PARBAT SIYANI CONSTRUCTION LIMITED

June 1st

2019
Integrated
Management
System

1st Parklands Avenue

Prabhatam House Quality System Procedure –
P.O. Box 10748 – 00100
Risk Management
Nairobi Kenya

Designation Signature Date

Prepared By : IMS Coordinator

Reviewed By : General Manager

Approved By : Director
PSCL/QSP/RISK/008

CIRCULATION LIST
Copy Number Copy Holder

1 Managing Director

2 Director

3 General Manager

4 IMS Coordinator

Issue date: 01 June 2019 Revision Status: 01 Page 2 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

AMENDMENT SHEET
Issues/ Subject of Reviewed by Authorized by Date
Revision Amendment
No. Name Sign Name Sign

01 Upgrade from ISO IMS Managing

18001:2007 to Coordinator Director
45001:2018

Issue date: 01 June 2019 Revision Status: 01 Page 3 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

MISSION STATEMENT
Parbat Siyani Construction Ltd. is an experienced General Building and Civil Engineering contractor
dedicated to Quality Construction and efficient management of resources. Our track record of major
projects - including new constructions, renovations and restorations - has earned us a reputation for
being creative, technologically advanced and extremely responsive to our clients.

Our two greatest assets are our staff and our integrity. Parbat Siyani Construction Ltd. employees
are experienced, well-educated professionals. Our competitive advantage stems from the atmosphere
of mutual trust and respect that permeates our company. The care and concern that we have for our
employees and subcontractors greatly enhance our ability to deliver quality projects on time and within
budget.

Above all, we are dedicated to our clients and their projects. In addition, we are committed to
community service, as a company and as individuals.

VISION STATEMENT
Parbat Siyani Construction Limited visualizes being one of the innovative, entrepreneurial and
empowered team in the “Construction Industry” creating value and attaining global benchmarks.

Parbat Siyani Construction Limited has witnessed substantial and consistent growth in the past few
years and we envision further success and growth in the coming years.

Issue date: 01 June 2019 Revision Status: 01 Page 4 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

INTEGRATED MANAGEMENT SYSTEM POLICY STATEMENT

Parbat Siyani Construction Limited (PSCL) is committed on developing and maintaining an integrated
system of Quality, Environment, Occupational Health & Safety based on ISO 9001:2015, ISO
14001:2015 and ISO 45001:2018.

We commit to:

• Meet all applicable statutory and regulatory requirements related to Safety, Occupational
Health, Environment and Quality.
• Construct buildings and do civil projects that meet and exceed our customer’s expectation as
well as our claims.
• Adhere to compliance requirements by the building and construction standards in regard to
Quality, Environment, Health and Safety.
• Create and sustain a SAFE working place for our Employees, Contractors and all other
Stakeholders plus conduct our operations in a SAFE and ENVIRONMENTALLY sound manner.
To achieve, sustain and align the above, we will:

• Develop and adhere to our work processes, surpass and constantly review our business plans,
key objectives and metrics.
• Maintain a culture of continual improvement by regularly assessing the effectiveness of the
IMS system through regular objectives reviews, internal audit activities and management
reviews.
• Create awareness and conduct training on the policy and relevant IMS matters for our
employees.
• Review IMS policy in line with our operations.

The PSCL Management Team and Employees are committed to contribute towards the realization of
our IMS management systems.

Issue date: 01 June 2019 Revision Status: 01 Page 5 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

CORE VALUES
Since its incorporation, Parbat Siyani Construction Limited has been governed by its core values. They
shape the culture and define the character of our company. They guide how we behave and make
decisions.
Thinking Ahead: Fulfilling our responsibility of building a better and stronger company for upcoming
generations, protecting the PSCL trademark, meeting our commitments to stakeholders, acting with a
vendor approach, developing our people and helping improve societies and the global environment

Bold & Confident: We’re undaunted by tough challenges. While we’re realistic about what is possible,
we’re optimistic about seizing opportunities. We have the courage to say what we think is right, the
integrity to stick to our principles and the tenacity to see it through.

Client Value Creation: We’re practical, and committed to making things happen. And we build clients’
capabilities through collaboration and creating long-term relationships by being responsive and
relevant and by consistently delivering value. Our primary mission is to deliver essential advantage to
our clients. We do so by building teams of outstanding strategists and technologists, creative problem
solvers, and innovative achievers.

One Network: We bring the best people together to work in teams. The teams are diverse in their
disciplines and cultures and teams who’ll go wherever they are needed to create and deliver essential
advantage.

