UNCLASSIFIED – INTERNAL USE ONLY
1
Defence SAP E&IG Risk Categories
ESTATE & INFRASTRUCTURE GROUP
DEFENCE SAP E&IG RISK CATEGORY DEFINITIONS
Date Issued 14 September 2016
Version No. 1.0
Status Draft
Objective Location Ref:
AF26312408 https://drms-deakin/id:AF26312408/document/versions/published
Document Owner Sean Cummins
Security Classification Unclassified/Internal Use Only Commercial in Confidence
UNCLASSIFIED – INTERNAL USE ONLY
2
Defence SAP E&IG Risk Categories
Background
The Garrison and Estate Management System’s Risk Management module in Defence SAP will provide functionality for the management of risks and will enable a standardised approach and process for the identification, assessment, review, monitoring, and reporting of risks. Risk Information can be used across Defence estate management to inform the prioritisation of work and the allocation of financial and non-financial resources. It is intended that GEMS Risk Management will be implemented from the strategic through to operational level.
The GEMS Risk Management module allows users to identify and assess risks both throughout the project lifecycle and the Environmental Factor Management process. Users can develop risk mitigation plans and collect key risk information that contributes to the risk profiling of the Defence Estate.
When risks are recorded in Defence SAP (see Figure 1), there are two mandatory fields that must be filled:
1. Risk Category: classifies the type of the risk
2. Organisation Unit: identifies what part of the business is responsible for the risk.
These fields are used to classify, filter, analyse and report on risk information.
Both fields are populated by making a choice from a dropdown box. The available options are defined by Defence SAP’s risk breakdown structure (RBS) and risk organisation structure (ROS) respectively, and each is a hierarchy of choices that the business must define.
This document provides the structure of the risk breakdown structure and the definition of the risk categories for E&IG.
Note
The risk breakdown structure and risk organisation structure are managed as ‘master data’ within Defence SAP, which means they can be modified by nominated users after Defence SAP is deployed.
UNCLASSIFIED – INTERNAL USE ONLY
3
Defence SAP E&IG Risk Categories
Figure 1 Defence SAP risk record, showing Organisation Unit and Risk Category fields.
Risk Categories
The Defence SAP risk categories are used to group risks according to where they might arise (the risk event). They are assigned to a risk during its creation, and can then be used for filtering and reporting.
Risk categories are recorded in the risk breakdown structure, a hierarchy of categories and subcategories. Each descending level represents an increasingly specific risk category. Once risks are assigned to a category, you can run reports that filter out risks based on whichever category or categories are of interest.
Risk categories are used to provide a standard terminology to describe risks, and facilitate the understanding, communication and management of risks. The categories help to identify the distribution of risk, areas requiring special attention, recurring risk themes and risk ‘hot spots’. Risk categories also make it easier to compare risks across projects, services and business activities.
Each category captures what the risk is about, answering the question ‘where could things go wrong?”. The risk causes and impacts are not considered as part of the category choice, as these are categorised separately. The risk categories do not replicate the eight E&IG Risk Management Framework (RMF) risk impact categories - capability, delivery of services, environment, financial, legislative compliance, reputation, safety, or security; these are assigned during the impact assessment.
For example, take the risk description “Design errors occur that lead to the construction of a building that does not comply with legislative requirements.” Here, the potential categories of ‘design’, and ‘legislative compliance’ could be considered. However, if we look at the risk description and ask the question ‘where could things go wrong?’, the answer would be ‘the design’. Hence this risk would be best categorised under ‘design’ for the most appropriate controls to reduce its likelihood.
Risk categories can also be used as a prompt to consider what could go wrong within each business area. They serve to ensure that no one area of the business is overlooked when risks to achieving business objectives are being identified. Additionally, where a risk has already been identified the risk category selected should represent the area of business where it would most likely materialise.
UNCLASSIFIED – INTERNAL USE ONLY
4
Defence SAP E&IG Risk Categories
Objectives
The risk categories must meet the following objectives:
1. Categorise, or help identify, business, project and technical/specialist risks across E&IG.
2. Organise risk information for meaningful filtering, analysis and reporting.
3. Provide groupings that are meaningful at all levels of risk – operational (project and directorate), business (branch, division) and strategic (group).
