Plan Risk Responses - Project Management

Overview

The Plan Risk Responses process involves determining how to address each top-ranked risk in a project. Using the risk register, which includes analyzed and prioritized risks, project managers evaluate response strategies through methods like alternatives analysis and cost-benefit analysis. A contingency reserve, part of the cost baseline, is allocated to manage these risks.

Responses for Top Risks

For each top risk, consider one or a combination of the following strategies:

Eliminate Threats: Take actions to prevent threats before they occur.
Ensure Opportunities: Implement measures to guarantee opportunities happen.
Decrease Threat Impact/Probability: Reduce the likelihood or severity of threats.
Increase Opportunity Impact/Probability: Enhance the likelihood or benefits of opportunities.

For example, if a team member’s availability is a risk, consider replacing them with another resource. If a work package poses significant risk, options include changing the deliverable, quality requirements, or scope.

Responses for Residual Risks

Residual risks are those that cannot be fully anticipated or planned for. Strategies include:

Contingency Plans: Measurable actions to take if a risk occurs.
Fallback Plans: Backup actions if contingency plans fail or are partially effective.

Residual risks are assigned to risk owners, who are responsible for implementing responses.

Risk Response Strategies

Avoid: Eliminate the threat by removing its cause, e.g., changing a work package or team member.
Mitigate: Reduce the probability or impact of a threat.
Transfer: Shift the risk to a third party, e.g., through insurance or outsourcing.
Escalate: Pass the risk to a higher authority if it’s beyond the project scope.
Accept: Acknowledge the risk and prepare contingency or fallback plans if it occurs.

Exploit: Add work or change the project to ensure the opportunity occurs.
Enhance: Increase the likelihood or impact of the opportunity.
Share: Allocate ownership to a third party best suited to capture the opportunity.
Escalate: Escalate to a higher level if outside project scope.
Accept: Acknowledge and plan for the opportunity if it occurs.

Artifacts of Plan Risk Responses

Planning risk responses may update the following project artifacts:

Risk register
Assumptions log
Cost forecasts
Lessons learned register
Project schedule
Project team assignments
Change requests
Stakeholder engagement strategy
Quality metrics
Risk report
Communications management plan

Risk Register Updates

The risk register is updated with:

Residual Risks: Documented and reviewed throughout the project.
Contingency Plans: Specific actions for when risks occur.
Fallback Plans: Actions if contingency plans fail.
Risk Owners: Individuals responsible for managing specific risks.
Secondary Risks: New risks created by response plans.
Risk Triggers: Events that signal when to act on a risk.
Contracts: Terms to mitigate threats or enhance opportunities.
Reserves: Contingency and management reserves for time and cost.

Agile Risk Responses

In agile environments, risk responses involve:

Risk-Adjusted Backlog: Prioritizing features and risk responses.
Risk Response Stories: Tasks to address risks in iterations.
Updates to Plans: Adjusting iteration and release plans.
Set-Based Design: Exploring multiple design options early to reduce risks.

Quick Quiz

Test your understanding with these key questions:

What do you do with noncritical risks? Document them in a watch list and revisit periodically.
Can you choose only one risk response strategy? No, you can combine strategies for a risk or the project.
What risk management activities occur during execution? Monitor watch-listed risks, identify new risks, and implement contingency plans.
What’s the most important item in team meetings? Risk.
How are risks addressed in meetings? Discuss status, new risks, and changes in risk priority.