we have done Risk Identification, and after that, we have made Qualitative Risk Analysis. So we have Probability, Impact and Risk Exposure (or Risk Score) for our Risks. We have sorted our Risks in MS EXCEL by Risk Exposure.
Now we have to answer to the three questions:
- What will we do if a Risk occur (if it become a Fact)?
- Who will act if a Risk occur?
- How do we know that the Risk occur or is about to occur?
This is called RISK RESPONSE PLANNING
WHAT WILL WE DO IF A RISK OCCUR?
There are three levels of risk responses:
- Do something before the risk happens
- Do something if the risk happens (Contingency plan)
- Do something if contingency plan didn’t work (Fallback plan)
When I am talking about “BAD” Risks (Threats), you can do:
AVOID THE RISK. That means that you will do something BEFORE RISK ACTUALLY OCCUR, so it Probability will become 0%! For example, in our “Wedding Project” we have a Risk that someone can get drunk and spoil the whole Party. We can choose that there will be NO ALCOHOL DRINKS at the wedding party. Now, the Probability is ZERO. Once again, even if Probability is zero DO NOT ERASE THIS RISK FROM RISK REGISTER. Instead of erasing, you should have two Probability and Impact in your Risk Register: Probability and Impact BEFORE RISK RESPONSE PLANNING, and Probability and Impact AFTER RISK RESPONSE PLANNING.
MITIGATE PROBABILITY OR/AND IMPACT. Mitigate means DECREASE. For example in our example you can invite people for who you know that they DO NOT drink SO MUCH ALCOHOL! So there is a less Probability for that Risk. Or you can have only Light beer (with low percentage of alcohol), so there is less Impact because it is hard to be VERY DRUNK with that kind of beverage.
TRANSFER THE RISK. Here is an example. You have bought very expensive wedding Rings (10.000$). You are afraid that someone can steal them from your house, and that is a Risk. You can hire a deposit box in you Bank and put your rings there. So, you have actually transfer that Risk to the Bank. Or, you can buy an insurance from Bank. The result is the same
ACCEPT THE RISK. It means If it happens, it happens. On the other words it means: DO NOTHING. You should choose that strategy if you do not have proper Risk response plan for that Risk (it means you do not have proper option to respond), and you can live with consequences. You should also use this strategy if your other response plan (for example, avoiding or mitigating) is much more costly than if you accept the Risk. Here is one example. It will be stupid one, but it will serve the purpose. Suppose that your wedding rings are very expensive ($10.000). You want to transfer the Risk of stealing the rings to the insurance company. But they will charge you for that insurance. How much? 15.000$. So, you have to pay for that insurance $5000 more than you will loose if someone will steal the Rings from your house. In that case you should accept the risk. Another example. You have very, and I mean VERY, good friend and you want him to be on your wedding. Sometimes he gets drunk! Because you love him too much, and you want to have alcohol at your party (for your other guests), you will accept this risk!
WHO WILL ACT IF A RISK OCCUR?
That means that you must have a person called “RISK OWNER”. This person is responsible for the risk. She or he has to track the risk, and when it occur he or she must act as it is planned in Risk response plan! After the Risk occur he or she must notify the Project Manager how successful was the Risk Response Plan, and what was a damage caused by that Risk.
HOW DO WE KNOW THAT THE RISK OCCUR OR IS ABOUT TO OCCUR?
This is called “RISK TRIGGER?” For example, Risk Trigger is, in our “GETTING DRUNK” Risk, if someone is take his fifth glass of Vodka in a less than an hour. That means that a person will be drunk very soon and Risk owner has to act! Remember, Risk trigger can be established by any team member, during the Risk Planning, but Risk Owner is responsible for tracking this Trigger!
Do you know what the word “WORKAROUND” means in a Project Management language?
- Workaround is reactive process. It is something what you will do when you figure out a totally new risk for which you did not have a response plan
- If you have a lot of workarounds in the project, YOUR PROJECT IS BADLY PLANNED
- If you have a lot of workarounds in the project, project is in jeopardy and is often TERMINATED
As I told, you can NEVER, EVER found all the Risks in your Project. When a brand-new and unknown Risk occur, it is a FACT and you have to REACT RIGHT AWAY! This is workaround. Do you want an example? NO? I don’t care. Here it is! Suppose that your Project is “The Sailing”. You are in the middle of the ocean, on your boat. And someone falls down in the ocean. And that person does not know how to swim. You have totally forgot about that Risk (that someone does not know how to swim). What will you do? Will you arrange a meeting with your project team to establish Risk Response strategy, Risk owner, and the Trigger? While someone is drowning? NO! You will help that person right away! You will drop him a life-belt, and the best swimmer from the boat will jump in the ocean. YOU WILL SAVE THAT PERSON! After that, you should ask yourself and your team members: WHAT ELSE DID WE FORGET?, and you will try to identify more risks.
And last, but not the least important in the RISK MANAGEMENT is Risk Monitor and Control Process. Every team meeting starts with the subject: „RISKS”. Some of the questions on the meeting:
- What additional risks have you uncovered since the last meeting?
- Which of the triggers we have identified is no longer seem to be appropriate?
- Are there any risks that no longer exist?
- What’s new with the watch list?
- Have you found out any new information of any risk?
- And many other….
That’s all folks. Next time we are getting back to our MS PROJECT 2010 and the “Wedding” Project!
All the Best,
Clearest, simplest and the best explanation of Risk Management I have ever seen. Thanks, Nenad.
I’m glad you like it!
what about the contingency plan and the fallback plan, are they different from the workarounds?
Contigency plan is plan for known Risks. Fallback plan is “PLAN B” if primary riska Response Plan does not work! Workaround is if you have a trouble (“issue”) which you did not recognize in advance.
Hope this helps
i got a lot info from your blog, can i copy paste in your article in my blog?