Knowing When To Fold and When To Call
While having some cash in the contingency reserve is great, you still need to take precautions to ensure that risk events don't actually happen. No one wants the project to fail because the project manager stuck his head in the sand.
Risk response planning centers on four risk responses:
- Avoidance. This is the most obvious risk response; you change your project plan to prevent the risk from occurring. While it's ideal, it's not always feasible.
- Transference. This technique lets you say with all honesty, "It's not my problem." Transference doesn't eliminate the risk, but transfers the ownership of the risk. The most accessible example is insurance: errors and omissions insurance, safety insurance, even weather insurance. Another example is when you hire an expert, such as an electrician, to complete that portion of the project to ensure that the work is done properly. A fee is usually associated with transference.
- Mitigation. Mitigation is anything that you do to reduce the impact of the probability of a risk event. This can be anything from changing the sequence of project activities to assigning different skilled workers to training the project team. It's anything you do to lower the overall risk probability or impact if it does happen.
- Acceptance. Some risks you just have to accept—travel delays, weather concerns, the nature of the project work—because there's very little you can do to change them. (Sorry.) Risk acceptance can also mean that the risk impact is so minimal that you just decide to accept the identified risk.
Unfortunately, some of these responses may create two additional types of risks that you have to consider:
- Residual risks. These smaller risks remain after one of your risk responses. You may have to address these with another response, but the most common is just acceptance. For example, suppose you respond to a risk by outsourcing the server install to an integrator. Your risk response creates the new residual risk that the integrator may be slightly late or be difficult to work with.
- Secondary risks. Uh oh. Secondary risks are new risks created as a result of a risk response. This is the classic domino effect: By solving one problem, you create another; and when you solve the new problem you create another; and on and on it goes.