Purpose
- In the Plan Risk Responses process you create the plan to manage the identified risks : the risk response plan.
- The objective of the Plan Risk Responses process is to determine what can be done to reduce the overall risk of the project by decreasing the probability and impact of threats and increasing the probability and impact of opportunities.
- Risks in the project should be addressed by their priority for creating risk responses.
- This is the last risk management process before you start project execution.
- Let’s see what we have so far: a risk register that was created and updated in the previous processes.
- The project team, and the stakeholders have come a long way and if they stop now, they have achieved some success, such as having developed an adequate understanding of the risks involved.
- Have you seen how important risk management is?
- By now, a communication plan has been established and reviewed; stakeholders have been involved; and experts have been consulted.
- All of this has a positive impact on the project.
- However, if we stop now, we will be missing the opportunity of controlling the risks (which many times, require little or no money to control; since some risks can be controlled through changing work methods or enhancing communication).
- Unfortunately, although many project managers take risk identification seriously, they come up short when it comes to risk response.
- Risk response should be very innovative.
- Think of it as a problem solving exercise where there are different options from which you can choose to control each risk.
- Personally, I like this process because I can use risk management terminology.
- Not everyone will know the meaning of mitigation or exploiting, let alone applying such concepts.
- This helps overthrow the idea that people can be risk managers overnight and supports the importance of learning and practicing risk management.
- Within this risk response planning process, you will specify the risk owners.
- In risk planning, you assigned responsibilities for undertaking different risk activities, but, here, you will identify people who will be responsible for controlling the actual risks.
- You need a “name” to avoid blame throwing between different parties.
- Even if many parties are involved in controlling a risk, it should all boil down to only one responsible person.
- Risk owners need to be identified in a logical manner and you should select the one who has the most adequate resources and authority to control the risks.
- In addition, risk owners need to be communicated with and their formal acceptance has to be secured.
Inputs
- Project management plan
- Resouce management plan
- Risk management plan
- Contains the important information such as risk definitions.
- Risk thresholds
- Roles and responsabilities
- Cost baseline
- Contingency fund
- Project documents
- Lessons learned register
- Project schedule
- Project team assignments
- Resource calendars
- Risk register
- You need the risk register for the list of risks and their ranking, for risks that are urgent, and for any initial response that you specified during the risk identification process.
- Potential risk owners
- Preliminary risk responses
- Root causes
- Risk triggers
- Warning signs
- Risks where a need for aditional analysis has been identified
- List of prioritized risks
- Ranking of the project risks
- Risk scores and expected monetary values of top risks
- Watchlist
- Risk report
- Current level of overall risk exposure of the project
- Individual project risks in priority order
- Additional analysis of the distribution of individual project risks that may inform risk response selection
- Monte Carlo Analysis probability results of achieving the project objectives·
- Forecast of potential schedule and costs for the project.
- Stakeholder register
- Potential risks owners
- EEF
- Risk appetite and thresholds of key stakeholders
- OPA
- Templates
- Historical data bases
- Lessons learned repositories from similar projects
- Historical records about risk responses from past projects and common risk causes
Tools and Technics
- Purpose
- You should not rush assigning response strategies.
- You have different tools available for use and you should find the one that is most effective for controlling the identified risks, and at the same time, the one that is cost effective.
- Expert judgment
- You might encounter some risks that are unique and you have no previous experience dealing with them.
- Thus, you will need to consult experts regarding such risks.
- This situation is very common in innovative projects.
- Experts are available within the company and outside it, and with the Internet, the list is always expanding and accessible.
- Data gathering
- Interviews
- Results of risk reassessment
- Results of risk audits
- Results of variance and trend analysis
- Results of technical performance measurement
- Results of reserve analysis
- Interpersonal and team skills
- Facilitation
- Risk worshops
- Strategies for Threats
- Escalate
- Avoid
- Transfer (deflect, allocate)
- Mitigate
- Accept
- Strategies for Opportunities
- Escalate
- Exploit
- In exploit risk response strategies, you do everything to ensure that the opportunity is realized.
- Share
- Enhance
- Crashing can be a type of the enhancing risk response.
- Please note that in enhance you try to realize the opportunity but you do not ensure that opportunity is realized.
- Accept
- Contingent response strategies
- Purpose
- Contingency planning is a strategy for designing a plan to deal with a risk if it happens.
- Think of it as an emergency plan that you put on a shelf to use later if needed.
- You need early warning signs of risks (called triggers) to be able to get ready to use the plan.
- Contingency planning is a strategy for designing a plan to deal with a risk if it happens.
