7. Top Down Techniques DUE DILIGENCE ENGINEERS Two high level or top down techniques appear common: Vulnerability techniques derived from the military intelligence community and SWOT (Strengths, Weaknesses, Opportunities and Threats) from the commercial sector. Top Down Techniques DUE DILIGENCE ENGINEERS Augmented SWOT Process External / Internal Factors Opportunities Strategy Organisation Strengths Value Addeds Threats Weaknesses Vulnerabilities DUE DILIGENCE ENGINEERS Many risk decisions have simultaneous upside and downside risk elements. Market risk is an obvious form of business risk with both upside (speculative) and downside (pure) risk implications. Clinical and military risk decisions can also entail a mix of risk outcomes. Upside and Downside Risk DUE DILIGENCE ENGINEERS Project risk provides another interesting insight. In this case the upside risk is assumed in the proposal. The risk analysis generally focuses on those issues which will prevent the assumed upside benefits from being achieved. That is, it is a downside risk assessment process from an assumed upside risk position. Project Risk Decisions DUE DILIGENCE ENGINEERS The vulnerability assessment technique is used very widely to assess and propose appropriate solutions to risks that affect most organisations. This technique is used by military intelligence, strategic planners, public affairs risk analysts, project managers as well as risk engineers. Vulnerability Assessments DUE DILIGENCE ENGINEERS The central concept is to define the assets of the business and all the possible threats to them. The organisation’s Critical Success Factors can also be considered to be the organisation’s assets. Vulnerability Assessments DUE DILIGENCE ENGINEERS Vulnerability Assessments Asset Credible Threats Credible Vulnerabilities Protection Residual Vulnerabilities DUE DILIGENCE ENGINEERS The threats are then systematically matched against the assets to see which is vulnerable to each threat. Only the assessed vulnerabilities then have control efforts directed at them. This prevents the misapplication of resources to something that was really only a threat and not a vulnerability. Vulnerability Assessments DUE DILIGENCE ENGINEERS Public image and confidence Capability to perform an organisation’s function Physical resources and facilities Personnel resources Customer loyalty Assets (Critical Success Factors) DUE DILIGENCE ENGINEERS Smoke, fire, explosion Natural hazards (rain, snow, wind, earthquake etc.) Critical plant failure Failure of a major supplier Sabotage, acts of aggression Threats DUE DILIGENCE ENGINEERS Physical (e.g. buildings/fire, money/theft, equipment/ sabotage, product/contamination). Personal (e.g. injury/vehicle accident, ill health/ chemical exposure, well being/overtime). Notional (e.g. image/plant failure, confidence/currency losses, disruption to business/failure of supplier). Vulnerabilities DUE DILIGENCE ENGINEERS Risk Control (Design, Administration, Training) Risk Avoidance Risk Transfer Risk Acceptance Management Strategies DUE DILIGENCE ENGINEERS Lists are the most common way of establishing assets. For example, the Australian Risk Management Standard lists possible areas of impact as: a) Asset and resource base of the organisation, including personnel. b) Revenue and entitlements c) Costs of activities, both direct and indirect d) People e) Community f) Performance g) Timing and schedule of activities h) The environment i) Intangibles, such as reputation, goodwill, quality of life j) Organisational behaviour Assets DUE DILIGENCE ENGINEERS Dependency trees can also be used for such an assessment. Assets DUE DILIGENCE ENGINEERS Airline Dependency Tree Fare Paying Passengers Serviceable Aircraft Trained Aircrew Passengers Serviceable Airports Reservation Systems Passenger Terminals Trains, Taxis, Carparks Trained Operators Computers & Software DUE DILIGENCE ENGINEERS Threats Threats to Staff Assault Intimidation Harassment Discrimination Defamation Incidental injury (during robbery etc) Suborning of staff for fraud or collusive theft Threats to Cash Robbery Burglary Threats to Product Collusive Theft Pilferage Contamination Product Extortion DUE DILIGENCE ENGINEERS Threats Threats from Staff Pilferage Theft Fraud Malicious Damage Bomb Threat Threats of Production Interruption Bomb Threat Bomb "Hoax" Malicious Damage/Sabotage Picketing/Demonstrations/ Boycott Environmental Industrial Political DUE DILIGENCE ENGINEERS Threats Threats to Information Espionage Competitive Takeover Industrial Political Fraud Misappropriation Sabotage of data Threats to Company's Competitive Edge Industrial Espionage Defamation