Project Management

Plan Risk Responses: Process Overview

From the The Money Files Blog
by
A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts. Written by Elizabeth Harrin from RebelsGuideToPM.com.
accounting | agile | ai | audit | benefits | Benefits Management | books | budget | business case | carnival | case study | checklist | collaboration tools | communication | competition | complex projects | consultancy | contingency | contracts | corporate finance | cost | cost management | credit crunch | data | data security | debate | delegating | earned value | events | FAQ | financial management | financial management | forecasting | future | general | Goals | green | interviews | it | measuring performance | Mentoring | methods | metrics | multiple projects | negotiating | news | organization | outsourcing | pmi | PMO | portfolio management | presentations | privacy policy | process | procurement | productivity | project closure | project data | project delivery | Project Success | project testing | prototyping | qualifications | quality | Quarterly Review | records | recruitment | reports | requirements | research | resilience | resources | risk | ROI | salaries | scope | security | small projects | social media | software | software | stakeholders | success factors | supplier management | team | timesheets | tips | training | transparency | trends | value management | vendors | video | virtual teams | workflow | show all posts

About this Blog

RSS

Recent Posts

How to learn AI the sensible way

Making sense of project cost reports

How real PM mentoring actually works

The Accidental Product Manager: What project managers need to know

How healthy are your project finances?

Categories

accounting, agile, ai, appraisals, Artificial Intelligence, audit, Backlog, Benchmarking, benefits, Benefits Management, Benefits Realization, Bias, books, budget, Business Case, business case, business case, Career Development, Career Development, carnival, case study, Change Management, checklist, collaboration tools, communication, Communications Management, competition, complex projects, Conferences, config management, consultancy, contingency, contracts, corporate finance, corporate finance, cost, Cost Management, cost management, credit crunch, CRM, data, data security, debate, Decision Making, delegating, digite, earned value, Education, Energy and Utilities, Estimating, events, FAQ, financial management, financial management, forecasting, future, GDPR, general, Goals, Governance, green, Information Technology, Innovation, insurance, interviews, it, Knowledge Management, Leadership, Lessons Learned, measuring performance, Mentoring, merger, methods, metrics, multiple projects, negotiating, Networking, news, Olympics, organization, Organizational Culture, outsourcing, personal finance, Planning, pmi, PMO, PMO, Portfolio Management, portfolio management, presentations, privacy policy, process, procurement, product management, productivity, Program Management, project closure, project data, project delivery, Project Success, project testing, prototyping, qualifications, Quality, quality, Quarterly Review, records, recruitment, reports, requirements, research, resilience, Resource Management, resources, risk, Risk Management, ROI, salaries, Schedule Management, Scheduling, scope, Scope Management, security, small projects, Social Impact, social impact, social media, software, software, software, Stakeholder Management, stakeholders, Strategy, success factors, supplier management, team, Teams, testing, testing, timesheets, tips, training, transparency, trends, value management, vendors, video, virtual teams, workflow

Date

linkedin twitter facebook Request to reuse this  

Categories: process, risk


plan risk response

This article is the tenth part of my look into project risk management, and today the topic is how to plan risk responses. Who knew there would be so much to say about risk?

What does it mean to plan risk responses?

When you plan risk responses, what it means is that you are working out what to do about the risks you have identified. As you are doing the analysis, you’re probably talking to the team about the different options for addressing the risk, making judgements and plans as you go. The thing with all the risk management processes is that they can all happen in quite a short period of time, and often within the same conversation – especially for smaller risks and smaller projects.

However, for the purposes of our discussion today, we’re looking at making sure the risk responses are considered, selected and agreed by the people who matter. You’ll also allocate people to do the work of implementing the risk responses so that you actually manage the risk and don’t simply talk about managing it.

Inputs

The inputs to this process are:

  • The project management plan – the resource management plan will help identify who is the best person to be the risk owner, although you’ll probably know this information already without having to resorting to looking it up in a document. You’ll also want to review the risk management plan and cost baseline (because it has information on the contingency fund that you can use for risk response).
  • As we saw last time, there are a lot of project documents that can inform the risk management processes, and this step is no exception. We’ll be looking for information to support our plans in a variety of different documents
  • Enterprise environmental factors like how much risk appetite the business has to respond to risks, and the same for individual stakeholders
  • Organisational process assets like templates, databases of what happened on past projects and lessons learned reviews from similar projects and this current one if you’ve already done interim reviews.

What documents should you review?

The risk register and risk report are the most important documents because they give you information on what the risks actually are and how exposed the project (and/or business) is. That will inform your choices about how you respond to risk.

First, check the Lessons learned log – check to see if any past risk responses were particularly helpful or pointless so you can repeat/avoid the same things in the future.

The rest of the documents you may need to refer to are to do with the logistics of making sure the risks can be managed adequately.

The project schedule is helpful so you can fit in the risk response plans and make sure there is time to do the work. The team assignments and resource calendars will also help. The stakeholder register will give you clues about ownership if you don’t have volunteers to lead on risk response actions.

In practice, many experienced project managers won’t turn to those documents to find the answers – they’ll simply talk to the team and then update the schedule with any tasks that need to be added once the responses are agreed.

