The PMBOK Guide states that effective and appropriate risk responses can minimize individual threats, maximize individual opportunities and reduce overall project risk exposure. In consideration of this, what might some relevant examples of effective and appropriate risk responses assuming that cost-effectiveness, being realistic and agreed upon by all parties involved, and owned by a responsible person?
I agree Kellye, nice post. It was well thought out.
There are four possible risk response strategies for adverse risks:
Avoid – eliminate the threat to protect the project from the impact of the risk. An example of this is canceling the project.
Transfer – shifts the impact of the threat to a third party, together with ownership of the response. An example of this is insurance.
Mitigate – act to reduce the probability of occurrence or the impact of the risk. An example of this is choosing a different supplier.
Accept – acknowledge the risk, but do not take any action unless the risk occurs. An example of this is documenting the risk and putting aside funds if the risk occurs.
Reference
Risk Responses | IST Project Management Office | University of Waterloo (uwaterloo.ca)
A general way that you can deal with risks is to perform a risk-benefit analysis. This means that you calculate as accurately as possible the possibility of the risk and also the potential cost of this. If you multiply those values you end up with the expected cost of that risk. Second, you should calculate the cost of applying a solution to remedy this risk. This could be delays in your product or a more expensive solution. The lower values dictates the approach one should follow.
I believe the information in @crysv1226msm2022 's post to be fairly accurate. At first confrontation with a risk the problem should be assessed in its entirety before deciding on a solution. Often times I see "mitigating" and "accepting" to be the go to strategy for companies. Both paths accept the problems they're presented with and then act without completing changing focus. Mitigating or accepting a risk allows the project to continue with a slight hurdle but at large most of the project and time would remain in line barring any unforeseen terminal risks.
As discussed in this week's lecture the common risk response strategies are avoidance, mitigation, avoidance, and transference. Although I have little experience in the medical device industry, I would believe, as the previous post has stated, mitigation and acceptance are the most common risk response strategies. Risk mitigation and risk acceptance seem to waste the least amount of time and money which are extremely precious in industry. However, generally the accepted strategies for dealing with threats are considered in the order of avoidance - transference - mitigation - acceptance. Therefore, the more accepted risk response strategies seem to be the least likely to be used. What are some other reasons companies lean towards mitigation and acceptance? Why do you think avoidance-transference-mitigation-acceptance is the more accepted order?
@kellyepcarter You bring upon a good point about how risk responses should be addressed given cost-effectiveness, rationality, and effective execution - if the risk response is not appropriate for the given situation it could cause further damage than what was currently possible without that response. Adding on to @crysv1226msm2022 response to your question, there are several other responses that could used for adverse risks such as exploitation, enhancement, sharing, and escalating. Exploitation would include any actions that would be able to add or change the work occurring so that an event would occur avoiding the risk, while the opposite would be enhancement where an inclusion of any type of action would help avoid that particular risk from occurring entirely. Sharing could involve the team seeking guidance or help from another team or collaborating with a third party team to help mitigate the risk. I think the worst case scenario after any of these aforementioned responses do not work would be escalation where the team reaches out to a higher level worker such as a manager. It is important for the team to recognize whether or not they would be able to address the risk after fully exhausting all the other possible responses.
The management's response to a risk is the action it takes to mitigate any potential impacts of the risk. The goal of risk response is to guarantee that all recognized risks are managed by the use of efficient controls, allowing a company to avoid possible losses in terms of money, reputation, and operations. Risk responses could necessitate substantial infrastructure expenditures or they might just be viewed as a normal aspect of conducting business. Risk comes from a variety of sources, hence a variety of actions are needed at all levels of the business. This framework element focuses on procedures that help the company make choices and accomplish its strategic and business goals. In order to accomplish this, organizations use their operating structure to create a practice that: identifies new and emerging risks so management can deploy risk responses quickly; assesses the severity of risks with an understanding of how the risk may change depending on the level of the entity; and prioritizes risks so management can best allocate resources in response to those risks. In order to improve the ability of the company to communicate the degree of risk accepted in the pursuit of strategy and entity-level business objectives, it also identifies, chooses, and develops solutions to risk and a portfolio perspective.
Not all risk is negative. For example, risk exploitation is an appropriate risk response that should always be analyzed. This involves taking actions to maximize the potential benefits of a positive risk. For example, if a project involves using a new technology that has a high potential for success, the project team could exploit the risk by investing in additional research and development to further optimize the technology. Another example, is if there is a risk that a competitor will release a similar product during the project, the team could take steps to release their product first, exploiting the risk as an opportunity.
Risk management does not need to be a complicated process. Depending on the application, over engineering something may be the best way to mitigate risk. A certain factor of safety is always included when creating any medical device, especially one subjected to loading. Simply making the product more robust is the easiest way to manage risk in terms of product failure. However, as others have said here; risk management is a multi fold process which requires analysis of not only physical failure modes.