4. Be easily understood.
5. Be kept to a minimum number.
6. Be as simple and concise as possible.
Risk Naming Convention
For reporting purposes, risks must be named with a prefix that indicates which part of the organisation they belong to:
EIG – Estate & Infrastructure Group risks
ID – Infrastructure Division risks
SDD – Service Delivery Division risks
UNCLASSIFIED – INTERNAL USE ONLY
Risk Categories – Risk Breakdown Structure
E&IG Risk CategoriesRisk Breakdown Structure
3 Service Delivery Division – Products and
Services
8.2 Strategic Estate Risk
4 Engineering Integrity
5 Environment and Sustainability Management
6 Special Interest
1 Business
1.1 Business Strategy
2.1 Internal Stakeholders
1.3 Operations and Business Process
1.4 People /Workforce
1.5 Policy
1.6 Legislative Compliance
2.2 External Stakeholders
5.1 Protected Species, Community
or Wetland
5.2 Degradation of Land and/or
Vegetation Condition
1.8 Financial
Estate and Infrastructure Group (E&IG) Risk Categories
1.2 Technology
2.3 Communications
7.1 Procurement
7.2 Contract Management
7 Commercial
6.1 Mining Exploration
6.2 Mining
6.3 FIRB
6.4 Native Title
6.5 Offshore Petroleum
5.3 Established Pest, Weed or Disease
5.5 Excessive Resource
Consumption
5.6 Bushfire Hazard
5.4 New Pest, Weed or Disease
5.7 Pollutant Discharge
5.8 Noise or Dust Pollution
5.9 Excessive Waste Production
5.10 Indigenous Heritage
5.11 Natural Heritage
5.12 Historic and Built Heritage
1.7 Business Integration
8 Delivery
2 Stakeholders
5.13 Contaminated Sites
7.3 Industry Capability and
Supplier Viability
8.1 Project Management
8.1.1 Scope
8.1.2 Schedule
8.1.3 Cost
8.1.4 Project Integration
8.1.5 Quality
8.1.6 Resources
8.1.7 Design
9 Other
2.2.1 Whole of Government
2.2.2 State Governments
2.2.3 Industry
2.2.4 Community Groups
2.4 Community Impacts
2.4.1 Health
2.4.2 Infrastructure
2.4.3 Commercial
2.2.5 Other
3.1 SDD1 Access Control
3.2 SDD2 ADF
Accommodation
3.3 SDD3 ADF Canteen Services & Funds
3.4 SDD4 Housing
3.5 SDD5 Relocations & Removals
3.6 SDD6Fuel Including
Air Craft Refuelling
3.7 SDD7 Airfield
Operations Support
3.8 SDD8Asset Provision
(OP&E)
3.9 SDD9Base Registries
3.10 SDD10Base
Reprographics
3.11 SDD11 Cleaning &
Housekeeping Services
3.12 SDD12Commercial Operations Woomera
3.13 SDD13 Cleaning &
Housekeeping Services
3.14 SDD14 Defence Home Ownership Assistance Scheme
3.15 SDD15 Environmental & Sustainability
3.16 SDD16 Estate Planning & Development
3.17 SDD17Estate Upkeep
3.18 SDD18Fresh Rations
3.19 SDD19Hospitality & Catering Services
3.20 SDD20Joint Operations
Support
3.21 SDD21Land
Management Services
3.22 SDD22Laundry & Dry
Cleaning Services
3.23 SDD23Library &
Information Access Services
3.24 SDD24Mail Services
3.25 SDD25Records & Archives
3.26 SDD26Pest & Vermin Management
Services
3.27 SDD27Petrol, Oils & Lubricants
3.28 SDD28Philanthropic
Services
3.29 SDD29Project Delivery
Services
3.30 SDD30Property Services
3.31 SDD31Public Private Partnership
3.32 SDD32Rescue & Fire
Fighting
3.33 SDD33Retail Stores
3.34 SDD34SASR Special Training Facilities
3.35 SDD35 Sport &
Recreation Services
3.36 SDD36Training Area &
Range Management
3.37 SDD37Transport Services
3.38 SDD38Utilities/Energy Management
3.39 SDD39Waste
Management Services
3.40 SDD40Base Support Operations
3.41 SDD41Estate Appraisal
3.42 SDD42Estate
Maintenance Program
3.43 SDD43PERMT
4.1 Range Design and Compliance
4.2 Electrical Infrastructure
4.3 Airfield Lighting
4.4 Aircraft Pavements
4.5 Fire Protection Engineering and Fire
Safety
4.6 Emergency Power
4.7 Mechanical Services
4.8 Electrical Services
4.9 Other Engineering Services
3.44 SDD44Management of Integration &
Co‐ordination of Base Services
3.45 SDD45Insurance
Claims 7& Advice
3.47 SDD47Travel Services
3.46 SDD46Publishing &
Printing Services
UNCLASSIFIED – INTERNAL USE ONLY
1. Business
Risk events associated with management and organisation of the business.
ID Category Description Includes Excludes
1.1 Business Strategy Risks associated with the adequacy and effectiveness of current business strategy and its implementation that affect the organisation’s ability to achieve its objectives.
ambiguity, instability or lack of clarity in the definition of the Business Strategy
incomplete understanding of business objectives
poorly defined corporate objectives and realisation strategy
organisational stability
responding to change
formulation and execution of decisions
strategic planning
leadership
organisational management
1.2 Technology Risks associated with the use and implementation of technology.
Refer to the DSTG Technical Risk Assessment Handbook for guidance (http://intranet.dsto.defence.gov.au/functions/PAA/resources/tra/).
understanding of the requirements for the technology
research and development requirements
maturity of the technology
Defence’s experience with, and knowledge of, the technology
Engineering Integrity
6
Defence SAP E&IG Risk Categories
UNCLASSIFIED – INTERNAL USE ONLY
7
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
support available from partners, industry and academia
obsolescence
impacts on business
ability to achieve business strategy
compatibility with industry partners
security impacts
1.3 Operations and Business Processes
Risks associated with systems, processes, inputs and outputs associated with day-to-day management.
