The process of Implementing Risk Responses is the process of planning and implementing actions and plans in response to project risks. The purpose of this process is to ensure that each of the identified risks on the Risk Register has appropriate actions or plans to mitigate or avoid a risk before it happens or to provide a response when a risk occurs and turns into a project issue.
The idea is to reduce the exposure to risks in the project and minimise threats to the delivery in terms of time, cost or quality.
The inputs to the process are primarily the Risk Register and Assumptions Log but can also be the Lessons Learnt Register. The risks should be sorted into those which present the biggest threat to the project and a process of deciding how to respond to the risk is then undertaken.
The Risk Response Process is used throughout the project lifecycle from the time that the risks are first identified and reviewed regularly to include new risks and also ensure that the response to existing risks remains relevant.
Deciding on a response to a risk utilises several project management techniques including input from experts in the risk topic, project team members and lessons learnt from previous projects. In some cases, a valid risk response could be to ignore or defer the response if it isn’t a significant risk to the project.
Responses can also be proactive and deal with the risk now, undertaking some activities to prevent or minimise the impact of it. In other cases, a risk response plan will only be executed as and when the risk materialises on the project. For some risks, there may be more than one risk response.
The results of the Risk Response Process should be documented in the project Risk Register. Depending on the response plan, Change Requests can be issued and updates to the project plan are made to reflect the Risk Response activities.