SOMA
Contact

Case study · Capital projects

Risk Management Framework Pilot — Project PUMA

A practical, contract-agnostic risk management framework piloted on a complex capital project — scalable across Bilfinger UK’s wider portfolio.

The challenge

Bilfinger UK identified the need to strengthen consistency, governance, and visibility across project risk management. While risk was being actively managed on individual projects, there was no single, scalable framework covering risk identification, forecasting, and contingency drawdown that could be applied consistently across the wider portfolio.

Project PUMA — a complex capital project — was selected as a live pilot to develop and test a fit-for-purpose risk management framework that could later be rolled out across the business.

The underlying problem is familiar across UK capital delivery: risk was being managed, but what that meant differed from project to project. Registers were formatted differently. Contingency assumptions were made locally. Reports to senior leadership carried different meaning depending on who wrote them. The result was a portfolio view that could not be trusted to aggregate, even when every individual project team was working diligently.

Our approach

SOMA Project Controls worked closely with Bilfinger UK’s project controls team to develop a practical, contract-agnostic risk management framework, aligned with APM and IRM best practice.

Phase 1 focused on delivering clear foundations rather than over-engineering processes, ensuring tools and procedures could be adopted easily by project teams and scaled across different project types.

We deliberately avoided the temptation to import a heavyweight enterprise risk management system. The evidence across UK capital delivery is that teams who are handed a 60-page procedure and a bespoke tool quietly stop using both within six months. The framework had to be small enough to adopt on a Monday morning without training, but rigorous enough to stand up to a client audit.

Engagement with the live Project PUMA team was central. Every template was tested against an actual project situation before being published as a standard. Items that looked clean on paper but friction-heavy in practice were simplified. This iteration loop — draft, use, refine — is what separates a framework that gets adopted from one that becomes documentation.

What we delivered

Four integrated deliverables, all refined through live project feedback to ensure clarity, simplicity, and reusability:

  • Risk Management Plan (RMP) — a scalable framework defining roles, responsibilities, governance, and reporting expectations.
  • Risk Forecasting Strategy — a structured EMV-based approach providing forward visibility of time-phased risk exposure, clearly separated from QRA outputs.
  • Risk Drawdown Procedure & Log — a simplified, auditable process defining how contingency is accessed, approved, and recorded.
  • Project Risk Register Template — a practical, QRA-ready tool supporting qualitative assessment, forecasting inputs, and drawdown tracking.

Why the drawdown procedure was the centrepiece

Of the four deliverables, the Risk Drawdown Procedure is the one that typically determines whether a framework sticks. Most contingency problems on UK capital projects are not failures of quantification — they are failures of governance. The money is sized correctly at sanction, then released informally through the year against pressure, so that by the time variance reports reach the steering group, the drawdown conversation has already happened in practice.

We designed the procedure around a simple principle: every pound released against contingency ties back to a specific risk event, a named owner, and a dated approval. The log is auditable at any point. The implication is not bureaucratic — it gives the project director a real-time view of remaining exposure against remaining contingency, rather than a year-end reconciliation.

EMV forecasting without duplicating QRA

A common pitfall with risk forecasting is that teams produce parallel outputs that compete with the Monte Carlo model — an Expected Monetary Value forecast that disagrees with the project QRA, creating confusion rather than clarity. The Risk Forecasting Strategy was built to sit alongside QRA rather than duplicate it: qualitative risk scoring feeds EMV-based time-phased exposure, which informs the monthly management view; quantitative risks feed the QRA, which informs investment-grade confidence levels.

The distinction sounds subtle but matters in practice. It means the project controls team can answer a risk question at the level appropriate to the audience — a project board wants exposure over the next quarter; an investment committee wants the P80. One framework, two views, no contradiction.

Outcomes

  • Established a clear and consistent risk management baseline for Project PUMA.
  • Improved governance and transparency around contingency usage.
  • Enabled forward-looking visibility of risk exposure to support decision-making.
  • Delivered a scalable framework suitable for rollout across Bilfinger UK’s wider portfolio.
  • Built in alignment with APM, IRM and HM Treasury Green Book guidance, giving Bilfinger’s client-facing teams a defensible reference point.

The result

Following the successful completion of Phase 1, Bilfinger UK is now well positioned to mature and scale its risk management capability through wider rollout, deeper integration with project controls, and enhanced portfolio-level reporting.

Working on something similar?

If any of this sounds like the shape of a problem you're holding, a short call is the cheapest way to find out whether we can help.

Talk to SOMA