12-3 Risk Response Development
This step follows the previous two- identification of the risks and the assessment of the risks. Risk response involves developing options and defining strategies for reducing negative risks and enhancing positive risks. There are two main components: response strategies and contingency planning. The main difference between a risk response and a contingency plan is part of the implementation plan and action is taken before the risk can materialize, while a contingency plan is not part of the initial implementation plan and only goes into effect after the risk is recognized.
We review the strategies here and Contingency planning in Unit 10.3.1.
There are five common response strategies: Mitigating, Avoidance, Transferring, Retaining, and Sharing.
A. Mitigating Risk
This is either reducing the likelihood that the event will occur or reducing the impact the adverse event will have on the project objective. Typically the focus is reducing the likelihood since that has direct effect on reducing the impact. For example, for IT projects, testing and prototyping can be used to prevent problems form occurring downstream. For construction projects, frequent meetings with a vendor, asking the vendor to attend design meetings or restructuring delivery contracts are all strategies than can be used to mitigate a concern that a vendor might not be able to supply customized components on time. Other strategies might include using proven technology, competent personnel, user involvement for IT projects. To reduce the impact, a company might build redundancies into design components or increase the frequency of project monitoring.
B. Avoiding Risk –
This involves eliminating the threat ( or risk) or condition. Although this is easier said than done there are some ways of developing risk avoidance strategies. For example, a company concerned about the technical feasibility of a new or experimental technology might consider sticking with a proven technology to void risk of technical failure. As another example, a company could choose a supplier from a country with a stable government compared to another supplier from an area of significant political unrest.
C. Transferring Risk – This means passing the risk to another party. The risk is not eliminated just the consequences transferred to another party. For example you could buy insurance or warranty for a piece of hardware that is going to be used for your project. Performance bonds, guarantees are examples of financial mechanisms for transferring risk. Fixed-price contract is an example where the effect of rise in say material or other costs are transferred to the contractor. Some countries and even state governments in the U.S. are using Build-Own-Operate and Transfer (BOOT) provisions are means for transferring risk in large construction projects such as highways and petro chemical facilities.
D. Sharing Risk– This usually partnering with others either to reduce the likelihood or minimize the impact on your organization if the risk occurs. For example, countries in Europe joined together to develop the Airbus since no one country had the resources to absorb the loss if the project was unsuccessful. On a personal level, buying insurance with a high deductible for say your car is an example of risk sharing.
E. Retaining Risk (Acceptance) –This accepting the consequences if a risk event were to occur. This is particularly true if the risks are large and cannot easily be transferred or reduced, e.g. the risk of tsunami or an earthquake. At the same the organization might develop contingency plans if the risk were to occur.