PMI RMP – PLAN RISK RESPONSES part 1
- INTRODUCTION
Hi and welcome back again to a new process, the last planning process of the risk management knowledge area. So at this stage, we planned for the risk management. We created the risk management plan, we identified the project risks, we filterized them and performed the subjective analysis, and then we performed the numerical analysis analysis for the needed ones. Now it’s the time to reduce the overall project risk exposure by planning the appropriate risk responses. It’s the process of developing options, selecting strategies and agreeing on actions to address the overall project risk exposure as well as to treat individual project risks. This is the definition of the plant’s responsive process.
The key benefit of this process is that it identifies appropriate ways to address the overall project risks and the individual project risks as well. This process also allocates resources and inserts activities into project documents and the project management plan as needed. Now, as we are planning for risk responses and developing proper actions to deal with the identified risks on the project, this might affect the project management plan and the project documents in order to allocate the needed resources. Either it was a human resources project budget or schedule activities. This process is performed throughout the project life.
The primary objective of the plank responses process is to determine what can be done to reduce the overall risk of the project by reducing the probability and impacts of threat and increasing the probability and impacts of opportunities. This is the direct objective. We want to reduce the overall probability and impact of the project threats and increase or improve the probability and impact of the project opportunities. This process takes into account the key stakeholders risk attitudes specified in the risk management plan in addition to any constraints or assumptions that were determined when risks were identified and analyzed.
As we are reducing the overall probability and impact of the negative risks on the project, we need to consider the risk attitudes, the risk thresholds for the key stakeholders, which we documented already in the plan risk management process and it’s documented in the risk management plan. In order to minimize the risk to a point where it is acceptable for the key stakeholders of the project, the planning involved in this process includes agreeing upon the actions to be taken and the potential changes to the budget, schedule, resources and scope which these actions might cause. This is why the outputs and the updates as an output of the planner’s response to the process are affecting the majority of the project documents and the project management plan components.
Every risk should have been allocated to a risk owner as a part of Identifier risks process. If you remember in the Identifier risks process as an output of the risk register, we mentioned that the potential risk owners might be documented in this risk register as an output of the Identifier risk process. He is the person responsible for the risk and each of the corresponding risk responses should now be assigned to a specific risk action owner. What are the differences? The risk owner is responsible for ensuring that risk responses are effective and for planning additional risk responses if required. This is the risk owner responsibility, while the risk action owner is responsible for ensuring that the agreed upon risk responses are carried out as planned.
Usually the risk owner and the risk action owner will be the same person, but for a few top priority risks. We will have two different persons the risk owner and the risk action owner. While the risk action owner will be assisting the risk owner in managing the project risk. When responses are implemented, it can have a potential effect on the project objectives and as such can generate additional risks. Those risks are known as secondary risks. If you are implementing a risk response strategy and a new risk arise from the implementation of this response strategy, this is called a secondary risk. Residual risks are all the ones that will remain after the responses have been implemented.
Those residual risks should be clearly identified, analyzed, documented and communicated to all relevant stakeholders. The secondary risks and the residual risks will be an update documented in the risk register after the accomplishing of the plan response process. The residual risks are the ones that remain once we are done with the risk response planning process. Now identify risks process uses the experience as we are identifying, imagining, thinking in a proactive approach. So it depends on the experience performing qualitative and performing quantitative risk analysis processes uses analytical techniques and mathematical formulas while this process requires creativity.
Now what are the critical success factors for the planner’s responses process? First of all, communicates as communication with various stakeholders should be maintained in an open and appropriate manner. The resulting plans of this process shall be disemented and approval obtained in order to ensure full acceptance by all stakeholders. So communication is a critical success factor for the premise responses process. All the proposed responses needs to be approved by the key stakeholders. Clearly. Define risk related roles and responsibilities. The response success will be dependent upon the full support and involvement of the project team and other stakeholders. The key roles in risk management are those of the risk owner and the risk action owner.
Management may take the ownership of risks with political and senior management should approve and track associated risk related contingency reserves. So we need to have a clear definition of the risk roles and responsibilities, especially for the risk owner and the risk action owner. Specify timing of risk responses agreed upon responses should be integrated into the project management plan and will therefore be scheduled and assigned for execution. They shall be linked to risk triggers. I’m going to explain the rest triggers again in the following directions for now, you need to know that the rest trigger is an early warning sign that an accepted risk is about to occur so we need to have a specific timing of the risk responses.
