Managing risk in large initiatives or facilities

Risk management in large initiatives or facilities is critical to ensure strategic objectives are met and the quality of the outputs is maintained.…

Risk management in large initiatives or facilities is critical to ensure strategic objectives are met and the quality of the outputs is maintained. It involves identifying, assessing and prioritizing risks and developing mitigation measures to either reduce the probability of occurrence of the identified risk or minimize its impact if it does occur. Risk management is not meant to eliminate risk altogether, but to reduce it to an acceptable level for the organization.

Risk management frameworks will evolve over time, as large initiatives or facilities move from design to construction to commissioning and finally to full operation. The identified risks and mitigation measures will also differ significantly depending on the size and the nature of the facility. The International Organization for Standardization (ISO) identifies the following principles of risk management. Risk management should:

  • Create value – the resources expended to mitigate risk should be less than the consequence of inaction;
  • Be an integral part of organizational processes;
  • Inform decision making;
  • Explicitly address uncertainty and assumptions;
  • Be a systematic and structured process;
  • Be based on the best available information;
  • Be tailorable;
  • Take human factors into account;
  • Be transparent and inclusive;
  • Be dynamic, iterative and responsive to change;
  • Be capable of continual improvement and enhancement;
  • Be continually or periodically re-assessed.

Included below are examples of risk management activities at large facilities funded by the CFI.

Canadian Light Source (CLS)

Enterprise risk management (ERM) has the goal of managing threats to an enterprise’s objectives. ERM is a pillar that enables data-driven decision making at tactical and strategic levels through processes that identify, assess, prioritize and support the remediation of risks.

Canadian Light Source (CLS) uses ERM to identify risks, then performs analysis and tracking to manage these threats to its objectives, including financial, operational and strategic ones. The processes around ERM are designed to be collaborative and multidisciplinary, with a scope that includes both internal and external factors that cause these threats.

The core process of CLS’s ERM is to do the following:

  • Identify risks that threaten one or more of its capabilities.
  • Identify how those risks are presently being managed.
  • Assess the risk in its current form and categorize it.
  • Develop a mitigation plan and prioritize it.
  • Provide continuous reporting and risk adjustment where the risk is significant.

Risks that are identified as “very high” are regularly updated and communicated to CLS’s executive and board. These very high risks include the threats to CLS’s financial inputs, including operational and capital perspectives; threats to operational capabilities, including uptime and quality; and scientific user engagement and competitiveness. “High” risks are also prioritized and managed, and include safety, compliance, security (physical and cybersecurity) and knowledge retention.

In its current form, ERM at CLS is driven by the ERM committee, which performs risk analysis and collaborates with stakeholders across the organization to define and manage risks. With a focus on stakeholder-driven usage of risk data, the ERM committee is refreshing its policy and processes to better align with ISO 31000:2018 and refactoring its tools to improve information flow. This refreshed series of processes is expected to improve ERM’s integration into day-to-day operations and to allow more personnel from across the facility to engage with risk data.

To learn more about how the CLS manages its risks, consult this CLS document on ERM.


Gianluigi Botton
Science Director
Telephone: 306 657-3514
Email: gianluigi.botton [at]


SNOLAB has clearly defined risks and hazards, which are monitored at the facility level through overall risk registries. The registries include information such as description of the threat, potential impact, inherent risk assessment, current controls and mitigating factors, residual risk assessment, risk owner and actions required (or completed).

At SNOLAB, risk management supports the delivery of the strategic goals, and is essential for entering in dialogue with various stakeholders and prioritizing work.

To learn more about how SNOLAB manages its risks, consult the presentation made by SNOLAB.

SNOLAB is a science facility located deep underground in the operational Vale Creighton nickel mine near Sudbury, Ontario. The combination of great depth and cleanliness allows extremely rare interactions and weak processes to be studied in the field of subatomic physics and underground research.


Samantha Kuula
Chief Business Officer
Telephone: 705 692-7000 ext. 2222
Email: Samantha.Kuula [at]


Related topics

Developing a strategic plan for large initiatives or facilities
Managing user access for large initiatives or facilities