Our Business Philosophy: We value exceptional contributions from each person in our firm. We believe
that the best, most effective teams reflect diverse backgrounds, ideas and perspectives. Our
programs ensure each employee reaches his or her potential.

Issue date: 01 June 2019 Revision Status: 01 Page 6 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

TABLE OF CONTENTS

CIRCULATION LIST ....................................................................................................................................................... 2

AMENDMENT SHEET ..................................................................................................................................................... 3
MISSION STATEMENT ................................................................................................................................................ 4
VISION STATEMENT .................................................................................................................................................... 4
INTEGRATED MANAGEMENT SYSTEM POLICY STATEMENT ..................................................................... 5
CORE VALUES.................................................................................................................................................................... 6
1 GENERAL ..................................................................................................................................................................... 8
1.1 Purpose ................................................................................................................................................................. 8
1.2 Scope .................................................................................................................................................................... 8
1.3 Terms and Definitions..................................................................................................................................... 8
1.4 Cross References............................................................................................................................................. 11
1.5 Ownership ......................................................................................................................................................... 12
1.6 Distribution ...................................................................................................................................................... 12
2 PROCESSES.............................................................................................................................................................. 13
2.1 Description of Procedures ........................................................................................................................... 13
2.2 Procedure for Risk Identification and Management ........................................................................... 14
2.2.1 Process Mapping for Risk Identification and Management....................................................... 14

2.2.2 Main Steps for Risk Identification and Management................................................................. 15

2.2.3 Responsibility Matrix for Risk Identification and Management ............................................. 16

3 DOCUMENTED INFORMATION GENERATED............................................................................................ 17

4 FILING....................................................................................................................................................................... 17
5 ATTACHMENTS ..................................................................................................................................................... 18
5.1 Risk Rating and Evaluation Criteria ........................................................................................................... 18

Issue date: 01 June 2019 Revision Status: 01 Page 7 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

1 GENERAL

1.1 Purpose
The purpose of this procedure is to identify internal and external contexts of risks and
opportunities at Parbat Siyani Construction Ltd operations and includes risk countermeasures
such as aversion, reduction and acceptance. The procedure also sets up comprehensive risk and
opportunity management measures by identifying of internal controls and evaluating the
effectiveness of the measures.

1.2 Scope
This procedure applies to all Parbat Siyani Construction Ltd processes as a basis for risk and
opportunity identification and control.

1.3 Terms and Definitions

PSCL – Parbat Siyani Construction Ltd.
IMS – Integrated Management system
SOP – Standard Operating Procedure
ISP – Integrated Systems Procedure
QSP – Quality System Procedure
CDI – Control of Documented Information
ERP - Enterprise Resource Planning system
EMS - Environmental Management System
OHSMS - Occupational Health and Safety Management System
ISO – International Organization for Standardization
CARF - Corrective Action Request Form.
HOD – Head of Department
Risk - This term shall refer to the effect of uncertainty
Controlled Document Information

The document that is subjected to update amendments or change by the IMS Coordinator
whenever there is a revision to the document

Uncertainty

This term shall refer to (or lack of certainty) a state or condition that involves a deficiency of
information and leads to inadequate or incomplete knowledge or understanding. In the context of
risk management, uncertainty exists whenever the knowledge or understanding of an event,
Issue date: 01 June 2019 Revision Status: 01 Page 8 of 18
Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

consequence, or likelihood is inadequate or incomplete.

Risk Management

This term shall refer to a coordinated set of activities and methods that is used to direct an
organization and to control the many risks that can affect its ability to achieve objectives.

Risk Management Plan

This term shall refer to how an organization intends to manage risk. It describes the management
components, the approach, and the resources that will be used to manage risk. Typical management
components include procedures, practices, responsibilities, and activities (including their
sequence and timing).

External Context

This term shall refer to all of the external parameters and factors that influence how an
organization manages risk and tries to achieve its objectives

Internal Context

This term shall refer to all of the internal parameters and factors that influence how an
organization manages risk and tries to achieve its objectives.

Risk Identification

This term shall refer to a process that involves finding, recognizing, and describing the risks that
could affect the achievement of an organization’s objectives. It is used to identify possible
sources of risk in addition to the events and circumstances that could affect the achievement of
objectives. It also includes the identification of possible causes and potential consequences.

Risk Severity

This term shall refer to the severity of its effects after the occurrence of risk.

The Risk Frequency

This term shall refer to the frequency of the occurrence or risk probability.