Tools and Techniques

Responding to risk is a lot to do with expert judgement, so in my experience, this is the technique you’ll use the most.

Rely on your subject matter experts and talk to them about how best to respond to threats, opportunities and how to manage contingent risk with the associated strategies and triggers in place.

Basically, you need information from the experts and you gain that through interviews and facilitation (data gathering and interpersonal and team skills).

Talk, talk, talk, and seek out the people with the answers.

You can also employ some data analysis techniques to back up what your experts are saying or to help you choose the best response if there are several options.

For example, alternatives analysis can help you compare the different options and select a course of action that will lead to an appropriate result.

Cost-benefit analysis is another tool. Some risks will cost more to mitigate than they would if they happened, so this type of calculation can help you decide how much budget to spend on risk responses and whether the benefit of that investment is going to be worth it.

Finally, you need to make a decision about what risk response plan to accept, so decision-making techniques for groups can be helpful. Consider the criteria for making the decision before you get to the actual decision-making part of the debate, as that will help give the team some structure.

Typical criteria for making a decision on risk response include:

  • How much the response plan will cost
  • How effective it is thought to be
  • Whether people are available to do the work
  • How the plan fits in with the rest of the project and whether the work can be completed in time before the risk materialises
  • What the impact will be on other risks
  • Whether this plan introduces other secondary risks or new risks

And so on. If your team doesn’t have much formal experience of making this kind of decision, I find it helpful to have the criteria available for us to review as we are discussing the risks.

Outputs

The outputs from this process are:

  • Change requests
  • Project management plan updates
  • Project document updates.

In other words, there are lots of admin jobs to do once you’ve made your risk response plan because you’ve got a lot of paperwork to update – admittedly all of it is now electronic so it’s not so difficult to do.

Review all the plans: update the schedule to reflect what you’ve just agreed to do, update the cost management plan to include any money now being spent on risk response, and review resource plans to ensure they are still accurate. Update your baselines if necessary. If your risks affected suppliers, make sure any changes to the procurement plan are incorporated.

As part of your discussions and approved response plans you might have uncovered new assumptions, new lessons and even new risks. Make sure team assignments accurately reflect the work you are expecting people to do and make sure the risk register and risk report are updated with your plans.

Next month I’ll be talking about 5 strategies for dealing with threats.

In case you missed them, and to save you a job digging through the archives, here are the quick links back to the previous instalments:

Read part 1 here: An introduction to risk management

Read part 2 here: Trends and Emerging Practices in Project Risk Management (Part A)

Read part 3 here: Trends and Emerging Practices in Project Risk Management (Part B)

Read part 4 here: Tailoring Risk Management

Read part 5 here: Planning Risk Management

Read part 6 here: The Risk Management Plan

Read part 7 here: Identify Risks Process

Read part 8 here: Qualitative Risk Analysis

Read part 9 here: Quantitative Risk Analysis

Pin for later reading:

plan risk response pin


Posted on: January 12, 2021 08:00 AM | Permalink

Comments (7)
Please login or join to subscribe to this item
avatar
MOHAMED BONDOK MOHAMED ABOELELLA Operations manger at United Arab Aluminum Co.| united arab aluminum company Jeddah, 02, Saudi Arabia
Informative blog đź‘Ť

avatar
Eduin Fernando Valdes Alvarado Project Manager| F y F Fabricamos Futuro Villavicencio, Meta, Colombia
Very interesting, thanks for sharing.

avatar
Kwiyuh Michael Wepngong
Community Champion
Financial Management Specialist | US Peace Corps Yaounde, Centre, Cameroon
Merci beaucoup Elizabeth,
When you see risk, you think Elizabeth

avatar
Peter Rapin Subject Matter Expect; Project Delivery| Independent Consultant Ontario, Canada
Thoroughly enjoying the series. One of the strongest statements so far from my experience is:

"You’ll also allocate people to do the work of implementing the risk responses so that you actually manage the risk and don’t simply talk about managing it."

Although recognizing and talking about risk is in itself mitigation, the biggest benefit is actually following through. I've seen too may Risk Management Plans and Risk Registers sit on the shelf and only referenced when developing the next one.

Eagerly waiting for the next installment. Peter

avatar
Darren Paladino Engagement Director| Salesforce Denver, Co, United States
@Elizabeth and @Pete, I appreciated this as I am thinking about planning. The note about triggers reminded me of scenario planning, where one describes a meaningful event as a "signpost" to indicate or warn if that future is becoming true. Thank you and keep writing!

avatar
Elizabeth Harrin Director| RebelsGuideToPM.com London, England, United Kingdom
@Peter - yes, you're right. There is value in simply talking.
@Darren, you're welcome!
Thanks for the comments, everyone.

avatar
Chakorn Gricharkom Site Manager| Webforge Thailand Muang Rayong, 21, Thailand
Elizabeth, Thank you!

Please Login/Register to leave a comment.

ADVERTISEMENTS

What a waste it is to lose one's mind. Or not to have a mind is being very wasteful. How true that is.

- Dan Quayle

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters