HOME Software Testing Data Mining and Warehousing |
Risk response strategies are created with regard for the specific results of the risk assessment conducted, and they pro vide a means to reduce or eliminate the potential occurrence and impact of a project risk event. That is to say, having identified the potential for project risks, this activity provides for consideration of actions that can be subsequently applied in response to those risk events. Leaving identified high-value or otherwise significant risk events unattended is simply an indication of questionable management. Project risk assessment should be performed initially during planning and then at relevant intervals throughout the project to ascertain potential project risk impacts, with the intent to either remove the risk threat or to plan actions in the case of risk event occurrence. Conceptually … This practice provides the project manager, project team, and other stakeholders with a means to respond to risk events having potential adverse impacts on the project effort. The purpose of this practice is to provide the project manager and risk managers participating in the project team with guidance for developing viable responses to identified project risks. Risk Response Strategy Preparation is normally done during Project Planning (Plan Phase). However, this practice should be applied throughout the project as a part of the ongoing risk assessment effort. Risk response strategy preparation is characterized by three primary activities: Identify risk response strategies.
These activities are described here... Risk Response Strategies—How to Identify Risk Response Strategies are developed and applied to reduce or eliminate the probability of occurrence of a risk event or risk impact. There are four basic types of risk response strategies that are generally accepted across most industries. The project manager and project team should examine these strategies to determine which can be used to address identified project risks. Risk Avoidance--This response strategy provides for moving the potential risk away from the project, usually by removing the catalyst or perceived cause of the risk event. It changes the conditions of occurrence and impact so that the risk event does not affect the project. Some risk avoidance maneuvers include the following: Reorganize facets of the project to eliminate the risk, e.g., adjust the project team structure, realign the project team schedule and assignments, and realign or reschedule project work elements and associated task relationships. Negotiate or otherwise collaborate with the customer or vendor/contractor/supplier to remove any significant risk-bearing project requirements. Decline bidding on the project opportunity or on a portion of the project opportunity when the assessed risk exceeds acceptable levels, and other risk response strategies won’t adequately contain such risk. Applying this type of strategy should result in the removal of the potential occurrence of an identified risk event from the project. Risk Transfer --This response strategy provides for transferring all or part of the risk impact to another participant outside the organization. The probability of occurrence is not necessarily reduced or eliminated, but the risk consequences or impacts within the organization are minimized. Some risk transfer strategies include the following: Determine which project work elements can be outsourced, and contract that work to qualified vendors and contractors or to professionals and specialists who have relevant expertise (and associated low-risk outcomes) in performing such work. Examine and transfer areas of project work that the customer can perform at a lower risk potential than can be done by the performing organization. Obtain insurance that provides financial cost coverage for an occurrence of the risk event to recoup funds that enable repeating an "incomplete" work effort, to bear loss of revenue due to an "impacted" project work effort, or to fund a project recovery effort. Applying this type of strategy should result in the transfer of impact of an identified risk event to an entity outside the performing organization. Risk Mitigation --This response strategy is used to minimize the impact of a risk event by taking action to reduce the risk probability or the risk impact, or both. Some risk mitigation strategies include the following: Closely track and control the project cost, schedule, and resource utilization for work elements associated with the identified risk event. Prepare and communicate relevant risk response plans that specify the actions to be taken in situations of actual risk event occurrence, usually with response actions directed at specific risk events-that is, if this risk event happens, we will take this action. Closely manage the technical work performance of project work elements associated with potentially high-value risk events. Develop realistic staffing plans and establish firm and reliable resource utilization commitments, particularly for project work elements shown to be at risk. Be proactive in negotiating and implementing project changes to minimize impact or probability of risk events, which is best done immediately following risk identification. Introduce a management reserve or contingency fund that can be accessed in response to risk events that cause cost overruns. Applying this type of strategy should result in the reduced probability of risk event occurrence or in a reduction of the adverse impact on the project in the event of risk occurrence. Risk Acceptance--This response strategy represents management's awareness of the identified risk event and further indicates a willingness by management to accept the consequences of impact in the event of risk occurrence. Some risk acceptance response strategies include the following: Examine the conditions (usually low-probability, low-impact conditions) of an identified project risk event, and formalize and convey to relevant participants the decision to take no risk response actions. Accept a risk event by preparing a contingency plan to specify required actions to be taken in the event of risk occurrence-that is, a response is provided after occurrence, not before. Applying this type of strategy will normally result in delaying any risk response until after the risk event actually occurs. It