Governance, assurance and performance management
quality, clarity and availability of business processes
appropriateness or effectiveness of business process
appropriateness and effectiveness of control mechanisms
development and adherence to processes
data and information
systems (management, risk, governance, credit, financial, market, etc)
supply chain and logistics
customer service
outputs of business
inputs to business (including appropriateness, flexibility, standards, workforce)
policies, manuals, strategies, guidelines, rules and regulations (see 1.5 Policy)
UNCLASSIFIED – INTERNAL USE ONLY
8
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
1.4 People & Workforce Risks associated with workforce capability and capacity, including staff, contractors and subcontractors. Includes workforce behaviour, actions and decisions.
internal fraud
skills
behaviour
organisational culture
morale
strategic awareness
availability/capacity
corporate knowledge
diversity
training progression
employer of choice
incorrect application of, or disregard for, policies, manuals, strategies, guidelines, rules and regulations
2.3 Communication
1.6 Legislative Compliance
1.5 Policy
1.5 Policy Risks associated with the effectiveness, adequacy and observance of Defence policy.
disregard of policy
quality, clarity and availability of policies
relevance
appropriateness or effectiveness of policy and policy implementation
appropriateness and effectiveness of control mechanisms
1.6 Legislative Compliance
4 Engineering Integrity
1.6 Legislative Compliance Risks associated with Defence’s failure to meet its federal, state or local legal obligations, exposing Defence or its
potential breach of legislation
inappropriate or ineffective implementation/management
1.5 Policy
compliance that is not mandated by legislation
UNCLASSIFIED – INTERNAL USE ONLY
9
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes officers to fines, penalties, lawsuits, injury or negative publicity.
inappropriate or ineffective use of control mechanisms
national and international legal obligations
4 Engineering Integrity
1.7 Business Integration Risks associated with aligning technology, systems, processes and culture with business strategy and goals.
business processes
business partners
industry capability
customers
cross-organisational initiatives
cross-organisational dependencies
mutual obligations between providers and customers
competing priorities
8.1.4 Project Integration
1.8 Financial Risks associated with budget and finance for the business unit. Includes loss of assets or financial resources.
planning and resource allocation
financial reporting
tax
budget contingency
available funds
degree of confidence in budget estimates
benchmarking and validation of budget
overspend and underspend
flexibility to manage budget
project costs (8.1.3 Cost)
UNCLASSIFIED – INTERNAL USE ONLY
2. Stakeholder Management
Risk events associated with stakeholder actions and behaviour, and impacts to stakeholders as a result of Defence actions.
ID Category Description Includes Excludes
2.1 Internal Stakeholders
Risks associated with the behaviour, actions, commitment and decisions of internal stakeholders, and Defence’s support of internal stakeholders. Internal stakeholders are those within Defence.
management, Defence committees, customers, steering groups, partners
stakeholder identification
understanding expected benefits of stakeholders
stakeholder reliability
change of policy
1.4 People & Workforce
2.3 Communications
2.2 External Stakeholders
Risks associated with the behaviour, actions, commitment and decisions of external stakeholders, and Defence’s support of external stakeholders. External stakeholders are those from outside of Defence.
stakeholder identification
understanding expected benefits of stakeholders
stakeholder reliability
stakeholder capacity, skills, capability and knowledge
federal, state and local government policy
political pressure
industrial policy
change of government
international considerations and politics
1.4 People & Workforce
2.3 Communications
2.2.1 Whole of Government
As above, applied to Non-Corporate Commonwealth Entities (Departments, Offices, etc)
As above
10
Defence SAP E&IG Risk Categories
UNCLASSIFIED – INTERNAL USE ONLY
11
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
2.2.2 State Governments As above, applied to State Governments
As above
2.2.3 Industry As above, applied to Industry As above
2.2.4 Community Groups As above, applied to Community Groups
As above
2.2.5 Other As above, applied to external stakeholders not named in a separate sub-category
As above
partners, local government, local community, public, media, marketplace, suppliers
2.2.1 Whole of Government
2.2.2 State Governments
2.2.3 Industry
2.2.4 Community Groups
2.3 Communications Risks associated with communication and engagement with business stakeholders.
workforce/staff
external stakeholders (capability managers, Government, central agencies)
social, cultural and organisational differences
communications across and among stakeholders
understanding management direction
expectations/requirements
2.4 Community Impacts Risks associated with issues or problems that may arise for communities as a result of Defence’s actions.
Impacts to communities Community impacts on Defence (use External Stakeholders instead)
2.4.1 Health As above, in relation to impacts on community health.
UNCLASSIFIED – INTERNAL USE ONLY
12
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
2.4.2 Infrastructure As above, in relation to impacts on community infrastructure.
2.4.3 Commercial As above, in relation to impacts on community finance.
3. Service Delivery Division – Products and Services
ID Category Description Includes Excludes 3.1 Access Control Risks associated with the provision of
Access Control services on Defence establishments.
Staffing of access control points,
Access control to Defence establishments,
Access control to Ranges/training areas,
Emergency Management including alarm management & incident response,
Asset surveillance operations & incident response
These risks will be derived from the Base Security Plans.
3.2 ADF Accommodation Risks associated with the provision of temporary & permanent accommodation services to ADF members.
Providing service residences in Australia with dependents in support of Defence capability requirements
Providing allocation, re-allocation
UNCLASSIFIED – INTERNAL USE ONLY
13
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes & tenancy management services for members with dependents
Administering the payment of Rent Allowance to members renting private accommodation & housing
Providing Choice Accommodation for members without dependents & members with dependents (unaccompanied)
Manage the Single Living Environment & Accommodation Precincts projects delivered through Public Private Partnerships (PPP).
Relocation Administration Services & Removal Services
3.3 ADF Canteen Services & Funds
Risks associated with the management of the Agreement between Department of Defence & Army & Air Force Canteen Services (AAFCANS).
Provision of Canteen Services on Army & Air Force bases in accordance with the Defence Agreement
3.4 Housing Management of risks associated with the provision of temporary & permanent accommodation services to ADF members.
