1、 IEC 62198 Edition 2.0 2013-11 INTERNATIONAL STANDARD NORME INTERNATIONALE Managing risk in projects Application guidelines Gestion des risques lis un projet Lignes directrices pour lapplication IEC62198:2013 colourinsideTHIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2013 IEC, Geneva, Switzerland
2、 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Committee in the country of t
3、he requester. If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. Droits de reproduction rservs. Sauf indication contraire, aucune
4、 partie de cette publication ne peut tre reproduite ni utilise sous quelque forme que ce soit et par aucun procd, lectronique ou mcanique, y compris la photocopie et les microfilms, sans laccord crit de la CEI ou du Comit national de la CEI du pays du demandeur. Si vous avez des questions sur le cop
5、yright de la CEI ou si vous dsirez obtenir des droits supplmentaires sur cette publication, utilisez les coordonnes ci-aprs ou contactez le Comit national de la CEI de votre pays de rsidence. IEC Central Office Tel.: +41 22 919 02 11 3, rue de Varemb Fax: +41 22 919 03 00 CH-1211 Geneva 20 infoiec.c
6、h Switzerland www.iec.ch About the IEC The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies. About IEC publications The technical content of IEC publications
7、is kept under constant review by the IEC. Please make sure that you have the latest edition, a corrigenda or an amendment might have been published. Useful links: IEC publications search - www.iec.ch/searchpub The advanced search enables you to find IEC publications by a variety of criteria (referen
8、ce number, text, technical committee,). It also gives information on projects, replaced and withdrawn publications. IEC Just Published - webstore.iec.ch/justpublished Stay up to date on all new IEC publications. Just Published details all new publications released. Available on-line and also once a
9、month by email. Electropedia - www.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing more than 30 000 terms and definitions in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical Vocabul
10、ary (IEV) on-line. Customer Service Centre - webstore.iec.ch/csc If you wish to give us your feedback on this publication or need further assistance, please contact the Customer Service Centre: csciec.ch. A propos de la CEI La Commission Electrotechnique Internationale (CEI) est la premire organisat
11、ion mondiale qui labore et publie des Normes internationales pour tout ce qui a trait llectricit, llectronique et aux technologies apparentes. A propos des publications CEI Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possdez ldition la plus rc
12、ente, un corrigendum ou amendement peut avoir t publi. Liens utiles: Recherche de publications CEI - www.iec.ch/searchpub La recherche avance vous permet de trouver des publications CEI en utilisant diffrents critres (numro de rfrence, texte, comit dtudes,). Elle donne aussi des informations sur les
13、 projets et les publications remplaces ou retires. Just Published CEI - webstore.iec.ch/justpublished Restez inform sur les nouvelles publications de la CEI. Just Published dtaille les nouvelles publications parues. Disponible en ligne et aussi une fois par mois par email. Electropedia - www.electro
14、pedia.org Le premier dictionnaire en ligne au monde de termes lectroniques et lectriques. Il contient plus de 30 000 termes et dfinitions en anglais et en franais, ainsi que les termes quivalents dans les langues additionnelles. Egalement appel Vocabulaire Electrotechnique International (VEI) en lig
15、ne. Service Clients - webstore.iec.ch/csc Si vous dsirez nous donner des commentaires sur cette publication ou si vous avez des questions contactez-nous: csciec.ch. IEC 62198 Edition 2.0 2013-11 INTERNATIONAL STANDARD NORME INTERNATIONALE Managing risk in projects Application guidelines Gestion des
16、risques lis un projet Lignes directrices pour lapplication INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION ELECTROTECHNIQUE INTERNATIONALE X ICS 03.100.01 PRICE CODE CODE PRIX ISBN 978-2-8322-1192-2 Registered trademark of the International Electrotechnical Commission Marque dpose de la Commiss
17、ion Electrotechnique Internationale Warning! Make sure that you obtained this publication from an authorized distributor. Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agr. colourinside 2 62198 IEC:2013 CONTENTS FOREWORD . 4 INTRODUCTION . 6 1 Scope 7 2
18、Normative references 7 3 Terms and definitions 7 4 Managing risks in projects . 9 5 Principles 11 6 Project risk management framework 12 6.1 General 12 6.2 Mandate and commitment 13 6.3 Design of the framework for managing project risk . 14 6.3.1 Understanding the project and its context . 14 6.3.2
19、Establishing the project risk management policy . 14 6.3.3 Accountability . 15 6.3.4 Integration into project management processes 16 6.3.5 Resources 16 6.3.6 Establishing internal project communication and reporting mechanisms . 16 6.3.7 Establishing external project communication and reporting mec
20、hanisms . 17 6.4 Implementing project risk management 17 6.4.1 Implementing the framework for managing project risk 17 6.4.2 Implementing the project risk management process 17 6.5 Monitoring and review of the project risk management framework 17 6.6 Continual improvement of the project risk managem
21、ent framework 18 7 Project risk management process 18 7.1 General 18 7.2 Communication and consultation 19 7.3 Establishing the context . 20 7.3.1 General 20 7.3.2 Establishing the external context 20 7.3.3 Establishing the internal context . 21 7.3.4 Establishing the context of the project risk man
