February 20, 2007
Risk Response Planning
Risk response planning is the process of developing options to minimize threats and maximize opportunities. The risk response should be inline with the significance of the risk, cost-effective, and realistic. Normally a collaborative discussion needs to occur to assure the best option is the response. In order to begin risk response planning, you need the following inputs to the process:
- Risk Management Plan – The risk management plan contains key components which will help to yield response options. Roles and Responsibilities from the Risk Management Plan define who as the authority to act and who can be an owner of a risk. Risk Analysis Definitions clearly relate the definition of risk ratings for probability, impact, and urgency. Risk Thresholds relate the stakeholders’ tolerance of high, moderate, and low risks. Normally clearly defined thresholds specific to time, cost, and resource amounts are given. Timing and schedules which detail the frequency and activities are also related as a part of the risk management plan.
- Risk Register – The risk register contains the resulting risks from the identification, qualitative analysis, and quantitative analysis. The components used are the priority list of Project Risks, list of near and long-term risks, trends in qualitative risk analysis, categorized risks, and a watch list of low priority risks.
The strategies for handling risk comprise of two main types: negative risks, and positive risks. The goal of the plan is to minimize threats and maximize opportunities.
- Response Strategies for Threats (Negative Risks) – When dealing with threats, there are three main response strategies – Avoid, Transfer, Mitigate (ATM)
- Avoid – Risk avoidance involves changing the project plan to remove the threat to the project plan. This can be done by changing or reducing the scope of the project.
- Transfer – Risk transference involves shifting the impact of a risk event and the ownership of the risk response to a third party. This strategy is common with a financial risk exposure and involves payment of a risk premium to the party assuming the risk.
- Mitigate – Risk Mitigation reduces the probability or impact of a potential risk even to a more acceptable level. This included reducing the consequences of the risk. Mitigation could involve adopting a less complicated process, conducting additional test on the product, designing redundancy into a system, and designing a quality control or reconciliation.
- Response Strategies for Opportunities (Positive Risks) – When dealing with opportunities, there are three main response strategies – Share, Enhance, Exploit (SEE)
- Share – Risk sharing involves sharing responsibility and accountability with another to enable the team the best chance of seizing the opportunity.
- Enhance – Risk enhancement increases the probability an opportunity will occur by focusing on the trigger conditions of the opportunity and optimizing the chances.
- Exploit – Risk exploitation is used on opportunities when the organization wishes to assure the opportunity is realized. Commonly used by hiring the best experts or assuring the most technologically advanced resources are available to the project team.
- Response Strategies for Both Threats and Opportunities – Risk acceptance is any decision not to change to deal with a risk. Risk acceptance is either passively accepted by doing nothing or actively by establishing a contingency reserve.
- Contingent Response Strategy – A risk contingency is used only when a risk is realized or impacting. A response plan is commonly executed when a condition or trigger event occurs. For example missing an intermediate milestone.
Risk Response Planning is the most important risk management process. It places a plan in play of how to deal with risk. The outputs of Risk Response Planning are:
- Risk Register (updates) – Risk Register updates of the appropriate risk response.
- Project Management Plan (updates) – Project Management Plan updates occur as response actions are added after being processed though integrated change control.
- Risk-Related Contractual Agreements – Risk related contractual agreements for insurance, partnerships and services will generate language specifying each party’s responsibilities.
Posted by Elyse at February 20, 2007 6:36 AM
Comments
Post a comment
Did you miss?
IT Governance, the decisions needs by whom
Finally passed the test
Managing in light of McGregor's Theory X and Theory Y
CMMI
Kicking HIT Leadership Up a Notch
That's just some mumbo jumbo project management BS
Outcomes - The tactic to get to the strategy
Nurse Call, VOIP, and Wi-Fi: Its just cool when things come together!
Finally passed the test
Managing in light of McGregor's Theory X and Theory Y
CMMI
Kicking HIT Leadership Up a Notch
That's just some mumbo jumbo project management BS
Outcomes - The tactic to get to the strategy
Nurse Call, VOIP, and Wi-Fi: Its just cool when things come together!
Archives
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
August 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
November 2005
October 2005
September 2005
August 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
August 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
November 2005
October 2005
September 2005
August 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
Blogs
Cafe au Lait
Joel on Software
David Ross
Edward Prevost
Martin Fowler
The Health Care Blog
The Tales of Hoffman
The Business Word
Medical Rants
Christina's Considerations
Paul Levy
HIS Talk
Appropriate IT
Candid CIO
Joel on Software
David Ross
Edward Prevost
Martin Fowler
The Health Care Blog
The Tales of Hoffman
The Business Word
Medical Rants
Christina's Considerations
Paul Levy
HIS Talk
Appropriate IT
Candid CIO
Subscribe
RSS feed
© Copyright 2003 - 2007 Elyse Nielsen