This is a guest article by Harry Hall from projectriskcoach.com . Not sure where to start with project risk management? Read this guide to getting going with project risk management and then pop back here afterwards.
Risk management is one of the core
knowledge areas for project managers .
You’ve identified and assessed your project risks — both threats and opportunities. Now, you are planning your risk responses with your risk owners.
A risk response is the way you intend to address the risk.
Risk Response Strategies for Threats
There are a number of ways you can act when faced with a risk. If it’s a threat (i.e. something unwelcome that will happen to the project), the categories for risk response are:
You can avoid the risk happening by doing something to make it impossible
for the risk to have any effect on your work.
You can transfer all or some of the threat to a third party, commonly via
insurance or a risk-sharing contract with a supplier.
You can reduce the risk by taking steps to make the impact of it less, so it’s less of a problem if it does happen.
You can accept the risk and take no active steps to do anything about it, although, as the Praxis Framework points out, you might want to develop a contingency plan so you’ve got something to draw on if the risk does materialize.
Risk Response Strategies for Opportunities
Let’s say the risk is something good, that you want to make happen. These are opportunities. There are again four types of risk response:
Exploiting the risk is
when you take advantage of a situation, like new technology being available, to
make the most of the project benefit.
You can share the opportunity with a third party as an incentive to make it more likely to happen, or where you’re more likely to achieve greater benefit if you pool resources.
Enhancing the risk
means doing something to make it more likely that the opportunity will happen.
For example, that could be taking out advertising.
You can reject the risk i.e. do nothing. You might choose this response if it turns out to be too much effort or too expensive to take action to capitalize on the opportunity.
So, how do you select the best
response when there are so many?
Decision making can be
challenging, particularly for complex events and conditions. And more so when
you have several people making the decision. Stakeholders evaluate risk
responses through their
own biases .
While risk responses fall into
several categories, your risk response plan needs to include specific measures.
If you are going to reduce a risk, what exactly are you going to do? There
might be two or three actions you can take to reduce the risk, so are you going
to do them all or just one? And which would be the best one?
When choosing risk responses,
we should consider things such as:
- Cost of the responses
- Impact on our project objectives
- Time and resources required
- Potential secondary risks.
But how can we bring this
together neatly? How can we make the decision in a timely and effective manner?
Let’s look at a method you can use during the risk management process to improve your risk response selection.
How to Evaluate Risk Response Options
Here are three steps to better
evaluate what risk response option you should choose.
First, identify your selection criteria (three to six criterion). Get everyone evaluating the same way. We are creating a collective decision-making filter. Ideally, you’d have these documented in your risk response plan and use the same criteria throughout the project.
Read next: Decision-making tools for groups
You need to define the
weightings for each criterion. Higher weights indicate greater importance. In
the example below, the effectiveness of the response was the most important
factor, followed by resource availability.
|Cost Effective||How cost effective is
|Resource Availability||How available are the resources needed to
execute the response.
|Effectiveness of the
|How effective would
the response be in
managing the risk?
|Ease of Execution||How easy will it be to execute the response?||10%|
2. Apply the criteria
Next, apply the criteria to
your potential risk responses.
Start by rating each risk
response option on a scale such as 1 to 5. For example, we rated Option A as 4
for being Cost Effective, more effective than B or C. Continue rating each
option for each criterion.
|Rating Scale: 1 to 5|
|Risk Response Options|
|Effectiveness of Response||40%||4||2||4|
|Ease of Execution||10%||3||5||4|
|Total Scores 100%||3.3||3.1||3.5|
Calculate the weighted scores
by multiplying the rating times the weight (e.g., 4 X 20% = 0.8). Finally, sum
the weighted scores for each option to derive the Total Scores (e.g., 3.3 for
3. Choose the best response
Next, choose the best risk response
based on the numerical outcome.
Keep in mind this method helps but it does not make the decision. There may be other variables that should be considered. Typically, the risk owner makes the final decision.
Your role at this point is to facilitate a discussion of the results. In this example, we see that Option C has the highest Total Score of 3.5, followed by A and lastly B. You would want to suggest Option C to the risk owner (or project sponsor).
Once the decision is made,
document the decision in the risk response plan and take the necessary steps to
implement the decision.
We learn through application,
not just reading an article. Pick a significant risk, identify and evaluate the
options, and select a risk response.
Once you have used this method once, you’ll find it easier in the future. The approach of identifying criteria, weighting them and assessing against them is a method you can use for all kinds of problem-solving and feasibility studies where there are several options.
Pin for later reading