SIST EN 62198:2014

SLOVENSKI STANDARD
SIST EN 62198:2014
01-april-2014
Upravljanje tveganja v projektih - Smernice za uporabo (IEC 62198:2013)
Managing risk in projects - Application guidelines
Gestion des risques lies a un projet - Lignes directrices pour l'application
Ta slovenski standard je istoveten z: EN 62198:2014
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
SIST EN 62198:2014 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 62198:2014

---------------------- Page: 2 ----------------------

SIST EN 62198:2014

EUROPEAN STANDARD
EN 62198

NORME EUROPÉENNE
February 2014
EUROPÄISCHE NORM

ICS 03.100.01


English version


Managing risk in projects -
Application guidelines
(IEC 62198:2013)


Gestion des risques liés à un projet -  Risikomanagement für Projekte -
Lignes directrices pour l'application Anwendungsleitfaden
(CEI 62198:2013) (IEC 62198:2013)





This European Standard was approved by CENELEC on 2014-01-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the CEN-CENELEC Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the CEN-CENELEC Management Centre has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus,
the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany,
Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

CEN-CENELEC Management Centre: Avenue Marnix 17, B - 1000 Brussels


© 2014 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 62198:2014 E

---------------------- Page: 3 ----------------------

SIST EN 62198:2014
EN 62198:2014 - 2 -
Foreword
The text of document 56/1529/FDIS, future edition 2 of IEC 62198, prepared by IEC/TC 56
"Dependability" was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as
EN 62198:2014.

The following dates are fixed:
(dop) 2014-10-01
• latest date by which the document has to be
implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2017-01-01
standards conflicting with the
document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.

Endorsement notice
The text of the International Standard IEC 62198:2013 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC 60812 NOTE Harmonized as EN 60812.
IEC/ISO 31010 NOTE Harmonized as EN 31010.

---------------------- Page: 4 ----------------------

SIST EN 62198:2014
- 3 - EN 62198:2014
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications

The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.

Publication Year Title EN/HD Year

ISO 31000 - Risk management - Principles and - -
guidelines

---------------------- Page: 5 ----------------------

SIST EN 62198:2014

---------------------- Page: 6 ----------------------

SIST EN 62198:2014




IEC 62198

®


Edition 2.0 2013-11




INTERNATIONAL



STANDARD




NORME



INTERNATIONALE
colour

inside









Managing risk in projects – Application guidelines






Gestion des risques liés à un projet – Lignes directrices pour l'application

















INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE

PRICE CODE
INTERNATIONALE

CODE PRIX X


ICS 03.100.01 ISBN 978-2-8322-1192-2



Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 7 ----------------------

SIST EN 62198:2014
– 2 – 62198 © IEC:2013
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Managing risks in projects . 9
5 Principles . 11
6 Project risk management framework . 12
6.1 General . 12
6.2 Mandate and commitment . 13
6.3 Design of the framework for managing project risk . 14
6.3.1 Understanding the project and its context . 14
6.3.2 Establishing the project risk management policy . 14
6.3.3 Accountability . 15
6.3.4 Integration into project management processes . 16
6.3.5 Resources . 16
6.3.6 Establishing internal project communication and reporting
mechanisms . 16
6.3.7 Establishing external project communication and reporting
mechanisms . 17
6.4 Implementing project risk management . 17
6.4.1 Implementing the framework for managing project risk . 17
6.4.2 Implementing the project risk management process . 17
6.5 Monitoring and review of the project risk management framework . 17
6.6 Continual improvement of the project risk management framework . 18
7 Project risk management process . 18
7.1 General . 18
7.2 Communication and consultation . 19
7.3 Establishing the context . 20
7.3.1 General . 20
7.3.2 Establishing the external context . 20
7.3.3 Establishing the internal context . 21
7.3.4 Establishing the context of the project risk management
process . 21
7.3.5 Defining risk criteria . 22
7.3.6 Key elements . 22
7.4 Risk assessment . 23
7.4.1 General . 23
7.4.2 Risk identification . 23
7.4.3 Risk analysis . 24
7.4.4 Risk evaluation . 25
7.5 Risk treatment . 25
7.5.1 General . 25
7.5.2 Selection of risk treatment options . 25
7.5.3 Risk treatment plans . 26
7.6 Monitoring and review . 26
7.7 Recording and reporting the project risk management process . 27

---------------------- Page: 8 ----------------------

SIST EN 62198:2014
62198 © IEC:2013 – 3 –
7.7.1 Reporting . 27
7.7.2 The project risk management plan . 28
7.7.3 Documentation . 28
7.7.4 The project risk register . 28
Annex A (informative) Examples . 30
A.1 General . 30
A.2 Project risk management process . 30
A.2.1 Stakeholder analysis (see 7.2) . 30
A.2.2 External and internal context (see 7.3.4) . 31
A.2.3 Risk management context (see 7.3.4) . 33
A.2.4 Risk management context for a power enhancement project . 33
A.2.5 Risk criteria (see 7.3.5). 34
A.2.6 Key elements (see 7.3.6) . 34
A.2.7 Risk analysis (see 7.4.3) . 36
A.2.8 Risk evaluation (see 7.4.4) . 40
A.2.9 Risk treatment (see 7.5) . 40
A.2.10 Risk register (see 7.4.2 and 7.7.4) . 41
Bibliography . 42