Through contract arrangements with Defence Housing Authority provide Housing Services that include providing service residences in Australia to members with dependents in support of Defence capability requirements, providing allocation, re-allocation & tenancy management services
UNCLASSIFIED – INTERNAL USE ONLY
14
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes for members with dependents, administering the payment of Rent Allowance to members renting private accommodation & housing & providing Choice Accommodation for members without dependents & members with dependents (unaccompanied).
3.5 Relocations & Removals Risks associated with the provision of Relocations & Removals.
Provision of relocation administration,
Removal of furniture & effects & vehicles & related services to the ADF & eligible APS in Australia & internationally
3.6 Fuel including Aircraft Refuelling
Risks associated with the provision of aircraft refuelling & fuel installation services.
Aircraft refuelling & fuel installation services
Facilities & training areas
Supplies & major systems
3.7 Airfield Operations Support
Risks associated with the provision of Airfield Operations Support.
Search & Rescue coordination
Aviation Safety
Aircraft crash response
Airfield management
Coordination & reception of visiting aircraft
Landing area maintenance
Airfield terminal management &
Aircraft Refuelling
UNCLASSIFIED – INTERNAL USE ONLY
15
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes operation
Aircraft, passenger & cargo/baggage support
Ground handling for civil & military aircraft
Inspection & sweeping of all movement areas
3.8 Asset Provision – Other Plant & Equipment (OP&E)
Risks associated with the through life management of OP&E.
Scoping requirement
Purchasing
Maintenance
Disposal
3.9 Base Registries Risks associated with the provision of Base Registries.
Creation & management of active physical corporate records
Transfer
Custody
Sentencing
Archiving
Secure storage
3.10 Base Reprographics Risks associated with reprographics & printing services.
Reprographic & printing services
Technical publications management (including auditing)
3.11 Cleaning Services Risks associated with the provision of cleaning & housekeeping services.
Cleaning
General cleaning of Office areas, living & working amenities, ablution areas, building facades, stairwells,
Range infrastructure /equipment
Training Area infrastructure /equipment
UNCLASSIFIED – INTERNAL USE ONLY
16
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes external furniture & fixtures, accommodation rooms, common areas & equipment, sporting facilities & equipment & air terminal facilities;
Specialist cleaning of hospital wards, medical & dental surgeries, clinical areas & operating theatres, medical laboratories, forensic cleaning, museum & museum artefacts, computer/electronic equipment rooms, scientific laboratories & clean rooms, aircraft hangars & shelters, maintenance facilities & workshops, armouries & magazines, HAZMAT storage areas, indoor & outdoor training, trial & range facilities, Special Forces training areas, Ships, Boats & submarines, & dog breeding kennels;
Housekeeping
Room inventory management;
Room condition reporting
Reception services
Key management
Housekeeping services
Management of leasing/tenancy agreements
Woomera
UNCLASSIFIED – INTERNAL USE ONLY
17
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
Manage living in accommodation leasing requirements
3.12 Commercial Operations Woomera
Risks associated with the provision of a range of support to Defence Estate Woomera (DEW).
Accommodation
Hospitality
Supermarket & recreational services
3.13 Customer Access Management
Risks associated with the provision of Customer Access Management.
1800DEFENCE (Defence Service Centre Cooma)
E&IG Online
Regionally located Customer Service Centres (CSCs)
3.14 Defence Home Ownership Assistance Scheme
Risks associated with the provision of the Defence Home Ownership Assistance Scheme.
Provide eligible ADF members with access to a subsidy on the interest incurred on their home loan
3.15 Environment Management
Risks associated with the provision of Environment & Sustainability.
Implementation of, & continuous improvement on, sustainable development
Energy management
Water management
Waste management reporting
Site environmental Working Groups
Development of planning strategies for new building proposals & refurbishments
UNCLASSIFIED – INTERNAL USE ONLY
18
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
3.16 Estate Planning & Development
Risks associated with the provision of Estate Planning & Development.
Input to estate planning & development activities
Input to strategic estate planning, base master planning & zone planning
Input & support to the planning & delivery of major, medium & minor capital works & infrastructure projects
Site specific advice
Sitting approvals
Maintenance of estate information
Development & prioritisation of activities regarding estate appraisal
Develop Corporate Services & Infrastructure Requests (CSIRs)
Allocation of space & buildings to user groups
3.17 Estate Upkeep Risks associated with Estate Upkeep. Maintenance, conservation & preservation of the Defence estate including
Facilities & infrastructure maintenance
Environment
Heritage
Stewardship of estate resources
UNCLASSIFIED – INTERNAL USE ONLY
19
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes & infrastructure
Planned & reactive general building & facilities maintenance & estate works
3.18 Fresh Rations Risks associated with the provision of Fresh Rations.
Manage the Standing Offer Panel for the provision of fresh rations, including the delivery of foodstuffs to Defence establishments or training/exercise locations.
3.19 Hospitality & Catering Services
Risks associated with the provision of Hospitality & Catering Services.
Hospitality & catering services at designated Defence properties including;
Meals
Beverages
Catering support services
Bar services
Catering for functions
Food for defence animals
Support to Defence Mess committees
Labour to support ADF managed catering services & cafeteria services
3.20 Joint Operations Support
Risks associated with the provision of Joint Operations Support.
3.21 Land Management Risks associated with monitoring, managing & maintaining of areas
Grassed areas / trees & shrubs
UNCLASSIFIED – INTERNAL USE ONLY
20
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes Services included in land management. Landscape condition
Bio-security
Over abundant native, domestic, feral & invasive species
Animals & birds on airfields
Garden areas / sporting fields
Outdoor recreational & training areas
Outdoor training facilities
Bush regeneration
Bush fire monitoring & management
Drainage infrastructure
Conservation areas
Significant environmental & cultural sites
Designated specialist areas
Environmental hazards
Removal of dead wildlife & livestock
3.22 Laundry & Dry Cleaning Services
Risks associated with the provision of laundry & dry cleaning Services.
