Risk response is a stakeholder's action towards identified risks and is an elementary step in the risk management process. It involves developing strategic options to enhance opportunities and weaken threats resulting from the occurrence of risk. The main purpose of risk response is to control already occurring risks by determining ways to avoid or reduce impact of any threats resulting from existence risks or to take advantage of potential opportunities caused by these risks. Risk response is step of risk management preceded with specifically prepared risk analysis. Each risk response needs to be documented in the risk register (which is describing both risk response categories and actions, risk description, probability, impact and proximity) and agreed on with stakeholders. Project manager is obligated to prepare the risk response plan to each of identified responses, monitor it or to delegate application of the response to subordinate (risk owner).
Risk response process consists of actions that should be taken to bring the situation to a stage, where the risk exposure level is acceptable for a given organization. It refers to planning and implementing stages. Proper response is constructed based on the risk type, assessment and stakeholder's approach to a given risk, by taking into account costs of implementing the response and its probability and impact.
Risk response categories
Risk responses have been classified in PRINCE2 methodology into two main categories, depending on whether the risk was identified as a threat or an opportunity.
With reference to opportunities, listed risk response categories are:
With reference to threats, possible categories are:
The common category for both threats and opportunities is ’’’share’’’ which stands for sharing profits and losses depending on the costs incurred on both sides.
Avoid stands for updating such aspects of the project as scope or activities sequence in order to bypass some risks. As a result, threats will either stop having impact on the project, or may no longer exist.
Reduce actions that are taken proactively in order to decrease probability of threat occurrence by conducting a certain form of control or to decrease the threat event impact.
Transfer category of reactions to a threat, where a third party partner assumes responsibilities for a part of the financial implications which are arising from the effects of that threat (for instance through insurance). Usually implicated to financial scope of risks and it can be used only to reduce financial impact of these risks.
Fallback or contingency is a reactive form of risk response in which there is fallback plan prepared in case of the risk is being materialized. The fallback plan contains actions that need to be taken in order to reduce the threat effects. Fallback response has no influence on the risk threat probability.
Accept the essence of accepting the threat is to take the decision of the lack of response to a threat in some cases and staying with monitoring the threats impact and making sure that it is still on the eligible level. Decision of accepting the risk is based on the premise, that abstaining from doing any action is more economically favorable than actioning to counteract the given risk. Important aspect here is that the decision needs to be taken consciously and deliberately.
Exploit (usage) is risk response related to taking advantage of opportunity and making sure that the opportunity is going to happen and that its potential will be utilized in the efficient way.
Enhance proactive risk response in order to undertake actions to increase the probability of the opportunity occurring or to increase its impact in the case the opportunity has already occurred.
Reject reaction to a risk consisting in not exploiting or enhancing the opportunity due to economical premises. It means that taking any action in order to strengthen that opportunity would be not profitable enough to the organization, but it still needs to be monitored. The decision of rejecting given opportunity needs to be taken consciously and deliberately.
- APM (2004), Project risk analysis & management (PRAM) guide (2nd ed.). "High Wycombe, Bucks, UK: APM Publishing"
- Cheraghia E., Khalilzadeha M., Shojaeib S., Zohrehvandia S. (2017), A mathematical Model to select the Risk Response Strategies of the Construction Projects: Case Study of Saba Tower "Procedia Computer Science" Volume 121, 2017, Pages 609-616
- Fang, C., Marle, F., Xie, M., & Zio, E. (2013), An integrated framework for risk response planning under resource constraints in large engineering projects
- López, C., L.Salmeron, J. (2012), Risks Response Strategies for Supporting Practitioners Decision-Making in Software Projects "Procedia Technology" Volume 5, 2012, Pages 437-444
- OGC (2009), Managing Successful Projects with PRINCE2
- PMI (2000), A Guide to the Project Management Body of Knowledge (PMBOK Guide) (4th ed.)
Author: Natalia Kobos