals who mayhave had little or no formal training

In-house core of expertise,formally trained in basic skillsDevelopment of specific processesand tools

All staff risk-aware and using basicskillsLearning from experience as partof the processRegular external training toenhance skills

APPLICATION No structured applicationNo dedicated resourcesNo risk tools

Inconsistent applicationVariable availability of staffAd-hoc collection of tools andmethods

Routine and consistent applicationto all projectsCommitted resourcesIntegrated set of tools and methods

Second-nature, applied to allactivitiesRisk-based reporting and decisionmakingState-of-the-art tools and methods

47

Risk Management Maturity

Level 1

NAIVE

Level 2

NOVICE

Level 3

NORMALIZED

Level 4

NATURAL

RM MATURITYPROGRESSION

48

Risk Management Maturity

Level 1

NAIVE

Level 2

NOVICE

Level 3

NORMALIZED

Level 4

NATURAL

Pre-Dec ‘98

Jan 05

Jan 07

Jan 08 and Beyond

RM MATURITYPROGRESSION

Achievement

Planned

49 HVR & Dr. D.A. Hillson “Towards a Risk Maturity Model”

DEFINITION

CULTURE

PROCESS

EXPERIENCE

APPLICATION

LEVEL 3 – NORMALIZEDManagement of risks built intoroutine business processesRisk management implemented onmost or all projectsFormalized generic risk processesBenefits understood at all levels ofthe organization, although notalways consistently achievedAccepted policy for riskmanagementBenefits recognized and expectedPrepared to commit resources inorder to reap gainsGeneric processes applied to mostprojectsFormal processes, incorporated intothe quality systemActive allocation and managementof risk budgets at all levelsLimited need for external support

In-house core of expertise,formally trained in basic skillsDevelopment of specific processesand tools

Routine and consistent applicationto all projectsCommitted resourcesIntegrated set of tools and methods

Risk Management Maturity

50

• Effectively educating people as to what is project risk management.

• Changing reactionary project management practices to more proactive planning.

• Further integrating all aspects of the company business.

• Developing the risk aware mindset at all levels.

• Managing JV & PMC complexities, risk tolerances, cultural and work practice differences.

• Effectively communicating risk management information.

• Instilling the Passion and Commitment that everyone is part of the process.

Risk Management Maturity Challenges

51

PRM Process- Summary

GoalsMinimize Threats

Maximize Opportunities

Key Success FactorsTeam Awareness + Proactive Actions = Successful Project Risk Mgmt.

Everyone is empowered to manage risk.

Process continues along entire project life cycle.

PRE BID EXECUTIONBID PRE-AWARD PLANNING COMMISSIONING/START-UP

Project Life Cycle of Risk ManagementProject Inception

ContractCompleteCLOSEOUT

C O

M M

U N

I C

A T

EC

O M

M U

N I

C A

T E IDENTIFY

ASSESS

RESPOND

MONITOR

ACHIEVE PROJECT OBJECTIVES

STRATEGIZE

C O

M M

U N

I C

A T

EC

O M

M U

N I

C A

T E IDENTIFY

ASSESS

RESPOND

MONITOR

ACHIEVE PROJECT OBJECTIVES

STRATEGIZE

52

Halliburton Board

KBR E&CSMT

KBR E&CMid-level

Management

KBR E&CEmployees

Commercial(Loss)

HSE(Injury)

Overall Summary

• Commitment

• Procedures

• Culture

53

“Expect the best.Prepare for the worst.

Capitalize on what comes.”-Zig Ziglar

Final Thought

KBR Risk Management:People & Process Achieving the Loss Free Goal

Tuesday 5th December 2006

Rev 0