Risk Response

02/04/2024
Case Study : RideShare+

This case study revolves around RideShare+, a ride-sharing service

planning to expand its offerings via two software development projects:
Project Phoenix, which aims to develop a real-time carpooling feature, and
Project Pegasus, focused on creating a dynamic pricing system.
Content
1.Plan risk response

2.Implement risk response

3.Monitor risk response

What is a risk response?

A risk response is a planned approach to address or mitigate the impact of

a specific risk on a project or organization.

It involves identifying potential risks, evaluating their potential

consequences, and implementing strategies to either avoid, mitigate,
transfer, or accept the risk.

These responses aim to minimize negative impacts on project objectives

and maximize the likelihood of project success.
 Plan risk response

• Plan Risk Responses is the process of developing options, selecting strategies,

and agreeing on actions to address overall project risk exposure, as well as to
treat individual project risks.

• The key benefit of this process is that it identifies appropriate ways to address
overall project risk and individual project risks.

• This process also allocates resources and inserts activities into project
documents and the project management plan as needed.
Requirements for planning risk response

PROJECT MANAGEMENT PLAN

● Resource management plan - Serves as a guide to help to decide how to coordinate
resources assigned to agreed-upon risk responses with other project resources.
• For both projects, the resource management plan will guide the allocation of
developers, testers, and project managers to the agreed-upon risk responses.
For instance, extra developers might be assigned to Project Phoenix to work on
encryption for privacy risks.

● Risk management plan - In this process, levels of risk and risk management roles and
responsibilities are used.
Requirements for planning risk response

PROJECT MANAGEMENT PLAN CNTD…..

● Cost baseline - The cost baseline has information on the contingency fund that is
allocated to respond to risks.
• Includes a contingency reserve for responding to risks. The budget might allocate
specific amounts for mitigating risks like technological hurdles in Project Phoenix
or adverse customer reactions to dynamic pricing in Project Pegasus
PROJECT DOCUMENTS

● Lessons learned register - The project's earlier phases' effective risk responses are
examined to see if any lessons learned about them can be applied to the remaining
phases.

• Past projects within RideShare+ that introduced new features or faced significant
risks can offer valuable insights. For example, previous challenges in algorithm
development could inform risk planning for Project Pegasus.
PROJECT DOCUMENTS CNTD…

● Project schedule - The schedule is used to determine how agreed-upon risk responses will
be scheduled alongside other project activities.

• Incorporates risk response activities into the overall timeline. Risk mitigation actions,
such as additional testing phases for the carpooling algorithm, would be scheduled
to ensure timely project progression.

● Risk register & Risk report. - Specific project risks that have been identified, prioritised,
and for which risk responses are necessary are detailed in the risk register. The choice of
appropriate risk responses can be influenced by the priority level assigned to each risk.
ENTERPRISE ENVIRONMENTAL FACTORS
● Enterprise Environmental Factors (EEFs) can be used to plan risk response by providing
crucial contextual information about the organization's culture, structure, and external
influences, which enables risk managers to tailor response strategies effectively.

ORGANIZATIONAL PROCESS ASSETS

● Organizational Process Assets (OPAs) can be used to plan risk response by providing
documented procedures, templates, and lessons learned from past projects, facilitating the
development of effective risk response strategies based on proven methods and best
practices.
Tools and techniques used to plan risk responses

Expert judgment
● Consulting with experts in real-time data processing for Project Phoenix or dynamic
pricing models for Project Pegasus to validate the chosen risk responses.

Data gathering and data analysis

● Using historical data and predictive models to assess the potential impact of
identified risks on project timelines and budgets. For instance, analyzing user
feedback on similar features to gauge potential acceptance and resistance.
Interpersonal and team responses

● Facilitating workshops or brainstorming sessions with project stakeholders to

identify and assess risks, and to plan appropriate responses. Ensuring team
collaboration in the development of risk response strategies.
Implementation Of Risk Responses - Strategies for
negative risks
Strategies for Negative Risks
1. Risk Avoidance (Eliminate Risk)
● Eliminate the cause of the risk entirely.

2. Risk Transfer (Redirect Risk)

● Transfer the risk in part or whole to another third party through contracting, bonding or
insurance.

● Risk transfer does not remove the risk, but simply makes another party responsible for
managing the risk.

● It involves a risk premium payment to the party undertaking the risk.

3. Risk Mitigation (Reduce Risk)

• The project team acts to reduce the probability of occurrence or impact of a risk to point
where it can be accepted.

• Adopting less complex processes, conducting more tests, use genuine raw material or

choosing a more stable supplier are examples of mitigation actions.

