The risk response planning involves determining ways to reduce or eliminate any threats to the project, and also the opportunities to increase their impact. Project managers should work to eliminate the threats before they occur. Similarly, the project managers should work to ensure that opportunities occur. Likewise, the project manager is also responsible to decrease the probability and impact of threats and increase the probability and impact of opportunities.
For the threats that cannot be mitigated, the project manager needs to have a robust contingency plan and also a response plan if contingencies do not work.
It is not required to eliminate all the risks of the project due to resource and time constraints. A project manager should review risk throughout the project. Planning for risks is iterative. Qualitative risk, quantitative risk and risk response planning do not end ones you begin work on the project.
Risk Response Strategies
The choices of response strategies for THREATS include:
AVOID: Focus on eliminating the cause and thus, eliminating the threat.
MITIGATE: There are certain risks that cannot be eliminated. However, their impact can be reduced. This is termed as mitigation of risks.
TRANSFER: Transfer the risk to some other party. Insurance purchases, warranties, guarantees, etc are examples of risk transfers
The choices of response strategies for OPPORTUNITIES include:
EXPLOIT: Add work or change the project to make sure the opportunity occurs
ENHANCE: Increase the probability and positive impact of risk events
SHARE: Allocate ownership of opportunity to a third-party
A response strategy for BOTH threats and opportunities:
ACCEPT: Passive acceptance leaves action to be determined as needed, in case of a risk event. Active acceptance may involve contingency plans to be implemented if risk occurs and allocation of time and cost reserves to the project. A decision to accept risk must be communicated to stakeholders.
Whenever the project manager is responding to threats or opportunities:
Execution of strategies must be time-bound
Effort selected must be appropriate to the severity of the risk
A single response can be an action of multiple risk events
A strategy can be selected not only by the project manager, but also by the team, the stakeholders and experts
Outputs Of Plan Risk Responses
Risk register, project management plans and project documents need to be updated as outputs of Plan Risk Responses.
Project Management Plan Updates
Project Management Plan can be updated by new work activities / packages that could be added, removed, or assigned to different resources, thus, making planning an iterative process.
Risk Register Updates
Residual Risks: There are risks that remain after completion of risk response planning. Residual risks are those risks that are accepted and contingency plans are developed.
Contingency plans: They describe the specific actions that can be taken if specific opportunity or threats occur.
Risk response owners: Risks can be assigned to individuals who can develop risk responses and also who will implement risk responses if those opportunities or threats occur.
Secondary Risks: These are those risks which may be created due to implementation of current risk responses
Risk triggers: The events that trigger the contingency response are risk triggers
Contracts: The contracts issued to deal with risks should be noted in risk register.
Fall back plans: Specific actions that are taken if contingency plans (or risk response plans) are not effective
Reserves (contingency): Reserves are necessary for both time and cost risk
Monitor And Control Risks
The list of actions involved in monitoring and controlling risks are:
Determine the occurrences of risk triggers
Identify and monitor residual risks
Keep risk identification, analysis and monitoring an iterative process in the project
Evaluate the effectiveness of risk response plan
Risk status should be collected and communicated
Monitor the rigor of risk management procedures
Identify if additional risk responses need to be determined
Recommend corrective actions
Look for unexpected effects or consequences
Update risk management and risk response plans
Perform variance and trend analysis
Use contingency reserves and adjust for approved changes
WORKAROUNDS: These are unplanned responses developed to deal with the occurrence of unanticipated events or problems on a project.
RISK REASSESSMENTS: The process of periodically reviewing the risk management plan and risk register and adjust the documentation as required is termed as risk reassessment.
RISK AUDITS: Risk audits helps the project manager prove that all the risks are identified, a plan of mitigation for each major risk is available and risk response owners are prepared to take action.
RESERVE ANALYSIS: While the work is being done, reserve analysis is simply checking to see how much reserve remains and how much might be needed.
STATUS MEETINGS: Risks should be a major point of discussion in all team (project status) meetings
Outputs Of Monitor And Control Risks
The outputs are:
Risk register updates
Change requests, recommended preventive and corrective actions
Project management plan updates
Project document updates
Organizational process assets updates