This is a guest article by Harry Hall from projectriskcoach.com. Not sure where to start with project risk management? Read this guide to getting going with project risk management and then pop back here afterwards.
In this article:
Risk management is one of the core knowledge areas for project managers.
You’ve identified and assessed your project risks — both threats and opportunities. Now, you are planning your risk responses with your risk owners.
A risk response is the way you intend to address the risk.
Risk Response Strategies for Threats
There are a number of ways you can act when faced with a risk. If it’s a threat (i.e. something unwelcome that will happen to the project), the categories for risk response are:
You can avoid the risk happening by doing something to make it impossible for the risk to have any effect on your work.
You can transfer all or some of the threat to a third party, commonly via insurance or a risk-sharing contract with a supplier.
You can reduce the risk by taking steps to make the impact of it less, so it’s less of a problem if it does happen.
You can accept the risk and take no active steps to do anything about it, although, as the Praxis Framework points out, you might want to develop a contingency plan so you’ve got something to draw on if the risk does materialize.
Risk Response Strategies for Opportunities
Let’s say the risk is something good, that you want to make happen. These are opportunities. There are again four types of risk response:
Exploiting the risk is when you take advantage of a situation, like new technology being available, to make the most of the project benefit.
You can share the opportunity with a third party as an incentive to make it more likely to happen, or where you’re more likely to achieve greater benefit if you pool resources.
Enhancing the risk means doing something to make it more likely that the opportunity will happen. For example, that could be taking out advertising.
You can reject the risk i.e. do nothing. You might choose this response if it turns out to be too much effort or too expensive to take action to capitalize on the opportunity.
So, how do you select the best response when there are so many?
Decision making can be challenging, particularly for complex events and conditions. And more so when you have several people making the decision. Stakeholders evaluate risk responses through their own biases.
While risk responses fall into several categories, your risk response plan needs to include specific measures. If you are going to reduce a risk, what exactly are you going to do? There might be two or three actions you can take to reduce the risk, so are you going to do them all or just one? And which would be the best one?
When choosing risk responses, we should consider things such as:
- Cost of the responses
- Impact on our project objectives
- Time and resources required
- Potential secondary risks.
But how can we bring this together neatly? How can we make the decision in a timely and effective manner?
Let’s look at a method you can use during the risk management process to improve your risk response selection.
How to Evaluate Risk Response Options
Here are three steps to better evaluate what risk response option you should choose.
1. Identify selection criteria
First, identify your selection criteria (three to six criterion). Get everyone evaluating the same way. We are creating a collective decision-making filter. Ideally, you’d have these documented in your risk response plan and use the same criteria throughout the project.
Related: Decision-making tools for groups
You need to define the weightings for each criterion. Higher weights indicate greater importance. In the example below, the effectiveness of the response was the most important factor, followed by resource availability.
|Cost Effective||How cost effective is |
|Resource Availability||How available are the resources needed to |
execute the response.
|Effectiveness of the |
|How effective would |
the response be in
managing the risk?
|Ease of Execution||How easy will it be to execute the response?||10%|
2. Apply the criteria
Next, apply the criteria to your potential risk responses.
Start by rating each risk response option on a scale such as 1 to 5. For example, we rated Option A as 4 for being Cost Effective, more effective than B or C. Continue rating each option for each criterion.
|Rating Scale: 1 to 5|
|Risk Response Options|
|Effectiveness of Response||40%||4||2||4|
|Ease of Execution||10%||3||5||4|
|Total Scores 100%||3.3||3.1||3.5|
Calculate the weighted scores by multiplying the rating times the weight (e.g., 4 X 20% = 0.8). Finally, sum the weighted scores for each option to derive the Total Scores (e.g., 3.3 for Option A).
3. Choose the best response
Next, choose the best risk response based on the numerical outcome.
Keep in mind this method helps but it does not make the decision. There may be other variables that should be considered. Typically, the risk owner makes the final decision.
Your role at this point is to facilitate a discussion of the results. In this example, we see that Option C has the highest Total Score of 3.5, followed by A and lastly B. You would want to suggest Option C to the risk owner (or project sponsor).
Once the decision is made, document the decision in the risk response plan and take the necessary steps to implement the decision.
We learn through application, not just reading an article. Pick a significant risk, identify and evaluate the options, and select a risk response.
Once you have used this method once, you’ll find it easier in the future. The approach of identifying criteria, weighting them and assessing against them is a method you can use for all kinds of problem-solving and feasibility studies where there are several options.