By now you would have realized that there is a lot of planning required in the Risk Management knowledge area. If not, here’s another process for you,
Plan Risk Responses is the last process in the planning process group. We have already covered the previous processes and just by reading their names you would recognize the need for this one. After all the identification of risks and analyzing them qualitatively as well as quantitatively you would want to figure out what you would be doing if a risk actually materializes. For instance,
- Is there some planning you can do early on in the project to avoid the risk?
- Can you keep some reserve funds to address the risks if it were to materialize?
- Is there a way to transfer the risk, maybe some kind of insurance?
Whichever way you go in dealing with the risks, you will be documenting it in the risk register. You will be doing this for each risk.
An important point to note here is that when a risk materializes and you implement a risk response, you are most likely making a change. It thus pays to have your Change Control Board agree to your risk responses in the risk register
At this point in the Plan Risk Responses process, it is important to introduce the strategies for handling risks.
Here are the four ways to handle negative risks,
- Avoid – In other words, duck away. Can you prevent the risk from materializing? For example, if there is a risk that the project won’t be complete by the target end date, can you simply extend the timelines?
- Mitigate – This is where you create your ‘Plan B’. If the risk does materialize what would you do? For example, if there is a risk that the project won’t be complete by the target end date due to an extra functionality being requested by the customer, can you target that for the next project?
- Transfer – Think through, can someone else own your risk? That is what insurance does. So, how about you involve a third party vendor to work on the extra functionality if they are able to meet the deadline?
- Accept – This is where you know that there is a risk and you choose to accept it. You already know that driving fast is dangerous but if you still do it you are accepting the risk. Note that this does not mean that you cannot have a workaround when the risk occurs
- Escalate – Escalating a risk typically helps when the risk is not in your project’s scope. In this case, you will have to reach out to someone outside your project for an appropriate response
By the way, what if you are lucky and have positive risks or opportunities. How do you handle them? Here’s how,
- Exploit – Do all you can to make sure the positive risk materializes. For example, if you can save money by procuring from a different city but it might take some more time, how about placing the order earlier to stay on time as well as save procurement cost
- Share – Just like you ‘transfer’ a negative risk, you can try and get a third party vendor who can help increase your chances of materializing the opportunity. For instance, in the procurement example, can you pass on some of the saved cost to the customer and ask for more time to complete procurement?
- Enhance – It is important to understand the concept of Risk Trigger here. Risk Trigger is basically a warning sign that a risk is coming. Similarly, positive risks may also have triggers. Enhance is where you try to influence its triggers and make the opportunity more probable. When you tell your vendor that you have several projects in the pipeline and they can become your preferred vendor, you are enhancing the possibility of getting a better rate
- Accept – Just like negative risks, a positive risk materializing is like an opportunity knocking the door. Accept it. For example, your vendor offers you a 10% loyalty discount
- Escalate – This is where you find an opportunity that, beyond the scope of your project, could benefit the entire company. In this case, you will escalate the opportunity to people that can take advantage of it
These strategies for positive and negative risks are actually the tools and techniques of the Plan Risk Responses process. Meanwhile inputs and outputs are something you are already aware of
Check more articles on Risk Management