Provide laundry, dry cleaning & treatment of designated linen, Defence clothing & equipment
Sewing & repair service
Collection & delivery service
UNCLASSIFIED – INTERNAL USE ONLY
21
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
3.23 Library & Information Access Services
Risks associated with the provision of Library & Information Access Services.
Provide library & information services & resources
Manage library services related Standing Offers & Contracts
Management of the Integrated Library Management System (ILMS)
3.24 Mail Services Risks associated with the provision of Mail Services.
Internal mail & small parcel receipt & despatch service (up to 16KG) for Defence official mail
Administrative mail delivery & receipt
Outwards & inwards business mail
Personal mail delivery to personnel living on base
Commercial courier deliveries between mailrooms
Domestic Non-operational Safehand mail services
Standard mail services
3.25 National Archives Risks associated with the provision of Records & Archives.
Manage archived corporate files.
Manage ADF active & inactive health records (physical, dental & psychological.
Manage inactive personnel records.
UNCLASSIFIED – INTERNAL USE ONLY
22
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
3.26 Pest & Vermin Management Services
Risks associated with the management of pest & vermin services.
Develop a Pest & Vermin Program (PVP).
Deliver pest & vermin eradication activities.
Development of Marine Pest Monitoring Programs (MPMP)
Provide & maintain plant, equipment, stores & consumables.
Provide (& map) responsive pest & vermin services, including plague response(s).
Manage & remove injured & dead wildlife
Provide expert pest & vermin advice.
Overabundant species management
Removal of animal/bird excrement at designated locations
Customer requested work
Euthanasia or management of pest & vermin or other animal species outside Defence properties
3.27 Petrol, Oils & Lubricants (POL)
Risks associated with the provision of stores management & management of risks associated with the provision of petrol, oils & lubricants.
Manage DFI ground (G).
Day-to-day management & operation of Defence curb side facilities.
Prevention & management of fuel spills
Fuel support services in the field.
Management of packaged POL products
Refuelling infrastructure (contained in Infrastructure Management)
3.28 Philanthropic Services Risks associated with the provision of Philanthropic Services.
Develop & maintain Defence policy & support to Defence accredited philanthropic
UNCLASSIFIED – INTERNAL USE ONLY
23
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes organisations.
3.29 Project Delivery Services
Risks associated with the provision of Project Delivery Services.
Develop estate projects & sub-programs including detailed scope, design & specifications.
Manage estate projects & sub-programs including detailed scope, design & specifications.
Deliver estate projects & sub-programs including detailed scope, design & specifications.
Manage contracted works.
Manage project financial commitments.
3.30 Property Services Risks associated with the provision of Property Services.
Develop & deliver less complex leasing solutions.
Manage deeds
Support the management of complex & strategic property leases.
Support the management of licensing agreements.
3.31 Public Private Partnership (PPP)
Risks associated with the provision of Public Private Partnership (PPP).
Delivery of various facilities & services to Defence
3.32 Rescue & Fire Fighting Services
Management of risks associated with the provision of Rescue & Fire Fighting
Provide rescue & fire fighting services to protect human life &
UNCLASSIFIED – INTERNAL USE ONLY
24
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes Services. assets.
Structural Rescue & fire fighting
Airfield rescue & fire fighting
Fire equipment services
Training services
3.33 Retail Stores Risks associated with the provision of Retail Stores.
Retail Stores
Asset, equipment & inventory management
Procurement support
Stores accounting
Warehousing
Receiving
Inventory control & accuracy
Inventory maintenance
Issuing
Support to exercises & activities
Disposal
Local distribution & workshop services
Refuelling infrastructure (contained in Infrastructure Management)
3.34 Special Air Service Regiment Training Facilities (SASRTF)
Risks associated with the provision of SASR Special Training Facilities.
Provide services specific to SASR Special Training Facilities.
3.35 Sport & Recreation Services
Risks associated with the provision of sports & recreation services.
Pool Lifeguards.
Sporting facility management,
Gymnasiums
Gymnasium equipment
UNCLASSIFIED – INTERNAL USE ONLY
25
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
Sporting ovals including bookings
Maintain & line mark sporting ovals.
Cleaning/maintaining courts
Equipment management, inspection & maintenance
Obstacle courses
3.36 Training Area & Range Management Operations
Risks associated with the management of training areas & ranges.
Production of instructions, orders, publications, manuals or Range Standing Orders (RSO) related to the operation of the TAR.
Support & apply emergency management plans such as medical, fire, bushfire management, ammunition explosions & incidents.
Ensuring safe, secure & efficient operation of TAR
Coordinating airspace & maritime usage req
Approving activities in regards to safety & compliance on the TAR.
Controlling access to TAR, including response to trespass
Coordination of UXO management on TAR
Conducting Range Siting & Range Safety Boards
Range infrastructure /equipment
Training Area infrastructure /equipment
UNCLASSIFIED – INTERNAL USE ONLY
26
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
Aircraft Refuelling 3.37 Transport Services Risks associated with the provision of Transport Services.
Transport booking service
Operational management of designated fleet vehicles
Medical related transport including patients, medical samples & documents
Transport of personnel
Transport of material & equipment including mail & courier services
Provide vehicle recovery services at designated locations
3.38 Utilities / Energy Management
Risks associated with the provision of Utilities / Energy Management.
