NEGATIVE_RESPONSE_STRATEGIES_V1.1

Topic
NEGATIVE RESPONSE STRATEGIES
1

Group Members
 FAHAD SALEEM
 MOHID SIDDIQUI
2

Agenda
Self 3
Introduction
Response
Strategies for
negative Risks
Negative Risk

Risk Response
PMBOK Guide Fifth Edition 4

Negative Risk
Negative risks or threats are
unfavorable conditions, situations,
circumstances or risks that can have
potential negative impact on project
objectives if they materialize.
From PROJECT MANAGEMENT LEXICON 5

Strategies for negative risks
www.Forum.izenbridge.com
6

Risk Avoidance
Risk avoidance is a risk response strategy
whereby the project team acts to eliminate the
threat or protect the project from its impact. -
PMBOK® Guide Fifth Edition
• This is the most preferred risk control strategy as it
seeks to avoid risk/treats entirely.(1)
• Avoidance is accomplish through countering treats,
removing vulnerabilities in assets, limiting access to
assets, and adding protective safeguards.(2)
1. http://www.projectmanagementlexicon.com/topics/strategies-for-negative-risks-threats/
2. Risk Management Vs Risk Avoidance Presentation By William Gillette 7

Example of Risk Avoidance
 Any changes in project ecosystem
during execution phase.
No project manager likes to handle
such changes. So avoid them.
However, avoiding risk in real life
scenarios is very rare.
https://pmpguide.wordpress.com/2011/07/22/get-it-right-concept-3-different-risk-response-strategies/ 8

Methods of risk avoidance
 Avoidance through application of
policy.
 Avoidance through application of
training and education.
 Avoidance though application of
technology.
Risk Management Vs Risk Avoidance
Presentation By William Gillette 9

Avoidance through application
of policy
 This mandates that procedure must be
followed when dealing with a sensitive
asset.
◦ Example requiring random assigned
password to access sensitive assets like
customer databases.

Avoidance through application
of training and education
 New policies must be communicated
to employees.
 General security awareness issues.
 Awareness, education, and training
are essential if employees are to
exhibit safe controlled behavior.

Avoidance though application of
technology.
 The use of countering measure to
reduce or eliminating the exposure of
a particular asset to a specific treat.
 Implementing safeguards to defect
attack on systems and therefore
minimize the probability of a attack will
be successful.

Risk Transference
Risk transference is a risk response strategy
whereby the project team shifts the impact of
A threat to a third party, together with ownership of
the response. – PMBOK® Guide Fifth Edition
RC_Guide_RiskTransferStrategytoHelpProtectYou+Business_CNA.pdf
CNA Financial Corporation is a financial corporation based in Chicago, United States
Continental National American Group
http://www.projectmanagementlexicon.c
om/topics/strategies-for-negative-risks-
threats/ 13

CNA
Risk transfer is a risk management and control strategy that involves
the contractual shifting of a pure risk from
one party to another.
 Insurance (Risk transfer is most often accomplished through an insurance
policy)
 Contracts(Risk transfer can also be accomplished through non-insurance
agreements such as contracts)
 Certificates of Insurance
A certificate of insurance is a form issued by an insurer or agent that lists the
coverage(s), expiration date(s) and limits of the insured's coverage(s). It
includes important information about such coverage, including policy number,
policy limits, insurer, agent, coverage period and name of the insured.
threats/ 14

How to Employ Risk Transfer as
a Strategy for Protection
 Certificates of Insurance
 Additional Insured Status
 Contracts You Ask Others to Sign
 Contracts That Others Ask You to Sign
 Record Keeping
threats/ 15

Example of Risk Transfer
 E.g. Outsourcing is the classic example
of transferring the risk.
However no risk can be 100% transferred to third
party.
If vendor fails to deliver the solution, project manager from client
organization can sue vendor, put monitory penalties on vendor as per
the contract, but still client has to bear the consequences of absence
of the desired system. So in ‘Transfer’ scenario as well, project
manager from outsourcing side should do active risk management.
threats/ 16

