Risk response strategy is a critical component in project risk management. As potential threats and problems arise during the course of a project, it’s essential to have a well-crafted plan in place for dealing with them. This article details how to devise an appropriate risk response strategy, a concept central to the PMI Risk Management Professional (PMI-RMP) exam.
Identifying and Prioritizing Risks
Before determining an appropriate risk response strategy, you first need to identify and prioritize the risks that could potentially impact the project. Identified risks should be recorded in a risk register and ranked according to their likelihood of occurrence and potential impact on the project’s objectives.
Understanding the Four Types of Risk Response Strategies
PMI recognizes four types of risk response strategies: Avoidance, Transfer, Mitigation, and Acceptance.
- Avoidance entails changing the project plan to eliminate the risk or protect the project from its impacts.
- Transfer involves shifting the impact of a risk to a third party. This doesn’t eliminate the risk, but it does shift responsibility.
- Mitigation looks at reducing the probability and/or impact of a risk.
- Acceptance means acknowledging a risk but deciding not to take any action unless it occurs. Acceptance can be passive (where no plans are made to address the risk) or active (preparing contingency plans to be activated if the risk occurs).
| Risk Response | Description |
|---|---|
| Avoidance | Change the project plan to eliminate the risk |
| Transfer | Shift the impact of a risk to a third party |
| Mitigation | Reduce the probability and/or impact of a risk |
| Acceptance | Acknowledge the risk but decide not to take any action unless it occurs |
Determining the Appropriate Risk Response Strategy
Different projects and different risks require distinct approaches, and the appropriate risk response strategy should be determined by considering the project’s unique context. When choosing between the four different strategies, factors to consider include the risk’s potential impact on the project, the project’s budget and timeline, and the organization’s overall risk tolerance.
It’s also important to realize that more than one strategy may be required to handle a single risk. For instance, you might choose to mitigate a risk by implementing additional quality controls, but also arrange for insurance to transfer the risk in case these controls fail.
Implementing the Risk Response Strategy
Once you have determined the best response strategy, the next step is to incorporate this into your project plan. This may involve updating the project schedule, budget, or scope based on the chosen strategy.
Monitoring and Reviewing the Risk Response Strategy
Risk management is a continuous process, so even after a risk response strategy has been implemented, it’s essential to continuously monitor and review this plan. Regular monitoring allows for adjustments based on up-to-date risk information, while reviews ensure that the strategy’s effectiveness is being assessed regularly and improved as necessary.
Conclusion
Determining an appropriate risk response strategy is an essential step in robust risk management and a critical area of study for the PMI-RMP exam. By identifying and prioritizing risks, understanding the four types of risk response strategies, and then choosing, implementing, and continuously reviewing the best one, you can equip your project with the resilience and adaptability it needs to succeed.
Practice Test
True or False: Risk acceptance is a response strategy where no action is taken to mitigate the risk.
- True
- False
Answer: True
Explanation: Risk acceptance does not reduce any risk. Instead, the project team decides to acknowledge the risk and not to take any preemptive action against it.
Which of the following represent Risk Avoidance as a risk response strategy?
- A) Changing project scope
- B) Implementing contingency plans
- C) Buying insurance
- D) Switching to a different technology
Answer: A and D
Explanation: Risk avoidance eliminates the risk by eliminating its causes. Changing the project scope or switching to a different technology can eliminate the cause of risk, thus serving as an avoidance strategy.
True or False: Transference of risk means completely eliminating the risk.
- True
- False
Answer: False
Explanation: Transference reduces the impact of the risk but does not completely eliminate it. It shifts the management of the risk or its impacts to a third party.
When should a project team decide on a risk response strategy?
- A) During project planning
- B) After the project plan has been finalized
- C) During risk identification
- D) All of the above
Answer: D
Explanation: The risk response strategy should be determined during project planning, after the project plan has been finalized, and during the risk identification process.
Which risk response strategy aims to reduce the probability or impact of a threat or to enhance an opportunity?
- A) Avoidance
- B) Mitigation
- C) Transfer
- D) Acceptance
Answer: B
Explanation: The goal of risk mitigation is to minimize the probability and/or impact of adverse risks to the project to within acceptable threshold limits.
Which of the following is a passive acceptance of risk?
- A) Developing contingency reserves
- B) Changing the project scope
- C) Establishing a management reserve
- D) Performing a qualitative risk analysis
Answer: A
Explanation: Developing contingency reserves is a type of passive acceptance. It allocates resources needed to address risks if they occur.