Rising costs due to security losses Threats to Staff Property Theft Malicious Damage Vandalism DUE DILIGENCE ENGINEERS Threats Threats to Company Reputation Contamination Pollution (eg, false whistle blowing) Scandal (eg, frauds, business or political) Threats to Treasury & Finance Credit squeezes Liquidity issues Customer payment defaults Exchange fluctuations Funding sources failure Interest rate fluctuations Military Threats Sniper fire Small arms fire Machine gun fire RPG or mortar attack Artillery attack Missile attack Biological / Chemical Thermonuclear Project 1. • Office building demolition and construction in Melbourne CBD • Footprint overlays three Melbourne Underground Rail Loop (MURL) tunnels • Basement carparks being constructed • VicTrack (MURL owner) asked for risk assessment of proposed construction method Why are we confident that we’ve identified all credible, critical safety issues? • Context • Systematic • Top-down • Completeness check • Identify points of loss of control • Emphasis on communicating findings Phase Threat scenarios Loss of control Consequence Scenarios Unloading of existing loads in vicinity of MURL Ground failure due to existing retention removal from existing basement Investigations Planned borehole/test pit location coincides with MURL location Undertaking borehole/test pit in location that could impact MURL Borehole/ test pit impacts on MURL Unloading of existing loads in vicinity of MURL Installation of piles in vicinity of MURL Alteration of groundwater conditions in vicinity of MURL Planned excavation/ pile location coincides with MURL location Undertaking excavation/ pile in location that could impact MURL Excavation/ pile impacts on MURL Excavation/ piling works in vicinity of MURL Excavation/ piling vibrations impact MURL Instability in MURL tunnel lining Settling of ground in vicinity of MURL due to new loads Transient loading in vicinity of MURL Large/heavy object falls over base slab in vicinity of MURL Large heavy object impact on base slab in vicinity of MURL Instability in MURL tunnel lining Super-structure construction in vicinity of MURL Ground-borne super-structure construction vibrations impact MURL Instability in MURL tunnel lining Changed stress in ground surrounding MURL tunnel lining Instability in MURL tunnel lining Construction Changed stress in ground surrounding MURL tunnel lining Demolition Instability in MURL tunnel lining Changed stress in ground surrounding MURL tunnel lining Instability in MURL tunnel lining Excavation and piling Phase Threat scenarios Loss of control Consequence Scenarios Ground failure due to existing retention removal from existing basement Unloading of existing loads in vicinity of MURL Unloading of existing loads in vicinity of MURL Installation of piles in vicinity of MURL Alteration of groundwater conditions in vicinity of MURL Settling of ground in vicinity of MURL due to new loads Transient loading in vicinity of MURL Investigations Planned borehole/test pit location coincides with MURL location Excavation and piling Planned excavation/ pile location coincides with MURL location Excavation and piling Excavation/ piling works in vicinity of MURL Construction Super-structure construction in vicinity of MURL Demolition Construction Instability in MURL tunnel lining Large heavy object impact on base slab in vicinity of MURL Large/heavy object falls over base slab in vicinity of MURL Instability in MURL tunnel lining Vibrations associated with CWPC impact MURL Excavation and piling Construction Instability in MURL tunnel lining Changed stress in ground surrounding MURL tunnel lining Direct physical impact on MURL Undertaking intrusive works in location that could impact MURL Demolition Undertaking intrusive works in location that could impact MURL Direct physical impact on MURL Pre-LOC Barriers Post-LOC Barriers Time Direct physical impact on MURL Threat Scenarios Loss of Control Consequence Scenario Work methods to monitor and identify potential impacts on services/MURL while undertaking intrusive works Notes: (1) Excavation and piling works are considered to include early works. Potential future barrier Existing barrier Planned excavation/ pile/ anchor location coincides with MURL location Investigations Excavation & Piling (1) Raft slab design and location planning minimises intrusive works Location planning of intrusive work avoids MURL area Planned borehole/test pit location coincides with MURL location Designated “no-go” areas on site for intrusive works DUE DILIGENCE ENGINEERS One of the most successful methods of obtaining consensus on the relative importance of vulnerabilities, characterising