Plan risk responses process
This is the fifth process steps in the risk management knowledge area, and builds upon the information gathered from the previous four process steps:
- Plan risk management which describes how risk management will be implemented via the risk management plan
- Identify risks along with their causes and responses and goes on to set up the risk register
- Perform quantitative risk analysis which ranks and prior advises the risks
- Perform quantitative risk analysis which sets a quantified value to the ranked risks usually in terms of cost or time
This process, plan risk response is, plans for how each risk will be managed, and who will be responsible for them.
A risk can be a negative impact threat or a positive impact opportunity, and therefore both of these types of risk should have been considered here.
There are just two inputs to Plan risk responses:
The risk register.
This contains all of the information gathered from the previous four processes, and is obviously necessary in order to determine the most appropriate responses.
The risk management plan.
This plan sets risk tolerance for the project, how all risks are to be managed and who is responsible for the various activities along with their costs and time, and how the management of plan risk responses risks are to be communicated.
There are four outputs from Plan risk responses:
The risk register updates. This will now be updated with the risk response activities.
Project management plan updates.
Relevant parts of this amalgamated document will need to be updated. The risk management plan which determines how all risks will be managed may need to be modified as a result of identifying risk responses. Other parts of the project management plan may also need updating such as stroke, schedule and cost plans and baselines.
Project document updates.
This covers any other documentation that includes or reflects the management of risk such as logs or registers as an example.
Risk related contract decisions.
It may well be that a third party is responsible to manage a particular risk, or that as a result of plan risk responses, never contractual agreement needs to be put in place and hence subcontracting the risk responses and responsibilities.
There are three main tools and strategies that assist the plan risk responses process:
Strategies for negative risks or threats.
This plan risk responses response takes action upfront to either reduce the probability to zero, or the impact, or both. In essence, such your response enables the risk to be sidestepped entirely. An example might be that if a certain risky process is to be used in creating a product, then choosing a different and low risk alternative process would remove the risk altogether.
Here, the risk is transferred to a third party so that they are responsible for the management and impact of a particular risk(s). This is normally done via a contractual agreement. Another method, often used in the construction industry, is to take out an insurance policy against the cost impact of the risk.
This response is used to reduce the risk by taking some action to do so. Unlike avoid, this response seeks to reduce the probability or impact, or both. An example might be the risk of excessive rework in designing a complex product, and augmenting the development team with highly knowledgeable and experienced staff.
This is the ‘do nothing’ plan risk responses response. It is usually chosen either because the risk is low in terms of impact or probability, or that the cost and effort of taking a different action is out of proportion to the risk itself. When acceptance is chosen, it should still be documented and entered in the risk register, where ongoing action is to observe the risk to ensure that acceptance is still the most desired response.
Plan risk responses – Strategies for positive risks or opportunities.
This response tries to remove any uncertainty so that the opportunity is certain to happen. Using an example similar to mitigate above, enhancing the team with higher skills may enable the product to be enhanced in some way such that greater benefits can be realized.
This response identifies that the opportunity may be more likely if a form of partnership is set up with a third party. This type of response is often used when negotiating to win a contract and partnering may improve their chances of contract award.
The success of risk management strongly depends on providing a clear and unambiguous expression of each identified risk. Best practice shows that this is more likely if first the risk cause or source of the risk is identified first, then the risk event describing the area of uncertainty, and then the risk affect or impact. This is true for both negative threats and positive opportunities.
The enhance response focuses of the cause of the opportunity, and goes on to influence these triggers to increase the likelihood of the opportunity occurring. If adding extra features to a product would give it a market advantage, then this would be an example of the enhanced response such that more of these products would be sold and hence the revenue stream increased.
This is exactly the same as for a negative threat, but in this case you are accepting that the opportunity will either happen or not and no action is to be taken. In a similar way, it may be the taking action to ensure the opportunity happens is out of proportion to the opportunity itself.
PLan risk responses – Contingent response strategies.
These apply equally to both risks and opportunities.
Whereas all of the above responses require that action is implemented ahead of the risk or opportunity, contingent actions are put in place but are not implemented until or unless the threat or opportunity occurs. In effect, these strategies help manage the outcome either to reduce the threat or maximize the opportunity.
This entails getting advice and guidance from those with sufficient expertise when it doesn’t already exist within the project. This might entail those with personal experience of similar risks or opportunities, or those with knowledge skills and experience of such risks or opportunities. Such expert judgement may come from an external source such as a third party or consultancy.
If you need help to get the PMP Exam results you deserve, then CLICK HERE
David spent 25 years as a senior project manager for US multinationals and now develops a wide range of project-related video training products under the Primer brand. In addition, David runs training seminars across the world, and is a prolific writer on the many topics of project management. He currently lives in Spain with his wife Jude.