In the previous chapter, we covered a high level overview of the tools and techniques that we would use in order to arrive at risk responses. The first of them being “Strategies for Negative Risks”
Before we can go ahead with strategies to handle negative risks, can you recollect what a Negative Risk is?
A Negative Risk or a Threat is something, as its name suggests, that could have negative consequences on our project. A delay in the project end date or a cost overrun or anything that could impact the project objectives could be considered a Negative Risk.
So, how would you handle such a risk? There are 4 strategies as outlined by the PMBOK Guide:
c. Mitigate and
Let us see what is meant by each one of these strategies mean…
As per the PMBOK, whenever possible and feasible, Negative Risks must be avoided. However, in real life it may not be feasible all the time. That is exactly why we have other strategies. Anyways, clarifying on the first statement, PMBOK does not say we must always Avoid risks, instead it says that whenever it is practically possible, we must choose Avoid as the strategy for our Risk.
Definition: Avoid is the strategy by which – We alter the Project in some way in order to remove or eliminate the risk altogether
Remember that this is easily possible if risks are caught early on the project life-cycle. The later in the project’s lifecycle a risk or threat is uncovered the lower are the chances of using Avoid as a strategy to handle it.
A Real Life Example: Let’s say you are just starting to work and turn on the radio of your car before starting. The guy on the radio says that the CTE (Central Expressway) is jammed due to a huge accident and traffic is extremely slow moving. You usually take the CTE to work. So, this is a potential risk that could delay your travel. But, now that you heard this, you change your route and took the PIE (Pan Island Expressway) thereby you avoided the “Risk” of reaching work late. This is what we try to do with risks by using the Avoid Strategy.
In almost all cases where you use the Avoid strategy, you are altering the project in one way or another which will result in updates to the Project Management Plan. For ex: If you realize that your project’s deadline may be missed, you can add more people to finish the work soon or get the end date moved by a few days. Either ways the response to the risk of missing the deadline will be avoided by making some change to the project attributes which in turn will result in updates to the PM Plan.
As per the PMBOK, the liability or the impact of a risk can be transferred to a third party if they are willing to take ownership/responsibility of the same.
Definition: Transfer is the strategy by which – We transfer the responsibility or ownership of the risk to a third party.
Depending on the level of risk and its complexity, all or part of the risk may be transferred to the third party. The Transfer strategy is typically used to deal with risks that deal with financial risk exposure or losses.
Ex: We could buy any of the following in order to Transfer financial losses:
Recollect the concept of Pure Risks that can result only in a loss and hence we could insure them, like a Flood or an Accident? By buying the Insurance policy, you are transferring the risk to the third party who is selling you the insurance policy. Typically this service is provided by the third party in return to some form of payment that you do.
An important point to remember is that, the transfer strategy does not eliminate risks. Instead, it just moves the liability of damage to the third party. Often times, a contract is signed with the 3rd party with details on who takes on how much risk/liability which is followed in case the risk materializes.
A Real Life Example: Buying Automobile or Property Insurance
Let us say a Bank wants to come up with a website for its customers but, it has no technical personnel who can build the website. So, losing customers who want internet banking is a risk to the bank. As, the bank itself can’t do anything, they may outsource the activity of building the website to an IT Company. So here, the risk is transferred to the IT Company which is responsible for the timely completion of the website.
Mitigating Risks is a strategy that we would use when it is not possible to avoid a risk.
Definition: Mitigation is a strategy by which – We reduce the Probability and/or Impact of a risk to an acceptable level.
This definition is kind of vague. What is meant by acceptable levels? This acceptable levels thing could vary from organization to organization and from project to project. So, a risk mitigation strategy you used in your last project/organization may or may not be applicable in your current project/organization. This acceptable level depends on your Organizational and Stakeholder Risk Thresholds.
So, the success or rather effectiveness of your mitigation plan depends on your organization and whether or not you have clear & well defined Stakeholder Risk Tolerance/Threshold information.
Now you must have realized the importance of identifying Stakeholder Risk Tolerance. if you kind of skipped that topic in a hurry, I suggest you revisit the topic and read it again. Click Here to visit that chapter.