True or False: In risk response planning, opportunities are responded to in the same way as threats.
- True
- False
Answer: False
Explanation: Opportunities are uncertain events that could have a positive effect on objectives if they occur, while threats have a negative effect. Response strategies thus differ.
What technique is used for determining the risk response strategy?
- A) Risk identification
- B) Risk register
- C) Risk probability and impact assessment
- D) Risk workshop
Answer: C
Explanation: Risk probability and impact assessment is used to prioritize and analyze the risk for choosing the best risk response strategy.
True or False: Contingency plans are a part of risk avoidance strategy.
- True
- False
Answer: False
Explanation: Contingency plans are not a part of risk avoidance; they are designed to be used if a risk event does occur, it’s a part of risk mitigation strategy.
The strategy of sharing risk is most applicable when dealing with ______.
- A) opportunities
- B) threats
Answer: A
Explanation: Sharing can mean teaming up with another organization to seize an opportunity together.
Enhancing a risk to make sure that it does happen is a strategy for dealing with:
- A) Opportunities
- B) Threats
Answer: A
Explanation: Enhancing is a strategy for increasing the probability and/or the positive impact of an opportunity.
What is the main purpose of a risk response strategy?
- A) Eliminate all risks
- B) Identify all risks
- C) Minimize potential impact of risks on project
- D) Transfer all risks to third party
Answer: C
Explanation: The main purpose of risk response strategy is to minimize the potential impact of risks on the project.
True or False: The risk response strategy should be reviewed and updated regularly throughout the project lifecycle.
- True
- False
Answer: True
Explanation: Risk response strategies should be reviewed and updated regularly, because the project’s risk landscape can change significantly over time.
Acceptance is an appropriate response to ______.
- A) minor risks
- B) medium risks
- C) major risks
- D) all of the above risks
Answer: A
Explanation: Acceptance is a risk response strategy that may be chosen for risks that are insignificant in their impact or extremely unlikely to occur.
True or False: The risk response strategy should be cost effective, realistic, agreed upon by all stakeholders and supportive of the project’s objectives.
- True
- False
Answer: True
Explanation: The chosen risk response strategy should meet these criteria to ensure it’s practical, feasible and beneficial.
Interview Questions
What are the main strategies for positive risk response in project management?
The main strategies for positive risk responses are Exploit, Enhance, Accept, and Share.
What does a risk response strategy of “avoidance” entail?
Risk Avoidance involves changing the project plan to eliminate the risk or to protect the project objectives from its impact. It might involve extending the schedule, changing strategy, or reducing scope to avoid the risk.
What does the Mitigation risk response strategy involve?
Mitigation reduces the probability and/or impact of an adverse risk event to an acceptable threshold by taking actions ahead of time, thereby decreasing the likelihood of the risk occurring.
What are the strategies for negative risks in project management?
The main strategies for negative risks are Avoid, Transfer, Mitigate, and Accept.
What is the purpose of the Risk Management Plan?
The Risk Management Plan is a component of the project management plan that describes how risk management activities will be structured and performed.
What is a Residual Risk in the context of Risk Management?
A residual risk is a risk that remains after risk responses have been implemented.
Define Exploit strategy in risk response.
In project risk management, an exploit strategy is used for positive risks where the organization wishes to ensure that the opportunity is realized.
What is ‘transfer’ as a risk response strategy?
Transfer is a risk response strategy wherein the impact of a risk is shifted onto a third party, reducing the need for management by the project team. Example: Buying insurance.
Explain the Contingency Plan.
Contingency Plan refers to predefined actions that the project management team would follow when the identified risks occur.
How is the fallback plan different from a contingency plan?
A fallback plan is developed for risks that have been passed the thresholds set in the contingency plan. It provides an alternative action or solution when the initial risk response proves inadequate.
What is the primary purpose of performing a qualitative risk analysis?
Qualitative risk analysis prioritizes risks for further analysis or action by assessing and combining their probability of occurrence and impact.
What is the purpose of an issue log in the risk management process?
The purpose of an issue log is to document and monitor all issues that are currently unresolved and need further investigation, action, or decision.
Define secondary risk in risk management.
Secondary risks are those that arise as a direct outcome of implementing a risk response.
What is the process of risk monitoring?
Risk monitoring involves regularly tracking and reviewing the risk environment to detect any changes or new risks, and evaluating the effectiveness of the agreed risk responses.
What is risk tolerance in project risk management?
Risk tolerance refers to the degree of uncertainty an entity is willingly to take on, in anticipation of a reward.
extutorials.com