This reading describes the concepts, tools, and techniques used to determine
strategies for managing positive and negative risks, as well as planning and
implementing response actions.
The objective of the Plan Risk Responses process is to
select the strategies and actions that should be imple-
mented to manage prioritized risks in the most efficient
manner.
The main benefit of this process is that it appropriately
allocates resources and introduces agreed-upon acti-
vities into the Project management plan and other Pro-
ject documents, to improve opportunities and reduce
threats to the Project’s objectives . 2
The objective of the Implement Responses process is
that response actions for managing risks be executed
as planned.
Figure 1 – Structure of the Plan Responses Process
The main elements that make up the Plan Risk Respon-
ses process are as follows:
Created in-house, based on A Guide to the Project
Mana­gement Body of Knowledge (PMBOK® Guide) /
Project Management Institute, Sixth Edition.
1 PMBOK Guide, Sixth Edition.
2 Ibid.
THE INPUTS
To start this Plan Responses process we need seve-
ral documents that contain information, which we will
have to analyze.
The Risk Matrix, which records risks according to their
prioritization, and states which risks have to be included
in the Response Plan.
The Risk Management Plan, which records when and
how to carry out the Plan Responses process and who
should carry it out. It also includes, among other elements,
a template for documenting the Response Plan for prio-
ritized risks.
The Project Schedule and Budget, which we will have to
analyze to correctly include planned risk response ac-
tions, so that they can be executed like the rest of the Pro-
ject’s activities.
The Responsibility Assignment Matrix, in which there is
information related to the use of human resources. It is
important to remember that, as is the case with all other
activities, implementing risk management actions requi-
res capital, time, and human resources.
1
THE TOOLS AND TECHNIQUES
How do we analyze and transform input information
to achieve the objective of this process?
Response Strategies for Threats and Opportunities: A
response strategy is a course of action that enables
the Project Team to manage a risk’s potential impact
on the Project’s expected results. There are five respon-
se strategies for positive risks and five for negative risks.
These strategies are described below and summarized
in Figure 2.
1. Threat (Negative Risk) Response Strategies:
A. Avoid. It consists of acting to eliminate the threat or
to protect the Project from its impact. It usually invol-
ves changing Project planning in order to complete-
ly eliminate the threat, isolate Project objectives from
the risk’s impact, or even change the objective that is
threatened. Examples include extending the schedu-
le, changing the intervention strategy, or reducing the
scope. Some risks that arise in the early stages of the
Project can be avoided by adjusting the Project’s de-
sign, clarifying its requirements, obtaining information,
improving communications, or acquiring experience.
B. Mitigate. It involves adopting actions to reduce a
risk’s probability and/or impact to a tolerable level. Miti-
gation strategies can focus on reducing the probability
that the risk will materialize (e.g., adopting a less com-
plex process, training staff, or selecting a more reliable
provider) or they can be aimed at minimizing the risk’s
impact (e.g., adding resources to a component or ex-
tending the Project’s schedule).
C. Transfer. It seeks to shift a risk’s impact, and the res-
ponsibility to act on it if it materializes, to a third party.
Transferring a risk simply assigns the responsibility for
its management to a third party, but it does not elimi-
nate or mitigate the risk. Transferring responsibility for a
risk is more effective when dealing with exposure to fi-
nancial risks. Transferring a risk almost always involves
paying a risk premium to the party that undertakes it.
Transfer tools can be quite diverse and include, among
others, the use of insurance, performance guaran-
tees, warranties, guarantee certificates, etc. Contracts
or agreements can be used to transfer responsibility
for specific risks to a third party. For example, when an
organization has capacities that the executing agen-
cy does not have, it may be prudent to contractually
transfer responsibility for the execution of a Project
product or component to that organization, along with
its corresponding risks. We may also want to transfer
an activity’s risks to a supplier or contractor through
the use of fixed-price contracts.
D. Accept. It involves not acting preventively on the
risk but waiting to see if it materializes. This strategy is
adopted when none of the other strategies are appli-
cable or the cost of undertaking them is greater than
their potential benefits. Acceptance can be active or
passive. Passive acceptance does not require any ac-
tion, except documenting and justifying the strategy
and letting the Project Team address the risks as they
arise. Active acceptance requires establishing a Con-
tingency Reserve that includes the amount of (human
and financial) resources necessary to address the risk
if it materializes. Although accepted risks do not have
a response action, they must be recorded in the Risk
Matrix so they can be monitored throughout the life of
the Project.
E. Escalate. It involves assigning the threat so that it is
managed at a higher level, be it at the Program, Port-
folio, or organizational level. It is advisable to escalate a
risk when its management at a higher level will gene-
rate economies of scale, when it affects more than one
project, or when the risk could impact an objective out-
side the scope of the Project, e.g., a Portfolio objective.
2. Opportunity (Positive Risk) Response Strategies:
A. Exploit. It seeks to eliminate the uncertainty asso-
ciated with the materialization of a positive risk (an
opportunity), ensuring that the opportunity is definitely
realized. Some examples of direct exploitation respon-
ses involve including new planning activities to take
advantage of the executing agency’s strengths, as-
signing the most talented resources to the Project to
reduce the time to completion, or using new technolo-
gies or technological improvements to reduce the cost
and time required to achieve the Project’s objectives.
B. Enhance. It consists of adopting actions to increa-
se the probability and/or positive impacts of a risk
(opportunity). Enhancing strategies seek to facilitate
or strengthen the cause of the opportunity to increase
2
the probability that it will materialize (e.g., adding re- Figure 2 - Risk Response Strategies

