Risk responses
(→identify risks) |
(→Tools for risk responses) |
||
Line 49: | Line 49: | ||
* Creativity tools to identify potential responses, | * Creativity tools to identify potential responses, | ||
* Decision-support tools for determining the optimal potential response. | * Decision-support tools for determining the optimal potential response. | ||
− | * Strategy implementation techniques designed to turn a strategy into action | + | * Strategy implementation techniques designed to turn a strategy into action |
* Tools to transfer control to the Monitor and Control Risks process. | * Tools to transfer control to the Monitor and Control Risks process. | ||
Revision as of 11:47, 15 February 2018
There is a difference in definition of risk and uncertainty, as uncertainty is the absence of information required to make a decision. In order to manage risk and uncertainty it is important to understand four elements of the risk management process of identifying, assess, respond and control of the risk events and their sources. After undergoing the steps of identifying and assess the risks at hand during the project, it is the process of developing a strategic response that enables the proper action for the uncertainty of the outcome, whether the risk poses a threat to the project that has to be mitigated or if it is an opportunity to exploit. This article will give an overview of the planning, strategies and tools for the risk response process, as the project benefits of addressing risks by their priority, inserting resources and activities into the budget, schedule and project management plan as needed [1].
Contents |
Plan risk responses
In order to fully understand risk responses and strategies to deal with threats or turn chances into opportunities, it is vital to be familiar with the concept of risk management. Risk management is the overall response to an event that has an outcome, either positive and in favor of the project or negative thus posing threat to the project objectives such as scope, schedule, cost or quality[1]. Risk has a source, and its origins can be traced to the uncertainty that is present on all projects[1]. We can talk about risks as if the risk event happens, the uncertainty perishes. If the risk was a threat, it becomes an existing problem and if the risk was an opportunity it becomes a benefit. But in order to be able to respond appropriately to the risk at hand the risk source must be known and the probability of an event to happen.
Identify risks
Identifying the risks is generally considered to be the first step in the process of the planning of the risk responses. It is obvious that no action can be taken on a risk that has not been identified. From a stakeholder’s point of view, the identification of risks can be done by stakeholders, contractors, consultants and other representatives of the project but should be explicitly be handled by all project management personnel and project team members, and should be documented as[2]:
- Statement of work (SOW)
- Work breakdown structure (WBS)
- Budget
- Schedule
- Acquisition plan
- Execution plan
The identification process of possible risks is iterative, that is it will repeat itself throughout the whole project lifetime. Few common techniques to gather possible risks could be[3]:
- Historical review: with experience and review of the past, similar organizations and projects risks can be expected and identified with e.g. checklists.
- Current assessment: The current project is analyzed and possible risks are identified based on examination and e.g. assumptions analysis.
- Creativity techniques: methods where the capability of the personnel to think of possible risks with methods like brainstorming of ideas and SWOT analysis.
Risk register
After the identification progress, it is vital to register the risks that have been identified. The risks are put into a document called the risk register. That is a vital baseline for the risk management process. It contains both identified risks and potential responses to that risks. The risk register is a part of the risk identification process and risks must be put forth in a detailed and described manner and will be used in the risk response planning[3].
Assessment
With the risk register taking shape, it is necessary to assess the risks that have been identified in order to evaluate their impact on the project. By assessing the risks it is possible to prioritize them based on their characteristics. Two form of assessments are used to analyze risks[1]:
- Qualitative risk assessment: is used to prioritize the risks identified by combining their probability of occurrence and impact on the project. Risk probability and impact can be assessed in interviews with experts or persons familiar with the risk. Common methods to use to apply on risks to categorize their possible threats is to use the Probability and impact matrix. With the probability and impact matrix it is possible to guide the project management to what extent the risk response and monitoring is appropriate.
- Quantitative risk assessment: is used to numerically estimate the effect of the risk it has on the overall project goals. After prioritizing the risks with qualitative methods, the quantitative risk assessment is made. It can be desirable to make such a numerical estimation of the identified risk to quantify the risk effect of the project[1]. This estimation can be a basis for decision making and response planning such as if the project is feasible to execute, for setting contingency and priorities for risk mitigation[2] . Example of quantitative methods are; e.g. Sensitivity analysis, Expected Monetary Value analysis and Monte Carlo Simulations.
Risk respond strategies
With the risk register documenting all the possible risk that have been identified and assessed, it is appropriate to develop the action of responding to the risks. The management has then to decide, with the range of responses available, what level of risk is acceptable for the project[4]. But whether the risk is a threat or an opportunity it must be considered strategically so that is does not become a problem or a missed benefit. The project manager should be responsible for developing the strategic development of the risk but include the stakeholders for agreement of the response. The Project Management Institute (2013) suggests the following four strategies for the risk responses of threats and opportunities on the project:
For threats | For opportunities |
---|---|
Avoid: Risk can be avoided by eliminating the threat from the project or changing the project management plan so that the project reaches its goals. This could include change of schedule or resources. Even though this is not applicable to every risk situation, because of time consumption or other reasons, it should be considered the first strategic option. | Exploit: It is a strategy to exploit risks that have positive impacts on the project. By eliminating the uncertainty that is associated with the risk the opportunity becomes clear. Example would be exploiting technological options in the benefit of the project. |
Transfer: It is a strategic plan to transfer the risk to a third-party. Finding another party who is willing to take the risk with a payment of a premium. This does not eliminate the risk, but transfers the responsibility and ownership of the risk to someone that is able to handle it effectively. | Share: A risk is shared through a mutual agreement to maximize the benefits of the opportunity in the benefits of the project. Examples would be forming joint ventures or risk-sharing partnerships. It is similar to the transfer of threats where the benefits of a third party is used. |
Mitigate: With early interference of a risk it is possible to lower the risk probability to an acceptable threshold for the project. Taking early action instead of keeping the possibility of the risk. | Enhance: This response is the increasing of the probability, or the impact, of the opportunity at hand and thus maximizing the benefit for the project. |
Acceptance: This strategy is applied when there is no other strategy applicable. No action is taken until the risk occurs. This means that the project team has decided not to change the project management plan since it is not possible to change the impact or is unable to identify another strategy. This can lead to contingency plans being initiated. Accepting an opportunity simply means that the project management is willing to accept the benefit of it without having to pursue it. |
Tools for risk responses
There are four categories of tools and techniques, as follows:
- Creativity tools to identify potential responses,
- Decision-support tools for determining the optimal potential response.
- Strategy implementation techniques designed to turn a strategy into action
- Tools to transfer control to the Monitor and Control Risks process.
Limitations
Further reading
References
- ↑ 1.0 1.1 1.2 1.3 1.4 Project Management Institute (2013) A Guide to the Project Management Body of Knowledge, Fifth Edition.
- ↑ 2.0 2.1 NATIONAL RESEARCH COUNCIL OF THE NATIONAL ACADEMIES. The Owner's Role in Project Risk Management (2005). Washington, D.C.. THE NATIONAL ACADEMIES PRESS
- ↑ 3.0 3.1 Project Management Institute (2009) A Guide to the Project Management Body of Knowledge, Fourth Edition.
- ↑ Hopkin, P. (2013) Risk Management. Publisher: Kogan Page.