Back2Basics - Project Risk Management: Risk Response

Back to Basics- Project Risk Management: Risk Rating & Risk Response

Project Risk Response

In the third part of the series 'Back To Basics' of Project Risk Management, we briefly saw what is risk assessment, risk probability, risk impact and risk rating. It is interesting to know the kind of difficulties project managers face in the assessment of risks and in turn risk response.

The essence of difficulties faced in risk assessment is covered in this part. In the final part of this series, we will look at Risk Rating & how Heat Map depicts risks in graphical form & how it is helpful for formulating risk response. Also know why you should consider using risk management software for your organization.

Also read Why You Should Manage Project Risks | Risk Analysis | Risk Assessment | Challenges in Risk Evaluation and Risk Response.

Difficulties in Risk Assessment

  • The essential difficulty we have observed in risk assessment is estimating rate of occurrence of risk. Simply because statistical data related to risks happened in past is not recorded nor it is managed hence it is not available
  • Evaluating severity of risk is not easy because, of the same reason unavailability of statistical data.
  • Even if past data is available for risk evaluated in the past, the subjectivity factors (best educated guess, etc.) observed to play prominent role in such risk evaluation. Such subjective evaluations do not result in correct factoring of the causes-effects (retrospective analysis) associated with these risks

What Is Risk Rating and Heat Map?

As mentioned in above section, once project planner/manager assesses the probability and severity of a given risk, he can calculate Risk Rating. Risk Rating is alternatively called as ‘Risk Exposure or Composite Risk Index’.

Risk Rating= Probability of Occurrence of Risk x Severity of Risk if it occurs

Risk Heat Map: The exposure of risks can be represented in visual form with the help of heat map. If you have considerable number of risks in the red-colored boxes, you need to take prompt actions on those. Thus based on numbers in these boxes represented in heat map, you can decide your course of action to tackle those. Such heat map gives high level idea of risks in a given project.

Risk HeatMap to build Risk Response

Figure 5: Risk Exposure Explained with Heat Map


How should you respond to Risks - Project Risk Response?

Prioritize Risks

Before you devise risk response strategy, project managers need to prioritize project risks. Once all identified risks are evaluated, project planner/manager can prioritize those based on rating and organization’s/project’s objectives. e.g. of given 10 risks – 3 would be extreme rating, 2 would be of high rating and so on; within these three risks with extreme rating, project manager along with senior management can decide priority of each. Based on the priority, the risk response plan/action will get effective.

Risk Response Strategy:

  • Accept
  • Transfer
  • Avoid
  • Mitigate
  • Contingent

The management team can use above risk response strategies independently or collectively as suitable to the context to manage risks.

Escalate & Ask for additional support: If any risk in your kitty is with Extreme or High exposure and requires escalation to higher management; you need to escalate it along with your analysis of mitigation strategy. If mitigation of such risks requires additional support you need ask for it. The additional support could be in terms of resources, cost, outsourcing, having redundant vendor/supplies, etc. Of course, organization should ensure, such measures are recorded to build better risk management capabilities in future.

Decide and March: If risks with highest priority are concluded for further action and risk response strategy, you need to look at risks with next level of priorities.

For all above risks, you can choose to accept those (if there is nothing that you can do about it & has lesser impact on you) or transfer it (to third party, or other group) or avoid it (by discarding that portion of the project), etc.

Contingency Plan: Additionally, you can have contingency plan to cover up if first level of risk response strategy does not succeed i.e. Contingency plan is your ‘Plan B’ if your ‘Plan A’ does not work out well.

In all situations, you need to have a mechanism to track, monitor and review risks on a regular basis. Such process of monitoring & review of risks on regular basis, is attributed as good risk management practice

Why you should use Risk Management Software?

  • Information, artefacts such as project plan, risks (identification, assessment, communication, response plan, assignment) if not recorded; will simply get lost over the time, so does your organization knowledge & expertise
  • The risk management software provides the central place where project managers and in turn organization register, track, manage, communicate the risk details
  • The software allows you to precisely identify and categorize business risks within your organization
  • The biggest advantage of risk management software is the clear visibility it provides to stakeholders about health of the project, the vulnerability/stability of the project
  • It also creates an immensely valuable knowledge base that organization can utilize to prepare better risk response, better risk management practices, processes and policies thus place itself in a better position to devise risk response strategy. Even if type of risk differs, organization & its resource can follow/comply with laid down process and thus reduce the risk impact on project/ company
  • Not all SMBs recognize the importance of proper risk management practices. The great degree of resources (people, material, time and money) they can save with risk management practices. The software can make their process easier to start practicing risk management
  • Additionally, the compliance requirements enforced by governments and expectations of consumer/customer groups have mandated companies to get their risk register audited by third parties/auditing firms. No better way of managing such activities than risk management software
  • Good number of managers I talked to, have been raising concern about the difficulty, frustration they face in managing umpteen number of spread-sheet versions of risk register. It is funny but I wonder if they have risk recorded, for such risk-management practice itself

Concluding Remarks

The risk management

  • Should be an integral part of organizational processes structured & systematic
  • Should be inclusive, transparent, collaborative and make stakeholders accountable
  • Should utilize best available inputs and application of resources
  • Should register ambiguities and assumptions separately
  • Should be agile and flexible to evolve continuously

Let me know how you find this post. I would love to hear your feedback.

Also read Why You Should Manage Project Risks | Risk Analysis | Risk Assessment | Challenges in Risk Evaluation and Risk Response.


Project Management Software by Zilicus

Use project management software for project planning & scheduling Try ZilicusPM a powerful tool that enable online project planning WBS, online scheduling, resource assignment, Gantt chart, project tracking, issue management, online calendar, risk register and much more.