sources to an activity to finish earlier), or they may be

directed at increasing the Project’s susceptibility to the
opportunity (e.g., extending the Project’s schedule to
take advantage of more favorable weather conditions
that can reduce costs).

C. Share. It involves assigning ownership of an oppor-

tunity to a better trained third party so as to seize the
positive impacts for the benefit of the Project. Some
examples of risk sharing actions include establishing
temporary joint ventures or partnerships for the ex-
press purpose of taking advantage of an opportunity.

D. Accept. It consists of being willing to take advantage

of a positive risk if it occurs, but without actively seeking
it. Although accepted risks do not have a response ac-
tion, they must be recorded in the Risk Matrix so they
can be monitored throughout the life of the Project.

E. Escalate. It involves assigning the opportunity so

that it is managed at a higher level, be it at the Pro-
gram, Portfolio, or organizational level. It is advisable to
escalate a positive risk when its management at a hi-
gher level can generate benefits beyond the Project at Created in-house, based on A Guide to the Project
lower cost or when it impacts an objective outside the Mana­gement Body of Knowledge (PMBOK® Guide) /
Project Management Institute, Sixth Edition.
scope of the Project.

Cost-Benefit Analysis: Response actions must be adap-

ted to the importance of the risk, i.e., there must be a
balance between the cost of developing the response
and the impact that the risk would have if it were to
materialize. If the risk’s impact has been quantified in
monetary terms, the different response actions iden-
tified can be analyzed by dividing the impact by the
cost of implementing the response action. The higher
the result, the more efficient the response.

Alternatives Analysis: It allows for establishing the most

appropriate response by comparing the characteris-
tics and requirements of the identified response op-
tions. Once the response strategy for a particular risk
has been identified, we must plan the concrete actions
to be implemented so as to achieve the objective of
the selected strategy, be it avoiding, mitigating, trans-
ferring, escalating, or actively accepting the risk. Risk
responses must be realistic within the context of the
Project and they must be agreed upon among all the
parties involved.

3
THE OUTPUTS
The main output of this process, after analyzing the input
information using the techniques introduced, is the Res-
ponse Plan, a document that updates the Risk Register
(which includes all identified risks) and the Risk Matrix
(which includes all analyzed and prioritized risks) with ad-
ditional information.
Only those risks that have been prioritized will appear in
the Response Plan; those that have not been prioritized
will be recorded for subsequent monitoring. If, throu-
ghout the life of the Project, nonprioritized risks chan-
ge risk levels, they will be prioritized and included in the
Response Plan.
In addition to the strategy and response action for
each prioritized risk, the Response Plan must include, at
least, the following elements:3
Party Responsible for the Response: A person, unit, or
team (also called risk action owner or response owner)
that will ensure the correct and timely implementation
of the agreed-upon action.
Allocation of financial and/or physical resources
necessary for implementing the response, and their
source of funding.
Response Trigger: Some actions are short term and,
due to their immediacy, they can be associated with
a specific date or known event, such as, for example,
a Project milestone or product. Other actions, on the
other hand, are designed to be implemented when
certain events or conditions occur. These events or
conditions are related the effectiveness of the respon-
se. Most risk responses will meet their objectives to a
greater or lesser extent depending on when they are
implemented. Executing a response action when the
appropriate conditions have not been met can be ex-
cessively costly and/or delayed and, therefore, not im-
pact the risk.
3 See the Response Plan template.
EXAMPLE
Risk: If the equipment is delivered to local vendors at
their current locations, vendors may not want to move to
the newly built dock, which would prevent meeting the goal
of having xx (number) local entrepreneurs established on
the dock by Year 4.
Action: 1) Prioritizing the start of the construction of the
docks based on the areas where the greatest investments
in equipment will be made. 2) Delaying equipment acqui-
sition.
Trigger: 1) When the results of the mapping of invest-
ments in equipment are available. 2) At the beginning of
the construction works of the new dock.
The Plan Risk Responses process generates a second
Output: Updated Project Planning Documents. Respon-
se actions may require that the following documents,
among others, be adjusted:
A. Adjustments to the Execution Mechanism. Respon-
se actions to risks that arise from the execution system
may require changes to the Project execution mecha-
nism. For example, consultations with beneficiaries may
be added as part of the Project intervention approval
scheme or a formal coordination space among the
organizations involved may be created by consensus.
Changes that are generated in the risk response pro-
cess will be included in different Project documents
according to the stage of the Project at that moment.
B. Adjustments to the Results Matrix (RM). Respon-
se actions to risks that significantly affect the achie-
vement of the Project’s expected results may require
changes to Project products or results. This is the case,
for example, of institutional strengthening activities
that may require an additional component or product
to be included as part of the scope of the Project, if they
are numerous and important enough to the Project’s
results. The risk analysis and the responses identified
to manage them can also involve reviewing indicators,
baselines, goals, or sources of verification.
4
C. Adjustments to the Pluriannual Execution Plan (PEP).
Response actions to risks associated with a specific
product of the operation are considered activities of
said product and, as such, must be part of the Project’s
PEP. The Project Team must take into account the ti-
ming and cost of these actions within the framework
of product activities, to ensure that the risk is mana-
ged on time and the product is delivered correctly and
in a timely manner. Response actions may also invol-
ve changes in the execution logic, which may require
reviewing the network schedule, adding floats into the
budget or schedule of activities or chains, or on the
contrary, compressing the schedule4.

