Planning risk response is a critical process in project management. It aims to develop options and actions to enhance opportunities and reduce threats to project objectives and is a significant component on the path to becoming a certified PMI Risk Management Professional (PMI-RMP).
The PMI-RMP certification confirms that the holder has the skill and knowledge to identify, assess, and mitigate project risks, increasing project success rates. Understanding how to plan a risk response is a crucial skill for any PMI-RMP aspirant.
Risk response planning is driven by the categories of risks identified, whether positive (opportunities) or negative (threats). Both categories require specific and different strategies for their potential impacts to be addressed.
Risk Response Strategies for Negative Risks (Threats)
- Avoid: Change the project plan to eliminate the risk or protect the project objectives from its impact. For example, using a more modern and robust technology to avoid a risk related to outdated technology.
- Transfer: Shift the impact of the risk to a third party together with ownership of the response. For example, buying insurance or outsourcing the risky part of the project to a third party.
- Mitigate: Reduce the probability or impact of a risk to an acceptable threshold. For example, extensive product testing to mitigate the risk of product failure.
- Accept: Choose not to change the project plan to deal with a risk. This strategy is adopted when it is not possible or cost-effective to address a specific risk in any other way.
Risk Response Strategies for Positive Risks (Opportunities)
- Exploit: Ensure that the opportunity is realized by eliminating the uncertainty associated with a particular upside risk. This might involve allocating more resources to a certain task to make sure that it finishes ahead of schedule.
- Share: Allocate ownership of the opportunity to a third party who is best able to capture the opportunity for the benefit of the project. Collaboration, where the project might team up with another organization to seize the opportunity, is a common way of implementing this strategy.
- Enhance: Increase the chances of the opportunity occurring, or increase the positive impact if it does happen. For example, adding features to a software product to further increase its market appeal.
- Accept: Willingly accepting the opportunity if it comes by, but not actively pursuing it. This policy is useful when other issues need more attention, or when it is not cost-effective to pursue the opportunity.
It is important to note that even if a particular risk response strategy is selected to deal with a specific risk, some residual risks may still remain. These residual risks are usually, smaller or secondary risks that emerge after implementing the risk response.
In conclusion, the PMI-RMP certification requires a deep understanding of risk and how to effectively plan for it. Master the risk response strategies, understand the nature of your project risks, negative or positive, and apply the most effective strategy to mitigate threats and exploit opportunities on your path to project success and professional growth.
Practice Test
True or False: The process of planning risk responses addresses both negative and positive risks.
Answer: True
Explanation: In the planning risk response phase, both threats (negative risks) and opportunities (positive risks) are addressed. The goal is to minimize the impacts of potential threats and to maximize the opportunities.
In the Plan Risk Response process, what is the primary benefit of using a “Mitigate” strategy for negative risks?
- a) It determines the need for contingency plans
- b) It avoids the threat by eliminating the cause
- c) It reduces the probability or impact to an acceptable level
- d) It deflects the impact of the threat to a third party
Answer: c) It reduces the probability or impact to an acceptable level
Explanation: Mitigate strategy means taking action to lessen the probability or impact of a risk. It doesn’t avoid or transfer the risk entirely.
True or False: Adequate resources and time should be provided when executing risk response planning.
Answer: True
Explanation: Resources and time are necessary for effective risk response planning. Without these, the planning process might not be as effective as it could be.
What is the common aim of risk response strategies?
- a) Saving the project’s money
- b) Exceeding project scope
- c) Ensuring project quality
- d) Enhancing project outcomes
Answer: d) Enhancing project outcomes
Explanation: The aim of risk response strategies is to enhance project outcomes, either by reducing threats or increasing opportunities.
True or False: Enhance and Mitigate are risk response strategies used to deal with opportunities.
Answer: False
Explanation: Enhance is a risk response strategy used for opportunities, while Mitigate is used for threats.
In Plan Risk Management, contingency funds are used for identified risks, what are funds used for unidentified risks called?