represents taking a chance on non occurrence, but this gamble may be acceptable when either the probability of risk occurrence or the risk event impact is minimal. These risk response strategies should be reviewed as a part of risk management and applied in a timely manner to risks having a high likelihood of occurrence or a significant adverse impact on the project. In particular, it should be noted that risk acceptance becomes the default strategy for all potential risk events on the project when prescribed project risk assessments are deferred or otherwise not performed. Implement Risk Response Strategies This practice prescribes that response strategies be provided for all risk events that are considered to be high on the project risk prioritization list. Also, moderate and lower risk events should be addressed whenever possible and usually as time permits. The project manager and project team members conducting the risk assessment will have to determine the appropriate response strategy for each identified risk event. This means reviewing each identified risk to ascertain assignment of a viable response strategy. In some cases, more than one risk response strategy can be considered for use. Also, response strategy selection decisions should include sufficient detail about how the strategy will be implemented, when it will be implemented, and who will be responsible for the implementation. This warrants the consideration of two prominent types of risk response strategies that can be implemented consistently with preferred risk management practices. Preventive Risk Response Strategies Preventive strategies are those selected and positioned to be proactive in reducing or eliminating the probability or impact of a risk event. These strategies prescribe actions that are to be taken in advance of any risk event occurrence. Preventive strategies are characterized by the fact that risk response actions can and should be entered into the work breakdown structure (WBS) as specific work elements. That is to say, the risk response action is included as a work element in the project work plan specifically for the purpose of reducing or eliminating the probability or impact of a specifically identified risk event. As a work element, it also includes the specification of the resources needed to implement the response strategy along with the assignment of responsible individuals to perform the action. Preventive risk response strategy implementation is a preferred approach for resolving known risk events when it can be applied. Reactive Risk Response Strategies Reactive strategies are those selected and positioned in the event of risk occurrence. These strategies prescribe actions that are to be taken after a risk event occurs. Reactive strategies are characterized by the specification of response activities that are held in abeyance until a risk event occurs. Associated risk response actions necessarily have to be planned and prepared in advance of risk event occurrence, but they are not implemented until the occurrence of the particular risk event. Reactive risk response strategies are normally documented in the risk management plan for future reference and implementation if the risk occurs. Reactive strategies can also be tied to milestones that are included in the project work plan as a means to trigger strategy review and implementation if a particular risk event occurs. Assess Risk Response Strategies The final step in implementing risk response strategies is to assess the strategies put forth as part of project risk management. There are two aspects of assessment to consider. One occurs when a risk response strategy is formulated. The second occurs when the strategy is implemented. Assess Strategy Formulation The solutions that result when responding to some risks can sometimes create new risks, so each new strategy should be examined for that potential. The project team should examine the selected strategies to determine whether they have created additional risk. In some cases, this can be an intuitive effort; in others, a further detailed analysis (assessment) of risk is necessary. Additional risk caused by strategy formulation can be minimized by considering the following examination of each new risk response strategy: What will this risk response strategy accomplish if implemented? What is the scope of influence across project work plan work elements if this response is implemented? Cost influence; Schedule influence; Resource utilization influence As per the scope of influence identified, does any new risk event emerge relative to work plan work elements? Does this risk response strategy change or influence any guidance or procedures contained in project-planning documents? The selected risk response strategies should be introduced when there is high certainty that the result of implementation won’t only lower the probability of occurrence or the impact of any identified risk event but will also not result in creating any additional risk events of significance. This examination can also aid in deliberation when there is a need to select a risk response strategy from among two or more response alternatives. Assess Strategy Implementation From time to time, a risk event will occur to prompt the implementation of a reactive risk response strategy as may be contained in the project risk management plan. Similarly, the incorporation of preventive risk response strategies in the project work plan will provide for "scheduled" implementation of response strategies. The results produced from such strategy implementations should be examined and documented for both near-term and future use. Implemented risk strategies should be immediately examined for effectiveness in reducing the probability or impact of the risk events with which they are associated. If necessary, strategy adjustments or new strategies can be applied for those found to be weak or ineffective. Implemented risk strategies should also be examined for effectiveness relative to further use or use on other projects in the organization. This examination is often a part of risk management plan closeout activities and provides a recorded description of strategy use for future reference across future projects. |
Top of Page | More PM Articles | Prev.: Project Risk Assessment (Intro) | Next: Development of a Risk Management Plan | Info-Source.us |