This process illustrated in Figure 11.6 develops the options and actions that could be followed to increase the opportunities and reduce the threats to the project's objectives. It is not viable to eliminate all the risks from the project, nor can you be expected to plan a response for every risk. The main target is to plan a response for each key risk that has been identified and analyzed as part of the risk management process. Possible responses to the question of what to do for each key risk could be: -
Eliminate the known threats before they occur. -
Reduce the impact or decrease the probability of a threat occurring. -
Increase the impact and probability for an opportunity to occur. -
Establish contingency plans for residual risks. -
Generate a fallback plan if the contingency plan were to fail. Figure 11.6. The risk response planning process The tools in grey are in real-life project management less often used than those in black. Risk-related contractual agreements are a much underutilized risk management response, and can be a very effective and cheap way to manage many key risks, especially from IT consultants and IT sub-contractors. Adapted from PMBOK Guide (p.260) Risk response strategies There are certain ways to handle identified risks that involve adjusting the planned approach in order to complete the project. Other strategies used may be reactive, therefore plans are executed if the associated risk occurs. The response strategies for possible threats include: -
Avoid put measures in place to ensure that the risk does not arise, or, if it arises, that there is no impact on the project. -
Mitigate put measures in place to limit either the probability that the risk occurs, or the impact if it does occur, or both. -
Transfer in some instances, it is possible to transfer the impact of a risk to a third party, so that if it does occur, there is no impact on the project. This is commonly done through the commercial terms of sub-contractor contracts which can include penalty clauses to cover the costs of getting the work done elsewhere. Other risk transference tools include insurance contracts. The response strategies for possible opportunities include: -
Exploit ensure that unplanned opportunities are exploited. If warm weather arrives early and allows building work to start sooner than planned, using staff who are being paid anyway, for example, ensure that the opportunity is exploited and not allowed to go to waste. -
Enhance this is an extension of exploit: rather than merely exploiting the existing opportunity, enhance it. In the example just given, hire extra labour. -
Share if the owning organization is unable to exploit the opportunity itself, perhaps it can partner with another organization that can, and share in the benefits. The following response strategies can be applied to both threats and opportunities: -
Accept often the consequences of a risk can be accepted. There is no need to avoid all risks, and it is impossible to do so. Some risks should be accepted, and in some cases accepting the risk is the best risk management strategy. For example, the risk that staff may resign: try too hard to keep them and you are likely to end up paying well over market rates for quality and ability. -
Contingent response strategy this means having a response plan to use under certain predefined conditions. There should be a set of indicators and warnings to enable the project team to track those conditions, and if they arise then the contingency plan is automatically implemented. An organization's disaster response plan is an example, though not a project management one, of a contingent response. |