D. Adjustments to the Procurement Plan. Like any ac-

tivity in a project, a risk response may require the pur-
chase of products or services, which will have to be
managed following the same procurement policies
and modalities as other Project purchases. It is also
very common for risk responses to involve actions re-
lated to procurement management, either through the
inclusion of contract clauses or through contract ad-
ministration.

CONCLUSIONS

A project’s risks are identified, recorded, and analyzed

to be managed. Risk management involves establi-
shing a strategic objective (planning the response
strategy) and implementing the actions necessary to
achieve it (response actions).

Like any action in a project, it requires the allocation

of resources and assignment of responsible parties.
Moreover, the risk response must be cost-effective, so
the Alternatives Analysis and the comparison between
the cost of the response and the benefit that it would
generate on the risk’s level is part of a good respon-
se planning exercise. Identifying the appropriate con-
ditions for implementing the response (the trigger)
is also essential to obtain the greatest benefit at the
lowest cost.

4 For references on the concepts of budget and schedule management, please consult the Glossary.

5
MAIN TERMS AND DEFINITIONS Risk Avoidance. A risk response strategy whereby the
IN THIS READING project team acts to eliminate the threat or protect the
project from its impact.

Acquisition. Obtaining human and material resour- Risk Mitigation. A risk response strategy whereby the
ces necessary to perform project activities. Acquisition project team acts to decrease the probability of occu-
implies a cost of resources and is not necessarily finan- rrence or impact of a threat.
cial.
Risk Transference. A risk response strategy whereby
Alternatives Analysis. A technique used to evalua- the project team shifts the impact of a threat to a third
te identified options in order to select the options or party, together with ownership of the response.
approaches to use to execute and perform the work of
the project. Trigger Condition. An event or situation that indicates
that a risk is about to occur.
Contingency. An event or occurrence that could
affect the execution of the project that may be accoun-
*Reading created in-house, based on A Guide to the Project
ted for with a reserve.
Management Body of Knowledge (PMBOK® Guide) / Project
Management Institute, Sixth Edition.
Contingency Reserve. The budget allocated in the
cost or performance measurement baseline for identi-
fied risks that are accepted and for which contingent or
mitigation responses are developed.

Corrective Action. An intentional activity that realig-

ns the performance of the project work with the project
management plan.

Cost-Benefit Analysis. A financial analysis tool used

to determine the benefits provided by a project against
its costs.

Plan Risk Responses. The process of developing op-

tions and actions to improve opportunities and reduce
threats to project objectives.

Preventive Action. An intentional activity that ensures

the future performance of the project work is aligned
with the project management plan.

Reserve. A provision in the project management plan

to mitigate cost and/or schedule risk. It is often used with
a modifier (e.g., management reserve, contingency re-
serve) to provide further detail on what types of risk are
meant to be mitigated.

Risk Acceptance. A risk response strategy whereby

the project team decides to acknowledge the risk and
not take any action unless the risk occurs.