Risk management in project management has several steps starting with risk identification, and continuing with analyzing risks both qualitatively and quantitively. Beyond all, risk management actions should be proactive. That means the project manager and the project team should act before the risk comes real. Otherwise, it may harm the value delivery at the end of the project or it may have bad effects on project objectives including missing an opportunity.
Optimizing risk responses is considered as a project management principle that guides project teams for effective project management without giving so much detail but by simply providing the correct way to go.
After all of risk identification and analyzing efforts prioritized actions to be taken in case of the realization of the risks should be determined in a detailed, continuous, and proactive way. In waterfall lifecycles risk responses were first included in the risk register created after the first risk identification however risk response plan should be created and updated as an individual tailored process. In the creation of risk response plan process, we have to update the risk responses contained in the risk register by going into detail.
The most reasonable risk response imaginable for a risk that is projected to occur may not always be a viable response. It is a common planning error that many risk responses that seem like a genius idea at first glance cannot be implemented when risk occurs, due to cost, time constraints, or other limiting factors.
Before implementing risk responses, it is necessary to determine what effect the applied response has on the constraints of the project, such as cost, time, quality. In addition, it should be foreseen how the processes involved in other performance domains. Several performance domains may be affected by the risk responses applied so risk response plan should be taken into consideration in several project performance domains. It is essentially linked with uncertainty performance domain.
As a principle, risk responses should be
- Compatible with the degree of importance of the risk,
- Concrete and realistic,
- Worth the cost of the response,
- Appointed to a capable risk owner who will take responsibility of the response,
- Well communicated and agreed by stakeholders.