PMI CAPM – Administer Project Risk Management Part 4

5. Create Project Risk Responses

In this lecture we’ll discuss creating project risk responses. There are seven risk responses you need to be familiar with on your PMP exam. Now, this process is from pinbach eleven five. We’re planning risk responses. The thing to note here with planning risk responses is that not all risks are negative. That we have risks that are negative, of course, are known as threats, and risks that are positive are known as opportunities. So our goal is to enhance opportunities, but to reduce those negative risk. We’ll also document our risk responses.

And then throughout the project we’re going to track our outcome. For lessons learned, let’s look at the edo for this particular process of plan risk responses. Just two inputs, the risk management plan and the risk register. Our tools and techniques for planning risk responses. We want to look at strategies for managing negative risks or threats, and then also strategies for managing positive risks or opportunities. We will also create some contingent response strategies, like our contingency plan, a fallback plan, or a rollback plan. The worst case scenario is what we’re talking about here.

With contingent response strategies, one of our tools and techniques will be expert judgment. We get two outputs as a result of this process the project management plan updates and project document updates. Let’s first look at three risk responses for negative risk events. All right, we have avoidance, transference, and mitigation. Avoidance is where we do whatever we can to just avoid the risk that we don’t want this risk to enter the project at all. So an example of avoidance could be we will build the house, but we don’t build swimming pools. There’s too much risk for that. Someone else outside of this project will have to do that for the customer.

So we take it out of scope, we avoid it altogether. We could also avoid the risk by changing our project plan, by dealing with a different vendor, using it as a resource, whatever it takes to avoid the risk. So that’s avoidance transference is where we transfer the risk to someone else. So, for example, the electrical work in our project much too dangerous for our team members to do. So we’re going to hire a licensed electrician and they will own the risk. So they’re responsible for that risk of installing the electrical outlets and the wiring and so on.

So transference will typically have a contract. So there’s typically a payment. We’re going to hire someone to do that for us. So transference doesn’t make the risk go away like avoidance does. Avoidance, we avoid it. It’s not part of the project. Transference is still part of the project, but we hire someone, we transfer the risk, we pay them to own and manage that risk event. Now, mitigation is our most common if it’s anything that we can do to reduce the probability and or the impact of the risk event. If you work in it, you do mitigation when you do backups of data.

So you have kind of a safety net or you do a mirrored drive that whatever you write to one drive is also written to the second. So mitigation is you’re taking actions to reduce the probability and or impact of the risk event. Now, positive risk events, so positive risk events are things that we want to happen, we want to try to make positive risk events come about. So we have exploiting. Exploiting is we want to take advantage of a risk that we know is going to happen. So we exploit the opportunity and we exploit the likelihood of the event happening. So an example of exploiting could be crashing the project in order to receive a bonus. So we exploit it. Sharing means that we can’t do the risk on our own, that we have to partner with someone to make that risk come into fruition.

So you might partner up with another group or another company. So you share the positive risk so that you both can get some benefits. And then we have enhancing. Enhancing is anything that you do to try to make a positive risk take place. We aren’t 100% if it’s going to happen. So you enhance those conditions to get ahead and schedule to save costs, to receive a bonus even could be you could enhance those conditions. So anything that you do to try to make a positive outcome happen in the project. Now, the last response that we have is for positive and negative risk.

So this is things that you really don’t have a whole lot of control over or that are minor. So you just accept these. So positive or negative laws, constraints, maybe you get a discount, but it’s not a big discount you accept it weather like a tornado. You really can’t stop or prevent, you can anticipate, but weather is kind of forced, major, it’s an act of God.

So those are positive and negative. You can do acceptance. So there are seven risk responses. Three for negative, three for positive and one that’s for both. Now, contingent responses, I talked about it’s like the worst case scenario. It’s for when certain events occur.

You have these contingency responses. So what certain predefined conditions tell you we need to go to our contingency plan. A term that goes with this is called a trigger. A trigger is a warning sign or a condition that that event is about to happen. So a trigger means pull the trigger to do your contingent response and then your contingent responses are listed in the risk register. That the risk register is where all of the identified risks are the characteristics and what your response may be. One of the things that we have to do here in risk responses is to update that risk register. Just what I was talking about. So remember that the risk register, it’s a document that lists all of the project risk, all of the characteristics who are the owners, what will your response strategy be?

And then that trigger we were just talking about or warning signs or conditions that this risk is about to happen. There’s your contingency plan, also known as a fallback plan or an it. You might call it a rollback plan where you upgrade to one operating system and you roll back because you don’t like it or a piece of software, you roll back to a prior version. So those are fallback or rollback plans. When we talk about risk responses, we also have to talk about managing risk events. So there are some terms here that you need to know for your exam. The first one is a residual risk.

A residual risk is like a residue that when you do one risk response, it creates some smaller but tinier risk events. So for example, we are going to do transference. We’re going to hire that electrician to come in and they’re going to rewire the building. They’re going to own the electrical work. Well, that introduces a new risk that that electrician might not do the work properly or they might steal something while they’re working here or they’re rude to one of our customers. I mean, that introduces a risk. But those are residual. They’re kind of tiny and smaller. But we have to manage those or take steps to understand that that could happen and could affect our business or our project.

A secondary risk is like a domino effect where you do a risk response and that creates a new risk doesn’t necessarily mean it’s smaller, it could even be bigger. So let’s go back to that electrician that we hire an electrician, but by hiring the electrician he can’t start until next Wednesday. So that causes our project to have to pause. So we try to rearrange some things in our project. Well, by rearranging things in our project, that causes another delay with the vendor or a problem with the vendor delivering materials. And so then that causes another person to disrupt their work.

But now they have to deal with the vendor and people are getting frustrated and on and on it goes that a secondary risk is like a domino effect. That one risk creates a new risk doesn’t necessarily mean that it’s smaller. In transference, where we hire that electrician, we have a risk response contract. So it’s a contractual agreement. So usually payment is involved. The last point here is justifying risk reduction. And this is really important. If we go back into quantitative analysis and we looked at our probability and our impact matrix, we talked about what the risk exposure would be for the project and what the expected monetary value would be for each risk event.

So if we had a risk that had a 30% chance of happening and its impact, let’s say, was 200,000, then its expected monetary value would be negative 60,000. So justifying risk reduction might be we’re very uncomfortable with that. Risk because it has such an impact. While our exposure is only 60,000, would it be worth spending 40,000 to just make the risk go away so we don’t have that exposure in our project? So this is justifying risk reduction. We say, yes, I’m going to spend 40 even though there’s only a 30% chance of it happening because the impact is so significant.

I’m more comfortable my stakeholder tolerance is low on these risks because it’s a high profile, high priority project. So I’m more comfortable spending the money up front to just avoid the risk altogether. So that’s the idea of justifying risk reduction, this is all tied together to our risk analysis, that it’s the exposure. And then if we’re uncomfortable with that, then we have to think about, well, what could we spend or change in the project to mitigate or to avoid and in some cases transfer that risk? Good job reaching the end of this lecture on managing risk and our risk responses. Up next, we’re going to talk about controlling risk.