“A ship is safe in harbor, but that’s not what ships are for.” William G.T. Shedd
Projects must move forward in the face of risk!
So, what is your “Mitigation Strategy”? That may be one of the most overused questions in Project Management! Your Risk Response Strategy may include mitigation, but that is only one possible choice.
The response strategy should be built around the two components of risk:
- Probability – how likely is the event to occur
- Impact – what will happen if the event occurs
When determining the response for a specific risk, you should look at the Probability and Impact Matrix to determine what type of risk you are addressing. I don’t mean risk categories – risk categories generally refer to a logical grouping of risk for risk assessment or identification. For example – legal risk, schedule risk, cost risk, etc. I am referring to the logical distribution of risk along the matrix. The four broad categories and the appropriate response strategies are listed below:
- High probability, high impact (HPHI)– it probably will occur, and it will be awful. You should avoid this! This is a common-sense solution that is sometimes difficult to actually move through project governance. I believe this is because so many organizations are locked into a predictive model of Project Management. They believe that since so much effort went into the planning phase, that a risk of this sort should have been identified early on and planned for. This is completely counter to the notion of continual risk assessment! Poor planning is unacceptable, and risks identified in the planning phase should be avoided by modification to the plan. Once the plan is approved, risks are still continually identified and assessed (moving them from unknown to known). If a previously unknown HPHI risk is identified, the PM should be congratulated, and the Project Plan modified to avoid it.
- High probability, low impact (HPLI) – it will probably occur, but it won’t be too bad. This is where “mitigation” comes in! Mitigation simply means that you are going to take action to reduce the likelihood that a risk will occur, while avoidance is bringing the probability down to zero. These are the annoying minor things that impact your project. Each one isn’t bad, but in totality they can be devastating! Think of barnacles growing on the bottom of a boat – a single one doesn’t make much of a difference, but hundreds can have a dramatic impact. Don’t ignore these.
- Low probability, low impact (LPLI) – it probably won’t occur, and if it does it won’t be too bad. Accept these! The cost of mitigation probably isn’t worth it.
- Low probability, high impact (LPHI) – it probably won’t occur, but if it does it will be bad. This one can be a bit tricky and often requires more analysis to determine what exactly is meant by “high”. I once worked on a project where we were analyzing a risk that had a LPHI score. When I pressed the expert, the probability was estimated to be one in a million. Given what the risk was, it was determined one in a million was unacceptable! This was a true mitigation as we still had the risk, but the odds were dramatically reduced.
Transference is a risk response strategy that may be used for any of these. It is a very simple concept; you transfer the risk to someone else! Think of going to a bar with your friends to celebrate something. Someone has to drive but no one wants to be the designated driver. So, you call a taxi or Uber to take you home, thus transferring the risk of “getting pulled over” to a third party!
Transference is most commonly used for both types of high impact risk. You should alter your project plan for HPHI risks and can use a third party to complete the related work, transferring the risk to them contractually. You can also use transference for LPHI, although many of my Project Management colleagues will point out that there is distinction between insurable risk and project risk.
In our personal lives we transfer the risk of a LPHI risk with insurance. The reason we make a distinction between project risk and insurable risk is that insurable risk merely covers the cost of the event, not the impact. If you have an accident in your car, the car is still wrecked! You just get a check to get it fixed.
Finally, there are contingent response strategies. These are used when the specific risk you are analyzing will “signal” that it will occur in advance of the event. You describe the circumstances under which the contingent response strategy will be triggered, and if that occurs you execute the predetermined response. Say you are managing a construction project in a hurricane prone area and you are concerned about the people working there and the building itself. In risk terms, there is a low probability that your project will be hit by a hurricane, but a high impact if it does. Your contingent response strategy may be to evacuate your team if a hurricane strike is imminent, and to insure the building and equipment.
It should be noted that any risk response strategy can create secondary or residual risks. Using the example above, the cost and time associated with a hurricane strike would no doubt create cost and schedule risk.
Next week we will discuss “reserve” as pertains to risk
Tell me your thoughts in the comments and let’s open a dialog. I would be excited to hear other opinions on this topic.
|Consider joining our LinkedIn Group to continue this conversation as well - CLICK HERE|
|We hope you will consider joining our Facebook Community as well. Click on the image to your left to visit and join, or you can CLICK HERE|
Reading this article qualifies you to submit a request for PDU’s from PMI.
This Article qualifies as follows:
PDU AMOUNT: .25 PDU’s
For more information on registering your PDU’s with PMI – CLICK HERE
At Project Management for Today, we encourage conversation; agree with us or disagree with us, it’s all still knowledge, and we are here to share knowledge. Take a moment to add to the conversation by leaving a comment. It’s an opportunity to engage in the conversation!
If you believe in what we are doing, take a minute to share our articles on your social networks such as LinkedIn and other sites. Use the buttons on the left side of the page.
This article features content from a “Contributing Author” to the Project Management for Today Community. This content is published on this site with the author’s explicit permission. As with all articles on this site, this article is protected by copyright. If you are interested in becoming a Contributing Author to this site, you can learn more by reading the information HERE
Bill has been an Executive in the Federal Sector for over 15 years and has been responsible for the delivery of many high profile, high risk, public facing projects. He has worked for the same organization for 28 years, starting as a front-line technician and rising quickly to the rank of Executive.
He holds numerous trademarks and is the inventor and Unites States Patent holder of the SeaClutch®, an invention targeted at the boating and RV community.
Bill is a sought-after speaker and has spoken at conferences around the world. He is a published author in the field of Project Management, is an experienced Project Management Professional® certification instructor, and has successfully taught hundreds of students over the past several years.
He received his Bachelor’s Degree in Economics and Finance from Augusta State University and was named one of their Distinguished Alumni in 2016. He holds Master’s Certificates in both Project and Program Management from George Washington University, and is a Senior Executive Fellow at the Kennedy School of Government, Harvard University. He holds the following professional certifications: Project Management Professional (PMP), Program Management Professional (PgMP), Project Management Institute Agile Certified Practitioner (PIM-ACP), Project Management Institute Risk Management Professional (PMI-RMP).
Bill is an acknowledged international expert in Data Management, Data Safeguards and Data Analytics.
He has extensive international experience and has worked closely with representatives from multiple jurisdictions around the world, personally visiting over 40 in an official capacity.