risk, establishing control options and creating an action list is to use an asset and threat matrix in a workshop with relevant managers. There are various possibilities but a common approach is a two-stage workshop. Vulnerability Assessment DUE DILIGENCE ENGINEERS Two+ Stage Workshop DUE DILIGENCE ENGINEERS One of the simplest ways to address this is to undertake a preliminary criticality analysis. Prior to the Stage 2 workshop, the assets and threats of concern to the organisation are developed into a matrix form. Criticality Assessment DUE DILIGENCE ENGINEERS A preliminary criticality determination is made using the values in the table below. Criticality Scoring System xxx xx x - va Critical potential vulnerability that must be (seen to be) addressed Moderate potential vulnerability Minor potential vulnerability No detectable change in risk Possible value adding DUE DILIGENCE ENGINEERS If this is well done then around 10% or so of the cells will have three x’s. This is the Pareto principle. Typically 80% to 90% of the risk comes from 10% to 20% of the vulnerabilities. Dealing with these 10 to 20% is the primary purpose of the analysis. Criticality Assessment DUE DILIGENCE ENGINEERS Sample Vulnerability Matrix ASSETS > THREATS Technical Failure Community Issues Political (change of government) Credit Squeeze Flood Reputation xx - x xxx x Operability xx - x xxx xxx Staﬀ xx xx x xx xx Project 2. • Operations of a heritage listed public building • Regular public events with large number of patrons • Board concern about how to show that continued operation was a reasonable business decision following technical engineering assessments Safety Vulnerability Matrix Patrons Service personnel Maintenance personnel Structure issues 1 Handrail failure xxx xxx xxx 2 Building/component structural failure xxx xxx xxx 3 Falling debris/plant/services/fixtures xxx xxx xxx Maintenance-specific 4 Fall from height - - xxx 5 Confined space impact - - xxx 6 Exposure to hazardous materials - - xx XXX Critical vulnerability (ie potential fatality) XX Moderate vulnerability X Minor vulnerability - No perceived vulnerability CRITICAL EXPOSED GROUPS >>>>> CREDIBLE THREAT SCENARIOS Earthquake loading structural reinforcement Operational procedures to limit point loading Operational procedures to limit loading conditions Load testing Loading greater than design loading/ confirmed capacity Pre-LOC Barriers Post-LOC Barriers Time Threat-barrier diagram: Initiating event: Excessive loading Threat Scenarios Loss of Control Overloading Consequence Scenario Earthquake To Structural instability TBD Live (distributed) loading Point loading New/significantly improved barrier Existing barrier DUE DILIGENCE ENGINEERS Criticality vs risk assessment DUE DILIGENCE ENGINEERS Risk Scoring DUE DILIGENCE ENGINEERS Risk Scoring DUE DILIGENCE ENGINEERS A risk characterisation matrix framework is a very common approach. It is described in Guidelines to the Risk Management standard (AS/NZS 4360:2004), now superseded. This appears to have been adapted from earlier military work (U.K. Ministry of Defence,1996 and U. S. Department of Defence, 2000, both revised versions of earlier standards). Risk Characterisation DUE DILIGENCE ENGINEERS Risk Scoring Systems DUE DILIGENCE ENGINEERS Use this slide for a main topic with yellow accents for important points 1984 US military standard MIL–STD–882B Appendix A 1984 DUE DILIGENCE ENGINEERS Use this slide for a main topic with yellow accents for important points Risk Charts Linear model Hyperbolic Logarithmic DUE DILIGENCE ENGINEERS Such a matrix can be greater or less than 5x5 on either scale. 7x5 is common for very large organisations and 4x3 or 2x2 for small projects. Other systems use a 1 to 5 category for both likelihood and consequence. Risk Presentation DUE DILIGENCE ENGINEERS 3 x 3 Consequences Likelihood Major Moderate Minor Likely Red Red Amber Possible Red Amber Green Unlikely Amber Green Green DUE DILIGENCE ENGINEERS 4 x 6 EN 50126:1999 Probability Description Insignificant Marginal Critical Catastrophic Frequent Likely to occur frequently, The hazard will be continually experienced Frequent Undesirable Intolerable Intolerable Intolerable Probable Will occur several times. The hazard can be expected to occur often Probable Tolerable Undesirable Intolerable Intolerable Occasional Likely to occur several times. The hazard can be expected to occur several times Occasional Tolerable Undesirable Undesirable Intolerable Remote Likely to occur sometime in the system life cycle. The hazard can reasonably expected to occur Remote Negligible Tolerable Undesirable Undesirable Improbable