Risk Factor or Risk Rating

This term shall refer to multiplying “Likelihood” by the “Severity”. (Risk severity or impact) X
(risk likelihood or probability)

Consequence

This term shall refer to the outcome of an event and has an effect on objectives. A single event
can generate a range of consequences which can have both positive and negative effects on
objectives. Initial consequences can also escalate through knock-on effects.
Issue date: 01 June 2019 Revision Status: 01 Page 9 of 18
Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

Likelihood

This term shall refer to the chance that something might happen. Likelihood can be defined,
determined, or measured objectively or subjectively and can be expressed either qualitatively or
quantitatively (using mathematics).

Control

This term shall refer to any measure or action that modifies risk. Controls include any policy,
procedure, practice, process, technology, technique, method, or device that modifies or manages
risk. Risk treatments become controls, or modify existing controls, once they have been
implemented.

Risk Treatment

This term shall refer to a risk modification process. It involves selecting and implementing one or
more treatment options. Once a treatment has been implemented, it becomes a control or it
modifies existing controls. Treatment options can be avoiding the risk, reduce the risk, remove
the source of the risk, modify the consequences, change the probabilities, share the risk with
others, retain the risk, and increase the risk in order to pursue an opportunity.

Risk Evaluation

This term shall refer to a process that is used to compare risk analysis results with risk criteria
in order to determine whether or not a specified level of risk is acceptable or tolerable.

Risk Criteria

This term shall refer to the significance or importance of an organization's risks

Residual Risk

This term shall refer to the risk remaining after implementation of a risk treatment option.

Monitoring

This term shall refer to a means to supervise and to continually check and critically observe. It
means to determine the current status and to assess whether or not required or expected
performance levels are actually being achieved.

Review

This term shall refer to activities carried out in order to determine whether something is a
suitable, adequate, and effective way of achieving established objectives.

Opportunity

This term shall refer to positive risk which can be converted to cause a positive outcome or have

Issue date: 01 June 2019 Revision Status: 01 Page 10 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

a desirable outcome

Management Review:

The continual review of the Integrated Management System by management to make sure
the Integrated Management System remains suitable and effective.

Quality:

The totality of features and characteristics of a service that bear on its ability to satisfy stated
or implied needs of the stakeholders.

Integrated Management System:

PSCL structure, responsibilities, procedures, processes and resources for implementing

Integrated Management System

IMS Coordinator

Individual appointed with responsibility and authority to ensure the processes needed for the
integrated management system are established, implemented and maintained.

1.4 Cross References

• International Organization for Standardization Quality Management Systems –

Requirements ISO 9001:2015 clause 6.1

• ISO 31000: 2009 Risk Management

• Integrated Management System Manual – PSCL/IMS/ISM/001

• Integrated System Procedure for Control of Documented Information - PSCL

/ISP/CDI/002

• Integrated System Procedure for Management Review Meeting - PSCL /ISP

/MRM/003

• Integrated System Procedure for Internal Audits - PSCL /ISP/IA/004

• Integrated System Procedure for Non-conforming Output - PSCL/ISP/NCO/005

• Integrated System Procedure for Corrective and Preventive action -

PSCL/ISP/CA&PA/006

Issue date: 01 June 2019 Revision Status: 01 Page 11 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

• Departmental Standard Operating Procedures.

1.5 Ownership
Director: responsible for providing risk management resources required including necessary
training, and information acquisition, confirm risk acceptance criteria, and keep risk and
opportunity management review according to established review cycle.
IMS Coordinator: responsible for maintaining risk and opportunity countermeasure and control
program, organize risk and opportunity review according to this document required review cycle,
and implement follow up of the measures performance taken during risk and opportunity review,
and follow up effectiveness.
Each department: responsible for own department risk and opportunity evaluation, and make
corresponding measures on the risk and to implement them.

1.6 Distribution
This procedure is distributed as per the circulation list and it available in the authority server
under \\MAYURESH\ISO\ as controlled document as a ‘’read only’’ document.

