introduction
Plan Risk Responses is the process of developing options and actions to enhance opportunities and to reduce threats to project objectives.
The key benefit of this process is that it addresses the risks by their priority, inserting resources and activities into the budget, schedule and project management plan as needed
Concepts
Plan Risk Response :
- involve figure out “what we are going to do with each top risk
Secondary Risk :
- generated as outcome of risk response plan of another risk , secondary risk is a new risk created as a result of the risk response strategies chosen
Residual Risk :
- risk that could NOT be eliminated (threat), or could NOT be exploit (opportunity ),>> it should be accepted
- remaining risks that you decide not to do something about (accepted ) should be documented and revisited later.
Risk Owner :
- individual who is responsible for watching risk and implementing pre-planned response , The risk owner should be looking for triggers and implementing the risk response strategy.
after plan risk response :
- Risk owners are the ones to take action when an identified risk occurs. And the responsibility of the project manager is to look for unexpected impacts of implemented risk responses.
Risk Auditor
- could investigate efficiency of risk owner , which could lead to conflict between both
Workaround :
- if project deviate away from baseline , then project manager take action to come back in line
Strategies for Negative Risk (Threat)
Strategies for Negative Risk (Threat)
Avoid :
- include change PM plan to eliminate impact of risk , like extend schedule , add cost , reduce scope , or even shutdown project entirely (for high priority risk , high impact )
Mitigate :
- team try to reduce risk probability and reduce risk impact to be within risk threshold (for high priority risk , high impact )
Transfer(deflect) :
- give third party risk responsibility ,transfer mainly related to financial like insurance (for high priority risk , high impact )
Accept :
- team will NOT take any action until risk occur (using contingency reserve), (for low priority risk , low impact )
Strategies for Positive Risk (Opportunity )
Strategies for Positive Risk (Opportunity )
Exploit :
- work to make sure risk will happened
Enhance :
- increase impact and probability of opportunity
Share :
- equal transfer in threat response , like partnership
Accept:
- do nothing .
Response Actions
please see below the repose action
Guidelines
please see some guides below risk response
- Risk responses may include changes to the project schedule, cost, quality, human resource, and procurement plans. The WBS, and time and cost baselines may also be impacted by risk response plans. >> Therefore, project management plan updates are outputs of the Plan Risk Responses process
- A risk with a low consequence is generally not worth the money to insure against it or to reduce the consequence, so just put it in watch list
- The risk response plan is a living document that will be changed and updated over the life of the project. So if risk owner notify project manager that risk has NOT been occurred , the project manager should update risk response plan
- Management reserves address unknown unknowns and are managed by senior management
- Contingency reserves address known unknowns and are managed by the project manager.
- Any time a risk’s impact is greater than planned, additional risk responses are developed and documented
Process Inputs - Techniques - Outputs
Inputs
- risk management plan
- risk register
Techniques
- strategies for negative risk (threat)
- strategies for positive risk (opportunities)
- contingent response strategies
- expert judgment
Outputs
- update PM plan
- update Project documents
Process Inputs
Plan Risk Responses: Outputs
Project Management Plan
The project management plan contains the component management plans from the various knowledge areas and the baselines for the main three constraints of scope, schedule and cost.
- Resource management–once the risk responses in this process are agreed upon, how will resources, both physical and human resources, to allocated to implement them?
- Risk management plan–the roles and responsibilities for risk management, as well as the thresholds for risk management, are set out in the risk management plan. The thresholds are important for the “escalate” response to a given risk, as we will see when we discuss the tools and techniques of this process.
- Cost baseline–the cost of risk responses will come from the “contingency fund”, and this needs to be allocated from the budget
Project Documents
- Lessons learned register–lessons learned about effective risk responses used in earlier phases of the project are reviewed to determine if similar responses might be useful during the remainder of the project.
- Project schedule–once the risk responses in this process are agreed upon, how will they be scheduled alongside other project activities? Will risk response activities get added to the WBS but in a different color to show that they are only done if the risk is triggered?
- Project team assignments–who are the people that are assigned as risk owners who will carry out the risk responses?
- Resource calendars–what resources (both physical and human) can potentially be available to be allocated to risk responses that have been agreed upon?
- Risk register–for the individual project risks that have identified:
- which risks require risk responses (those that don’t are put on the so-called “watch list”)
- priority level for each risk to help guide the selection of risk responses
- nominated risk owner for each risk
- preliminary risk responses if identified during previous risk management processes
- root causes of risks
- risk triggers and warnings signs
- risks requiring responses in the near term (urgent risks)
- risks requiring additional analysis
- Risk report–should list the following:
- current level of risk exposure of the project
- individual project risks in priority order
- additional analysis of individual project risks that may inform risk response selection
- Stakeholder register–may identify potential owners for risk responses.
Enterprise Environmental Factors
- Risk appetite and risk thresholds of key stakeholders.
Organizational Process Assets
- Templates for risk management plan, risk register and risk report.
- Historical databases
- Lessons learned register from previous similar projects.
Process Techniques
Strategies for Threats (Negative Risks)
- discussed above
Strategies for Opportunities (Positive Risks)
- discussed above
Contingent Response Strategies
- Certain risk responses are implemented only if certain events occur. A risk response can be implemented in this
Strategies for Overall Project Risk
- As you may recall from previous posts, Qualitative Risk Analysis focuses on individual project risks, but in projects of sufficient size and/or complexity, Quantitative Risk Analysis may calculate the overall project risk taken by summing the product of probability times potential impact for all of the individual project risks.
- Risk responses should be planned for individual project risks (
Data Analysis
- Alternatives analysis–if there is more than one risk response strategy identified to deal with individual project risks, alternatives analysis can help choose the most appropriate option.
- Cost-benefit analysis–if the impact of an individual project risk can be quantified in monetary terms using Earned Monetary Value (equal to the estimated probability of the risk occurring times the dollar amount of the potential impact on the objectives if the risk occurs), then the cost-effectiveness of alternative risk response strategies can be determined using cost-benefit analysis. The effectiveness of the risk response strategy can be measured by the ratio of the change in impact level measured by EMV divided by the cost of the implementation of the risk response strategy.
Process - Outputs
Project Document Updates
- Assumption log–if during the plan risk response process, new assumptions are uncovered, or new constraints identified, the assumption log is updated to include them.
- Cost forecasts–planned risk responses may require changes in the cost forecasts because the contingency reserve needed to fund those responses needs to be taken into account
- Lessons learned register–the lessons learned register is updated with information about risk responses that may be useful for later phases of the project.
- Project schedule–activities relating to agreed-upon risk responses may be added to the project schedule
- Project team assignments–the necessary resources need to be allocated to the risk responses, including personnel (usually within the project team) to implement the agreed-upon action. The project team assignments are updated to these new roles related to the risk responses.
- Risk register–to the risks identified and analyzed in earlier processes, the following information is added as a result of this process:
- Agreed-upon risk responses strategies
- Specific actions to implement the chosen response strategy
- Trigger conditions, symptoms, and warning signs of a risk occurrence (for contingent risk responses), along with contingency plans if the risk is triggered
- Budget and schedule activities required to implement the chosen risk responses
- Fallback plans when the primary response proves to be inadequate
- Secondary risks that arise as a direct outcome of implementing a risk response
- Residual risks that are expected to remain after planned responses have been taken
- Risk report–in the case of high-priority risks, presentation of agreed-upon risk responses and a list of current project risk owners, together with the expected changes that may be expected as a result of implementing these risk responses.