4. Risk Acceptance

• If all the above strategies does not work project manager is compelled to accept the certain

risks.

• Decides to acknowledge the risk and not take any action unless the risk occurs.
 Refer to the case study: RideShare+
Avoidance:

• For Phoenix, this could involve selecting more reliable technology or adjusting features to
ensure privacy and data protection, thereby avoiding regulatory risks.
• For Pegasus, avoiding market risks by conducting market research before full implementation.

Mitigation:

• Phoenix could mitigate technical risks by incorporating additional testing phases or pilot
programs.
• Pegasus might mitigate backlash from dynamic pricing by introducing it gradually and with
clear communication to users.
Refer to the case study: RideShare+

Transfer:
Both projects could consider insurance or outsourcing certain high-risk components.

Acceptance:
For risks deemed low-priority or with low impact, both projects might simply prepare
contingency plans without taking proactive steps to avoid or mitigate them.
Risk Responses - Strategies for positive risks
Strategies for Positive Risks
1. Exploit
• Taking actions to ensure that an opportunity will happen or have a greater impact.
• This proactive approach to risk management enables organizations to capitalize on
potential benefits and gain a competitive edge in dynamic and uncertain environments.

2. Share

• Transferring ownership of an opportunity to a third party

• Sharing resources, expertise or responsibilities to address risk more effectively.

3. Enhance

Increase the potential benefits by investing in additional resources or capabilities.

4. Accept

 Acknowledge and accept the existence of positive risks as potential opportunities for the
project or organization.

 Understand that positive risks can contribute to achieving objectives, adding value, or creating
competitive advantages.
 Monitor Risk
Monitor risk is the process of monitoring the
implementation of ,

▪ Monitor risk response plans

▪ Tracking identified risks
▪ Identifying and analyzing new risks
▪ Evaluation risk process effectiveness
Purpose of monitor risk process

• To identify implemented risk responses are effective or not

• To identify level of overall project risk has changed

• To identify status individual project risks has changed

• To identify new risk are arrived or not

• To confirm risk management approach is still appropriate or not

• To identify project assumptions are still valid or not

Requirements for monitor risk

1.Project management plan - Project documents

• Risk report – This report provide comprehensive overview of potential threat

• Issue log- This will tracking and identifying issues

• Risk register- This capture and categorize potential threats

• Lesson learned register – This analyze risk by past experienced

2.Work Performance data and reports

• Work performance reports include data from performance measurements, such as

earned value, variance analysis, and forecasting data, that may be analyzed to offer
project work performance information. This data may be useful for tracking risks
associated with performance.
Tools and Techniques used for monitoring risks
• Data Analysis
Data analysis, on the other hand, helps in examining trends, patterns, and

anomalies in data related to risk indicators, enabling proactive risk identification and

response.

● Technical performance analysis

● Reserve analysis
• Audits

• Audit provide a platform to review risk management practices, assess controls, and identify

potential gaps or issues.

• Meetings

• Regular meetings provide an opportunity to track the progress of risk mitigation efforts, review

key risk indicators, and adjust strategies as needed to address evolving risks effectively.
Results of monitor risks

Work performance information

● Monitoring work performance information helps identify potential risk triggers,
assess the effectiveness of risk responses, and track the overall impact of risks on
project objectives.

Change requests
● Reviewing change requests helps monitor risks by evaluating their potential impact
on project scope, schedule, budget, and other constraints
Project management plan updates
● These updates ensure that risk management remains aligned with project goals and
adapts to changing risk profiles.

Organizational process assets updates

● Leveraging updated process assets enhances risk monitoring by incorporating proven
approaches and improving risk response strategies
Project document updates
● Updating project documents, such as risk registers, risk reports, risk response plans, and
issue logs, is crucial for monitoring risks. These documents capture essential information

about identified risks, their status, mitigation actions, and any changes in risk exposure

over time, enabling continuous risk assessment and management

Project document updates
Risk register
● Monitoring the risk register provides a comprehensive view of project risks, their status,
and the effectiveness of mitigation efforts.
● https://youtu.be/P1ZGN2W5_AM?si=XN-CNadlX2b8Zv81

Risk report
● Monitoring risk reports facilitates informed decision-making by stakeholders, fosters risk
awareness, and supports proactive risk management actions

Lesson learned register

● Monitoring the lesson learned register informs risk management practices, helps avoid
recurring risks, and promotes continuous learning and risk mitigation refinement.
“What can go wrong will go wrong unless you identify
potential problems EARLIER ”