The project represents the element on which the business activity of Leonardo is based and, as such, the main source of company revenues, as well as of operational cash flow.
The Project Risk Management process in Leonardo is applied to all projects, with the primary objective of safeguarding the operating margin, and bases its foundations on the ability to identify and manage treatment actions, in order to reduce or at least limit the risk of projects.
Project Risk Management is an iterative process that starts from the beginning of the bid phase and operates throughout the project life cycle. It is carried out starting from the determination of the risk class of the project and is articulated through the identification of the risks with impact on the project objectives, the subsequent risk assessment, the definition of the treatment action plan, the determination and management of the Contingencies, the continuous monitoring and updating of risks, including the identification of emerging ones.
The Leonardo Group ensures a strong control of project risks within the various operating realities, with the aim of increasing consistency and, hence, effectiveness of project management, for the protection of the value and sustainability of the company business.
The Project Risk Management process is also extended to the Supply Chain, through the introduction of specific requirements in the requests for quotation and contractual documentation with specific suppliers, selected on the basis of the projects needs.
The Project Risk Management process is ruled by a regulatory system, which constitutes a single company framework in line with the highest reference standards. This regulatory system includes: a Procedure (applicable to the One Company), a Directive (applicable to subsidiaries) and a Manual to be used as reference for the methodology to be applied.
PROJECT RISK MANAGEMENT PROCESS PHASES
PROJECT CLASSIFICATION
Determination of the Risk Class of the project, with reference to its relevance to the business: A = high risk, B = medium risk, C = low risk. The classification is based on specific indicators of economic impact, strategic impact and intrinsic risk, the latter referring to a series of influencing variables, such as, for example: context/country (eg risk of political instability, corruption, etc.), market/customer, type of contract, industrial partnership composition, supply chain, complexity, degree of technological innovation, etc.
RISK IDENTIFICATION
Identification of Project Risks (and Opportunities), with the support of specific tools (e.g. Checklist, historical risk Archive), through the precise analysis of the contractual scenario, of the activities subject of supply and of the related budget. The identified risks may be of operating (technical-industrial, contractual, patrimonial assets and market), strategic, financial and of compliance nature. Each identified risk must be described in terms of causes/events/effects, in order to highlight the essential elements for its management with appropriate treatment plans.
RISK EVALUATION
Risk evaluation on the basis of previous experience and of historical data related to similar risks, divided in: Qualitative Analysis, aimed at providing a priority of risks to be subsequently treated and a Quantitative Analysis, aimed at returning, through a Monte Carlo statistical simulation, the project Risk Profile, based on a quantification of the probability of occurrence and impact of each risk on project objectives, in terms of time, cost and performance.
RISK TREATMENT ACTION PLAN
Risk treatment, that is analysis of causes/events/effects and identification of the treatment actions, specific and special, to reduce the impact of risks on the project. Identification of the actions corresponding to common causes to various risks.
Calculation of the net benefit of the treatment actions identified, choice and implementation of the treatment actions.
As an example, in case of a particular transaction or operation in a high-risk market, including bribery and corruption risks, Leonardo and the Group Companies will develop a Risk Treatment Action Plan, which addresses all significant identified risks. Accordingly, Leonardo and Group Company management will evaluate, in consultation with the Legal Affairs & Compliance function, whether the Risk Treatment Action Plan adequately addresses the identified risks. Based on this evaluation, Leonardo and the Group Companies, in consultation with the Legal Affairs & Compliance function, will decide whether enhanced anti-corruption due diligence and other controls need to be incorporated into the Risk Treatment Action Plan or whether the risks cannot be adequately mitigated, leading to a decision not to pursue business in that high-risk market.
CONTINGENCY MANAGEMENT
Determination of Contingency: the Contingency value to be set aside to face the riskiness of the project that remains after the treatment actions on the identified risks is determined on the basis of the Risk Appetite of the project, for which the Board of Directors of Leonardo decided to adopt a neutral position, compared to positions of high or low risk appetite. The risk associated with any unforeseen events on the project, deriving from unidentifiable risks (unknown-unknowns) is faced with the provision of a Management Reserve.
RISK MONITORING AND REVIEW - REPORTING
Periodic Monitoring and Review of Risks and Actions, updating of the relevant risk sheets, inclusion of any emergent risks, re-assessment of the project Risk Profile, movements of contingencies. For the most relevant projects, Monitoring and Review normally take place on an ongoing basis according to the projects’ progress status and at least quarterly.
Reporting, carried out at least quarterly, showing the trend of project risk and related protection at One Company level, with further focus on all the Divisions and their most significant projects.