Unlikely to occur but possible. It can be assumed that the hazard may exceptionally occur Improbable Negligible Negligible Tolerable Tolerable Incredible Extremely unlikely to occur. It can be assumed that the hazard may not occur Incredible Negligible Negligible Negligible Negligible Severity Description Catastrophic Fatalities and/or multiple severe injuries and/or major damage to the environment Intolerable Critical Single fatality and/or severe injury and/or significant damage to the environment Undesirable Marginal Minor injury and/or significant threat to the environment Tolerable Insignificant Possible minor injury Negligible Shall be eliminated Shall only be accepted when risk reduction is impracticable Acceptable with adequate control Acceptable as is DUE DILIGENCE ENGINEERS 5 X 7 Characterisation for Government M H H VH VH M M H H VH L M H H H L L M M H L L M M H VH VH VH H H VH VH VH VH H Agency Department Cabinet CONSEQUENCE LIKELIHOOD DUE DILIGENCE ENGINEERS AS 4360:2004 Guideline DUE DILIGENCE ENGINEERS Ultimately there must be an enterprise view of how identified risk issues should be characterised. This is necessary when there are competing risk agendas and limited resources available. Enterprise Risk Profiling DUE DILIGENCE ENGINEERS For example, underwriting requirements, environmental issues, RCM requirements and OH&S issues can compete for scarce capital. How can an organisation come to grips with such issues without an overall top down risk framework? Silos DUE DILIGENCE ENGINEERS Silos Project Programmes Enterprise Risk Management Framework Confidently escalate credible, critical risk issues Confidently bury risk dross Lack of confidence region Organisational Confidence Engine Environmental Programme OH&S Programme Particular items incl aquisitions DUE DILIGENCE ENGINEERS Risk Presentation Systems DUE DILIGENCE ENGINEERS One simple method for developing the consequence values of the matrix is to consider a loss that would prove catastrophic to the organisation and stepping back in order of magnitude changes from catastrophic to noticeable. The table should reflect the full range of loss values, not just directly measurable items. Determining Risk Matrix Values DUE DILIGENCE ENGINEERS An example of a consequence table is shown the table below. The loss values can vary for different organisations. The critical aspect is the range of the consequences. This is different for different organisations. Determining Risk Matrix Values DUE DILIGENCE ENGINEERS Consequence Values DUE DILIGENCE ENGINEERS Typical Organisational Likelihood Values Almost Certain Once per year Likely Once in 10 years Some Chance Once in 100 years Unlikely Once in 1,000 years Rare Once in 10,000 years The use of combined logarithmic values for each scale provides for lines of constant risk. DUE DILIGENCE ENGINEERS Sample Risk Profile DUE DILIGENCE ENGINEERS Sample Residual Risk Profile Project 3. • Operation of a heritage listed road and pedestrian bridge in Fremantle • Essential road crossing for the river • Essential river passage • Very complex physical constraints Bridge 916—Navigation spans and Fender System Ship Channel Map Why are we confident that all reasonable measures are in place for all identified issues? • What are the practicable options? • Of these, what are the reasonable measures? Includes both initial and ongoing implementation Context • Vessel impact scenarios and related construction activities • Project phases • Geographic areas • Receptors of consequence scenarios • Also to be considered: • Bridge heritage requirements • Good practice requirements • Codes and standards • Similar structures Pier piles unable to bear load Loss of Control Threat-barrier diagram: Fremantle Traffic Bridge Time Pier piles unable to bear load Loss of Control Partial bridge collapse, loss of containment of utilities & impact on rail bridge Consequence Scenario Bridge structural instability (no collapse) Threat-barrier diagram: Fremantle Traffic Bridge Time Pier piles unable to bear load Loss of Control Partial bridge collapse, loss of containment of utilities & impact on rail bridge Consequence Scenario Bridge structural instability (no collapse) Threat-barrier diagram: Fremantle Traffic Bridge Threat Scenarios Vessel collision – direct impact Vessel collision – glancing blow Substructure deterioration (eg pile degradation due to Teredo) Vessel collision leading to oil leak and fire / gas leak and explosion Time Pier piles strength and redundancy incl ties Pier piles unable to bear load Loss of Control Partial bridge collapse, loss of containment of utilities & impact on rail bridge Consequence Scenario