Please Share Feedback


Questions, comments, suggestions? Let us know what you think on our Forum.

To contact us privately, please use our contact form.

Author: Elyse, PMP, CPHIMS
February 20, 2007


Risk response planning is the process of developing options to minimize threats and maximize opportunities. The risk response should be inline with the significance of the risk, cost-effective, and realistic. Normally a collaborative discussion needs to occur to assure the best option is the response. In order to begin risk response planning, you need the following inputs to the process:


  • Risk Management Plan – The risk management plan contains key components which will help to yield response options. Roles and Responsibilities from the Risk Management Plan define who as the authority to act and who can be an owner of a risk. Risk Analysis Definitions clearly relate the definition of risk ratings for probability, impact, and urgency. Risk Thresholds relate the stakeholders’ tolerance of high, moderate, and low risks. Normally clearly defined thresholds specific to time, cost, and resource amounts are given. Timing and schedules which detail the frequency and activities are also related as a part of the risk management plan.

  • Risk Register – The risk register contains the resulting risks from the identification, qualitative analysis, and quantitative analysis. The components used are the priority list of Project Risks, list of near and long-term risks, trends in qualitative risk analysis, categorized risks, and a watch list of low priority risks.


The strategies for handling risk comprise of two main types: negative risks, and positive risks. The goal of the plan is to minimize threats and maximize opportunities.

  • Response Strategies for Threats (Negative Risks) – When dealing with threats, there are three main response strategies – Avoid, Transfer, Mitigate (ATM)

    • Avoid – Risk avoidance involves changing the project plan to remove the threat to the project plan. This can be done by changing or reducing the scope of the project.

    • Transfer – Risk transference involves shifting the impact of a risk event and the ownership of the risk response to a third party. This strategy is common with a financial risk exposure and involves payment of a risk premium to the party assuming the risk.

    • Mitigate – Risk Mitigation reduces the probability or impact of a potential risk even to a more acceptable level. This included reducing the consequences of the risk. Mitigation could involve adopting a less complicated process, conducting additional test on the product, designing redundancy into a system, and designing a quality control or reconciliation.

  • Response Strategies for Opportunities (Positive Risks) – When dealing with opportunities, there are three main response strategies – Share, Enhance, Exploit (SEE)

    • Share – Risk sharing involves sharing responsibility and accountability with another to enable the team the best chance of seizing the opportunity.

    • Enhance – Risk enhancement increases the probability an opportunity will occur by focusing on the trigger conditions of the opportunity and optimizing the chances.

    • Exploit – Risk exploitation is used on opportunities when the organization wishes to assure the opportunity is realized. Commonly used by hiring the best experts or assuring the most technologically advanced resources are available to the project team.

  • Response Strategies for Both Threats and Opportunities – Risk acceptance is any decision not to change to deal with a risk. Risk acceptance is either passively accepted by doing nothing or actively by establishing a contingency reserve.

  • Contingent Response Strategy – A risk contingency is used only when a risk is realized or impacting. A response plan is commonly executed when a condition or trigger event occurs. For example missing an intermediate milestone.


Risk Response Planning is the most important risk management process. It places a plan in play of how to deal with risk. The outputs of Risk Response Planning are:

  • Risk Register (updates) – Risk Register updates of the appropriate risk response.

  • Project Management Plan (updates) – Project Management Plan updates occur as response actions are added after being processed though integrated change control.

  • Risk-Related Contractual Agreements – Risk related contractual agreements for insurance, partnerships and services will generate language specifying each party’s responsibilities.


Subscribe and Share!

Did you enjoy this article? Your feedback is very important! I'd like to invite you to keep up to date with the latest posts from Anticlue. We offer several venues. If you have some questions, help can be found here.
 

0 Comments to “Risk Response Planning”


« Quantitative Risk Management Risk Monitoring and Control »

Please share your thoughts and suggestions