RISK MANAGEMENT OF ME

PROJECT
MANARA COMPANY

PREPARED BY \ HAZEM ELSHTEWI

REG NUM \ 11313017
SUPERVISED BY \ DR.SABER ELMABROUK
SPRING 2014
 EPM 605 Risk Management

Contents

Contents........................................................................................... 1
Introduction .................................................................................... 2
Abstract............................................................................................ 4
Risk Management Introduction ..................................................... 4
Risk Management Process Phases.................................................. 6
MANARA Expansion Project Risk Management ....................... 15
Risk Matrix .................................................................................... 20
Conclusions ................................................................................... 21
References ..................................................................................... 22

P a g e 1 | 22
EPM 605 Risk Management

Introduction
The efforts of launching MANARA Company was started in the
late of 2012 by pushing the government to give the license to the
private sector instead of making the internet service provider
(ISP) license just for the public sector (LTT), and there was some
difficulties in getting the license from the ministry of
Telecommunications but after so much struggling Manara
Company had the license of the ISP and it was the first private
ISP in Libya which was launched in February 2013 with all
Libyan staff.

MANARA has focused on providing the internet service to the

companies inside Tripoli and started with only one Wireless Site,
and one wired site in Bareed Share3 Alzawiya for fiber
connection.

Nowadays MANARA has covered the whole Tripoli and can

provide the internet access to the companies from almost 12 sites
(wireless and wired) and the boundaries of the coverage are
(Tajora from the East, Janzour from the West, Treg Almatar from
the South and Hay Alandalus and Gergaresh from the north).
Besides Tripoli, we have covered Nalout.

Since MANARA has been successful during the last period in

providing internet access with a reliable connection and with the

P a g e 2 | 22
EPM 605 Risk Management

good support and reporting system that gave a good customer

satisfaction.

MANARA has started planning to the NEW PROJECT to provide

the internet access to the citizens besides the companies as the
next phase, and we will start with Tripoli first, then we will be
heading for other cities as the next phase of the project.

The PRORJECT target is to provide the internet access to the

following areas:

Tripoli

Nafusa
Mountains Al-Zawia
cities

Sabha Misrata

P a g e 3 | 22
EPM 605 Risk Management

Abstract
In this report the risk management process of the ME project
will be described, firstly the project Major Categories, plan and
procedures of implementation that will affect the whole project
if it was exposed to risk will be described.

After that the main steps of risk management in general will be

clarified, then the risk table will be filled pointing out the impact
and its degree and the steps required to control those risks.

Risk Management Introduction

ore, in absolutely
general terms, it must address the problem of protecting itself
against events that can place the pursuit of this fundamental

intermediate objectives). Risks, which are unders

negative evolution, to which every organization is exposed in

carrying out its business.

For a long period of time, companies faced different types of risks

in a specific and unconnected manner; today, instead, there are

P a g e 4 | 22
EPM 605 Risk Management

provides reasonable defense against the possible verification of

harmful events.

Risk Ma
that are integrated within the wider context of a company
organization, which are directed toward assessing and measuring
possible risk situations as well as elaborating the strategies
necessary for

Obviously, Risk Management can be targeted toward all or only

areas of possible uncertainty that affect the life of a company.

Company risks are normally classified within three large

categories:

Risks inherent to the external context (e.g.: emergence of

unfavorable laws and/or regulations; negative changes to market
conditions; technological innovations that favors competitors;
etc.); risks inherent to operative Each of these risks may lead to
direct and/or indirect damage to the organization, with economic
implications that may also be considerable in the short, medium
and long term.

From this point of view, therefore, the attention given to Risk

Management, in terms of the quality and quantity of allocated
resources, must be congruent, not only with the type of
considered risk, Fundamentals of Risk Management but also with

P a g e 5 | 22
EPM 605 Risk Management

the concept of the probability with which a potential negative

event could occur and the seriousness of its consequences.

