negative_response_strategies_v1.1

1

Topic NEGATIVE RESPONSE STRATEGIES

2

Group Members

FAHAD SALEEM

MOHID SIDDIQUI

3

Agenda

Self

Introduction

Response

Strategies for negative Risks

Negative Risk

4

Risk Response

PMBOK Guide Fifth Edition

5

Negative RiskNegative risks or threats are unfavorable conditions, situations, circumstances or risks that can have potential negative impact on project objectives if they materialize.

From PROJECT MANAGEMENT LEXICON

http://www.projectmanagementlexicon.com/

6

Strategies for negative risks

www.Forum.izenbridge.com

7

Risk AvoidanceRisk avoidance is a risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact. - PMBOK® Guide Fifth Edition• This is the most preferred risk control strategy

as it seeks to avoid risk/treats entirely.(1)• Avoidance is accomplish through countering

treats, removing vulnerabilities in assets, limiting access to assets, and adding protective safeguards.(2)

1. http://www.projectmanagementlexicon.com/topics/strategies-for-negative-risks-threats/2. Risk Management Vs Risk Avoidance Presentation By William Gillette

http://www.projectmanagementlexicon.com/topics/strategies-for-negative-risks-threats/

8

Example of Risk AvoidanceAny changes in project

ecosystem during execution phase.No project manager likes to handle such changes. So avoid them. However, avoiding risk in real life scenarios is very rare.

https://pmpguide.wordpress.com/2011/07/22/get-it-right-concept-3-different-risk-response-strategies/

9

Methods of risk avoidanceAvoidance through application of

policy.Avoidance through application of

training and education.Avoidance though application of

technology.

Risk Management Vs Risk Avoidance Presentation By William Gillette


10

Avoidance through application of policyThis mandates that procedure

must be followed when dealing with a sensitive asset.◦Example requiring random assigned

password to access sensitive assets like customer databases.


11

Avoidance through application of training and education

New policies must be communicated to employees.

General security awareness issues.

Awareness, education, and training are essential if employees are to exhibit safe controlled behavior.


12

Avoidance though application of technology.

The use of countering measure to reduce or eliminating the exposure of a particular asset to a specific treat.

Implementing safeguards to defect attack on systems and therefore minimize the probability of a attack will be successful.


13

Risk TransferenceRisk transference is a risk response strategy whereby the project team shifts the impact ofA threat to a third party, together with ownership of the response. – PMBOK® Guide Fifth EditionRC_Guide_RiskTransferStrategytoHelpProtectYou+Business_CNA.pdfCNA Financial Corporation is a financial corporation based in Chicago, United StatesContinental National American Group

http://en.wikipedia.org/wiki/Chicago

http://en.wikipedia.org/wiki/United_States

http://en.wikipedia.org/wiki/United_States


14

CNARisk transfer is a risk management and control strategy that involves the contractual shifting of a pure risk fromone party to another. Insurance (Risk transfer is most often accomplished through an

insurance policy) Contracts(Risk transfer can also be accomplished through non-

insurance agreements such as contracts) Certificates of InsuranceA certificate of insurance is a form issued by an insurer or agent that lists the coverage(s), expiration date(s) and limits of the insured's coverage(s). It includes important information about such coverage, including policy number, policy limits, insurer, agent, coverage period and name of the insured.


15

How to Employ Risk Transfer as a Strategy for Protection

Certificates of InsuranceAdditional Insured StatusContracts You Ask Others to SignContracts That Others Ask You to

SignRecord Keeping


16

Example of Risk TransferE.g. Outsourcing is the classic

example of transferring the risk.

However no risk can be 100% transferred to third party. If vendor fails to deliver the solution, project manager from client organization can sue vendor, put monitory penalties on vendor as per the contract, but still client has to bear the consequences of absence of the desired system. So in ‘Transfer’ scenario as well, project manager from outsourcing side should do active risk management.

17

Risk MitigationRisk mitigation is a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk. – PMBOK® Guide Fifth Edition


18

Mitigate probabilityLower down the chance of occurring

the risk. Project manager should try to mitigate the probability of risk if it can’t be completely avoided.

E.g. Changes during the execution phase of the project. In ideal world, this risk should be avoided as we saw above. However, than never happens in real life scenarios, hence project manager should strive to mitigate the probability of changes during execution phase. How? Either foresee all the requirements and elicit them before execution phase or apply strict change control measures.


19

Mitigate impactAssuming risk still occurs, project

manager should look forward to lower the impact of risk on the project.

E.g. In the same example of changes during the execution phase of the project, project manager should build strategy to keep the impact of changes as minimal as can be. How? Create flexible enough design to adapt the changes or build reusable code.