Bridge structural instability (no collapse) Threat-barrier diagram: Fremantle Traffic Bridge Threat Scenarios Vessel collision – direct impact Vessel collision – glancing blow Substructure deterioration (eg pile degradation due to Teredo) Vessel collision leading to oil leak and fire / gas leak and explosion Piles sleeves Proactive monitoring & maintenance program to identify and address degradation Pre-LOC Barriers Fender system Emergency repairs Emergency management procedures Time Marine operations procedures Potential barriers • Good practice – international review • Not just “engineering” structural reinforcement/ realignment measures • Elimination of all or some of the issues eg replacement of bridge or spans • Management measures for marine vessels to prevent impact eg vessel traffic service • Engineering options to mitigate vessel impact on bridge piers eg fender upgrade or replacement • Emergency response measures eg early warning system to detect bridge structural instability • Consequence mitigation measures eg road traffic restrictions, relocation of utilities Pier piles strength and redundancy incl ties Pier piles unable to bear load Loss of Control Partial bridge collapse, loss of containment of utilities & impact on rail bridge Consequence Scenario Bridge structural instability (no collapse) Threat-barrier diagram: Fremantle Traffic Bridge Threat Scenarios Vessel collision – direct impact Vessel collision – glancing blow Substructure deterioration (eg pile degradation due to Teredo) Vessel collision leading to oil leak and fire / gas leak and explosion Piles sleeves Proactive monitoring & maintenance program to identify and address degradation Pre-LOC Barriers Fender system Emergency repairs Emergency management procedures Time Marine operations procedures Pier piles strength and redundancy incl ties (and upgrade) Relocation of utilities Replace bridge or spans Piles sleeves Emergency repairs Emergency management procedures (and early warning system and response plan) Utilities fixings/ piping design flexibility Proactive monitoring & maintenance program to identify and address degradation(1) Pier piles unable to bear load Partial bridge collapse, loss of containment of utilities & impact on rail bridge(3) Pre-LOC Barriers Post-LOC Barriers Time Threat-barrier diagram: Fremantle Traffic Bridge Threat Scenarios Loss of Control Consequence Scenario Notes: (1) Including pile condition monitoring, bolt condition monitoring etc. (2) Fender upgrade options include pontoons, monopiles, fender strengthening and refurbishment, fender replacement, independent protective structures (piled dolphins, concrete caissons etc), cofferdam islands, island bunds around piers, and vessel guide systems. (3) With subsequent downstream utilities, marine, road and rail network impacts. Vessel collision – direct impact Bridge structural instability (no collapse)(3) Vessel collision – glancing blow Substructure deterioration (eg pile degradation due to Teredo) New/significantly improved barrier Existing barrier Vessel collision leading to oil leak and fire / gas leak and explosion Fender system (and upgrade)(2) Navigational aids Permanent road traffic restrictions Marine operations procedures Reasonable barriers • Review each identified option to develop suite of reasonable measures to take forward • Comprehensive stakeholder workshop to narrow options – road, rail and marine authorities, marine and rail operators, heritage authority, • Followed by final decision in project leadership group workshop Key points • Focus on implementation and maintenance of barriers • Ensure all decisions are made within the assessment framework, and all actions are tracked • Monitor and review, communicate and consult • Document Input Process Output Inspection and Maintenance Framework Record Issue Notification Form (maintenance and operation personnel) Engineering Observation Form Inspection and Maintenance Database (eg spreadsheet) Reporting (to management & Board) Maintenance system Trigger and Response Plan Work order (to maintenance personnel) Exis%ng Maintenance Program Training (maintenance and operations personnel) Material/Load Testing (one-off or periodic) Operations procedures (eg load limits) DUE DILIGENCE ENGINEERS Projects have an interesting conceptual risk profile. The upside risk position is assumed in the proposal. The risk analysis generally focuses on those issues which will prevent the assumed upside benefits from being achieved. That is, it is a downside risk assessment process from an assumed upside risk position. Again the vulnerability approach can be used as shown below. Project Due