Risk Response Planning

Risk Response Planning provides options for reducing threats to project objectives and enhancing opportunities. In this process, the responsibilities for implementing these responses must be assigned and incorporated into the project budgets (cost and time).

The inputs are:

• Risk Management Plan Roles, responsibilities, definitions, budgets, and risk thresholds

• Risk Register Including risk priority, the near-term risks, those that need more analysis, watch list, and trends

Risk Response Planning Inputs

Without the discipline of previous risk management processes, project teams may be tempted to rush into developing responses for risks that are identified but not evaluated and analyzed. Risk responses utilize resources, so these responses should deliver value to the project. Minus an understanding of the causes and impact of each risk, the selected risk responses may not be adequate or may be unnecessary. If Risk Identification is not performed well, some risk events may be missed. When resources are scarce and potential risks are numerous, Quantitative Risk Analysis will ensure that project resources are directed to the most effective risk responses.

Each identified risk that is significant enough to affect project objectives will need at least one risk response. There are several categories of responses. Some are intended to prevent risks, some are intended to protect the project objectives from risk, and some are reactive. These categories are sorted by negative risks or threats, positive risks or opportunities, and both threats and opportunities. The choice of response may also be influenced by other factors, such as the organization's culture, regulations, and industry standards, for example.

Options for dealing with negative risks or threats include:

• Avoid There are many ways to avoid risks:

  • Change the project plan to eliminate the risk

  • Change the project plan to protect the project objectives from its impact

  • Relax the project objective(s) that are at risk

  • Change the project plan (scope) by clarifying requirements

  • Improve performance through better communication and acquiring expertise and information

• Transfer Shift the consequence of a risk and ownership of the response to a third party. Insurance policies and outsourcing are examples of transference. This option is commonly used if the risk is too great or if outside experts are needed to manage the risk.

• Mitigate Reduce the probability and/or consequences of an adverse risk event to an acceptable threshold. Some of the activities for mitigation may end up on the project schedule and as such can cause a change to the original project schedule and project budget. This is one reason why it is a good idea to start the risk management processes early.

Options for dealing with positive risks or threats include:

• Exploit Directly exploit risks with positive impacts to take advantage of an opportunity for improved project performance.

• Share Allocate ownership of the risk to a third party more capable of capturing the positive risk or opportunity. Incentives are built into the partnership to encourage this.

• Enhance Identify and maximize key drivers for opportunities, thereby strengthening the impact or increasing the probability of the positive risk event.

Strategies for both threats and opportunities include:

• Accept Do nothing; used when there is no possibility of elimination or when the costs are prohibitive.

• Contingency Do nothing until certain predetermined conditions (risk triggers) are met. Contingency plans are created in advance and activated when these conditions are met.

The best answer is A. Contingency and Accept are for both positive and negative risk events and should be considered in addition to the negative risk responses.

Risk Response Planning Outputs

Again, the updated Risk Register and the updated Risk Management Plan are the primary outputs for this Risk Management Process. The level of detail in the register should be appropriate for the risk priority and the risk responses that have been approved and selected.

The components of the Risk Register are:

• Identified risks

• Risk owners

• Outputs from Qualitative and Quantitative Analyses

• Approved response strategies

• Budget and schedule activities

• Contingency reserves

• Contingency plans and triggers

• Secondary risks

• Project Management Plan updates

• Risk response activities

• Risk Related Contractual Agreement

The correct answer is false. Adding items to the project plan may not change the project costs or scheduled completion date if the mitigation activity is a modification of something that is already planned, such as contacting the vendor in the example in Table 15-5 to check on the status of the order by phone on a weekly or daily basis and asking for verification of progress.