- Contingency Plans
- Fallback Plans
- Triggering events
- Purpose
- Strategies for overall project risk
- Avoid
- Exploit
- Transfer/Share
- Mitigate/Enhance
- Accept
- Passive
- Active
- Overall contingency reserve
- Time
- Money
- Resource
- Overall contingency reserve
- Data analysis
- Alternatives analysis
- Cost-benefit analysis
- Alternative analysis
- Multicriteria analysis
- Decision making
- Multi-criteria decision analysis
- Cost of response
- Likely effectiveness of response in changing probability and/or impact
- Resource availability
- Timing constraints
- Level of impact if the risk occurs
- Effect on response on related risks
- Introduction of secondary risks
- Go/No-Go Decision
- Proving the Value of Risk Management and Getting Reserves Accepted
- Redo the Perform Qualitative and/or Quantitative Risk Analysis Processes
- Reserves
- Contingency reserves (for known unknowns)
- Management reserves (for unknown unknowns)
- The project manager cannot use the management reserve without permission from the management.
- He always needs permission to use the management reserve.
- Reserves methods
- 10 Percent
- Guess
- Expected Monetary Value
- Monte Carlo Simulation
- Multi-criteria decision analysis
Outputs
- Change requests
- Project Management Plan Updates
- Work packages or activities could be added, removed, or assigned to different resources.
- Risk response planning could change the schedule, cost, quality, and procurement management plans, as well as the human resource plan, the work breakdown structure, and the time and cost baselines for the project.
- Schedule Management Plan
- Cost Management Plan
- Quality Management Plan
- Resource Management Plan
- Risk Response Plan
- Procurement Management Plan
- Assumptions
- Scope baseline
- Project definition/scope statement
- Work breakdown structure
- Schedule baseline
- Network diagram
- Schedule
- Cost baseline
- Cost estimates
- Budget
- Project Document Updates
- Risk response planning might affect the roles and responsibilities on a project, stakeholder management strategy, and quality metrics.
- Assumption log
- As you design responses, assumptions would be challenged and changed.
- Assumptions
- Technical information and documents
- Like method statements, drawings, electrical requirements, etc.
- Budgeting
- Cost forecasts
- The project budget consists of the cost baseline and management reserve.
- Cost baseline updating
- Cost baseline = Cost of activities + Contingency reserve
- The cost baseline consists of the work package cost estimate plus contingency reserve.
- Budget
- Cost baseline + management reserve
- Cost baseline updating
- Lessons learned register
- Project schedule
- WBS
- Project team assignments
- Risk register updates
- Purpose
You will update the risk register by including information about the risk responses and who owns them, triggers, secondary risks, the contingency reserve, residual risks and fallback plans. - Agreed-upon responses strategies
- Specific actions to implement the chosen response strategy
Document Risk Responses in the Risk Register - List of prioritized risks
- Results from probability analysis of the project
- Risk triggers
- Triggers conditions, symptoms and warning signs of a risk occurence
- Budget and schedule activities required to implement the chosen responses
- Contingency plans and risk triggers that call for their execution
- Contingency plans
- Costs and schedule are the two areas of the project that the contingency reserve address in regard to risk management.
- Reserves (contingency)
- Having reserves for schedule and cost is a required part of project management. You cannot come up with a schedule or budget for the project without them.
- Contingency reserves for known unknowns
- A chart that identified the risk probability and impact with a financial amount for each risk event.
- Management reserves for unknown unknowns
- Contingency plans
- Falback plans
- Fallback plans for use when a risk that has occured and the primary response proven to be inadequate
- Residual risks
- Residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives (conçoit) these dangers even if all theoretically possible safety measures would be applied.
- Residual risks that are expected to remain after planned responses have been taken as well as those that have been deliberately accepted
- These are the risks that remain after risk response planning, including those that have been accepted and for which contingency plans and fallback plans can be created.
- Residual risks should be properly documented and reviewed throughout the project to see if their ranking has changed.
- Residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives (conçoit) these dangers even if all theoretically possible safety measures would be applied.
- Secondary risks
- Secondary risks that arise as a direct outcome of implementing a risk response
- Risk owners
- Each agreed-to and funded risk response should have a risk response owner
- Risk owner is empowered with a risk response and will control all aspects of the identified risk response in which a particular risk event will happen within the project.
- Contracts
- Decisions for contracting
- A project manager must be involved before a contract is signed.
- Before the contract is finalized, the project manager should complete a risk analysis and include contract terms and conditions required to mitigate or allocate threats and to enhance opportunities.
- Decisions for contracting
- Purpose
- Risk reports
- Agreed responses to the current overall project risk exposure and high-priority risks, together with the expected changes that may be expected as a result of implementing these responses
- Contracts
- A project manager must be involved before a contract is signed.
- Before the contract is finalized, the project manager should complete a risk analysis and include contract terms and conditions required to mitigate or allocate threats and to enhance opportunities.
- During risk response, you may transfer or share risks.
- You need to reflect these decisions in your contract.
- Purchase orders, service agreements, or contracts
- OPA updates
- Work performance information update
Procurement management with risk approach
- You often need to include clauses to manage specific risks in your projects.
- This only becomes clear after risk response planning.
- For example, if you decide that the contractor should be responsible for risks that may occur due to expected new legislations, then this must be spelled out in the agreement with the contractor.
- Cost plus percentage of costs is the contract type that has the most risk for the project manager as a buyer.