Electricity
Gas
Water
Sewerage
3.39 Waste Management Services
Risks associated with the management of Waste Management Services.
Removal & disposal of waste from Defence establishments & water borne vessels
Sharps
Hazardous waste
Provision & maintenance of containers
Hygiene services
Explosive Ordnance waste collection
UNCLASSIFIED – INTERNAL USE ONLY
27
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
3.40 Base Support Operations / Base Planning & Coordination Services
Risks associated with Base Support Operations & Base Planning & Coordination Services.
Provide principle link between E&IG Product & Service Manager & Head of Resident Unit.
Preparation of base-wide Security & Emergency Management (EM) Plans
Facilitate the testing of (Security & Safety) incident response procedures
3.41 Estate Appraisal Risks associated with Estate Appraisal.
Undertake Estate Appraisal
3.42 Estate Program Services
Risks associated with the Estate Program Services.
Develop & manage program approvals
Develop maintenance projects
Activity planning & scheduling
Program planning & analysis
Program monitoring & review
Phasing of annual program budgets
Reporting & measurement of performance
Develop large Estate Maintenance projects or sub programs
3.43 Partner Engagement & Relationship Management Tool
Risks associated with the provision of the PERMT.
UNCLASSIFIED – INTERNAL USE ONLY
28
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes (PERMT)
3.44 Management Integration & Coordination of Base services
The Directorate of Base Services, Management, Integration & Coordination (DBSMIC) is responsible, on a national level, for ensuring the Estate Maintenance & Operations Services (EMOS) Contractors manage, integrate & coordinate Base Services on behalf of Defence in accordance with Commonwealth, State/Territory & Local Legislation, Regulations, Codes & Guidelines, Australian Standards & Defence Policy.
Management Integration Coordination
Base service Support Centre
Commercial Operations Woomera
Special Forces Training Facilities
3.45 Insurance Claims & Advice
The Defence Insurance Office provides management of the Department's insurance policy arrangements with Comcover & responds to meet customer requirements for insurance services.
Centrally manage all insurable claims.
Provide advice on insurance queries related to Comcover policy coverage.
Issue Comcover Certificates of Currency.
Provide insurance training & insurance education.
Manage Defence's insurance policy including the renewal process.
3.46 Publishing & Printing Provides a range of printing & finishing Business cards
UNCLASSIFIED – INTERNAL USE ONLY
29
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes Services services, both paper-based &
electronic. There are generally no costs associated with these services to Defence customers.
Defence diaries
Document formatting
Graphic design
Video production forms
Document templates
3.47 Travel Services Defence Travel facilitates a range of travel for ADF members, including student & recruit travel movements for Army, Navy & Air Force members traveling for training courses, exercises, postings, conditions of service leave, & discharge travel.
Recreational Leave
Reunion Leave
Remote locality Leave
Compassionate Leave
All Domestic Travel
4. Engineering Integrity
Risk events associated with infrastructure integrity and engineering activities.
ID Category Description Includes Excludes
4.1 Range Design and Compliance
Risks associated with live fire ranges ensuring regulatory compliance with range safety requirements
adequacy of the design and maintenance policy
maintenance - inadequate / inappropriate
training area management
UNCLASSIFIED – INTERNAL USE ONLY
30
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
incorrect application of, or disregard for, policies, manuals, strategies, guidelines, rules and regulations
inappropriate or ineffective control mechanisms
capability risks
data and information
4.2 Electrical Infrastructure
Risks associated with electrical infrastructure
adequacy of the design and maintenance policy
maintenance - inadequate / inappropriate
incorrect application of, or disregard for, policies, manuals, strategies, guidelines, rules and regulations
legislative compliance
inappropriate or ineffective control mechanisms
capability risks
data and information
4.3 Airfield Lighting
Risks associated with AGL adequacy of the design and maintenance policy
maintenance - inadequate / inappropriate
incorrect application of, or
UNCLASSIFIED – INTERNAL USE ONLY
31
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes disregard for, policies, manuals, strategies, guidelines, rules and regulations
legislative compliance
inappropriate or ineffective control mechanisms
capability risks
data and information
4.4 Aircraft Pavements
Risks associated with aircraft pavements
adequacy of the design and maintenance policy
maintenance - inadequate / inappropriate
incorrect application of, or disregard for, policies, manuals, strategies, guidelines, rules and regulations
legislative compliance
inappropriate or ineffective control mechanisms
capability risks
data and information
4.5 Fire Protection Engineering and Fire Safety
Risks associated with fire protection and fire safety
adequacy of the design and maintenance policy
maintenance - inadequate / inappropriate
incorrect application of, or
UNCLASSIFIED – INTERNAL USE ONLY
32
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes disregard for, policies, manuals, strategies, guidelines, rules and regulations
legislative compliance
inappropriate or ineffective control mechanisms
capability risks
data and information
4.6 Emergency Power Risks associated with emergency power
adequacy of the design and maintenance policy
maintenance - inadequate / inappropriate
incorrect application of, or disregard for, policies, manuals, strategies, guidelines, rules and regulations
legislative compliance
inappropriate or ineffective control mechanisms
capability risks
data and information
4.7 Mechanical Services Risks associated with mechanical services
adequacy of the design and maintenance policy
maintenance - inadequate / inappropriate
incorrect application of, or
UNCLASSIFIED – INTERNAL USE ONLY
33
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes disregard for, policies, manuals, strategies, guidelines, rules and regulations
legislative compliance
inappropriate or ineffective control mechanisms
capability risks
data and information
4.8 Electrical Services Risks associated with electrical services
400 hertz and 60 hertz
Hazardous Areas Electrical Installations
Explosives Areas Electrical Installations
adequacy of the design and maintenance policy
Maintenance - Inadequate / Inappropriate
incorrect application of, or disregard for, policies, manuals, strategies, guidelines, rules and regulations
legislative compliance
inappropriate or ineffective control mechanisms
capability risks
data and information
UNCLASSIFIED – INTERNAL USE ONLY
34
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
4.9 Other engineering services
Risks associated with engineering service
incorrect application of, or disregard for, policies, manuals, strategies, guidelines, rules and regulations
legislative compliance
inappropriate or ineffective control mechanisms
capability risks
data and information
5. Environment and Sustainability Management
Risk events associated with the management of environment and sustainability matters. These are risks to the environment posed by Defence activities.
