management & development of complex projects course code - 706 ms project management plan risk...

Management & Development of Complex ProjectsCourse Code - 706

MS Project Management

Plan Risk Response

Lecture # 28

In previous Lecture, we have discussed about

Subjective Probabilities Errors & biases in subjective probabilities Decision trees EMV Risk Duration

Summary of Previous Lecture

Plan Risk Responses is the process of developing options and actions to enhance opportunities and to reduce threats to project objectives.It follows the Perform Qualitative Risk Analysis process and the Perform Quantitative Risk Analysis process (if used).

Plan Risk Response process includes the identification and assignment of one person (the “risk response owner”) to take responsibility for each agreed-to and funded risk response. Plan Risk Responses addresses the risks by their priority, inserting resources and activities into the budget, schedule and project management plan as needed.

The Plan Risk Responses process determines effective response actions that are appropriate to the priority of the individual risks and to the overall project risk. It takes into account the stakeholders’ risk attitudes and the conventions specified in the Risk Management Plan, in addition to any constraints and assumptions that were determined when the risks were identified and analyzed

Responses, when implemented, can have potential effects on the project objectives and, as such, can generate additional risks. These are known as secondary risks and have to be analyzed and planned for in the same way as those risks which were initially identified.

It is never feasible or even desirable to eliminate all threats from a project. Similarly, there is also a limit to the extent to which opportunities can be proactively managed. There may be residual risks that will remain after the responses have been implemented. These residual risks should be clearly identified, analyzed, documented, and communicated to all relevant stakeholders

Communication with the various stakeholders should be maintained in an open and appropriate manner. The resulting plans are disseminated and approval obtained in order to ensure full acceptance by all stakeholders.

The risk response success will be dependent upon the full support and involvement of the project team and other stakeholders. The key roles for Project Risk Management are those of risk owner and risk action owner.

A single risk owner should be assigned to every identified risk, and each agreed-upon risk response should have a single risk action owner.

Agreed-upon responses should be integrated into the project management plan and will therefore be scheduled and assigned for execution.

The responses that depend on uncertain conditions should also be monitored so as to be performed if the conditions warrant them

Each response should be planned in detail in accordance with the methodology of the project and integrated into the project management plan.

This entails estimating the resources, costs, and duration; updating the budget and schedule; obtaining approval from management; and obtaining commitment from the risk owners and risk action owners

Responses may be developed to address risks related either by cause and effect or by common root cause.Categorization of risks, for example by using tools such as the risk breakdown structure, affinity diagram, or other categorizing tools, may help identify and address this situation.There is also a need during the Plan Risk Responses process to consider the risks aggregated during the Perform Quantitative Risk Analysis and then to develop generic responses where possible. Another interaction effect that may occur is when one risk, if it occurs, may affect the probability or impact of other risks

Responses should be appropriate, timely, cost-effective, feasible, achievable, agreed-upon, assigned, and accepted. Any proposed risk response plan needs to be assessed against the following criteria:Consistency with organizational values, project objectives, and stakeholder expectations;Technical feasibility;Ability of the project team or risk action owners outside the project to carry out the corresponding actions;Balance between overall impact of the response on the project objectives and the improvement in the risk profile of the project.

Risk response planning should combine responses that address the threats as well as those that provide for opportunities into a single, integrated plan. If either threats or opportunities are not fully addressed, the combined set of response strategies will be incomplete and may even be invalid

Risk response planning should be carried out in an open-minded manner rather than adopting the first response that seems to be feasible.

The responses should be planned at a general, strategic level and the strategy validated and agreed upon, prior to developing the detailed tactical approach.

Risk avoidance involves changing the project management plan to eliminate the threat entirely. The project manager may also isolate the project objectives from the risk’s impact or change the objective that is in jeopardy. Examples of this include extending the schedule, changing the strategy, or reducing scope. The most radical avoidance strategy is to shut down the project entirely.Some risks that arise early in the project can be avoided by clarifying requirements, obtaining information, improving communication, or acquiring expertise.

Risk transfer requires shifting some or all of the negative impact of a threat, along with ownership of the response, to a third party. Transferring the risk simply gives another party responsibility for its management—it does not eliminate it. Transferring liability for risk is most effective in dealing with financial risk exposure. Risk transference nearly always involves payment of a risk premium to the party taking on the risk.

Transference tools can be quite diverse and include, but are not limited to, the use of insurance, performance bonds, warranties, guarantees, etc. Contracts may be used to transfer liability for specified risks to another party.In many cases, use of a cost-plus contract may transfer the cost risk to the buyer, while a fixed-price contract may transfer risk to the seller.

Risk mitigation implies a reduction in the probability and/or impact of an adverse risk event to be within acceptable threshold limits. Taking early action to reduce the probability and/or impact of a risk occurring on the project is often more effective than trying to repair the damage after the risk has occurred.Adopting less complex processes, conducting more tests, or choosing a more stable supplier are examples of mitigation actions.

Where it is not possible to reduce probability, a mitigation response might address the risk impact by targeting linkages that determine the severity. For example, designing redundancy into a system may reduce the impact from a failure of the original component.

This strategy is adopted because it is seldom possible to eliminate all threats from a project. This strategy indicates that the project team has decided not to change the project management plan to deal with a risk, or is unable to identify any other suitable response strategy.This strategy can be either passive or active.

Passive acceptance requires no action except to document the strategy, leaving the project team to deal with the risks as they occur. The most common active acceptance strategy is to establish a contingency reserve, including amounts of time, money, or resources to handle the risks.

This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by ensuring the opportunity definitely happens. Examples of directly exploiting responses include assigning an organization’s most talented resources to the project to reduce the time to completion or to provide lower cost than originally planned.

Sharing a positive risk involves allocating some or all of the ownership of the opportunity to a third party who is best able to capture the opportunity for the benefit of the project.Examples of sharing actions include forming risk-sharing partnerships, teams, special-purpose companies, or joint ventures, which can be established with the express purpose of taking advantage of the opportunity so that all parties gain from their actions.

This strategy is used to increase the probability and/or the positive impacts of an opportunity. Identifying and maximizing key drivers of these positive-impact risks may increase the probability of their occurrence. Examples of enhancing opportunities include adding more resources to an activity to finish early

Accepting an opportunity is being willing to take advantage of it if it comes along, but not actively pursuing it.

There are four categories of tools and techniques, as follows:Creativity tools to identify potential responses,Decision-support tools for determining the optimal potential response.Strategy implementation techniques designed to turn a strategy into action, andTools to transfer control to the Monitor and Control Risks process..

Risk response planning builds on the available information about the potential risks and aims to determine the optimal set of responses. For this reason, it should involve subject matter experts and employ creativity techniques in order to explore all of the options.

Once the set of potential responses for the risks being addressed is established, decision-support techniques may need to be applied to select the best possible subset from these responses. The selection process should take into account the cost of the responses, the impact on the project objectives, uncertainty of outcomes and the possible secondary and residual risks

Project planning tools are used to turn the chosen strategies into concrete actions and to integrate these into existing plans. The corresponding actions may be unconditional or contingent on a trigger condition and predefined as a contingency response strategy.

The risk response information collected so far is often referred to as the risk response plan, although it may in fact be an integral part of the risk register and may include:

Add Risk Responses to the Risk RegisterAdd Corresponding Risk Responses to the Project Management PlanReview and Document Predicted Exposure

In this Lecture, we have discussed about

Plan risk response Critical success factors for plan risk response Plan risk response processes Planning risk responses

Summary of This Lecture

End Note

Over time and with experience, you will apply Project Management skills at whatever you do

THANK YOU!