Figure 1 – Principal stakeholders in a project . 11
Figure 2 – Relationship between the components of the framework for managing risk,
adapted from ISO 31000 . 13
Figure 3 – Project risk management process, adapted from ISO 31000 . 19
Figure A.1 – Risk management scope for an open pit mine project . 34
Figure A.2 – Distribution of costs using simulation . 40

Table 1 – Typical phases in a project . 10
Table A.1 – Stakeholders for a government project . 30
Table A.2 – Stakeholders and objectives for a ship upgrade . 31
Table A.3 – Stakeholders and communication needs for a civil engineering project . 31
Table A.4 – External context for an energy project . 32
Table A.5 – Internal context for a private sector infrastructure project . 33
Table A.6 – Criteria for a high-technology project . 34
Table A.7 – Key elements for a communications system project. 35
Table A.8 – Key elements and workshop planning guide for a defence project . 36
Table A.9 – Key elements for establishing a new health service organization . 36
Table A.10 – Example consequence scale . 37
Table A.11 – Example likelihood scale . 38
Table A.12 – Example of a matrix for determining the level of risk . 38
Table A.13 – Example of priorities for attention . 40
Table A.14 – Example of a treatment options worksheet . 41
Table A.15 – Simple risk register structure . 41

---------------------- Page: 9 ----------------------

SIST EN 62198:2014
– 4 – 62198 © IEC:2013
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

MANAGING RISK IN PROJECTS –
APPLICATION GUIDELINES

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62198 has been prepared by IEC technical committee 56:
Dependability.
This second edition cancels and replaces the first edition, published in 2001, and constitutes
a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) major restructure and rewrite of the first version;
b) now aligned with ISO 31000, Risk management – Principles and guidelines.

---------------------- Page: 10 ----------------------

SIST EN 62198:2014
62198 © IEC:2013 – 5 –
The text of this standard is based on the following documents:
FDIS Report on voting
56/1529/FDIS 56/1539/RVD

Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.

---------------------- Page: 11 ----------------------

SIST EN 62198:2014
– 6 – 62198 © IEC:2013
INTRODUCTION
Every project involves uncertainty and risk. Project risks can be related to the objectives of
the project itself or to the objectives of the assets, products or services the project creates.
This International Standard provides guidelines for managing risks in a project in a systematic
and consistent way.
Risk management includes the coordinated activities to direct and control an organization with
regard to risk. ISO 31000, Risk management – Principles and guidelines, describes the
principles for effective risk management, the framework that provides the foundations and
organizational arrangements for designing, implementing, monitoring, reviewing and
continually improving risk management throughout an organization and a process for
managing risk that can be applied to all types of risk in any organization. This standard shows
how those general principles and guidelines apply to managing uncertainty in projects.
This standard is relevant to individuals and organizations concerned with any or all phases in
the life cycle of projects. It can also be applied to sub-projects and to sets of inter-related
projects and programmes.
The application of this standard needs to be tailored to each specific project. Therefore, it is
considered inappropriate to impose a certification system for risk management practitioners.
The guidance provided in this standard is not intended to override existing industry-specific
standards, although the guidance can be helpful in such instances.

---------------------- Page: 12 ----------------------

SIST EN 62198:2014
62198 © IEC:2013 – 7 –
MANAGING RISK IN PROJECTS –
APPLICATION GUIDELINES



1 Scope
This International Standard provides principles and generic guidelines on managing risk and
uncertainty in projects. In particular it describes a systematic approach to managing risk in
projects based on ISO 31000, Risk management – Principles and guidelines.
Guidance is provided on the principles for managing risk in projects, the framework and
organizational requirements for implementing risk management and the process for
conducting effective risk management.
This standard is not intended for the purpose of certification.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
ISO 31000, Risk management – Principles and guidelines
3 Terms and definitions
For the purpose of this document, the following terms or definitions apply.
3.1
project
unique process consisting of a set of coordinated and controlled activities, with start and
finish dates, undertaken to achieve an objective conforming to specific requirements,
including the constraints of time, cost and resources
Note 1 to entry: An individual project may form part of a larger project structure.
Note 2 to entry: In some projects the objectives are updated and the product characteristics defined progressively
as the project proceeds.
Note 3 to entry: The project’s product is generally defined in the project scope. It may be one or several units of
product and may be tangible or intangible.
Note 4 to entry: The project’s organization is normally temporary and established for the lifetime of the project.
Note 5 to entry: The complexity of the interactions among project activities is not necessarily related to the
project size.
1
[SOURCE: ISO 10006:2003, 3.5] [1]
3.2
project management
planning, organizing, monitoring, controlling and reporting of all aspects of a project and the
motivation of all those involved in it to achieve the project objectives
___________
1
References in square brackets refer to the Bibliography.

