Types of RISK:
Residual Risks
Residual risks are those risks that are expected to remain after implementing the planned risk response, as well as those that are deliberately accepted.
For example, let’s say you are constructing a building in an earthquake-prone zone. You design the building by assuming the highest degree of earthquake that can happen is 6 on the Richter Magnitude Scale. But what if an earthquake happens at 7 on the Richter Magnitude Scale?
In this scenario, the building might collapse. This is an example of residual risk.
Secondary Risks
Secondary risks are those risks that arise as a direct outcome of implementing a risk response of an identified risk.
For instance, assuming you are constructing a building, and for security reason, you installed electrical wire at the top of the boundary wall. But what will happen if someone accidentally touches the electrical wire, or the electricity passes through the wet wall during rain?
They will get an electric shock. This is an example of a secondary risk.
Known-Known -> Known Risk - Known Impact
Have a mitigation plan which reduces either the Probability of occurrence or level of Impact. E.g build this plan into design, development, QC, process, skill set such that this Known Risk is mitigated as much as possible.
Known-Unknown -> Known Risk - Unknown Impact
Try to build a mitigation plan to the best possible extent. Have a Contingency Plan. E.g. add buffer to schedule &/or cost essentially consume project Contingency Reserves.
Unknown-Unknown -> Unknown Risk - Unknown Impact
Unknown risks are unknown; they are not known until they happen. You cannot make a response plan for these risks, and you cannot manage them proactively since they are not identified during the planning phase. Unknown risks are managed through the workaround, and to manage these kinds of risks, you will use the management reserve.
Secondary Risks
Secondary risks are those risks that arise as a direct outcome of implementing a risk response of an identified risk.
For instance, assuming you are constructing a building, and for security reason, you installed electrical wire at the top of the boundary wall. But what will happen if someone accidentally touches the electrical wire, or the electricity passes through the wet wall during rain?
They will get an electric shock. This is an example of a secondary risk.
Known-Known -> Known Risk - Known Impact
Have a mitigation plan which reduces either the Probability of occurrence or level of Impact. E.g build this plan into design, development, QC, process, skill set such that this Known Risk is mitigated as much as possible.
Known-Unknown -> Known Risk - Unknown Impact
Try to build a mitigation plan to the best possible extent. Have a Contingency Plan. E.g. add buffer to schedule &/or cost essentially consume project Contingency Reserves.
Unknown-Unknown -> Unknown Risk - Unknown Impact
Unknown risks are unknown; they are not known until they happen. You cannot make a response plan for these risks, and you cannot manage them proactively since they are not identified during the planning phase. Unknown risks are managed through the workaround, and to manage these kinds of risks, you will use the management reserve.
Mitigation Plan
PMBOK® Guide Fifth Edition defines risk mitigation “Risk mitigation is a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk.
It is important to understand that the aim of Risk Mitigation is to bring down the risk exposure within the acceptable threshold limits. The risk exposure is the function of the probability of occurrence of the risk and the impact of this risk on the project. Now, you need to understand, since, mitigation strategy is all about taking advance and proactive actions, the probability of occurrence of risk and its impact is identified and calculated at an early stage so as to prevent the foreseen damage to the project. In short, risk Mitigation follows ‘Prevention is better than cure” dictum.
Contingency Plans
Risk responses identified using contingent response strategy is called contingency plans.
PMBOK® Guide Fifth Edition defines Contingent Response as “Some responses are designed for use only if certain events occur.
Contingency responses are the ones that get executed only when certain unwanted events occur. You do not execute contingency responses unless you see a warning sign (Trigger) that some risk is about to occur. Now, take note we only execute contingency responses when sufficient warning signs are given. It is mandatory to track and define the triggers of the contingency response.
It’s often observed that test takers consider these two risk plans as mutually exclusive, which however is not the case. At times, you may have to plan both the mitigation risk response and the contingency response alongside. In such urgent situations, you have to make a proactive plan of actions to reduce the probability and impact of the risk and also stay prepared with the contingency plan and monitor triggers or warning signs in case the risk is inevitable.
You do not necessarily make both of these plans for all the identified risks. Instead the contingency plans are made for the risks which are under your threshold and flashes enough warning signs in advance.
Here is an Examples to illustrate the case for both the risk responses:
Risk:
You are going to address a gathering of professionals, if the car tires get busted than it will result in delay of twenty minutes and you may miss your speaking slot.
The Mitigation Plan could be:
You take one car along, someone follows you, and in case there is any problem in the car you are traveling you change the car.
The Contingency Plan could be:
You keep some buffer time and if something happens to car tires, you change them and since you have timed buffer you still reach on time.
- See more at: http://www.izenbridge.com/blog/know-the-difference-between-mitigation-plan-and-contingency-plan/#sthash.RjumKFn4.dpufContingency Plan: Contingency Plan describes the various specific actions that will be taken if the risk occurs, and these actions are carried out at the time of risk occurrence. A Contingency Plan is developed in the Planning Process for the identified risks, and it clearly defines the specific actions to be taken when a risk is about to happen or has happened.
For example, you planned that if the rain falls you will cover the construction consumables (materials) that are kept in open ground with a plastic sheet once you see the cloud movement. You further added that if the rain starts falling suddenly without giving any prior sign, you will bring in the blower and/or vacuum pumps to dry the wet consumables after the rain stops.
Fallback Plan:
Fallback Plan is a next step plan after the Contingency Plan. It is implemented when the Contingency Plan fails, or is not fully effective (in other words we can say that the Fallback Plan is generally made for Residual Risks). The Fallback Plan is also a part of the project management plan and it clearly defines the cases which actions have to be taken or need to be implemented.
Let’s say that in above given example, the rain continued to fall for a very long time – longer than you anticipated – which causes the consumables to be not usable any more. In this case, you will implement the Fallback Plan which says that once the rain stops, clean the site and procure new consumables from an identified supplier, and start the work.
Work Around Plan:
As per the PMBOK Guide fifth edition, workarounds are responses that were not initially planned, but are required to deal with emerging risks that were previously unidentified or accepted passively.
Put more simply, workarounds are responses to any unidentified risks that occur during your project execution. In case even after the Mitigation plan and Contingency plan is implemented a Risk is existing then implement the Fallback Plan.
Just because the Mitigation &/or Contingency plan were implemented a new Risk would emanate. This Risk is called Secondary Risk. If the Mitigation &/or Contingency plan were not implemented this Risk would not have happened.
For Accepted Risk or Unknown Risks for which no planning was done a Workaround Plan is implemented.