Issue date: 01 June 2019 Revision Status: 01 Page 12 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

2 PROCESSES

2.1 Description of Procedures

Risk Identification &

Management

Risk
Risk Rating Risk Control Risk Monitoring
Identification

Issue date: 01 June 2019 Revision Status: 01 Page 13 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

2.2 Procedure for Risk Identification and Management

2.2.1 Process Mapping for Risk Identification and Management

Process Map for Risk Identification and Management

IMS Coordinator Director Department

Risk
Acceptance
Start
Criteria

Identify
Draft risk
Develop risk internal and
evaluation
evaluation external risks
criteria
criteria and
opportunities

Identify
possible trigger
Review risk or cause
evaluation
criteria and Identify the
establish consequences
acceptance of the risks
criteria

Identify and
document
control
Review report measures
at Management
Meeting
Determine
likelihood and
impact of risk

Additional
resources Determine risk
required? and risk level

YES
Risk
reduction
necessary?
Avail reosurces NO

YES
Implement,
document and
verify
additional
controls
NO

Residual
risks
acceptable?
NO
YES
YES Monitor and
periodically
review

Prepare risk Re-

management NO assessment
review report necessary?

Issue date: 01 June 2019 Revision Status: 01 Page 14 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

2.2.2 Main Steps for Risk Identification and Management

2.2.2.1. The IMS Coordinator shall develop a risk evaluation criteria as the basis for establishing a
risk acceptance criteria and shall get approval from the Director.
2.2.2.2. The Director shall review the risk evaluation criteria and establish an acceptance criteria
which shall be shared with the departments.
2.2.2.3. Each department shall establish a risk list by identifying risks from their departmental
processes. The operations department shall be responsible for identifying risk regarding
delivery of services (External Context).
2.2.2.4. The department shall identify the trigger/causes of the risks and the consequences of each
risk identified and then document them.
2.2.2.5. The departments shall document the existing control measures for the risks identified,
further determine the likelihood and impact or severity of the risk and the risk level as
described in attachment 5.1. The risk level shall be evaluated against the acceptance criteria
and a decision taken on whether reduction in risk is required or not.

2.2.2.6. The department shall apply additional controls where reduction of the risk required and shall
evaluate the risk level after implementation of the additional controls to determine the
residual risk. If acceptable, the department will monitor periodically and prepare reports
for management review. Where re-assessment is necessary a new risk criteria shall be
developed and approved.
2.2.2.7. The Director shall avail required resources for risk reduction should it happen.

Issue date: 01 June 2019 Revision Status: 01 Page 15 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

2.2.3 Responsibility Matrix for Risk Identification and Management

Activity 1 2 3 Documented Information
Generated

Develop risk evaluation criteria x Risk evaluation criteria

Approve evaluation criteria and establish x Acceptance criteria

acceptance criteria

Establish internal & external risks and x Risk list

opportunities

Determine likelihood and impact of risks x Risk rating

Determine risk level x Risk level chart

Monitor and periodically review risks x Risk log review reports

Prepare risk management review report x Risk management report

Key

1. IMS Coordinator
2. Director
3. Department

Issue date: 01 June 2019 Revision Status: 01 Page 16 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

3 DOCUMENTED INFORMATION GENERATED

The IMS Coordinator shall ensure that documented information is maintained in accordance with
international standard requirements.

Ref: Integrated System Procedure for Control of Documented Information – PSCL/ISP/CDI/002

Name of documents Reference Number Revision Issue Date Retention

Status Period

Risk Evaluation Criteria N/A N/A N/A 3 Years

Risk acceptance criteria N/A N/A N/A 3 Years

Risk log review reports N/A N/A N/A 3 Years

Risk management report N/A N/A N/A 3 Years

4 FILING
This procedure shall be filed according to the Integrated System Procedure for Control of
Documented Information – PSCL/ISP/CDI/002

Issue date: 01 June 2019 Revision Status: 01 Page 17 of 18

Quality System Procedure for Risk Management
PSCL/QSP/RISK/008

5 ATTACHMENTS

5.1 Risk Rating and Evaluation Criteria

4 X4 Risk Matrix
Probability
1 2 3 4 KEY Risk Level

4 4 8 12 16 1_4 Low

ct 3 3 6 9 12 5_8 Medium
pa
Im 2 2 4 6 8 9_12 High
1 1 2 3 4 13_16 Very High

a) Probability:
1 Low: Minimal chance of the risk to occur
2 Medium: Even chances of the risk to occur
3 High: Certain Chance that the risk will occur
4 Very High: Inevitable Chances that the risk will occur

b) Impact
1 Low: The effect is insignificant
2 Medium: The risk has effect of manageable magnitude
3 High: The risk has significant effect
4 Very High: The risk has catastrophic effect

a) Risk Level/ Rating

Low: Risk is insignificant
Medium: Risk is manageable
High: The risk has significant effect
Very High: The risk has catastrophic effect

Issue date: 01 June 2019 Revision Status: 01 Page 18 of 18

Quality System Procedure for Risk Management