Risk Management Deeper Dive Part 6 – Risk Ownership

Executing Monitoring and Controlling

A Risk Owner must be assigned to each risk. The Risk Owner for each specific risk is responsible for identifying and executing all parts of the Risk Management Plan related to that risk. It is the Project Manager’s responsibility to regularly review the risk with the Risk Owner and update the plan with new information. The Project Manager should also make suggestions and act as a “sounding board” to assist the Risk Owner.

Here are some questions to ask the Risk Owner:

  • Probability/Impact/Exposure – Have the mitigation plans reduced the probability and or impact? Have other conditions changed that have raised or lowered the probability and or impact?
  • Trigger – Has the Risk Owner assigned someone to monitor the risk trigger? Is the method of monitoring adequate? Will the risk be detected in time to react?
  • Mitigation Plans – Are these plans still adequate? Has the Risk Owner started execution of some or all of these plans? Are there additional plans that can be added?
  • Contingency Plans – Are these plans still adequate? Are there additional plans that can be added?

It is important that the Risk Owner understands their role. Some may assume the Project Manager is taking care of it for them. Make sure the roles and responsibilities are clear to all parties.

Note: Much more detail on Risk Management can be found in my Kindle book “Project Management For The Real World”, available at

https://www.amazon.com/author/lettera

Risk Management Deeper Dive Part 5 – Contingency Plans

Executing Monitoring and Controlling

In the prior post I discussed risk mitigation strategies, which can reduce the potential impact of risks that haven’t occurred yet. In contrast, risk contingency plans are meant to deal with risks after they have occurred. It is sometimes amusingly referred to as “Plan B” (and “C”, “D”, etc if necessary). Contingency plans answer the question “What will we do if …”.

It can be much easier to create contingency plans in advance because you are not under the stress of the risk having already occurred and you have more time to brainstorm the potential plans. Anticipating risks and having well vetted contingency plans keeps you in control of the project and minimizes “crisis mode”.

Here are a few examples:

  • If there is a risk of testing taking longer than planned, you can have a list of additional testing resources identified to join the effort if testing falls behind.
  • If there is a risk of inclement weather disrupting outdoor activities, you can have indoor activities lined up to keep the project moving.
  • If there is a risk of a key resource leaving the project, you can have a consultant resource procured in advance to step in if needed.

As with all elements of Risk Management, conditions may change over time, so the contingency plans should be revisited on a regular basis to ensure they are still viable.

Note: Much more detail on Risk Management can be found in my Kindle book “Project Management For The Real World”, available at

https://www.amazon.com/author/lettera

Risk Management Deeper Dive Part 4 – Risk Mitigation Strategies

Executing Monitoring and Controlling

With your risks identified, prioritized and monitored, it is now time to develop strategies for managing the risks. The first type of strategy is “Risk Mitigation”. These are actions you can take before a risk occurs that can reduce the exposure to the risk. You should brainstorm these strategies with the members of the project team you identified in the Risk Management section of your “Project Management Plan” (refer to prior posts on this topic).

There are four mitigation strategies you can employ:

  1. Risk avoidance – this is the most expensive of the risk options. You can spend money or resources to eliminate the risk. An example would be if you have a lesser skilled resource assigned to a task, which raises a risks of on-time completion and/or deliverable quality, you can spend more money for a resource skilled enough to eliminate those risks.
  2. Risk limitation – this is the most common strategy. You take some action to reduce the probability and/or impact of the risk. One example would be if you are concerned about server downtime or performance during peak loads, you can implement redundancy and load-balancing to mitigate this risk.
  3. Risk transference – involves handing off the risk to another (willing) party. Examples are buying insurance, or outsourcing services.
  4. Risk acceptance – if the cost of mitigating the risk outweigh the cost of the risk itself, you may choose to just accept the risk with no mitigation actions. This strategy is typically employed for risks with low probability and/or low impact.

Documenting your mitigation strategies puts you in control of the project. You can manage your risks or they will surely manage you.

Note: Much more detail on Risk Management can be found in my Kindle book “Project Management For The Real World”, available at

https://www.amazon.com/author/lettera