2.2.3 Risk Response
Risk identification, assessment, and analysis exercises form
the basis for sound risk response options. A series of risk response actions
can help agencies and their industry partners avoid or mitigate the identified
risks. Wideman, in the Project Management Institute standard Project and
Program Risk Management: A Guide to Managing Risks and Opportunities, states
that a risk may be the following; unrecognized, unmanaged, or ignored (by
default), recognized, but no action taken (absorbed by a matter of policy),
avoided (by taking appropriate steps), reduced (by an alternative approach),
transferred (to others through contract or insurance), retained and absorbed
(by prudent allowances) or handled by a combination of the above.
The above categorization of risk response options helps
formalize risk management planning. The Caltrans Project Risk Management
Handbook suggests a subset of strategies from the categorization defined by
Wideman above. The Caltrans handbook states that the project development team
must identify which strategy is best for each risk and then design specific
actions to implement that strategy. The strategies and actions in the handbook
include the following:
1. Avoidance. The team changes the project plan to eliminate
the risk or to protect the project objectives from its impact. The team might
achieve this by changing scope, adding time, or adding resources (thus relaxing
the so-called triple constraint).
2. Transference. The team transfers the financial impact of
risk by contracting out some aspect of the work. Transference reduces the risk
only if the contractor is more capable of taking steps to reduce the risk and
does so.
3. Mitigation. The team seeks to reduce the probability or
consequences of a risk event to an acceptable threshold. It accomplishes this
via many different means that are specific to the project and the risk.
Mitigation steps, although costly and time consuming, may still be preferable
to going forward with the unmitigated risk.
4. Acceptance. The project manager and team decide to accept
certain risks. They do not change the project plan to deal with a risk or
identify any response strategy other than agreeing to address the risk if it
occurs.
Given a clear understanding of the risks, their magnitude, and
the options for response, an understanding of project risk will emerge. This
understanding will include where, when, and to what extent exposure will be
anticipated. The understanding will allow for thoughtful risk planning (Traffic
Management Act, 2005).
There are five types of strategies that are being used
according to the level of risk that exists: risk avoidance, risk reduction,
risk transfer, risk sharing and risk retention . Risk avoidance takes place
when there are either poor arrangements or hazards that cannot be controlled,
and hence, managers postpone the activity or offer an alternative one
(Swarbrooke et al, 2003; Parkhouse, 2005; Beech and Cladwick, 2004). In risk
reduction, all activities should be managed by capable and well-trained
leaders, who have the experience and the competence to cope with possible risks
(Swarbrooke et al, 2003; Beech and Cladwick, 2004; Outhart et al, 2003).
Managers often employ the risk transfer method, in which the risk is
transferred to insurance companies, to the clients or to third parties
(Centner, 2005; Swarbrooke et al, 2003; Beech and Chadwick, 2004; Boyle, 2000).
Finally, risk retention is a strategy during which mainly low risks are being
accepted either unconsciously or because of incapability to transfer them to
others.
A risk response plan should include the strategy and action
items to address the strategy. The actions should include what needs to be
done, who is doing it, and when it should be completed.
| 