A complete management of risks aims to protect, from all points

of view: not only the value already created by the organization;
but also its future opportunities, favoring secure growth.
Choices for correct risk management can widely differ from
company to company, depending on the external and internal
context in which the company works, for which the concept of a

Risk Management Process Phases

As risks are, due to their nature, strongly connected, they cannot
be managed in a fragmented manner by independent functions
and/or departments, but a dedicated process is necessary that, as
such, requires a structure, an organization and communication
mechanisms.

Traditionally, the phases of a Risk Management process are as

follows:

1) Context definition
2) Risk identification
3) Risk assessment

P a g e 6 | 22
EPM 605 Risk Management

4) Risk treatment
5) Communication
6) Planning
7) Checking and supervision
8) Process review

To be effective, each of these phases as previously mentioned,

must be fully integrated within the wider scope of the company
organization and projects.

Context definition
Context definition implies:

identifying the areas of risk that must be considered, due to

the specific combination of market, product/service,
manufacturing/supply process as well as external references
(institutions, suppliers, banks, unions, etc.);
Congruently defining an identification and assessment
activity schedule; organizing the necessary resources,
starting by defining duties and responsibilities.

In this phase, therefore, the limits of the approach are recorded

and the base for the development of the operative system is
created, having a fundamental concept as reference criteria,

P a g e 7 | 22
EPM 605 Risk Management

which is the knowledge that: potential risks can involve the

organization on all levels; the most negative consequences do not
necessary refer to risks attributable to the short-sighted behavior
of those who occupy upper management positions.

Risk identification
The next phase, which is related to identifying potential risks and
their description, must be confronted by analyzing all possible
sources of risk (such as, for example: the positions of the
stakeholders, market changes, manufacturing errors or work
accidents, etc.), within the areas of risk that were taken into
consideration when defining the context.

The process of identifying potential risks must, in any case, work

for the type of organization and, therefore, for the type of
product/service offered and the type of market in which the
organization itself operates; it normally refers to:

The objectives, which the organization has set for itself;

The scenarios, which the organization may find it must face
in carrying out its business;
The procedures or practice, which the organization adopts
for management and operational purposes.

Potential risks do not generally represent an effective risk if the

organization does not have, in reference and at the same time, a
specific weakness. This concept, which is based on the modern
P a g e 8 | 22
EPM 605 Risk Management

approach of Risk Management, therefore foresees the creation of

concerning the areas of risk being considered, over which the

corresponding list of the sources of risk must be critically
superimposed.

Effective risk identification finally requires the support of

reasonable confirmations, objective if possible, regarding the
correctness of the analysis. These confirmations may be:

Of a direct experimental nature (the event has already

occurred)
Of an indirect experimental nature (the event has already
occurred in a similar situation)
Of a deductive nature (the cause effect relationships make
the event appear probable).

organization (by context and vulnerability), to which the

subsequent actions refer.

Risk assessment
When the risks have been identified, they must be assessed (Risk
Assessment) based on:

The probability that the negative event will occur;

P a g e 9 | 22
EPM 605 Risk Management

The seriousness of the direct or indirect consequences of the

event itself.

This assessment can be more or less simple, based upon the

specific situation, as what is relevant for the purpose is the
availability of usable statistical data as well as validated analysis
procedures.

The statistical data (usable) and the analysis procedures

(validated) can only be acquired from similar (or apparently
similar) situations if done in an extremely prudent manner and
only after having verified the transferability of the conditions
concerning both the sources of risk and vulnerability.

From the above, in conclusion, it results that the risk assessment

process generally follows paths of analysis within an organization
that, in reference to:

The likelihood of an event, refer to the potentiality of the

relative risk source, the extent of the specific possible
vulnerability and the level of effectiveness of the pre-
existing control and reaction instruments;
The seriousness of the consequences also refers, in addition
to the type and extent of the damage, to the involved
objectives (in a decreasing order of importance: the mission,
the structure, the organization and operations).