The whole idea about this Risk Mitigation strategy is to be proactive and dealing with a risk before it actually occurs. This would be much cheaper and cost effective than handling the risk once it occurs. Remember the age old saying “Prevention is better than cure”. Though we aren’t preventing or eliminating the risk altogether, we are at least preparing ourselves to handle it in the best way possible instead of just reacting once the risk event actually occurs.
a. Choosing a Stable vendor – to minimize delays in shipment
b. Conducting more quality tests – to minimize risks related to quality of the end product
c. Getting a buy-in from the team on the task estimates before assigning them tasks – to minimize schedule slippage
Remember that it may not be possible to reduce both the probability and impact of a risk at all times, when you are applying the mitigation strategy. However, in such cases, we may just recue one and have plans to handle the risk in case it materializes.
Accept is the last strategy we are going to cover as part of this chapter. This strategy can be used for both Negative and Positive Risks.
In some cases it is not feasible to deal with the risk. In such cases we just accept to live with the risk and move ahead.
Definition: Accepting is a strategy wherein – We do nothing to alter the probability or impact of a risk. Nor do we do anything to ensure that the risk does not occur.
Simply put, we aren’t doing anything useful to handle the risk.
There are two types of acceptance. They are:
a. Passive Acceptance – Where you do practically nothing about the risk or its consequences. We just decide to deal with the risk once it materializes.
b. Active Acceptance – Where you do nothing about the risk but are ready to deal with its consequences. You prepare a contingency reserve which you will use to handle the risk when it materializes.
The contingency reserve may include time, funds etc. to deal with the risk when it materializes. For now, just don’t worry too much about the reserves as we will be looking at it in detail shortly.
Let us say, you have just taken over a project and realize that one of the senior members of your team is planning to get married this year and may request a release from the team or a transfer if the groom happens to be from a different city. In case of Passive Acceptance you just ignore this whole situation and then start worrying about it if she actually asks for a transfer or resigns. Whereas, in case of Active Acceptance, you actually create a contingency reserve to hire senior person into the team in short notice so that, you can get someone on board during a one or two month period and have them transition over to take this position in the team.
By now, you may be wondering, why would I choose “Accept” as a strategy? Are you?
Frankly speaking, you wouldn’t choose “Accept” as a strategy just because you are lazy or don’t know how to handle it. In fact, there could be legitimate reasons as to why you chose this strategy. For ex:
a. When the response is either impossible or impractical
b. All other strategies are ineffective
c. The cost involved in either avoiding or mitigating is too high when compared to the actual impact
In real life project scenarios, every activity in the project equates to either time and/or cost. So, if the impact of a risk is $1000 and you spend $5000 to avoid it, does that sound logical? I would rather absorb the risk impact of $1000 than spend $5000 to fix it. Isn’t it? This is a perfect example where I would choose “Accept” as a strategy to handle this particular risk.
The example for handling a Positive Risk (a.k.a Opportunity) would be slightly trickier. Let us say you are executing a large multi-million dollar project for your client that is scheduled to complete in Dec 2012. During the planning phase last year, you had a hunch that you will be able to finish the project ahead of time and if that happens you and your company may get a fat performance bonus. As a smart manager, you did not start building castles in air but you did keep a small contingency reserve to ramp the team up by 2 people if the need arises and then started the project execution. During May this year when you checked your project performance you are ahead of schedule and are scheduled to finish the project by end of October. But, as per the client agreed contract, if you finish by September 2012, you get the performance bonus. You utilize that contingency reserve you set aside last year, hire a couple of techie guys and fast-track a few processes and try to complete the project by end of September.
This would be an example of Active Acceptance wherein you did not do anything up front to handle the opportunity but you were prepared (with contingency reserves) to grab the opportunity if it actually presented itself. In case of Passive Acceptance, you would’ve just ignored the whole performance bonus thing and tried finishing the project before December and that’s all.
In real life a good project manager will never let opportunities pass by unless it is inevitable. So, Passive Acceptance is not a strategy that I would use in real life to handle a positive risk. But, for the exam perspective you need to know that this too is a viable strategy.
Prev: Introduction to Tools & Techniques used in Plan Risk Responses
Next: Strategies for Handling Positive Risks