ID Category Description Includes Excludes
5.1 Protected Species, Community or Wetland
Risks associated with deterioration, damage or loss of a protected species, community or wetland.
5.2 Degradation of Land and/or Vegetation Condition
Risks associated with degradation of land and/or vegetation condition.
Disturbance - Community
Disturbance - Explosion
Disturbance - Fire
Disturbance - Flood
Disturbance - Soil - Acid Sulphate
UNCLASSIFIED – INTERNAL USE ONLY
35
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
Disturbance - Soil - Clean
Disturbance - Soil - Contaminated
Disturbance - Soil - Saline
5.3 Established Pest, Weed, Disease
Risks associated with spread or increase of established pest, weed or disease.
Vertebrate pests (feral)
Invertebrate pests
Weeds
Animal diseases (including those with implications on human health)
Plant diseases
Marine pests and diseases
5.4 New Pest, Weed, Disease
5.4 New Pest, Weed, Disease
Risks associated with establishment of new pest, weed or disease.
Vertebrate pests (feral)
Invertebrate pests
Weeds
Animal diseases (including those with implications on human health)
Plant diseases
Marine pests and diseases
5.3 Established Pest, Weed, Disease
5.5 Excessive Resource Consumption
Risks associated with excessive resource consumption.
Electricity
Gas
Hydrocarbons
Water
Other goods
5.6 Bushfire Hazard Risks associated with bushfire hazard.
UNCLASSIFIED – INTERNAL USE ONLY
36
Defence SAP E&IG Risk Categories
ID Category Description Includes Exclude
5.9 Waste
s
5.7 Pollutant Discharge Risks associated with discharge of pollutant(s) to the environment. Includes accidental release, leaks and spills.
AFFF
Hazardous Materials
Asbestos
Hydrocarbons
Miscellaneous Materials (Chemicals, Liquids, Solids)
Paints
PCBs
Pesticides
Solvents
Water
Runoff – fertiliser, soil, stormwater
5.8 Noise or Dust Pollution Risks associated with noise or dust pollution.
Particulate matter
Smoke
5.9 Waste Risks associated with excessive waste production.
Green/organics
Hazardous Chemicals
Lead
Effluent
Hazardous liquid waste
Sewage
Washwater
Medical Waste
Obsolete Equipment/Machinery
Office
Paper
5.7 Pollutant Discharge
UNCLASSIFIED – INTERNAL USE ONLY
37
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
Plastic
Hazardous solid waste Industrial waste Inert waste Municipal waste Unexploded Ordnance
5.10 Indigenous Heritage Risks associated with deterioration, damage or loss of Indigenous heritage values.
5.11 Natural Heritage Risks associated with deterioration, damage or loss of natural heritage values.
5.12 Historic & Built Heritage Risks associated with deterioration, damage or loss of historic or built heritage values.
5.13 Contaminated Sites Risks associated with contaminated sites.
6. Special Interest
Risk events associated with special interest projects and assessments. These are risks to Defence posed by an activity.
ID Category Description Includes Excludes
6.1 Exploration Risks associated with mineral exploration assessments.
6.2 Mining Risks associated with mining application assessments.
UNCLASSIFIED – INTERNAL USE ONLY
38
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
6.3 Foreign Investment Review Board (FIRB)
Risks associated with Foreign Investment Review Board (FIRB) application assessments.
6.4 Native Title Risks associated with co-ordination of Defence Interests in Native Title Claims.
6.5 Offshore Petroleum Risks associated with exploration and/or development application assessments.
7. Commercial
Risk events associated with commercial considerations.
ID Category Description Includes Excludes
7.1 Procurement Risks associated with procurement and commercial considerations.
planning and preparation
product/service
procurement process
probity and ethics
transparency
policy and compliance
risk management
scope management
value for money
tendering
7.3 Industry Capacity & Supplier Viability
UNCLASSIFIED – INTERNAL USE ONLY
39
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
evaluating offers
tender selection
negotiation
market and supply-chain leverage
market maturity
Defence’s level of experience, market intelligence
level of market competition
security/secrecy
intellectual property
industrial relations
Indigenous business engagement
7.2 Contract Management Risks associated with contract management.
legal flaws
default
disputes
administration
scope management
intellectual property
third-party liabilities
timeframes
payments
terms and conditions
finance
audit
UNCLASSIFIED – INTERNAL USE ONLY
40
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
7.3 Industry Capacity & Supplier Viability
Risks associated with the quality or amount of resources in an industry, and the sustainability of suppliers.
workforce
factories
technological maturity
financial stability
economic stability
legal stability
management stability
8. Delivery
Risk events associated with project delivery, or producing defined outcomes within restricted timeframes, budgets and scope.
