Qualitative Risk Management - Part 3

In this article we are going to continue our journey in the qualitative risk management knowledge area. The risk management subject is vast and complex. A full understanding requires years of study and practice. throughout the years we have developed simplified methods for qualitative risk management that enables non-expert to manage their project risks.

This is article is the third one of a series of articles we have planned. If you have not read the first ones, click on the buttons below and then come back to continue reading this article.

Shall we continue with definitions?

The first definition we want to cover is response plan. The response plan is the formal action for each risk identified, evaluated and ranked. The response plan comes naturally after the team understands the risk better. It is the natural question of what to do if this risk materializes. We need to highlight that the categorization is slightly different if the risk is an opportunity or a threat. First, we will list the most common response plans for opportunities:

  • Accept - The most common plan we see in projects. Accept might seems too passive, but sometimes is the best response plan. In some projects, risks are accepted and resources (funds, time or material) are set aside in case is needed

  • Exploit - Strategy to increase the probability and impact of the risk. In other words, increase the likelihood of occurrence


Now the most common response plans if the risk is a threat to the project:

  • Accept - The most common plan we see in projects. Accept might seems too passive, but sometimes is the best response plan. In some projects, risks are accepted and resources (funds, time or material) are set aside in case is needed

  • Escalate - Typically the project team escalate a risk to the organization if it's outside of their control. One simple example is if there is a new project in the organization and it has the potential to steal resources from the current project

  • Mitigate - Reduce the impact of the event to zero or to acceptable levels. In many projects it's referred as ALARP levels, which means As Low As Reasonably Practicable levels. Depending on the response plan required, the project could incur costs that will be lower to implement than wait the risk to materialize and then deal with it

  • Transfer - Is when you transfer the risk to another entity in exchange of a premium. In other terms it is an insurance. You purchase insurance protection in exchange of a premium. The insurer will be responsible for the associated costs of the event if this event materializes


Lastly, we need to define when to activate each risk response plan, i.e., the trigger. The trigger could be immediate, like purchasing an insurance policy. Another example of trigger could be to monitor a project indicator and when it reaches the certain value, the response plan is initiated.


We have reached the end of the planned articles for qualitative risk management. There are great books available in the market where you can dive deeper. Risk Management is a very challenging knowledge area due difficulty to balance the application of the techniques, keep in a level where the project team understands and cause a positive impact on the project. We have seen projects that concentrated far too much resources in the pure technique preparing a risk register with hundreds of risks, ranked and with planned responses. But they lost the mark lost in the details.

The value of the risk management professional is not found in the colorful spreadsheet with hundred risks. It is found in the capacity of keeping it relevant, ahead of the project evolution and simple.

Contact us if you need help with risk management in your project.