In this post we get to the third step in the risk management process, our approach to risk mitigation. The goal of this step is to establish a strategy to burn-down risk. This is a high-level plan for reducing project related risks...
There are, of course, many important details to create an effective burn-down plan. It will take a few posts to get through the key items. We’ll start by defining risk mitigation at a high level.
What is risk mitigation?
Mitigating a risk essentially means deliberately doing something to reduce risk exposure. Recall from previous posts (see below) that risk exposure consists of two independent terms – impact and probability.
Risk Exposure = Risk Impact * Probability of risk materializing
By mitigating risk, we reduce either risk impact or risk probability, or both. There are many ways to mitigate risk, and identifying good (or great) mitigations is the key to a successful project.
Arriving at great mitigation plan is enabled by clearly defining Risk Drivers (aka Knowledge Gaps) and Impacted Objects during the risk analysis phase.
Effective risk mitigation has many facets, all of which we will cover in the next few posts. For example, we’ll discuss the various types of mitigations available to choose from, and mitigation strategies that we find the most effective and valuable among the teams we have worked with. In the process, we will cover:
- In part 12 we will cover the general types of mitigations including avoidance, architectural changes, contingency plans, and the most important of all – knowledge generating mitigations;
- Some specific techniques for generating knowledge quickly, including methods such as set-based development, the use of minimum viable products, rapid prototyping, and more;
- How to estimate the cost and value of each mitigation, and determine whether the mitigation is worth executing or not;
- Recommended practices to develop, execute, and update a burn-down plan for each risk; and,
- How to prioritize mitigations across the many risks identified in a project.
If you haven't read our previous posts on project risk managment the links to the series are below.
We also have a free risk management template available.
Risk management series of posts
In Part 1, we defined project risk.
In Part 2, we looked at the key piece of project risk management – the project’s objectives and how effective risk management must start with defining project objectives.
In Part 3, we considered the uncertain events and conditions that are the cause of a risk.
In Part 4, we looked at the return on investment of risk management and how to calculate risk exposure.
In Part 5, we explored the risk management (or learning management) process.
In Part 6 covers project risk identification and capture.
In Part 7 we reviewed risk drivers and the 5 Whys technique - a simple and powerful technique for discovering the root of the problem (the root of the risk)!
In Part 9, we discussed the importance of capturing the objects impacted by a risk in order to understand risk exposure.
In Part 10 we demonstrated how to calculate risk exposure both qualitatively and quantitatively
Part 11, This part - defining risk mitgation and out lining our apporach.
In Part 12, we discuss general types of mitigations including avoidance, architectural changes, contingency plans.