Plan Risk Responses for PMP®

There are many Project Management Professionals (PMP)® who use plan risk responses in the plan of their projects. Just as you learned from the Project Management Institute (PMI) standards, you use Risk Management processes and tools to increase the probability of a successful project outcome. Once identified risks have been captured in the Risk Register, you create risk responses. However, Risk Response strategies are referenced within the larger project management community in diverse ways depending on the industry and project. It is helpful to understand the purpose and intent of a “risk response” to improve your individual risk responses and better manage overall project risk.


Ultimate Guide to Risk Management

Get Your Comprehensive Guide to Risk Management

Learn how to manage risk in every project.


What is the Plan Risk Response process?

The project management strategy documenting what the team’s response should be in the case of the identified positive and negative risks occurring can be informally called any of the following:

  • Plan Risk Responses PMP
  • Plan Risk Strategies PMP
  • Risk Response Strategies PMP
  • Risk Responses PMP
  • Risk Strategies PMP

The most common terms, “plan risk response” and “plan risk strategy,” are used interchangeably within Project Management circles. In PMI’s A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition, the actual process name is “Plan Risk Responses.” The Project Manager and project team decide the appropriate risk responses within this process.  

Why is a Plan Risk Response process important?

A sound risk response strategy is vital as it allows the project team to address risks by priority and ensures adequate resources and budget have been assigned. The risk response strategy should reflect the scope of the overall project and focus resources appropriately and within the project parameters.

What inputs drive the Plan Risk Response process?

Typical artifacts required of the Plan Risk Response process are the risk management plan, risk register, and risk report. Additionally, project managers should consult the lessons learned register, resource calendars, and stakeholder register.

Risk Management Plan

The risk management plan is the project document identifying how project risk activities will be structured and performed. It may include risk strategy and methodology, stakeholder risk appetite, risk categories, funding, and risk probability and impact definitions.

Additionally, it may discuss reporting formats, tracking, and roles and responsibilities.  

Risk Register

To create an effective risk response strategy, the project manager may refer to the risk register – a document that captures all the details about individual project risks. It may include information such as:

  • Positive risks: impact assessed, probability of occurrence estimated, and assigned priority
  • Negative risks: impact assessed, probability of occurrence estimated, and assigned priority

Note impact can be either positive or negative. A risk response strategy should be developed for all risks with a medium-high to high probability of occurrence and medium-high to high impact.

What are the Plan Risk Response outputs?

The risk response work generates new information to be included in the project documentation either as updates or as additional documentation outputs.

Plan Risk Responses PMP Inputs, Tools and Techniques, and Outputs

Project Management Plan Updates

Typical project management plan components updated as part of the Plan Risk Response process are the schedule, cost, quality, resource, and procurement management plans and the cost, scope, and schedule baselines.

Risk Register Updates

Updates to the risk register as an output of the Plan Risk Responses PMP Process can include agreed-upon response strategies, trigger conditions, contingency plans, and budget/schedule activities.

Risk Report Updates

The project team may update the risk report to reflect agreed-upon risk responses and expected changes that may occur when implementing planned responses. Additionally, the report may describe overall project risk exposure and high-priority risks.


Studying for the PMP Exam?


How to develop a Risk Response

Not every risk requires a response plan. Project teams should focus their efforts on developing response strategies for those risks with a medium-high to high probability of occurrence and a medium-high to high impact. In general, the following should guide project teams in developing risk responses for those risks which merit them:

  • Identify trigger conditions and warning signs of a risk occurrence.
  • Document detailed actions to be implemented if a specific risk occurs.
  • Establish a contingency reserve to ensure adequate funding to address a realized risk.
  • Develop fallback plans, as appropriate, to be enacted if the primary risk response appears inadequate.

Remember risk response strategies differ for negative and positive risks..

Tools and Techniques for Plan Risk Responses PMP

The risk register will designate whether a particular risk is categorized as either positive or negative. With this information, the project team has a variety of risk strategies from which to choose.

Strategies for positive risks

Risks that can result in positive outcomes for a project (quality of the final deliverables, saved budget, saved time, etc.) are also called opportunities. These risks can be addressed in the following ways:

  • Escalate: implemented if the opportunity is outside the scope of the project team.
  • Exploit: remove all barriers to help ensure the opportunity occurs.
  • Share: transferring ownership to a third party.
  • Enhance: taking action to increase the probability of occurrence or impact to improve the likelihood of an opportunity occurring.
  • Accept: acknowledging the presence of the opportunity but taking no action.

Strategies for negative risks

A threat that can reduce project value or decrease the chance of a positive outcome is considered a negative risk. Mitigation of negative risks is just one risk response strategy often included in PMP certification exam questions. Consider these strategies:

Escalate: implemented if the threat is outside the scope of the project team.

Avoid: when the project team takes action to eliminate the risk.

Transfer: shifting ownership of the risk via insurance, warranties, performance bonds, or the terms and conditions of a contract.

Mitigate: taking action to decrease the probability of occurrence or impact to reduce the likelihood of a threat occurring.

Accept: acknowledging the presence of the threat but taking no action.

Negative risks commonly impact the budget and project outcomes. It is important to know the risk tolerance of the key stakeholders and communicate risk response actions and results throughout the project.

Contingent Response Strategies for the Plan Risk Response Process

Risk response strategies, for both opportunities and threats, can include:

  • adjusting the project schedule (i.e., change the start date, change the target end-date)
  • revising requirements to add clarity
  • seeking expert judgement
  • modifying the project scope
  • changing resource allocations

Expert judgment can include technical expertise, project management know-how, or third-party consultation. The goal is to secure the advice of an expert in a specific field or situation.

Evaluating Risk Response Options

Anyone who has earned PMP certification or is preparing to take the PMP exam knows how important it is to have an effective means to guide decision-making processes. Evaluation criteria for deciding which risk response strategy to use for a given scenario includes but is not limited to:

  • Achievability
  • Alignment to project scope
  • Fits within budget
  • Measurable
  • Realistic
  • Resources available
  • Sustainable
  • Validated or Tested
  • Time duration and/or limitations

Best Practices for the Plan Risk Response Process

As part of evaluating risk response plans, keep these questions in mind:

  • Does the scale of the response align with the significance of the risk?
  • Does the cost of the response align with the risk’s probability and impact?
  • Is the response effort realistic and possible within project parameters?
  • Is the approval of stakeholders secured?

When to Implement Risk Responses PMP Plan

Key to the success of any risk response process is understanding when to implement a risk response plan. Project managers and risk owners should be watchful for the presence of trigger conditions or signs that a risk event has occurred and be prepared to implement the response strategy immediately.

Ways to Implement the Plan Risk Responses PMP

Summary

Practicing project managers, as well as PMP candidates, should understand the Plan Risk Response process, inputs and outputs of the process, and potential strategies for both opportunities and threats. Additionally, project managers should know how to scale risk response measures to align with the severity of the risk.

Upcoming PMP Certification Training – Live & Online Classes

: Widget class not found. Make sure this widget exists and the class name is correct


Author profile
PMA Logo
Erin Aldridge, PMP, PMI-ACP, & CSPO
Director of Product Development at
Erin Aldridge, PMP, PMI-ACP, & CSPO