3.4.2 Risk Analysis and Response
Proactively managing risks involves a structured process of identification, analysis, response planning, and monitoring.
Risk Analysis Steps:
- Identify Risks (Brainstorm, Checklists, Assumptions Analysis, Pre-Mortem);
- Document (Risk Register or Backlog);
- Qualitative Analysis (Assess Probability & Impact; Rank via P x I Score or Matrix);
- Quantitative Analysis (Optional: EMV = P% * $Impact; Decision Tree Analysis; Simulation);
- Plan Risk Responses (See table below);
- Implement Responses (Assign owners, execute via Risk-Adjusted Backlog);
- Allocate Contingency Reserves for accepted threats;
- Monitor Risks (Track triggers, review effectiveness, identify new risks in Risk Reviews).
Risk Response Strategies Table:
| Risk Type | Strategy | Action | Scenario Example |
|---|---|---|---|
| Threat | Avoid | Eliminate cause / Change plan to bypass risk | Change design to avoid risky component |
| Mitigate | Reduce Probability or Impact (or both) | "Add redundancy, conduct more testing" | |
| Transfer | Shift impact/ownership to third party (insurance, contract) | Outsource high-risk work with warranty | |
| Escalate | Notify level with authority if outside project scope | Escalate major compliance risk to legal | |
| Accept | Acknowledge risk; Passive: Do nothing; Active: Set contingency | Budget for potential rework (Active Accept) | |
| Opp. | Exploit | Ensure opportunity realized; assign strong resources | Dedicate team to leverage market opening |
| Enhance | Increase Probability or Impact (or both) | Add features to increase positive impact | |
| Share | Allocate ownership to third party best able to capture | Joint venture to pursue new market | |
| Escalate | Notify level with authority if outside project scope | Escalate major strategic opportunity | |
| Accept | Acknowledge opportunity; take no proactive action | Take advantage if it happens naturally |