Provide budget resources and schedule for the risk responses. Each response should be planned in detail in accordance to the methodology of the project and integrated into the project management plan. The management role at this stage is vital for supporting the project manager in developing risk responses and authorizing correspondences and resources. Address both threats and opportunities risk response planning should combine responses that address the threats as well as those that provide for opportunities into a single integrated plan. Address the interaction of risks and responses responses may be developed to address risks related either by code and effect or by root cause.
Categorization of risks may help identify and address the situation. Another interaction effect that may occur when is when one risk, if it occurs may affect the probability or impact of other risks. Here comes the importance of the categorization we performed as a part of the perform qualitative risk analysis process you need to address any interaction between risks and causes. Seven ensure appropriate, timely, effective and agreed upon responses. Now what are the criteria in order? We need to address against these responses. First of all consistency with organizational values, project objectives and stakeholder expectations.
All the proposed risk responses should be consistent with the organizational values, project objectives and stakeholders expectations. The technical feasibility all the proposed responses should be technical feasible. Ability of the project team to carry out corresponding actions they need to be executable and the last criteria is to balance between the overall impact of the response on the project objectives and improvement. Invest Profile now the last critical success factor is to develop strategies before tactical responses. Once the responses have been planned at a strategic level they should be expanded into actions at the tactical level and integrated into the project management plan.
It’s not enough to develop a strategy only you need to convert this strategy into an actionable plan. Now in general the ITTOs as shown in front of you we will need the project management plan with the components of the risk management plan the sources, management plan and cost baseline project documents a lot of project documents listens and register project schedule the team assignments, the resources calendars, risk register and report and take holder register. You will see a strong relation between the plan risk responses process and the resources management tools and techniques. We will use data gathering like interviews, data analysis techniques, the alternatives and cost benefit analysis we will need.
Also the facilitation as an interpersonal team skills and the most important technique used in this process are the strategies for dealing with threats and opportunities. We have team strategies which I’m going to explain in this section. Decision making techniques like the Monte criteria decision analysis we will have a lot of efforts as I mentioned a few minutes earlier as we are developing actions, preparing the plans there will be a lot of updates on the schedule documents, post documents and resources documents this is all for the introduction lecture. Thank you so much. I’ll see you the following lecture.
- INPUTS
Hi and welcome back again. So what are the inputs we will need before we start planning for the risk responses on the project? As for the majority of the process, we will be starting with the project management plan. The components of the project management plan that we will need for this process are first of all the risk management plan. It specifically risk management roles and responsibilities in addition to risk thresholds, paroles and responsibilities are very important in this process to assign the risk owner and the risk action owner and the risk thresholds as well are very important as the overall objective of this process is to reduce the probability and the impact or to reduce the risk exposure overall.
So we need to know what the acceptable level of risk is for the stakeholders that we need to reach and this will be recommended in the risk management plan. Resource management plan helps determine how resources allocated to agree the fund responses will be coordinated. The cost baseline has information on the contingency fund and the contingency reserves. We will need also few project documents. First of all the project schedule to see how agreed upon risk responses will be scheduled. The project team assignments that show the resources that can be allocated to the agreed upon risk responses. The resources calendar is a document that will identify when potential resources are available on the project.
The risk register is a very important input to this process as it contains details of individual project risks that have been identified and prioritized and for which risk responses are required. All the efforts we did in the previous processes are documented in the risk register and the risk report that presents the current level of the overall project risk exposure that will inform selection of the risk response strategy. We will need also the stakeholder register which identifies potential owners of the risk responses. The listens learned register to make use of any lessons learned in previous similar projects when it comes to the risk response planning and we will need the enterprise, environmental active and the organization and process. These are the four empaths of the planet’s responsive process. Thank you so much, I’ll see you at the next lecture.
- TOOLS AND TECHNIQUES
Hi, welcome back again. So what are the tools and techniques we are going to use for the planned risk responses process? I will be starting with the most commonly used one the expert judgment provided upon expertise as an application area, knowledge area or discipline as appropriate for the activity being performed formed. And here we want to use the expert judgment to plan and select the most appropriate risk response strategies for the top high priority risks on the project. We will use also few data gathering techniques. Actually the only one we will be using is the interviews through interviews with risk owners and other relevant stakeholders. The interviewer should promote an environment of trust and confidentiality in the interview setting to encourage honest and unbiased decisions.
