The Instructions of Risk Response Planning
PJM 6015 Project Risk Management
College of Professional Studies
August 8, 2015
As the fourth step in the risk management, risk response planning is very significant and it could affect the subsequent steps of risk management as well as the whole project. In other words, if a risk management plan does not has the sufficient preparation in response part, the subsequent risk management process (monitoring & controlling) would generate mistakes and the previous effort (planning, identification and analysis) would be wasted. This paper uses PMBOK (main reference) and several ...view middle of the document...
Key Inputs and Outputs
When the project get to the response step, risk register and risk management plan have updated many times as a result of planning, identification, and analysis. As the main input of the risk response planning, risk register has adequate information which includes identified risks, risk matrix, probability & impact chart, risk owners and lists of potential responses. After the further supplements, risk management plan contains roles & responsibilities, risk analysis definitions and risk thresholds. These components are able to help the project manager to determine the responses details of each identified risk. About key outputs, risk register and risk management plan can update further thus make the project management plan and project document update at the same time. Risk response planning is like a milestone which marked many relevant plans (schedule, cost, quality, procurement, etc.) may change accordingly.
Relevant Tools & Techniques
Different project managers have different ways to perform risk response planning. Generally speaking, there are two possible techniques based on two different conditions: avoid, transfer, mitigate and accept are common negative strategies; exploit, share, enhance and accept are common positive risk response strategies. To be specific, about negative risk response strategies, risk avoidance aim at make necessary changes to the project to avoid risk altogether; risk transfer implies shift ownership or responsibility to third party; risk mitigation refers to reduce likelihood or impact within acceptable threshold limits. About positive risk response strategies, risk exploitation seeks to ensure event occurs; sharing risk means involves third party who can further capitalize on opportunity for the benefit of the project; risk enhancement in the opposite of the risk mitigation which means increase the probability or likelihood. Risk acceptance could be used for both negative risk and positive risk, and we can regard this strategy as a neutral attitude- just accept and not active.
Contingency plan are developed to manage identified risks. According to PMBOK (2004), some responses are designed for use only if certain events occur. For some risks, it is appropriate for the project team to make a response plan that will only be executed under certain predeﬁned conditions, if it is believed that there will be sufﬁcient warning to implement the plan. Events that trigger the contingency response, such as missing intermediate milestones or gaining higher priority with a supplier, should be deﬁned and tracked. And in the real example, Gantz and Philpott (2012) explain the details of contingency plan in the specifications for minimum security requirements from FIPS 200. In contingency planning, organizations must establish, maintain, and effectively implement plans for emergency response, back up operations, and post-disaster recovery for organizational information...