Risk response

Risk response is a stakeholder's action towards identified risks and is an elementary step in the risk management process. It involves developing strategic options to enhance opportunities and weaken threats resulting from the occurrence of risk. The main purpose of risk response is to control already occurring risks by determining ways to avoid or reduce impact of any threats resulting from existence risks or to take advantage of potential opportunities caused by these risks. Risk response is step of risk management preceded with specifically prepared risk analysis. Each risk response needs to be documented in the risk register (which is describing both risk response categories and actions, risk description, probability, impact and proximity) and agreed on with stakeholders. Project manager is obligated to prepare the risk response plan to each of identified responses, monitor it or to delegate application of the response to subordinate (risk owner).

Risk response process consists of actions that should be taken to bring the situation to a stage, where the risk exposure level is acceptable for a given organization. It refers to planning and implementing stages. Proper response is constructed based on the risk type, assessment and stakeholder's approach to a given risk, by taking into account costs of implementing the response and its probability and impact.

Risk response categories

Risk responses have been classified in PRINCE2 methodology into two main categories, depending on whether the risk was identified as a threat or an opportunity.

With reference to opportunities, listed risk response categories are:

• avoid
• reduce
• transfer
• fallback
• accept

With reference to threats, possible categories are:

• exploit
• enhance
• reject

The common category for both threats and opportunities is ’’’share’’’ which stands for sharing profits and losses depending on the costs incurred on both sides.

Opportunity responses

Avoid stands for updating such aspects of the project as scope or activities sequence in order to bypass some risks. As a result, threats will either stop having impact on the project, or may no longer exist.

Reduce actions that are taken proactively in order to decrease probability of threat occurrence by conducting a certain form of control or to decrease the threat event impact.

Transfer category of reactions to a threat, where a third party partner assumes responsibilities for a part of the financial implications which are arising from the effects of that threat (for instance through insurance). Usually implicated to financial scope of risks and it can be used only to reduce financial impact of these risks.

Fallback or contingency is a reactive form of risk response in which there is fallback plan prepared in case of the risk is being materialized. The fallback plan contains actions that need to be taken in order to reduce the threat effects. Fallback response has no influence on the risk threat probability.

Accept the essence of accepting the threat is to take the decision of the lack of response to a threat in some cases and staying with monitoring the threats impact and making sure that it is still on the eligible level. Decision of accepting the risk is based on the premise, that abstaining from doing any action is more economically favorable than actioning to counteract the given risk. Important aspect here is that the decision needs to be taken consciously and deliberately.

Threat responses

Exploit (usage) is risk response related to taking advantage of opportunity and making sure that the opportunity is going to happen and that its potential will be utilized in the efficient way.

Enhance proactive risk response in order to undertake actions to increase the probability of the opportunity occurring or to increase its impact in the case the opportunity has already occurred.

Reject reaction to a risk consisting in not exploiting or enhancing the opportunity due to economical premises. It means that taking any action in order to strengthen that opportunity would be not profitable enough to the organization, but it still needs to be monitored. The decision of rejecting given opportunity needs to be taken consciously and deliberately.

Types of Risk response

• Acceptance: The risk is accepted, which means that the organization is willing to accept it and take no further action. The risk is monitored for changes in its probability, impact or proximate.
• Transference: The risk is transferred to another party who is more able to control and manage it. This can be done through agreements such as insurance, outsourcing, contracts and other legal documents.
• Avoidance: The risk is avoided by canceling or not starting the activity that gives rise to the risk.
• Mitigation: The risk is reduced in impact or probability by taking action to minimize the risk. This can involve implementing a risk management plan or taking steps to reduce the impact of the risk.
• Contingency: The risk is managed by setting aside resources that can be used to reduce the impact of the risk, if it occurs. These resources can be in the form of funds, personnel or equipment.

Advantages of Risk response

• Risk response provides an understanding of the impact of the risk and evaluates its importance to the project. It provides an opportunity to analyze and develop options to reduce risks and take advantage of potential opportunities.
• Risk response helps to identify strategies to respond to the identified risks. It can be used to develop strategies to avoid, accept, transfer, or mitigate the risks.
• Risk response also helps to direct resources towards risk management activities and improve the overall risk management process. It helps to identify the most effective way to reduce the impact of risk and maximize potential opportunities.
• Risk response allows for proactive risk management, which can help to reduce potential losses and also create value. It can also help to ensure that resources are allocated to the most important risks, reducing the chances of costly surprises.
• Risk response also helps to identify resources needed to address the identified risks, and to develop strategies for dealing with the risks. It can also help to ensure that resources are used efficiently and effectively.

Limitations of Risk response

• Risk response is limited by the amount of resources available to the project, as well as the capacity of the project manager and the team in responding to risks.
• Risk response is limited by the ability to accurately identify and assess the risks in the first place, as these decisions can be subjective and difficult to quantify.
• Risk response is limited by the availability and accuracy of future information. As future risks can be difficult to predict, the response to them may be inaccurate or incomplete.
• Risk response is limited by the amount of time available to the project team, as well as the ability of the project manager to effectively communicate the risks and develop an appropriate response.
• Risk response is limited by the ability of the project manager to effectively manage and monitor the risk response, as well as the ability of the team to effectively implement the risk response.

Other approaches related to Risk response

Risk response includes other approaches in addition to risk avoidance, risk reduction and risk transfer. These approaches are:

• Risk Retention: It is a strategy of accepting the risk and taking no action to reduce it. It is suitable when the cost of protection is higher than the expected loss from the risk.
• Risk Sharing: It is a strategy of sharing risk between two or more parties. It can be done by creating a partnership, an insurance policy, or a joint venture.
• Risk Exploitation: It is a strategy of taking advantage of the potential opportunities associated with a risk. It involves taking measures to maximize the potential benefits of a risk.

In summary, risk response includes strategies such as risk avoidance, risk reduction, risk transfer, risk retention, risk sharing, and risk exploitation. Each of these strategies has its own advantages and disadvantages and the project manager should choose the most suitable strategy for the given risk.

References

• APM (2004), Project risk analysis & management (PRAM) guide (2nd ed.). "High Wycombe, Bucks, UK: APM Publishing"
• Cheraghia E., Khalilzadeha M., Shojaeib S., Zohrehvandia S. (2017), A mathematical Model to select the Risk Response Strategies of the Construction Projects: Case Study of Saba Tower "Procedia Computer Science" Volume 121, 2017, Pages 609-616
• Fang, C., Marle, F., Xie, M., & Zio, E. (2013), An integrated framework for risk response planning under resource constraints in large engineering projects
• López, C., L.Salmeron, J. (2012), Risks Response Strategies for Supporting Practitioners Decision-Making in Software Projects "Procedia Technology" Volume 5, 2012, Pages 437-444
• OGC (2009), Managing Successful Projects with PRINCE2
• PMI (2000), A Guide to the Project Management Body of Knowledge (PMBOK Guide) (4th ed.)

Author: Natalia Kobos