So the same interviews or expert interviews we were using in the previous processes and the one I explained in detail in the identifier risks we are going to use here while planning for the risk responses, interpersonal and team skills, including the facilitation, which improves the effectiveness of developing response strategies to individual project risks and overall project risk. Your ability to facilitate the meetings, the workshops and the interviews all this will increase the effectiveness will improve the effectiveness of developing responses to the project risks. We will have two data analysis technique that can be used to select a preferred risk response strategy.
The alternative analysis which includes a simple comparison of the requirements of alternative risk response actions options can lead to a decision on which response is most appropriate. So performing data analysis technique as an alternative analysis in order to compare between few alternatives to select the most appropriate one to be implemented as a risk response strategies. The second data analysis technique will be the cost benefit analysis. If the impact of an individual project risk can be quantified in monetary terms, then the cost effectiveness of alternative risk risk of strategies can be determined using the cost benefit analysis. Actually the cost benefit analysis here is a very useful decision making.
Actually it will support the decision making on your project. It’s cost benefit analysis comparing the cost to the benefit. It does not make any sense to plan for a risk response strategy that will cost the project more than the impact of the risk itself. This is why we need to perform the cost benefit analysis when planning for risk response for the identified project risks decision making techniques includes the multic criteria decision analysis, one or more risk response strategies may be under consideration. This technique will help prioritize risk response strategies. Multicriter decision analysis as from the name you will take your decision upon multiple criteria that you need to consider between two alternatives or two risk response strategies.
So the decision making techniques, the cost benefit analysis and alternative analysis as well all will support the decision of selecting the most appropriate risk response strategy for risk on the project. We have the contingent response strategies planned actions to be taken if the threat or opportunity happens. This technique is about creating a contingency and the fallback plans together with the risk triggers. Actually the contingency plans, the fallback plans and the risk triggers in addition to the risk owners will be the primary outputs, the primary updates which will occur on the risk register at the end of this process. A contingency plan is what we are planning to do, what the actions we will take in case a risk occurred.
If the contingency plan did not work, then we will implement the fallback plan. I’m going to revisit these topics at the outputs lecture of this section. Now, before we move to the following tool, here are a few definitions I need you to understand. First of all, the risk owner we defined already as a risk owner in the Identifier risks process. Someone assigned to watch over the risk, watch for traders, and manage risk response of a risk occurs. Identification of risk owners was recommended as a part of the risk identification process in planned responses. These assignments must be finalized so the recommended risk owner might be recorded in the risk register as an output of the Identifier risk policies while they need to be finalized as a part of the plan risk responses process.
The Risk Action Owner we have two titles the risk owner and the risk action owner and usually it’s only for top priority risks. The risk action owner is someone who will work with the risk owner to manage the risk and will implement the pre approved risk responses, leaving the risk owner with the responsibility of ensuring that the risk response is only effective. So usually the risk owner and the risk action owner is the same person, but for only high priority risks. We will have two persons to manage these risks. What’s the risk triggered? It’s an early warning sign that tells the risk owners and project managers that an accepted risk has occurred and therefore when to implement contingency or fallback plans.
Identifying craters might start to identify risks process, but they must be documented as part of the plan risk responses process. So usually potential risk traders are documented in the identify risks process, but they need to be finalized and documented at the plan risk responses process. The risk trader is very important for the risk owner. It’s an early warning sign that an accepted risk is about to occur and therefore you need to be ready with a pre approved risk response plan. The last definition is the secondary risk. This risk is generated by a response strategy. It’s called secondary risk. Risk response planning should include addressing the secondary risks.
Let’s assume that you have a risky work or work package on your project and therefore you hire a contractor to perform this risky work. However, this contractor might be delayed with the work or he might have shortage in the resources. So this is a new risk identified from a planned risk response which was applied. This is called a secondary threat now tooling technique number seven the strategies for threats. How to deal with the project threats. We have five alternative strategies to deal with the threats and five alternative strategies to deal with the opportunities. Keep in mind that for the exam for the PMI Rmp exam, you will face not less than ten questions about strategies for dealing with threats and strategies for dealing with opportunities.