P a g e 10 | 22
EPM 605 Risk Management

Each potential risk must, however, be perceived with greater or

less intensity, with regard to the real risk content, based upon the

especially when there are specific sensibilities. Therefore, the

assessment process requires a constant engagement directed
toward the objectivity of the judgments, in fact, if the risks are
assessed in an irrational manner and their corresponding priority
is assigned in an improper manner, there could be a lack of
coverage and/or defense and useful resources could be wasted
that, if better applied, could lead to more effective management.

prepared that
created in the previous phase.

Risk treatment
The treatment of the potential risks (Risk Treatment) is the phase
in which the decision making processes become particularly
important. It includes, either alternatively or in combination, one
or more of the following conditions:

The transfer of the risk;

The exclusion of the risk;
The reduction of the risk;
The acceptance of the risk or an amount of the risk.

P a g e 11 | 22
EPM 605 Risk Management

The selection of one or more of the previous conditions largely

possibility to confront both of these contexts) and must be based

on a cost-benefit analysis that is as quantitative as possible in
reference to the short, medium and long-term period.

Risk transfer
This condition foresees the persuasion of another party to accept
the risk, through a contract. This is a typical case that concerns
insurance companies, which is applied often when possible (for
example, liabilities of a criminal nature cannot be transferred)
even if at times it is done in a general manner and not, rather, in
function of the specific organization (tailored covering).

Risk exclusion
This condition foresees the non-execution of the activity that
involves a risk that cannot be transferred and/or is considered to
be unacceptable. Naturally, the result is a loss of opportunity that
the activity at risk would have represented in any case.

P a g e 12 | 22
EPM 605 Risk Management

Risk reduction
This condition involves the adoption of managerial, technological
and behavioral actions that lower the probability of risk and/or
the seriousness of the possible consequences. The persistence of
residual risk is often, in any case, unavoidable both for reasons
inherent to the context (institutional, managerial, technological,
etc.) in which the organization operates, as well as for the possible
simplifications and/or omissions of the analysis.

Acceptance of an amount of the risk

All risks (or amounts of risk) that are not transferred and not
excluded are, as a result, accepted. The conscious acceptance of
residual risk occurs, in general, when at least one of the following
conditions applies:

Sufficiently low probability of the event;

Consequences of the event are proportionally of little
relevance;
Great benefits if successful.
The risk (or the amount of risk) that is accepted must
subsequently be controlled in agreement with what is
foreseen by the following paragraph.

Planning
Planning defines the risk control methods, that is:

P a g e 13 | 22
EPM 605 Risk Management

The acquisition, interpretation, sending and/or storing of

incoming data for the control process;
The appropriate level and localization for the decisions and
actions connected to each type and condition of risk;
The operative procedures and/or practice;
The control instruments;
The acquisition, interpretation, sending and/or storing of
output data from the control process.

If the control plan is sufficiently broad and complex, it is

recommended that the position of a Risk Manager is created, as it
is an important position that is mainly directed toward
coordinating all activities and their communication, although it
does not have any direct responsibility for the risk.

P a g e 14 | 22
 EPM 605 Risk Management

MANARA Expansion Project Risk

Management
Applying the risk management process mentioned in section 6
and filling the following table accordingly:

No. Field of Risk Risk Risk Risk Countermeasures

risk Identification Probability Impact Matrix
currency 1 1 1
inflation
funding 2 2 4
difficulties
Lack of liquidity 2 2 4
Financial Change of 1 2 2 Risk margin will be
7.1
Risks equipment applied and added to the
prices budget of the project
changes in 2 2 4
currency
Exchange rate
High interest 2 2 4

No. Field of Risk Risk Risk Risk Countermeasures

risk Identification Probability Impact Matrix
High By doing accurate
3 3 9 market study in order to
competency
have a competing prices
New easier and should do a good
Marketing access 2 3 6
7.2 market plan including all
Risks technologies types of advertisement
(TV, radio, Bill boards,
poor marketing
1 3 3 websites advertisement
plan

