[MUSIC] Look at what you've accomplished. You've identified many risks for your project. You have worked with your team to note the threats and the opportunities that you face as you make your way to project completion. You've used qualitative risk analysis to prioritize those risks, and you've documented this information in your risk register. That's the document you use to capture your information about your risks. Now, what do you do? Now, it's time to come up with some responses to those risks. The whole point of thinking about what could happen is so that you can be proactive. Risk management is meant to be proactive. But, which risks do you respond to? It's wildly impractical to come up with a plan for every risk that might occur. Now, you use your prioritization information and your risk probability and impact matrix to decide. Your risk probability and impact matrix documents the levels at which you consider a risk to be high, medium, or low. This is information you agree upon while you're creating your risk management plan for your project. Or, if you have risk guidelines that remain the same from project to project, you use your existing guidelines. There's no need to rewrite a plan when you already have what you need. For the sake of our discussion, let's pretend that you are required to create responses for all of the risks that are in the red zone. Now, you examine those risks with your team and you discuss the best approach. The approaches we most commonly use, we're going to discuss first for threats. So, the first most common approach is to avoid and that means what you think it means. You and your team do what you can to eliminate the risk. You might change your approach to the work, or even change or remove scope if the risk is that great. The second common approach for threat is to transfer. This means to give more responsibility to another party, because they're qualified to take on this responsibility. For example, if we consider whether or not to make, buy or outsource a component, buying it or outsourcing it are ways of transferring the risk. The hope being that the other vendors are more capable of creating this component successfully than we are. Our third approach for a threat, to mitigate. You come up with some actions that will make the risk less likely to occur, or less impactful if it does occur. Going back to our potential risk about the price of widgets rising, mitigation could be to order the widgets before any chance of a price increase. Or, it could mean securing a price guarantee that in exchange to a commitment to purchase a specific number of widgets, the price increase will be minimized. Finally, for a threat, we're going to talk about to accept. You're saying I understand this might occur, and the team and I accept the consequences. Why would you do that? Well if the risk has a low probability, or low impact, or both. Or, if there's no known way to respond to it, or the cost of a proactive response is too high, and does not make good business sense. Well, that covers our common approaches for threats. We want to think about our common approaches for opportunities. The first one we're going to look at is to exploit the risk. And this means to include activities which help ensure that we will receive the benefits from the opportunity. Perhaps adding more people to an activity that will help make it complete early, or help bring in the project end date or using more experienced resources to help less experienced resources for a higher quality or a quicker outcome. Our second approach for an opportunity is to share. It means you include another, perhaps an organization or a consultant, and you engage with them to help you realize the opportunity. And in return, they would be paid or perhaps offered future contracts or a portion of the profits. Third approach for opportunities, to enhance. In our widget vendor scenario, if what we really think is going to happen is that the price of widgets will decrease, that's an opportunity. We may want to enhance this risk, meaning, make it more likely that we can receive a discounted price. And then, our fourth approach just like with threats, with opportunities, we may also choose to accept. We can accept the fact that an opportunity might exist, but we might not do anything about it. When we do not anything, it's called passive acceptance. That's true for both threats and opportunities. And by the way, it's good to have an owner and a due date for each response. In this way, you know who's watching. Now yes, as a project manager you have responsibility overall, but there could be risk outside your area of expertise and you're not closest to the risk. You will not maybe be the first to see that a risk is happening. And you're probably not the one who's going to perform the work and the response, or the contingency. That's why you want to have that person as an owner. Now we've discussed the common approaches for responding to risks. So, let's cover a quick question. Which risks require responses? Is it a, all of them? Is it b, approximately 50% of them? Is it c, refer to your risk management plan? Or is it d, refer to your risk register? I hope you answered c, refer to your risk management plan. Your risk management plan maps out your approach to managing risk on your project. Thank you, bye for now.
