Risk management

This is a guest article by Harry Hall from projectriskcoach.com . Not sure where to start with project risk management? Read this guide to getting going with project risk management and then pop back here afterwards.

Risk management is one of the core
knowledge areas for project managers

Harry Hall
Harry Hall

You’ve identified and assessed your project risks — both threats and opportunities. Now, you are planning your risk responses with your risk owners.

A risk response is the way you intend to address the risk.

Risk Response Strategies for Threats

There are a number of ways you can act when faced with a risk. If it’s a threat (i.e. something unwelcome that will happen to the project), the categories for risk response are:

  1. Avoid
  2. Transfer
  3. Reduce
  4. Accept.

You can avoid the risk happening by doing something to make it impossible
for the risk to have any effect on your work.

You can transfer all or some of the threat to a third party, commonly via
insurance or a risk-sharing contract with a supplier.

You can reduce the risk by taking steps to make the impact of it less, so it’s less of a problem if it does happen.

You can accept the risk and take no active steps to do anything about it, although, as the Praxis Framework points out, you might want to develop a contingency plan so you’ve got something to draw on if the risk does materialize.

Risk Response Strategies for Opportunities

Let’s say the risk is something good, that you want to make happen. These are opportunities. There are again four types of risk response:

  1. Exploit
  2. Share
  3. Enhance
  4. Reject.

Exploiting the risk is
when you take advantage of a situation, like new technology being available, to
make the most of the project benefit.

You can share the opportunity with a third party as an incentive to make it more likely to happen, or where you’re more likely to achieve greater benefit if you pool resources.

Enhancing the risk
means doing something to make it more likely that the opportunity will happen.
For example, that could be taking out advertising.

You can reject the risk i.e. do nothing. You might choose this response if it turns out to be too much effort or too expensive to take action to capitalize on the opportunity.

So, how do you select the best
response when there are so many?

Decision making can be
challenging, particularly for complex events and conditions. And more so when
you have several people making the decision. Stakeholders evaluate risk
responses through their
own biases

While risk responses fall into
several categories, your risk response plan needs to include specific measures.
If you are going to reduce a risk, what exactly are you going to do? There
might be two or three actions you can take to reduce the risk, so are you going
to do them all or just one? And which would be the best one?

When choosing risk responses,
we should consider things such as:

  • Cost of the responses
  • Impact on our project objectives
  • Time and resources required
  • Potential secondary risks.

But how can we bring this
together neatly? How can we make the decision in a timely and effective manner?

Let’s look at a method you can use during the risk management process to improve your risk response selection.

How to Evaluate Risk Response Options

Here are three steps to better
evaluate what risk response option you should choose.

Identify selection

First, identify your selection criteria (three to six criterion). Get everyone evaluating the same way. We are creating a collective decision-making filter. Ideally, you’d have these documented in your risk response plan and use the same criteria throughout the project.

Read next: Decision-making tools for groups

You need to define the
weightings for each criterion. Higher weights indicate greater importance. In
the example below, the effectiveness of the response was the most important
factor, followed by resource availability.

Criteria Definition Weight
Cost Effective How cost effective is
the response?
Resource Availability How available are the resources needed to
execute the response.
Effectiveness of the
How effective would
the response be in
managing the risk?
Ease of Execution How easy will it be to execute the response? 10%
Total 100%

2. Apply the criteria

Next, apply the criteria to
your potential risk responses.

Start by rating each risk
response option on a scale such as 1 to 5. For example, we rated Option A as 4
for being Cost Effective, more effective than B or C. Continue rating each
option for each criterion.

Rating Scale: 1 to 5
Risk Response Options
Criteria Weight A. B. C.
Cost Effective 20% 4 3 3
Weighted Score 0.8 0.6 0.6
Resource Availability 30% 2 4 3
Weighted Score 0.6 1.2 .09
Effectiveness of Response 40% 4 2 4
Weighted Score 1.6 0.8 1.6
Ease of Execution 10% 3 5 4
Weighted Score 0.3 0.5 0.4
Total Scores 100% 3.3 3.1 3.5

Calculate the weighted scores
by multiplying the rating times the weight (e.g., 4 X 20% = 0.8). Finally, sum
the weighted scores for each option to derive the Total Scores (e.g., 3.3 for
Option A).

3. Choose the best response

Next, choose the best risk response
based on the numerical outcome.

Keep in mind this method helps but it does not make the decision. There may be other variables that should be considered. Typically, the risk owner makes the final decision.

Your role at this point is to facilitate a discussion of the results. In this example, we see that Option C has the highest Total Score of 3.5, followed by A and lastly B. You would want to suggest Option C to the risk owner (or project sponsor).

Once the decision is made,
document the decision in the risk response plan and take the necessary steps to
implement the decision.

Your Turn

We learn through application,
not just reading an article. Pick a significant risk, identify and evaluate the
options, and select a risk response.

Once you have used this method once, you’ll find it easier in the future. The approach of identifying criteria, weighting them and assessing against them is a method you can use for all kinds of problem-solving and feasibility studies where there are several options.

About the Author: Harry Hall, the Project Risk Coach, is a speaker, teacher, author, and blogger. He has implemented enterprise and IT PMOs and enterprise risk management (ERM) programs in the financial, healthcare, and agricultural industries. One of Harry’s greatest joys is teaching. Harry is a graduate of the University of Georgia and is a certified PMP®, PMI-RMP®, and has an Associate in Risk Management (ARM-E).  Learn more about Harry at projectriskcoach.com or on social media:

Pin for later reading

how to select your risk responses

Click For Original Article