ID Category Description Includes Excludes
8.1 Project Management
8.1.1 Scope Risks associated with the ambiguity, instability or lack of clarity in the definition of the requirements.
poorly defined project scope
incomplete understanding of the project boundaries
scope creep
inadequate requirements or Need statement
poor alignment with Defence policy
susceptibility of needs to change
UNCLASSIFIED – INTERNAL USE ONLY
41
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
degree of flexibility of requirements
availability, reliability and maintainability – requirements and achievability
degree of confidence that requirements will achieve capability needs
8.1.2 Schedule Risks associated with certainty and flexibility in the delivery schedule.
approvals
milestones
decision dependencies
departmental approvals
government approvals
parliamentary approvals
delivery date confidence levels
schedule assumptions
complexity
critical path
committee decisions (see 2.1 Internal Stakeholders)
government or chain of command decisions (see 2.1 Internal Stakeholders)
8.1.3 Cost Risks associated with project specific costs.
scale of the investment (does amount create a financial risk if project is unrealised?)
budget contingency
available funds
degree of confidence in cost estimates
benchmarking and validation of cost estimates
8.1.4 Project Integration Risks associated with internal and external project interfaces and
current Defence and government capability
1.7 Business Integration
UNCLASSIFIED – INTERNAL USE ONLY
42
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes dependencies within the project’s scope.
internal/external dependencies (tasks, activities, resources, finance, preferences)
virtual or physical technical integration with other projects or systems
interfaces (number, complexity, management, criticality, roles and responsibilities)
security
ownership
fundamental inputs to capability - FICS (number, complexity, management, criticality, roles and responsibilities, costs, scoping/understanding)
8.1.5 Quality Risks associated with the assessment, control, communication and review of quality.
how well outcomes fit the requirements (fit for purpose)
how well outcomes meet expectations
quality assessment criteria and tolerance
quality assessment processes
planning
independence of quality assessment
degree of confidence (assurance)
compliance
UNCLASSIFIED – INTERNAL USE ONLY
43
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes
1.4 People & Workforce 8.1.6 Resources Risks associated with the resources required to complete objectives.
plant, equipment
materials
facilities
logistics
supply chain
support and test equipment
technical data, manuals/references
computer resources, software
business resource planning
1.8 Financial
8.1.7 Design Risks associated with the ambiguity, instability, inaccuracy, or lack of clarity in the design.
design errors
poorly defined design incomplete understanding of
the project boundaries scope creep poor alignment with Defence
policy susceptibility of needs to
change degree of flexibility of design availability, reliability and
maintainability – requirements and achievability
degree of confidence that design will achieve capability needs
8.2 Strategic Estate Risk Created for project prioritisation purposes (primarily for Estate Planning and the Estate Works Program Office in Service Delivery Division). The transport that copies
UNCLASSIFIED – INTERNAL USE ONLY
44
Defence SAP E&IG Risk Categories
ID Category Description Includes Excludes the risk scores back from GRC into PPM is hard coded in the Defence SAP configuration; hence the number and name of this risk category must not be changed. This risk category should not be used for any other sort of risk because it could interfere with the transport process.
9. Other
Risk events that do not have a logical allocation elsewhere in the risk category tree. Every effort must be afforded to allocating risks to a specific category before selecting this option, to ensure consistency of information and effective reporting.
10. Category Mapping
This table maps the Defence SAP risk categories to the equivalent categories used in other systems.
ID Defence SAP Risk Category Smart Buyer Framework CDMRT
1.1 Business Strategy
1.2 Technology Core Acquisition - Technology Technical Achievability
1.3 Operations and Business Process
UNCLASSIFIED – INTERNAL USE ONLY
45
Defence SAP E&IG Risk Categories
ID Defence SAP Risk Category Smart Buyer Framework CDMRT
1.4 People/Workforce Project Resources – Workforce
Capability Resources – Workforce
1.5 Policy Compliance – Defence & Service Regulations
1.6 Legislative Compliance Compliance – National & International Laws & Agreements
Compliance – WH&S and Environmental
1.7 Business Integration
1.8 Financial Core Acquisition – Financial
Core Sustainment – Financial
2.1 Internal Stakeholders Core Sustainment - Operational
2.2 External Stakeholders Core Acquisition – Strategic
Core Sustainment – Strategic
2.3 Communications
7.1 Procurement Core Acquisition – Commercial
Core Sustainment – Commercial
7.2 Contract Management
7.3 Industry Capacity and Supplier Viability Industry Capacity and Supplier Viability
8.1.1 Scope Core Acquisition – Requirements
Core Sustainment – In-Service
Project Definitions
UNCLASSIFIED – INTERNAL USE ONLY
46
Defence SAP E&IG Risk Categories
ID Defence SAP Risk Category Smart Buyer Framework CDMRT Requirements
8.1.2 Schedule Core Acquisition – Schedule Project Decisions and Deadlines
8.1.3 Cost Core Acquisition – Financial
Core Sustainment – Financial
8.1.4 Project Integration Core Acquisition – Project Integration
Core Acquisition – Defence Integration
Core Sustainment – FICS
Integration with Current Capability
Integration with Other Projects
Interdependency with Current Capability
Interdependency with Other Projects
8.1.5 Quality
8.1.6 Resources Project Resources
Capability Resources
8.1.7 Design
Core Sustainment – Obsolescence
First Principles Review