20

Risk AcceptanceRisk acceptance is a risk response strategy whereby the project team decides to acknowledge the risk and not take any action unless the risk occurs. – PMBOK® Guide Fifth Edition There are primarily two types of risk :1. Passive Acceptance2. Active Acceptance

https://blog.outpost24.com/2014/02/20/risk-acceptance/

21

Risk AcceptanceIf the servers are in a permanent

test environment, it is good, but if they are to be deployed to a production environment, the risks will no longer be acceptable. This is why one should think twice before using the risk accepting option this way.

22

Example of Risk Acceptance

E.g. Market conditions, Change in government policies, Change in organization policies of a client.Let’s say client decides to stop outsourcing and build in-house capabilities. This leads to another risk of ‘lowered revenue levels for your org’.

Another example is of ‘unfinished’ touch to short lived applications. E.g. Data transfer utilities. Since this is used by small users and for shorter duration, one need not go for fancy UI. Risk of not so good user experience is accepted.


23

Passive AcceptancePassive acceptance is a risk response technique employed when the risk cannot be avoided/mitigated in any way and the project team must accept the consequences of the risk when it materializes without an adequate response strategy.(1) In this we find Work Around(2)

1. http://www.projectmanagementlexicon.com/topics/strategies-for-negative-risks-threats/2. http://www.slideshare.net/aleemhabib7/project-risk-management-pmbok-5



24

Active AcceptanceActive acceptance is a risk response technique employed when the risk cannot be avoided/mitigated in any way and the project team must accept the consequences of the risk by developing contingency plans or reserve to put in action when the risk materializes.




25

Active AcceptanceContingency planFall back PlanFor Example: setting aside contingency to

offset the effect of the risk.(2)

1. http://www.slideshare.net/aleemhabib7/project-risk-management-pmbok-52. https://pmpsnacks.wordpress.com/2011/07/02/be-careful-5-risk-acceptance-active-vs-

passive/

http://www.slideshare.net/aleemhabib7/project-risk-management-pmbok-5

http://www.slideshare.net/aleemhabib7/project-risk-management-pmbok-5

26

Example for Active & PassiveThe software that was purchased for the project will be defective. There is a probability of 2 percent that this will occur. The CD of the software is delivered on will not work and will have to be replaced with a new CD. This causes a delay of five days to a task that has twenty-five days of free float. Passive acceptance will probably be used in dealing with this risk.


27

Active and Passive Acceptance Comparison

One simple way to remember this: remember disaster movies like “Titanic”, “Armageddon” or “2012”. There are always those characters in the movie where they just accept that they are going to die and of course there are the hero's who take some action to get out alive. Think of the former as “Passive Acceptance” and the hero's as “Active Acceptance”.

https://pmpsnacks.wordpress.com/2011/07/02/be-careful-5-risk-acceptance-active-vs-passive/


28

Risk AcceptanceIt should be possible to accept risks in different waysA conditional acceptA time-based acceptAn indefinite accept


29

Example of the conditional riskAn example of the conditional

risk acceptance can be that a web application firewall should be in place. This should be marked as a time based acceptance to ensure that the compensating control is still in place and is still effective.


30

Time based acceptance The time based acceptance is the

number one most commonly used form of risk acceptance, and it is based on the very common statement that something will be fixed “soon”.


31

Time based acceptance Examplefor example it may not be

possible to patch now, but 3 months from now the systems will be updated. This risk should be set to accepted, but only for 3 months. After that, it is important to follow up on the risk as if it is a new risk.

32

Indefinite acceptThe indefinite accept should be

used carefully, only when there is a business justification

For example for risks when the tool sets up a fulfilled condition for its report, or where the conditional state is known to be permanent.



33

www.Forum.izenbridge.com 34

35

“ Smoking can cause cancer”ACCEPT TRANSFER MITIGATE AVOID

At the onset of smoking habit, you accept the risk.

When you get conscious of its hazards, you buy a insurance cover to ease of medical cost.

When negative consequences of the smoking starts appearing, you tend to reduce the intake

On the arrival of the doctor’s warning, that you have crossed the threshold and life is at risk, you jump on ‘avoid’ strategy.

http://www.projectmanagementlexicon.com/topics/ BY Saket Bansel

http://www.projectmanagementlexicon.com/topics/

www.Forum.izenbridge.com 36

QuestionnaireYou are working on a Road Construction Project and

you Realized that the Proposed Road is passing through the disputed land and because of this dispute you have a Risk of not getting the approval from authorities on time, you discussed this problem with your stakeholders and made them agreed to change the path of road in such a way that this area is now not covered in your project scope.

Which risk response strategy is applied here?A. AvoidB. AcceptC. MitigateD. Transfer

negative_response_strategies_v1.1

Documents