Diligence DUE DILIGENCE ENGINEERS Project Due Diligence Project Planning Construction Operations & MaintenanceConcept Scope reﬁnement Tendering Commissioning Project Risk Management Project Due Diligence Project Critical Success Factors DUE DILIGENCE ENGINEERS Project Due Diligence Construction Operations & MaintenanceConcept Scope reﬁnement Tendering Commissioning Project Risk Management Project Due Diligence Critical Success Factors Vulnerabilities Threats Preliminary costof-risk estimates Cost-of-risk estimates Cost-of-risk review DUE DILIGENCE ENGINEERS Limits to Monte Carlo Project Due Diligence Potential project show stoppers Project Risk Management Likelihood Consequence Promised project upside risk position DUE DILIGENCE ENGINEERS Silos DUE DILIGENCE ENGINEERS Two+ Stage Workshop DUE DILIGENCE ENGINEERS Project Due Diligence Process 2.0 Credible threats 5.2 Risk proﬁle 5.1 Residual risk proﬁle 5.2 Contingency sums 3.0 Credible vulnerabilities 1.0 Project critical success factors 6.0 Action list 5.0 Precautions / protection / controls 4.0 Criticality review 5.1 Risk assessment DUE DILIGENCE ENGINEERS Geographic Zones Water Distribu:on (From Robinson & Anderson (2000)) DUE DILIGENCE ENGINEERS Each of these sub-assets could then be examined for their vulnerability to each of the listed threats. All these approaches assume that the analyst has a clear view of what the business of the organisation actually is, something that is not always easily achieved. It is very difficult to undertake a risk analysis if the organisation concerned cannot clearly state its business at the outset. Geographic Zones DUE DILIGENCE ENGINEERS Gas Plant Dependence Diagram DUE DILIGENCE ENGINEERS Functional Vulnerability Critical Success Factors > Capital Site Technology Design / Builder Market Credible Threats Competitive x - x x Credit Squeeze xxx - - xx xxx Customer Default x - x - x Exchange Fluctuations xx - x - x Fraud xxx - - - x Funding Source Failure xxx - - - x Industrial x - xx - Interest Rate Change xx - - - Liquidity xx - - - Political x - - - Scandal xxx - - - Takeover v/a - xx - War xxx xxx - xxx xxx DUE DILIGENCE ENGINEERS Rock concert Highway projects More Examples DUE DILIGENCE ENGINEERS Spreadsheet Vulnerability Table DUE DILIGENCE ENGINEERS Spreadsheet Risk Register DUE DILIGENCE ENGINEERS Escalation Framework Board and Chief Executive Ofﬁcer General Manager A B C Corporate Risk Policy and Escalation Protocol consistent with ISO (AS) 31000 Project vulnerability table and risk register (criticality driven) (spreadsheet workbook) Project risk registers (by credible threat, that is, 10s not 100s) Risk Owner Functional (time sequence) and zonal vulnerability assessments Build Operations & MaintenanceConcept / Deﬁnition Detailed Design Project Due Diligence Critical Success Factors Vulnerabilities Threats Military Intelligence Threat & Vulnerability Project Risk Assessment Process D DUE DILIGENCE ENGINEERS Project characterisation DUE DILIGENCE ENGINEERS Risk Characterisation Likelihood 100% Show stopper -$3,000,000 -$1,000,000 -$300,000 -$100,000 $100,000 $300,000 $1,000,000 30% Show stopper -$900,000 -$300,000 -$90,000 -$30,000 $30,000 $90,000 $300,000 10% Show stopper -$300,000 -$100,000 -$30,000 -$10,000 $10,000 $30,000 $100,000 3% Show stopper -$90,000 -$30,000 -$9,000 -$3,000 $3,000 $9,000 $30,000 1% Show stopper -$30,000 -$10,000 -$3,000 -$1,000 $1,000 $3,000 $10,000 xxx xx x - -100% -30% -10% -3% -1% 1% 3% 10% Negative Consequences Positive consequences DUE DILIGENCE ENGINEERS If the project delays and costs can be usefully characterised then contingency sums and delays can be estimated. This can be simply done by calculating the loss expectancy of the residual risks and then summing these. Typical Consequence Values for a Project DUE DILIGENCE ENGINEERS For example, wet weather is estimated at a 50% chance of 6 days. The average wet weather loss expectancy is then 3 days for the project. Such an approach assumes that each risk being considered is discrete. That is, the loss events do not overlap. Typical Consequence Values for a Project DUE DILIGENCE ENGINEERS SWOT Characterisation - + + + - - + + + + + x x x x x x o Criticality - - - Vulnerabilities Value Addeds Likelihood Consequence Unviable Ugly Bad Good Outstanding DUE DILIGENCE ENGINEERS Project Risk Stages - + + + - - + + + + + x x x x x x o Criticality - - - Vulnerabilities Value Addeds Likelihood Consequence Unviable Ugly Bad Good Outstanding R2A Due Diligence Engineers R2A Pty Ltd Level 1 55 Hardware Lane Melbourne VIC 3000 Australia P +61 1300 772 333 F +61 3 9670 6360 E [email protected] W www.r2a.com.au ABN 66 115 818 338