Risk Management: How to Craft a Risk Response

Risk management is an essential discipline for any project or organization. A critical part of this process involves the creation of risk responses, which are plans of action designed to address the identified threats. Crafting an effective risk response requires a thorough understanding of the potential risk, careful planning, and an innovative approach to problem-solving.

Identifying Risk Response Strategies

The first step towards developing an effective risk response is identifying potential strategies for addressing the risk. Four main strategies are usually considered:

1. Avoidance: The strategy is to eliminate the risk altogether. One way to do this is to refrain from pursuing the activity that gives rise to the risk. For example, a complex enhancement in the project plan may be difficult to estimate and likely to run over schedule. You may defer that enhancement altogether to deliver the rest of the project. Another way to avoid a risk is to execute the triggering task in a way that eliminates the threat. For example, the project may depend upon a shared UX designer who is often called away to work on other projects with little notice. You could avoid the risk by hiring your own UX resource whose time you control.
2. Transfer: The strategy is to move the risk to another party. For example, there is a risk that your facility could burn down, incurring massive costs to relocate and rebuild. Getting fire insurance lets you transfer that risk to the insurance company.  
3. Mitigation: The strategy is to reduce the risk's probability and/or impact. For example, your project requires the team to learn a new technology, and mastering this tech may take longer than your schedule allows. One strategy to mitigate this risk would be to hire an expert consultant to coach the team and help resolve any issues. 
4. Acceptance: The strategy is to accept the risk and the consequences if the risk is realized. This strategy is often used when there truly are no other alternatives. For example, your project might depend upon a certain government approval, the duration of which can vary wildly. In that instance, you probably need to accept the risk this places on your schedule. 

These strategies aren't static; the most appropriate one might change over time due to varying factors such as business conditions and technical breakthroughs.

Splitting Risks

It's important to understand that a single risk event may require multiple strategies for sufficient risk reduction. This circumstance may indicate that the scope of the risk is too broad and that you should split the risk and devise individual responses. For example, a risk called "Project delay due to large scope of work" cannot be addressed by a single response. You must first split it into smaller, more specific risks. 

The Role of Innovation 

Innovation plays a pivotal role in crafting effective risk responses. Relying on the same thought process that led to the risk in the first place may lead to an ineffective response. Risk Managers should pay particular attention to previously eliminated or excluded approaches. It is also worth reviewing all documented assumptions and constraints, as these lists embody organizational conventions and therefore highlight where you can challenge the status quo. Lateral thinking techniques can also be useful.

Selecting a Preferred Strategy

You will frequently brainstorm multiple response strategies for a single risk event. In such cases, you must select the preferred approach using these essential criteria:

• Cost: How much will the proposed strategy cost?
• Effectiveness: How effectively will the proposed strategy mitigate the threat?
• Timeliness: How long will the proposed strategy take to implement?
• Secondary Risks: What additional risks might the proposed strategy create?

This selection process requires a degree of balancing, especially around cost. For example, a highly effective and timely strategy may be available that is too expensive. In that case, you would select a more cost-effective response strategy.

Creating a Risk Response Plan

Once a strategy is selected, you must develop a plan to execute it. The risk response plan should clearly define the following:

• What must be done?
• Who is responsible?
• When will it be done?
• How much will it cost, and how will it be funded?

A crucial part of this plan is establishing the trigger for implementing the risk response. The trigger could be a mandated event or date, but it is more often a decree by the risk manager or project manager that the risk has been realized and the response plan must be executed.

Conclusion

Crafting a risk response is an intricate and essential aspect of risk management. It requires a deep understanding of the potential risks, the creativity to develop innovative solutions, and the strategic insight to select and implement the most effective response. 

Risk Register by ProjectBalm

Creating a risk response strategy is much easier with a suitable tool. This is one reason we created Risk Register by ProjectBalm.

Our goal was to automate best practice risk management techniques, and do so via an elegant, usable interface that works with you, and not against you. Risk Register will help you to identify, analyse, treat and monitor risks more easily and effectively than ever before.

If you are experienced at risk management, you will find in Risk Register a tool that works the way you want it to work. If you are new to risk management, our documentation and videos will take you through the whole risk management process, giving lots of useful examples.

Risk Register is fully compatible with risk management standards such as ISO 31000, and can also be used for governance, risk, and compliance (GRC) programs such as Sarbanes-Oxley and PCI. And, of course, Risk Register allows you to easily distinguish between opportunities and threats.

Over the last few years, we've grown to become the most popular risk management solution in the Jira marketplace and we are now an Atlassian Platinum Partner. Why not try out Risk Register by ProjectBalm for yourself?