Ten situational questions describing a situation or a scenario asking you which what risk customer strategy was applied in this scenario? So the strategies for dealing with threats will be starting with the avoidance. It’s when the project team acts to eliminate the threat or protect the project from its impact. It is suitable for high priority threats with high probability for current and large negative impact on the project objectives. So usually we will select the avoid risk response strategy with large negative impact risks on the project with top priority risks. The exact definition of the avoid is to eliminate the threat by eliminating the cause of this threat, such as removing a work package from the project or changing the person who will work or who will do this work.
So you are eliminating the cause, you are making the probability zero. This is the avoidance risk response strategy. It may involve changing some aspect of the project management plan or changing the objective in order to eliminate the threat or reducing its probability to zero. So what’s the definition of avoidance for a threat? It’s to make the probability of this threat zero. An example you observe that during certain periods of your project there is a chance of rain and you have work plan outdoors at that time. Therefore, to avoid this risk, you move these activities to a few days later. To avoid the impact of rain, you have a specific work package that need to be implemented in an outdoor area and you have the negative risk of rain.
So you shifted this work package to another duration, to another period of time. You avoided this risk, you made the probability zero. This is the avoidance risk response strategy. Remember that usually the avoidance risk response strategies applies with high priority threats. The second strategy is the mitigation and this response strategy action is taken to reduce the probability of occurrence at or impact of a threat. So in the avoidance we made the probability zero. Here we are going to reduce the probability. We are not able to avoid this threat, but we are able to reduce the probability of occurrence or the impact. This is a mitigation. It may involve prototype development to reduce the risk of scaling up from a bench scale model of a process or product.
For some projects you will create a prototype. This is a risk mitigation strategy where it’s not possible to reduce the probability. A mitigation response strategy might reduce the impact by targeting factors that drive the severity of this threat. So we have the probability or the impact to reduce in order to implement the mitigation risk response strategy. An example you find that a team member may leave for a certain duration during the peak of your project. This is a negative risk. This is a threat. You might lose a resource on your project. Therefore, to minimize the impact of his absence, you find another employee with similar qualifications from your organization and inform his manager that you may need him for your project for a period of time.
This is an example of the mitigation. As you are not able to avoid this risk, you are looking for a way to mitigate the impact by hiring somebody with similar qualifications. The third risk response strategy is the transparency. It involves shifting ownership of a threat to a third party to manage the risk and to bear the impact if the threat occurs. The simplest example of a risk transference response strategy when you buy a new car, you are going to an insurance company and pay this company in order to shift the risk of accidents on your car to this company. This is exactly what is done by the Risk Transfer and Risk response strategy. It involves payment of risk premium to the party.
Taking on the threat transfer can be achieved by a range of actions, which includes the usage of insurance, warranties, performance bonds and guarantees. An example of the risk transference in your project there is a task to install some of your plant and you have little experience with this task. The task is conflict and few contractors have successfully installed it. Therefore, you find a contractor and ask them to install it and sign a fixed price contract. This is exactly what we are going to do in the risk transference risk response strategy. We are going to shift the ownership of the threats from our company to a third party. Transferring risk can cause a secondary risk.
For example, although you have signed the third party contract and you give them this third party responsibility of managing the risk, you are responsible for guarantee with the client. So the risk of the third party not completing the project within a specific date is called a secondary risk, which you need to address in the risk response planning. So far we explain the avoidance, the mitigation and the transference. The acceptance. The fourth threat risk response strategy acknowledges the existence of a threat, but no proactive action is taken. It’s appropriate for low priority threats and it may be adopted where it’s not possible or cost effective to address a threat in any other way.
You just accept the threat. Acceptance have two types the active acceptance that establish a contingency reserve, including amount of time, money or resources to handle the threat occurs. This is the active acceptance. You did something, you established a reserve. The passive acceptance involves no proactive action apart from periodic review of the threat to ensure that it does not change significantly taken to reduce the probability of occurrence and or impact of effort. So it might be an active acceptance, creating a contingency reserve or a passive acceptance. An example of the acceptance you are digging to construct a building and there is a risk that you may find artifacts while you are doing the excavation so the chances are low.
So you note it down and take no action. As response plan may cost you a lot with no guarantee of finding an object of interest. So you just decided to accept this risk as it is. The last risk response strategy to deal with threats is the Escalation when you identify a risk and find that you cannot manage it on your own because you lack the authority, resources or knowledge required for a response. This is the escalation. There is a risk with an impact or a probability or a cause which it falls out of my authority as a project manager or as a risk manager. So you just need to escalate this issue to your higher management. An example you know that the government is planning to announce a regulation and it’s approved and if it’s approved it could impact your project negatively.
