We treat risks personally and professionally every day.
Imagine you have a large amount of credit card debt. You decide to eliminate one of the causes of your debt. You cut up your credit cards.
Imagine you have an opportunity to increase company revenue if you can get a product to market a few months early. You assign your most skilled resources to your critical path tasks.
Every day, we face threats that may cause us harm. We also see opportunities, if properly seized, that can allow us to make greater progress towards our goals. Our job is to treat risks to enhance opportunities and reduce threats. We can optimize our risk responses over time.
Project Risk Strategies
How Much Time Does It Take To Plan Risk Responses?
For small projects, your initial risk response planning may be completed in one hour or less. For medium or large projects, it will naturally take longer. Be sure to focus on developing risk response plans for your highest risks (i.e. Urgent List). Leverage your risk owners to define the response plans.
Inputs to the Risk Response Planning
The inputs to this process include:
How Can We Treat Risks?
The PMBOK defines risk as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, and quality.” If you accept this definition of risk, we should plan for both positive or negative risks. Here are seven strategies that we may employ.
|Negative Risk Strategies (Threats)||Positive Risk Strategies (Opportunities)|
|Avoid – Eliminate the threat normally by removing the cause of the threat all together (e.g., remove activities).||Exploit – Ensure that opportunity is realized (e.g., purchase a higher quantity of materials to get additional price discount).|
|Transfer – Shift the impact of the threat to a third party (e.g., insurance, agreements).||Share – Assign all or part of the opportunity to a third party (e.g., team agreement between internal and external parties).|
|Mitigate – Reduce the probability or impact of a threat (e.g., requirements review, testing).||Enhance – Increase the probability or impact of an opportunity (e.g., add more resources to a task).|
|Accept – Acknowledge the risk but take no action unless the risk occurs.|
Notice how the risk strategies for a negative risk and a positive risk are opposites (e.g., Mitigate <-> Enhance). In mitigating a threat, we reduce the probability or impact of the threat. As we enhance an opportunity, we increase the probability or impact of the opportunity.
- The level of detail for the risk response plans should be commensurate with the significance of the risks.
- Validate risk owners that were assigned during the risk identification process. Assign risk owners if none has been assigned.
- Create contingency and fallback plans for residual risks (i.e., risk remaining after the risk response planning) where appropriate.
- If you choose to accept the risk, determine whether you will passively accept the risk (i.e. no contingency plans are defined) or actively accept the risk (i.e. contingency plan are defined).
Question: Do you use positive risk strategies? If so, provide an example of how you have practically exploited, shared, or enhanced a positive risk.
PMI-RMP Exam Guide
Grab your copy of How to Prepare for the PMI-RMP Exam! And receive weekly project management tips.