Risk Management

Enterprise Risk management

Arabtec Group (“Group”) and its operating subsidiaries (“OPCOs”) are acutely aware of the importance of Risk Management that has been highlighted as an important pillar to support the three-year strategic plan introduced by the Group CEO in January 2017.

The Group is committed to adopting sound Enterprise Risk Management principles and, building upon the expertise brought to the Group by the appointment of its Director of Risk & Assurance in 2016, has chosen to base its process on the commonly accepted ISO 31000 Risk Management standard, in accordance with the best practices of the industry.

Risk Management for the Group follows the principles and methodology presented in the ISO 31000 standard, depicted in the summary chart below:

This process allows Arabtec to further secure its strategic, operational and financial objectives, by providing a risk based structured framework for sound commercial and contractual decision making.

The main purpose of the development and implementation by Arabtec of a state of the art approach towards risks, across the whole organisation, is to secure its objectives towards:

  • Safe, healthy and sustainable operations;
  • Financial sustainability;
  • High quality of projects delivered within agreed timeframe and budget;
  • Operational excellence;
  • Legal compliance,

in addition to ensuring that the Group pursues and materialises the best opportunities in line with its operational and strategic objectives.

Thanks to its Enterprise Risk Management framework, embedded into all its operational and strategic processes, the Group seeks to effectively and successfully address the risks inherent to its activities, namely:

General operational risks, related but not limited to:

  • Project management;
  • Human resources management;
  • Procurement and logistics management and costs;
  • Subcontractors, suppliers and joint contractors;
  • Changes in laws and regulations; and
  • Evolution of the economic or tax environment.

Contractual risks, related but not limited to:

  • Tendering;
  • Property commitments;
  • Acquisitions and disposals; and
  • Partnerships and participations.

Financial risks, related but not limited to:

  • Payments and solvency;
  • Liquidities and cash management; and
  • Market risk (interest rates, currencies and commodities).

Legal risks, related but not limited to:

  • Legal compliance; and
  • Regulatory compliance, ethics and fraud.

Environmental and technological risks, related but not limited to:

  • Environment economic and regulatory context;
  • Weather or natural disasters; and
  • Sustainability and safety.

Cyber risks, related but not limited to:

  • Protection of data;
  • Continuity of operations; and
  • Fraud.

Operational Risk management

The Enterprise Risk Management top-down approach has been complemented by a bottom-up approach that allows the Group to manage risks as close as possible to the business and its operations. This process includes Risk Management at both tender and project execution stages.

Project Risk Management

Arabtec has put in place a formal Risk Management process on all the projects it is awarded, that form the main part of its business.

The objectives of this approach are to:

  • Secure the project’s objectives in terms of quality, cost and schedule;
  • Follow-up tender stage risks and further identify risks;
  • Ensure a pro-active behaviour towards risk through mitigation;
  • Monitor risks evolution and act accordingly;
  • Provide decision support to Project Managers and Management to validate reviews and deliver approvals at the Project’s key stages;
  • Monitor evolution of contingencies, and ensure cost and schedule targets are kept; and
  • Ensure feedback of lessons learnt to feed the risks library.

Through dedicated training and coaching sessions, all project teams have been familiarised with this approach that has been documented through a standard Project Risk Management plan that is now part of the standard Project Management procedures.

Risk identification and risk evaluation sessions for all projects allow the projects to develop their risk register and to decide on mitigation actions geared at putting risks under control and diminishing their potential impacts on the cost, schedule or quality of the project to be delivered.

Risk review sessions are regularly organised to follow-up on the risk profile of the projects and the progress of decided actions.

Risks are part of the standard project reports to the Management and are on the agenda of the performance reviews that are regularly conducted.

Tender Risk Management

Arabtec implements a formalised 4-Gate Tender Approval process that aims at better controlling the risks related to its commercial and contractual commitments, and by extension to projects execution.

This mandatory process allows Arabtec to optimise the commercial costs of the organisation, to support a tender decision-making process based on objective risk information and to ensure that contractual commitments are in line with the organisation’s objectives and its defined risk appetite.


At each stage, a decision is taken whether or not to pursue the commercial opportunity based on a thorough risk analysis that supports the decision-making process through objective risk criteria.