Risk Managment 11.5 Plan Risk Responses

Quick Link to Risk Management

Risk Management 11.6 Monitor and Control Risks

Risk Management 11.5 Plan Risk Responses

Risk Management 11.4 Perform Quantitative Risk Analysis

Risk Management 11.3 Perform Qualitative Risk Analysis

Risk Management 11.2 Identify Risks

Risk Management 11.1 Plan Risk Management

Risk response planning is the process of determining how to enhance opportunities or reduce threats. Response planning assigns one or more people as “response owners” and addresses risks according to their priority. Response planning should consider the following factor:

·         The response is appropriate for the severity of the risk.

·         The response is cost effective and timely.

·         The response is agrees upon and realistic.

·         The response is owned by a specific person (assigned action item).

Plan Risk Responses
Inputs	Tools	Outputs
1.       Risk register 2.       Risk management plan	1.       Strategies for negative risks or threats 2.       Strategies for positive risks or opportunities 3.       Contingent response strategies 4.       Expert judgment	1.       Risk register updates 2.       Risk-related contract decisions 3.       Project management plan updates 4.       Project document updates

Two Key Inputs for Plan Risk Responses:

1.       Risk Register: Based on the analysis from the previous processes of identification and analysis, the risk register provides the following information:

·         Identified risks and priority

·         Root causes and risks grouped by categories

·         List of potential responses

·         Risk owners and risk triggers (symptoms and warning signs)

·         Risks requiring near term response

·         Watch list of row risks that should be periodically monitored

2.       Risk Management plan: As before, the risk plan assigns people who own specific risks, defines the thresholds for whether a risk is low, moderate, or high, and provides the time and budget to conduct response activities.

Four Key Tools for plan Risk Responses:

1.       Strategies for negative risks or threats: May be addressed with one or more of the following:

·         Avoid: This strategy attempts to eliminate a threat, if possible. One possible approach is to adopt an alternative strategy in one of the following ways: 1) reduce scope or change project objectives, 2) allow the schedule to slip, 3) adopt a proven technical approach instead of a more innovative, risky one, or 4) use a substitute component that does not have the same risk.

·         Transfer: PMR suggests that you may consider transferring (deflecting) a risk to another party through numerous practices:

·         Mitigate: Actions taken to reduce the probability or the impact of a risk, earlier preventive approaches are usually more productive than repairing the damage after it occurs. Conducting more tests or designing back-up systems into critical subsystems are examples of mitigation.

o   Insurance and performance bonds

o   Warranties and guarantees

o   Outsourcing (also called procurement or subcontracting)

o   Contract type (a fixed price contract transfers cost risk to the seller and a cost reimbursement contract transfers cost risk to the buyer)

Note: Transferring a risk does not eliminate the risk. It merely gives someone else the responsibility to manage that risk.

·         Accept: This approach may be used for negative risks or threats and for positive opportunities. Passive acceptance is taking no action and dealing with the problems (or opportunities) if and when they occur. Active acceptance is almost always handled using extra money, time, or resources (known as contingency reserve).

2.       Strategies for positive risks or opportunities:

·         Exploit: This strategy attempts to maximize the chance of reaching an opportunity. lt uses approaches such as: assigning the most talented resources available, reducing the time to completion, providing better quality than planned, and eliminating uncertainty. The sponsor should exert influence where needed.

·         Share: This strategy involves joint ventures, strategic alliances, and other collaborative arrangements to share risks, share costs, and take advantage of technical synergies (each party performs the portion of the project that they do best).

·         Enhance: This strategy attempts to increase the "size of an opportunity" by 1) increasing probability and positive impact (the opposite of mitigating negative risks) and 2| by identifying and maximizing key drivers of positive opportunities. For instance, one might decide to leverage the advantages of a superior technology.

·         Accept: Used when the organization prefers not to actively pursue an opportunity, but will take advantage of it if it occurs. For example, the organization might not wish to divert resources from a more promising opportunity.

3.       Contingent response strategies: Contingent Response Strategy: A response plan that is used only under predetermined circumstances. This approach is appropriate when planners feel that future warning symptoms will provide adequate time to implement the response activity if the conditions begin to occur. For example, a particular risk response strategy may be triggered only if a specific milestone is missed.

4.       Expert Judgment: As always, people with the right experience, training, and knowledge should be used for the task at hand (in this case, for response planning).

Four Key Outputs for plan Risk Responses:

1.       Risk Register updates: Again, new information is added to the risk register as a result of risk response activities. Low risks are put on a watch list. Components of the risk register at this point include:

·         Identified risks and descriptions

·         Risk owners and response strategies

·         Risk priorities and any probabilistic analysis that has occurred

·         Risk triggers and the budget/time for implementing risk activities

·         Contingency reserve that is appropriate for the organization’s level of risk tolerance

·         Fallback plans ("plan B") for exceptionally high risks (if the primary response plan fails)

·         Residual and secondary risks (not covered by the response plan or caused by the response plan)

2.       Risk-Related Contract Decisions: outsourcing is sometimes done as a risk mitigation strategy.

3.       Project Management plan updates: Elements of the plan that may be updated as a result of response planning include:

·         Schedule management plan

·         Cost management plan

·         Quality management plan

·         Procurement management plan

·         Human resource management plan

·         Work breakdown structure

·         Schedule baseline

·         Cost performance baseline

4.       Project Document updates: Documents that may be updated include:

·         Assumptions log updates

·         Technical documentation updates