- a) Contingency
- b) Management reserves
- c) Reserve analysis
- d) Risk transfer
Answer: b) Management reserves
Explanation: Management reserves are funds allocated for risks that have not been identified and incorporated into the project’s risk register.
True or False: Avoid, transfer, and mitigate are strategies used for positive risks.
Answer: False
Explanation: Avoiding, transferring, and mitigating risks are strategies typically used to handle threats, or negative risks, not opportunities, or positive risks.
A “Fallback” strategy is designed for what purpose?
- a) Enhancing opportunities
- b) For use when Plan A fails
- c) Mitigating negative impacts of risks
- d) Avoiding risk altogether
Answer: b) For use when Plan A fails
Explanation: A fallback strategy is a backup plan that is used when primary risk responses fail.
Which of the following is NOT a common outcome of risk response planning?
- a) Reduced uncertainty
- b) More efficient use of resources
- c) Quantified risk impact
- d) Shorter project timelines
Answer: d) Shorter project timelines
Explanation: While effective risk management can lead to more efficient use of resources and reduced uncertainty, it does not always result in shorter project timelines.
True or False: A risk register is not necessary when planning risk response.
Answer: False
Explanation: A risk register is indeed important when planning risk response as it helps in tracking identified risks, their impacts, and response plans.
Interview Questions
What is the primary purpose of planning risk responses in project management?
The primary purpose of planning risk responses in project management is to develop options and actions to enhance opportunities and to reduce threats to project objectives.
Which tool or technique is most suitable for planning risk responses?
Strategies for negative risks or threats, strategies for positive risks or opportunities, contingency response strategies, expert judgement and strategies for overall project risk are the most suitable techniques for planning risk responses.
What are the four classic strategies for negative risks or threats in project risk management?
The four classic risk strategies for negative risks or threats are avoid, transfer, mitigate, and accept.
What is risk avoidance in the context of risk management planning?
Risk avoidance is a strategy that involves changing the project plan to eliminate the risk or to protect the project objectives from its impact. It aims to remove the cause of the risk.
What does risk transference achieve in risk management planning?
Risk transference in risk management planning is to shift the impact of a risk and the management response to a third party. It does not eliminate the risk, it merely shifts the responsibility and management of the risk to another party.
What are the four classic strategies for positive risks or opportunities in project risk management?
The four strategies for positive risks or opportunities are exploit, share, enhance, and accept.
What is risk exploitation in the context of risk management planning?
Risk exploitation strategy seeks to eliminate the uncertainty associated with a particular upside risk by ensuring the opportunity definitely happens to benefit the project.
In the context of risk management planning, what does it mean to mitigate a risk?
To mitigate a risk means to reduce the probability or impact of a negative risk or threat to a project. It involves taking steps to lessen the probability of the event happening and/or minimizing its impact.
Define the term ‘Contingent Response Strategy’ in the context of planning risk responses.
A ‘Contingent Response Strategy’ refers to the planned measures or actions that should be taken if certain identified risks occur. These pre-emptive actions are part of the risk management plan and are triggered when the risk occurs.
What is meant by Residual Risks in risk management planning?
Residual risks are those that remain after the risk response strategy has been implemented. They are usually risks not fully covered or addressed by the initial risk response strategy.
What is the purpose of Secondary Risks in project risk management?
Secondary Risks are those that arise as a direct consequence of implementing a risk response. The purpose of identifying secondary risks is to prepare for possible outcomes from a risk response strategy and have plans to manage them.
What is the purpose of a fallback plan in risk management planning?
The purpose of a fallback plan is to prepare an alternative action that can be applied in case the primary risk response fails to effectively address an identified risk.
Which document is updated after the risk response planning process?
The risk register and the risk report are typically updated after the risk response planning process.
Can a risk have more than one response?
Yes, a risk can have more than one response. In some cases, the combination of multiple strategies may strengthen the overall risk response.
What is the goal of risk response audit in project risk management?
The goal of a risk response audit is to assess the effectiveness of the risk responses, identify any new risks, and determine the effectiveness of the risk management process in order to improve it for future phases or projects.