AS4360 Risk Management

  • Project Risk Management Plans are there for both risk mitigation, and for legal/liability reasons
  • Project Risk Management is well explained in Australian Standard AS4360
  • There are many categories of risk which include OHS, Environmental, Financial, and Client, and scheduling (plus others)
  • A Risk Management Plan must include a context, describing the spread and share of risk taken by your own company, and by subcontractors
  • A Risk Register is a table of the project risks with analysis and controls, and is usually compiled in consultation with Stakeholders

Adequacy of Existing Controls

  • Without adding ANY new control measures, how are the risks controlled now?

Activity 4

Return to your Risk Register, type in a brief description of your opinion of the Adequacy of Existing Controls in column 5. Do not just write adequate or inadequate, explain why as it will help in later stages.

Evaluate Risks

AS4360 Risk Management Image 1

Risk Priorities

  • Risks are prioritised in order of severity.

Activity 5

Return to your Risk Register, and with continual reference to the Risk Analysis Matrix type in the Level of Risk into column 8.

Next type in your Risk Priorities into the last column of your Risk Register, column 9.

Treat Risks

  • AS4360 calls for a “Risk Treatment Schedule and Plan”. Refer to your Learning Manual for an example on page 20
  • Effective treatment of risks comes from experience, consultation, or other forms of investigation
  • Involves things like negotiating & contracts (both with you and your client, and with you and your subcontractors), additional training, elimination of risks
  • Would the hierarchy of controls apply here?

Activity 7

Enter the range of Possible Treatment Options you have in column 3 of the Risk Treatment Schedule and Plan Activity 8

Write out the Preferred Options for treatment of your risks in column 4.

After you have listed your Preferred Options for risk control, calculate the approbriate Risk Ratings After Treatment. To do this you have to use the same method you did before, that is rate the new Likelihood, the new Consequence, and then combine them to give the Risk Rating After Treatment. The level of risk should now be reduced.

Activity 9

Calculate the Risk Rating After treatment for your risks and enter them in column 5.

Activity 10

Consider the estimated cost of each of the Preferred Options, and their relative benefit, and based on this, place an A for Accept or B for Reject for each of the Preferred Options in column 5.

Activity 11

Enter the name of the people responsible for implementing each of your risk treatment measures in column 6.

Monitoring Treatment Measures

  • Example;
  • Risk = Subcontractors being late
  • Selected treatment = Penalise their payment

Then What?

  1. Record their progress and document any lateness
  2. Subtract the appropriate penalty from their payment


  • Using a supplied project brief, you are to create a Risk Management Plan complying to AS4360
  • Must be done in Microsoft Excel
  • Must include a minimum of 15 Project Risks
  • You may work individually or in groups (maximum 3 to a group)
  • A hardcopy must be submitted, and the electronic file emailed to me. Cover sheets are mandatory and must include names and student numbers of all who contributed
  • Any “cut & paste” from online sources not referenced will result in a rejection of the assignment
  • Pagiarism will not be tolerated, refer to Tafe policies on this topic