The purpose of risk analysis and assessment is to determine what opportunities and threats should be addressed. It is not feasible or advisable to respond to each and every threat or opportunity identified because avoiding all threats or chasing after every opportunity requires resources to be diverted away from the real project work. Therefore, the risk strategy or response to a particular risk depends on:
• The nature of the risk itself— Is this really a threat to or opportunity for the project? How will the project be affected? At what points during the project life cycle will the project be affected? What are the triggers that would determine if a particular risk is occurring? Why should the risk be taken?
• The impact of the risk on the project's MOV and objectives — A risk has a probability and an impact on the project if it occurs. What is the likelihood of this occurring? And if this risk occurs, how will the project be affected? What can be gained? What could be lost? What are the chances of success or failure?
• The project s constraints in terms of scope, schedule, budget, and quality requirements — Can a response to a particular threat or opportunity be made within the available resources and constraints of the project? Will additional
resources be made available if a particular risk occurs? Can certain contractual obligations be waived or modified? What will happen if the desired result is not achieved?
• Risk tolerances or preferences of the various project stakeholders—Is a risk for one stakeholder a risk for another? How much risk is each stakeholder willing to tolerate? How committed is each stakeholder to the risk manage ment process? Is the potential reward worth the effort?
A response to a particular risk may follow one of the following strategies:
• Accept or Ignore—Choosing to accept or ignore a particular risk is a more passive approach to risk response. The project stakeholders can either be hopeful that the risk will not occur or just not worry about it unless it does. This can make sense for risks that have a low probability of occurring or a low impact. However, reserves and contingency plans can be active approaches for risks that may have a low probability of occurring but with a high impact.
Management Reserves—These are reserves that are controlled and released by senior management at its discretion. These reserves are not usually included in the project's budget, but provide a cushion for dealing with the unexpected. * Contingency Reserves—A contingency reserve is usually controlled and released within specific guidelines by the project manager when a particular risk occurs. This reserve is usually included in the project's budget. Contingency plans—Sometimes called an alternative plan, or Plan B, this plan can be initiated in the event a particular risk occurs. Although these types of plans are viewed as plans of last resort, they can be useful in a variety of ways. For example, a project team should have a disaster recovery plan in place should a natural disaster, such as a hurricane or earthquake, occur. This plan may have procedures and processes in place that would allow the project team to continue to work should its present workplace become unusable or unavailable. This type of disaster recovery plan is only useful if it is up-to-date and communicated to the various project stakeholders.
• Avoidance—The avoidance strategy focuses on taking steps to avoid the risk altogether. In this case, an active approach is made to eliminate or pre vent the possibility of the threat occurring.
• Mitigate—The term mitigate means to lessen. Therefore, a mitigation risk strategy focuses on lessening the probability and/or the impact of threat if it does occur.
• Transfer—A transfer strategy focuses on transferring ownership of the risk to someone else. This transfer could be in the form of purchasing insurance against a particular risk or subcontracting a portion of the project work to someone who may have more knowledge or expertise in the particular area. As a result, this strategy may result in a premium, or added cost, to manag ing and responding to the risk.
Once the project risks and strategies are identified, they can be documented as part of the risk response plan. This plan should include the following:
• The project risk
• The trigger which flags that the risk has occurred
• The owner of the risk (i.e., the person or group responsible for monitoring the risk and ensuring that the appropriate risk response is carried out)
• The risk response based on one of the four basic risk strategies
The risk response plan can be developed using a template, such as the one illustrated in Figure 8.15.
Was this article helpful?
What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.