Plan Risk Responses

The following section contains PMBOK v5 content and it is not applicable to PMBOK v6.

The risk response planning involves determining ways to reduce or eliminate any threats to the project, and also the opportunities to increase their impact. Project managers should work to eliminate the threats before they occur. Similarly, the project managers should work to ensure that opportunities occur. Likewise, the project manager is also responsible to decrease the probability and impact of threats and increase the probability and impact of opportunities.

For the threats that cannot be mitigated, the project manager needs to have a robust contingency plan and also a response plan if contingencies do not work.

It is not required to eliminate all the risks of the project due to resource and time constraints. A project manager should review risk throughout the project. Planning for risks is iterative. Qualitative risk, quantitative risk, and risk response planning do not end ones you begin work on the project.

Risk Response Strategies

The choices of response strategies for THREATS include:

AVOID: Focus on eliminating the cause and thus, eliminating the threat.

MITIGATE: There are certain risks that cannot be eliminated. However, their impact can be reduced. This is termed as mitigation of risks.

TRANSFER: Transfer the risk to some other party. Insurance purchases, warranties, guarantees, etc are examples of risk transfers

The choices of response strategies for OPPORTUNITIES include:

EXPLOIT: Add work or change the project to make sure the opportunity occurs

ENHANCE: Increase the probability and positive impact of risk events

SHARE: Allocate ownership of opportunity to a third-party

A response strategy for BOTH threats and opportunities:

ACCEPT: Passive acceptance leaves action to be determined as needed, in case of a risk event. Active acceptance may involve contingency plans to be implemented if the risk occurs and allocation of time and cost reserves to the project. A decision to accept risk must be communicated to stakeholders.

Whenever the project manager is responding to threats or opportunities:

• Execution of strategies must be time-bound

• Effort selected must be appropriate to the severity of the risk

• A single response can be an act of multiple risk events

• A strategy can be selected not only by the project manager but also by the team, the stakeholders and experts

Outputs Of Plan Risk Responses

Risk register, project management plans and project documents need to be updated as outputs of Plan Risk Responses.

Project Management Plan Updates

Project Management Plan can be updated by new work activities/packages that could be added, removed, or assigned to different resources, thus, making planning an iterative process.

Risk Register Updates

• Residual Risks: There are risks that remain after completion of risk response planning. Residual risks are those risks that are accepted and contingency plans are developed.

• Contingency plans: They describe the specific actions that can be taken if the specific opportunity or threats occur.

• Risk response owners: Risks can be assigned to individuals who can develop risk responses and also who will implement risk responses if those opportunities or threats occur.

• Secondary Risks: These are those risks which may be created due to the implementation of current risk responses

• Risk triggers: The events that trigger the contingency response are risk triggers

• Contracts: The contracts issued to deal with risks should be noted in the risk register.

• Fall back plans: Specific actions that are taken if contingency plans (or risk response plans) are not effective

• Reserves (contingency): Reserves are necessary for both time and cost risk

Monitor And Control Risks

The list of actions involved in monitoring and controlling risks are:

• Determine the occurrences of risk triggers

• Identify and monitor residual risks

• Keep risk identification, analysis and monitoring an iterative process in the project

• Evaluate the effectiveness of risk response plan

• Risk status should be collected and communicated

• Monitor the rigor of risk management procedures

• Identify if additional risk responses need to be determined

• Recommend corrective actions

• Look for unexpected effects or consequences

• Update risk management and risk response plans

• Perform variance and trend analysis

• Use contingency reserves and adjust for approved changes

WORKAROUNDS: These are unplanned responses developed to deal with the occurrence of unanticipated events or problems on a project.

RISK REASSESSMENTS: The process of periodically reviewing the risk management plan and risk register and adjust the documentation as required is termed as risk reassessment.

RISK AUDITS: Risk audits helps the project manager prove that all the risks are identified, a plan of mitigation for each major risk is available and risk response owners are prepared to take action.

RESERVE ANALYSIS: While the work is being done, reserve analysis is simply checking to see how much reserve remains and how much might be needed.

STATUS MEETINGS: Risks should be a major point of discussion in all team (project status) meetings

Outputs Of Monitor And Control Risks

The outputs are:

• Risk register updates

• Change requests, recommended preventive and corrective actions

• Project management plan updates

• Project document updates

• Organizational process assets updates