In the previous chapter we took a high level look at the possible updates that could be created by the Risk Response Planning process to the various project documents. In this chapter we are going to take a detailed look at all the updates that happen to the Risk Register.
The following are the updates that happen in the Risk Register:
1. Agreed Upon Risk Strategies
These are the strategies that will be utilized to handle the risks that are outlined in the Risk Register. Strategies for both negative and positive risks are available here. Remember the strategies – Avoid, Mitigate, Exploit etc.?
Remember that the strategy we choose will depend on the stakeholder and project risk tolerance and threshold.
2. Risk Owners and Responsibilities
Every Risk must have an owner and this information is captured in the Risk Register. Note that here; we are not assigning owners for the activities that are taken up to handle the risks. Instead, we are talking about the person who is in-charge of the risk as a whole.
A large project could have hundreds of risks and assigning the same individual to track all of them may result in gaps that may hurt the project. So, it is a good idea to assign a manageable number of risks to each individual.
3. Risk Symptoms and Warning Signs
These symptoms and warning signs are also known as “Triggers”. It would be a good idea to document them so that we know when we need to respond to any risk. It also will help the team in responding to a risk if it materializes. Risk owners must stay on top of the triggers for their respective risks…
Without knowing the risk trigger, how will you or anyone respond to a risk???
4. Budget and Schedule Requirements
To handle a risk, some actions may be required from people in our team. So, that would involve spending time and money. The cost and time required to implement the risk responses must be outlined in the risk register.
5. Contingency Plans and Triggers
As explained in the chapter on Contingency Reserves, we accept a certain number of risks. Along with this, we also need to take into account all of the Residual Risks as well as those in the Watchlist. So, listing out those risks, their contingency plans as well as triggers that will cause us to use the contingency plan must be clearly specified in the risk register.
6. Time and Cost Contingency
By this stage in Risk Analysis & Planning, we must have a clear idea of how much reserves we need – in terms of time and cost to handle those risks that were accepted or residual risks or those from the Watchlist. During the Monitor & Control risks phase, we will keep a close lookout for risks during our project activities to ensure that we have enough reserves to handle the risks appropriately
7. Fall-back Plans
You might remember that a fall-back plan is the “Plan B” we are planning on executing if our original (Plan A) fails. So, noting this too in the risk register will be useful in future in the unfortunate event of our original plan failing.
8. Residual Risks
When we plan the responses for our risks, we will get a clear idea of any risks that may remain even after we implement our responses. These must be noted down clearly in the risk register so that we can utilize the contingency reserves to handle them appropriately in case they materialize in future.
9. Secondary Risks
Secondary Risks are those risks that are created as a direct consequence of us implementing our planned risk responses. If such a risk is caused by our response, we must make sure that they are also captured accurately in the Risk Register.
Remember that the Risk Register is the most up to date information of all risks that were/are/will be handled by the project. Any risk related activity either uses this document or results in updates to this document. So, keeping it accurate is vital for successful risk management in our project.
Prev: Introduction - Outputs of the Plan Risk Responses Process
Next: Updates to the Project Management Plan