P a g e 15 | 22
 EPM 605 Risk Management

No. Field of risk Risk Risk Risk Risk Countermeasures

Identification Probability Impact Matrix
Delays in the
implementation 2 3 6
of the project
change of laws
regulations and
1 2 2 By having a good
standards by
Organizational project plan taking
the government
and Contacting paper work
into consideration
7. 3 2 1 1
Risks every little detail
difficulties
that will affect time
claims from the
of the project.
public sector 1 1 1
companies
Low support
1 2 2
and response

P a g e 16 | 22
 EPM 605 Risk Management

No. Field of risk Risk Risk Risk Risk Counter measures

Identification Probability Impac Matri
t x
7.4 Technical Risks
7.4.1 Design and Bad Design 1 3 3 Training plan to the
Implementation employee, or by
risks consulting
Lack of good 2 2 4 Training to the staff of
Subcontractors the subcontractor.
No power 2 3 6 Solar cells power
backup in backup or power
private sites generator
unstable power 1 3 3 By grounding the
source
Equipment 1 3 3 By having a good
availability inventory
management
Equipment 1 3 3 By having extra
failure equipment as a
backup
Sites 1 2 2 Good coordination
accessibility with the sites
Sites security 1 2 2 contacts.
7.4.2 Operation risks non-line of 1 3 3 High towers.
sight
Over-billing 1 4 4 Best security
attacks measures should be
taken
Cannot access 1 good coordination
sites in some with the site
periods contacts
noise 3 3 9 Proper design will
interference reduce the effect of
noise.
sites security 1 3 3 insurance
against stealth

P a g e 17 | 22
 EPM 605 Risk Management

random 1 2 2 By doing a good site

construction surveys before the
installation will
minimize the effect of
non-line of site
ISP's working 1 3 3 Trying to reach out
with no license to them and
from the coordinate with
government them to work
without affecting
one another
No IT Staff 1 1 1 Providing a trained
with some staff and good call
companies center to support
the customers in
such a case
Unlimited 2 2 4 Installing cashing
download systems, having
monitoring systems.

No. Field of risk Risk Ris Risk Risk Countermeasures

Identification k Impact Matrix
Pro
bab
ility
strikes and Add a time margin to
1 2 2
demonstrations time plan of the project
Not qualified
2 2 4 Providing a good training
employees
Personnel risks plan
7. 5 lack of skills 2 2 4
Equipment
1 3 3 insurance
stealing
foreign Good supervisors with
1 1 1
employees leading skills

P a g e 18 | 22
 EPM 605 Risk Management

No. Field of risk Risk Risk Risk Risk Countermeasures

Identification Prob Impact Matrix
abili
ty
Safety meetings, safety
Falling 2 4 8 trainings, providing
safety gear
lighting strike 1 4 4
electrical Grounding the towers
1 3 3
short circuit
falling items
2 4 8 Wearing safety gear
from height
Microwave
Health and safety radio
7. 6 frequencies
are dangerous
No installations above
at certain
2 3 6 schools, having at least
distances
15 m towers.
especially to
Children, old
people,
Women
Transmitted
Good design taking this
power > 3000 2 3 6
factor into consideration
mW / m sq

P a g e 19 | 22
EPM 605 Risk Management

Risk Matrix
After applying the risk management fundamental process, we
will put all the risks within the matrix in order to have a full view
for the whole risks within the project.

4 2

Risk
3 2
Probability
2 8 5
1 5 7 10 2
1 2 3 4
Risk Impact

P a g e 20 | 22
EPM 605 Risk Management

Conclusions
The risk process was applied to MANARA expansion project.
There are six types of risks personal risk, Health and safety,
Technical Risks, Operation risks Marketing Risks and Financial
Risks.

P a g e 21 | 22
EPM 605 Risk Management

References
Risk Management Made Easy- Andy Osborne.
Wikipedia Risk Management.
Risk Management for telecom projects Lara Bendosi
MANARA Plan report 2014 -2015.

P a g e 22 | 22