---------------------- Page: 13 ----------------------

SIST EN 62198:2014
– 8 – 62198 © IEC:2013
[SOURCE: ISO 10006:2003, 3.6]
3.3
project management plan
document specifying what is necessary to meet the objective(s) of the project
Note 1 to entry: A project management plan should include or refer to the project’s quality plan.
Note 2 to entry: The project management plan also includes or references such other plans as those relating to
organizational structures, resources, schedule, budget, risk management (3.5), environmental management, health
and safety management and security management, as appropriate.
[SOURCE: ISO 10006:2003, 3.7]
3.4
risk
effect of uncertainty on objectives
Note 1 to entry: An effect is a deviation from the expected — positive and/or negative.
Note 2 to entry: Objectives can have different aspects (such as financial, health and safety, and environmental
goals) and can apply at different levels (such as strategic, organization-wide, project (3.1), product and process).
Note 3 to entry: Risk is often characterized by reference to potential events and consequences, or a combination
of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated likelihood of occurrence.
Note 5 to entry: Uncertainty is the state, even partial, of deficiency of information related to understanding or
knowledge of an event, its consequence, or likelihood.
[SOURCE: ISO Guide 73:2009, 1.1] [2]
3.5
risk management
coordinated activities to direct and control an organization with regard to risk
[SOURCE: ISO Guide 73:2009, 2.1]
3.6
risk management framework
set of components that provide the foundations and organizational arrangements for
designing, implementing, monitoring, reviewing and continually improving risk management
throughout the organization
Note 1 to entry: The foundations include the policy, objectives, mandate and commitment to manage risk (3.4).
Note 2 to entry: The organizational arrangements include plans, relationships, accountabilities, resources,
processes and activities.
Note 3 to entry: The risk management framework is embedded within the organization's overall strategic and
operational policies and practices.
[SOURCE: ISO Guide 73:2009, 2.1.1]
3.7
risk management policy
statement of the overall intentions and direction of an organization related to risk
management
[SOURCE: ISO Guide 73:2009, 2.1.2]

---------------------- Page: 14 ----------------------

SIST EN 62198:2014
62198 © IEC:2013 – 9 –
3.8
risk management plan
scheme within the risk management framework specifying the approach, the management
components and resources to be applied to the management of risk
Note 1 to entry: Management components typically include procedures, practices, assignment of responsibilities,
sequence and timing of activities.
Note 2 to entry: The risk management plan can be applied to a particular product, process and project (3.1), and
part or whole of the organization.
[SOURCE: ISO Guide 73:2009, 2.1.3]
3.9
risk management process
systematic application of management policies, procedures and practices to the activities of
communicating, consulting, establishing the context, and identifying, analysing, evaluating,
treating, monitoring and reviewing risk
[SOURCE: ISO Guide 73:2009, 3.1]
3.10
risk treatment
process to modify risk
Note 1 to entry: Risk treatment can involve:
– avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
– taking or increasing risk in order to pursue an opportunity;
– removing the risk source;
– changing the likelihood;
– changing the consequences;
– sharing the risk with another party or parties (including contracts and risk financing); and
– retaining the risk by informed decision.
Note 2 to entry: Risk treatments that deal with negative consequences are sometimes referred to as “risk
mitigation”, “risk elimination”, “risk prevention” and “risk reduction”.
Note 3 to entry: Risk treatment can create new risks or modify existing risks.
[SOURCE: ISO Guide 73:2009, 3.8.1]
4 Managing risks in projects
Every project involves uncertainty that can lead to risk. These risks can relate to the
objectives of the project itself (for example to complete the project within a specified time
frame and budget) or to the requirements of the assets, products or services that the project
creates (for example for a product to be safe, dependable and environmentally sustainable).
The consequences that could arise from uncertainty in a project can be beneficial as well as
detrimental, so project risk management is directed not only to avoiding or reacting to
problems but also to identifying and capturing opportunities. Taking account of project risks
contributes to better decisions, better project outcomes and increased value for the
stakeholders.
This standard is relevant to individuals and organizations concerned with any or all phases in
the life cycle of projects. To obtain maximum benefit, risk management activities are initiated
at the earliest possible phase of a project and continued through subsequent phases.
However, project risk management can be initiated successfully at any point in the life cycle,
providing appropriate preliminary work is undertaken. The process is scalable, so it can be

---------------------- Page: 15 ----------------------

SIST EN 62198:2014
– 10 – 62198 © IEC:2013
used with both small and large projects and to individual phases of projects. It can also be
applied to sub-projects and to sets of inter-related projects and programmes.
A typical set of project phases and their characteristics is shown in Table 1.
Tabl
...