22、agement process . 21 7.3.5 Defining risk criteria 22 7.3.6 Key elements 22 7.4 Risk assessment 23 7.4.1 General 23 7.4.2 Risk identification . 23 7.4.3 Risk analysis 24 7.4.4 Risk evaluation . 25 7.5 Risk treatment . 25 7.5.1 General 25 7.5.2 Selection of risk treatment options 25 7.5.3 Risk treatme
23、nt plans . 26 7.6 Monitoring and review 26 7.7 Recording and reporting the project risk management process . 27 62198 IEC:2013 3 7.7.1 Reporting 27 7.7.2 The project risk management plan 28 7.7.3 Documentation . 28 7.7.4 The project risk register 28 Annex A (informative) Examples 30 A.1 General 30 A
24、.2 Project risk management process 30 A.2.1 Stakeholder analysis (see 7.2) 30 A.2.2 External and internal context (see 7.3.4) 31 A.2.3 Risk management context (see 7.3.4) . 33 A.2.4 Risk management context for a power enhancement project . 33 A.2.5 Risk criteria (see 7.3.5). 34 A.2.6 Key elements (s
25、ee 7.3.6) 34 A.2.7 Risk analysis (see 7.4.3) . 36 A.2.8 Risk evaluation (see 7.4.4) . 40 A.2.9 Risk treatment (see 7.5) . 40 A.2.10 Risk register (see 7.4.2 and 7.7.4) 41 Bibliography 42 Figure 1 Principal stakeholders in a project 11 Figure 2 Relationship between the components of the framework for
26、 managing risk, adapted from ISO 31000 . 13 Figure 3 Project risk management process, adapted from ISO 31000 . 19 Figure A.1 Risk management scope for an open pit mine project . 34 Figure A.2 Distribution of costs using simulation 40 Table 1 Typical phases in a project 10 Table A.1 Stakeholders for
27、a government project . 30 Table A.2 Stakeholders and objectives for a ship upgrade . 31 Table A.3 Stakeholders and communication needs for a civil engineering project . 31 Table A.4 External context for an energy project 32 Table A.5 Internal context for a private sector infrastructure project . 33
28、Table A.6 Criteria for a high-technology project . 34 Table A.7 Key elements for a communications system project 35 Table A.8 Key elements and workshop planning guide for a defence project 36 Table A.9 Key elements for establishing a new health service organization 36 Table A.10 Example consequence
29、scale 37 Table A.11 Example likelihood scale 38 Table A.12 Example of a matrix for determining the level of risk 38 Table A.13 Example of priorities for attention . 40 Table A.14 Example of a treatment options worksheet . 41 Table A.15 Simple risk register structure 41 4 62198 IEC:2013 INTERNATIONAL
30、 ELECTROTECHNICAL COMMISSION _ MANAGING RISK IN PROJECTS APPLICATION GUIDELINES FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promo
31、te international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (
32、hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also
33、participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possibl
34、e, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While
35、 all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to
36、 apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation
37、 of conformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this
38、 publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indi
39、rect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for th
40、e correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International Standard IEC 62198 has been prepar
41、ed by IEC technical committee 56: Dependability. This second edition cancels and replaces the first edition, published in 2001, and constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) major restructure and rewri
42、te of the first version; b) now aligned with ISO 31000, Risk management Principles and guidelines. 62198 IEC:2013 5 The text of this standard is based on the following documents: FDIS Report on voting 56/1529/FDIS 56/1539/RVD Full information on the voting for the approval of this standard can be fo
43、und in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. The committee has decided that the contents of this publication will remain unchanged until the stability date indicated on the IEC web site under “http:/web
44、store.iec.ch“ in the data related to the specific publication. At this date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. IMPORTANT The colour inside logo on the cover page of this publication indicates that it contains colours which are considered to be
45、 useful for the correct understanding of its contents. Users should therefore print this document using a colour printer. 6 62198 IEC:2013 INTRODUCTION Every project involves uncertainty and risk. Project risks can be related to the objectives of the project itself or to the objectives of the assets
46、, products or services the project creates. This International Standard provides guidelines for managing risks in a project in a systematic and consistent way. Risk management includes the coordinated activities to direct and control an organization with regard to risk. ISO 31000, Risk management Pr
47、inciples and guidelines, describes the principles for effective risk management, the framework that provides the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout an organization and a process for manag
48、ing risk that can be applied to all types of risk in any organization. This standard shows how those general principles and guidelines apply to managing uncertainty in projects. This standard is relevant to individuals and organizations concerned with any or all phases in the life cycle of projects.
49、 It can also be applied to sub-projects and to sets of inter-related projects and programmes. The application of this standard needs to be tailored to each specific project. Therefore, it is considered inappropriate to impose a certification system for risk management practitioners. The guidance provided in this standard is not intended to override existing industry-specific standards, although the guidan