This is a threat. You have no legal advisor on the project either you have no resources to manage this risk so you will approach your superiors to handle this risk. This is the escalation. These are the five risk response strategies in order to deal with the threat. Now we have the strategies to deal with the opportunities. Again, we have five alternative strategies that might be considered when dealing with opportunities. First of all, they exploit it may be selected for high priority opportunities where the organization wants to ensure that the opportunity is realized. It seeks to capture the benefit associated with a particular opportunity by ensuring that it definitely happens by increasing the probability of occurrence to 100%.
So it’s almost like the avoidance when dealing with threats there we are making sure the probability of the threat is zero here we want to make sure that the probability of the opportunity is 100%. I want to exploit this opportunity. I mean that I want to make sure this opportunity will occur. An example of the exploit let’s consider that your project will be completed in three months. You learn that the government is about to float a similar type of project in two months is only therefore if you are able to complete your project in two months you can bid for the new project. So you are crashing the project, you are fast tracking it, you are adding resources, paying money, doing whatever in order to make sure this project will be completed in two months to be able to bid for the new governmental project.
This is exactly an example of the exploit. By making sure 100% this opportunity will occur. The second opportunity or the second risk response strategy for dealing with opportunities is to enhance enhancement in dealing with opportunities. It’s almost like the mitigation in dealing with threats. It is used to increase the probability and or the impact of an opportunity. The probability of occurrence of an opportunity may be increased by focusing attention on its causes where it’s not possible to increase probability and enhancement response might increase the impact by targeting factors that drive the size of the potential benefit. So in some cases we are not able to exploit the opportunity.
We are not making sure 100% that this opportunity will occur. So we are just enhancing this opportunity by increasing the probability or the impact. Sharing is the third strategy. It involves transferring ownership of an opportunity to a third party so that it shares some of the benefit. If the opportunity occurs, it’s important to select the new owner of a shared opportunity carefully so they are best able to capture the opportunity for the benefit of the project. So sharing is almost like the transferring when dealing with the threats and the sharing risk response strategy. We are looking for a third party to share the benefits of the opportunity with this third party. The most commonly used example is the joint venture.
Suppose that due to the lack of a certain technical capability, you are not able to bid for a project and your company wants to get this project. Therefore your team you team up with another company that’s capable of doing this task and jointly bid for the project. So you are sharing the benefits of this opportunity with a third party so you and the third party will share this opportunity. The fourth and the fifth risk response strategies for dealing with opportunities are exactly the same used when dealing with threats. The Acceptance it acknowledges the existence of an opportunity but no proactive action is taken. It’s appropriate for low priority opportunities and it may be adopted where it’s not possible or cost effective to address an opportunity in any other way.
We have the active acceptance that established a contingency reserve, including amount of time, many resources to handle the opportunity if it occurs. While the passive acceptance involves no proactive action apart from periodic review of the opportunity to ensure that it does not change significantly the same definitions used with the threats. An example suppose there is a chance you may get some skilled workers from another project at a lower rate if you convince them to join you. However, you do not pursue this matter and then instead let them decide whether they are interested in your project or not. So you did nothing, you just accepted this opportunity as this is even a passive acceptance example.
The last strategy is the escalation when there is an opportunity and you are unable to realize it as you lack the authority to take the necessary steps required to realize this opportunity. So you just need to escalate this opportunity to your senior management. An example, let’s say you see an opportunity where if you buy a consumable in bulk, you will get a 20% discount. However, you require much less and buying consumables in larger quantity will not benefit you as most of it will be wasted. So it’s a senior management decision if you want, if they want to buy this bulk or not, they might use of this bulk and other projects to make use of the 20% discount as an opportunity.
The last technique is the strategies for overall project risks. Risk response strategies should be planned and implemented not only for individual project risks but also to average the overall project risk. So the same eight risk response strategies which are to avoid mitigate, transfer in addition to exploit, enhance and share and acceptance and escalation, we have overall eight risk response strategies to deal with threats and opportunities can be applied on individual risks, also can be applied on overall project risks. This is all for the tools and techniques of the plan risk responses process. Thank you so much. I see at the next lecture.