Risk Mitigation
Risk mitigation is a risk response strategy whereby
the project team acts to reduce the probability of
occurrence or impact of a risk. – PMBOK® Guide
Fifth Edition
http://www.projectmanagementlexicon.com/topics/strategies-for-negative-risks-threats/
17

Mitigate probability
 Lower down the chance of occurring the
risk. Project manager should try to
mitigate the probability of risk if it can’t be
completely avoided.
 E.g. Changes during the execution phase of the project. In ideal
world, this risk should be avoided as we saw above. However, than
never happens in real life scenarios, hence project manager
should strive to mitigate the probability of changes during
execution phase. How? Either foresee all the requirements and
elicit them before execution phase or apply strict change control
measures.

Mitigate impact
 Assuming risk still occurs, project
manager should look forward to lower
the impact of risk on the project.
 E.g. In the same example of changes during the execution
phase of the project, project manager should build strategy to
keep the impact of changes as minimal as can be. How?
Create flexible enough design to adapt the changes or build
reusable code.

Risk Acceptance
Risk acceptance is a risk response strategy
whereby the project team decides to acknowledge
the risk and not take any action unless the risk
occurs. – PMBOK® Guide Fifth Edition
There are primarily two types of risk :
1. Passive Acceptance
2. Active Acceptance
threats/ 20

Risk Acceptance
 If the servers are in a permanent test
environment, it is good, but if they are to
be deployed to a production
environment, the risks will no longer be
acceptable. This is why one should think
twice before using the risk accepting
option this way.
https://blog.outpost24.com/2014/02/20/r
isk-acceptance/ 21

Example of Risk Acceptance
 E.g. Market conditions, Change in government policies, Change in
organization policies of a client.
Let’s say client decides to stop outsourcing and build in-house
capabilities. This leads to another risk of ‘lowered revenue levels
for your org’.
 Another example is of ‘unfinished’ touch to short lived applications.
E.g. Data transfer utilities. Since this is used by small users and for
shorter duration, one need not go for fancy UI. Risk of not so good
user experience is accepted.

Passive Acceptance
Passive acceptance is a risk response technique
employed when the risk cannot be
avoided/mitigated in any way and the project team
must accept the consequences of the risk when it
materializes without an
adequate response strategy.(1)
In this we find Work Around(2)
1. http://www.projectmanagementlexicon.com/topics/strategies-for-negative-risks-threats/
2. http://www.slideshare.net/aleemhabib7/project-risk-management-pmbok-5
23

Active Acceptance
Active acceptance is a risk response technique
employed when the risk cannot be
avoided/mitigated in any way and the project team
must accept the consequences of the risk by
developing contingency plans or reserve to put in
action when the risk materializes.
http://www.projectmanagementlexicon.com/topics/strategies-for-negative-risks-threats/ 24

Active Acceptance
 Contingency plan
 Fall back Plan
For Example:
 setting aside contingency to offset the
effect of the risk.(2)
1. http://www.slideshare.net/aleemhabib7/project-risk-management-pmbok-5
2. https://pmpsnacks.wordpress.com/2011/07/02/be-careful-5-risk-acceptance-active-vs-passive/ 25

Example for Active & Passive
The software that was purchased for the project will
be defective.
There is a probability of 2 percent that this will occur.
The CD of the software is delivered on will not work
and will have to be replaced with a new CD.
This causes a delay of five days to a task that has
twenty-five days of free float.
Passive acceptance will probably be used in
dealing with this risk.
http://www.projectmanagementlexicon.com/topics/strategies-for-negative-risks-threats/ 26

Active and Passive Acceptance
Comparison
One simple way to remember this:
remember disaster movies like “Titanic”,
“Armageddon” or “2012”.
There are always those characters in the movie
where they just accept that they are going to die
and of course there are the hero's who take some
action to get out alive. Think of the former as
“Passive Acceptance” and the hero's as “Active
Acceptance”.
https://pmpsnacks.wordpress.com/2011/07/02/be-careful-5-risk-acceptance-active-vs-passive/ 27

Risk Acceptance
It should be possible to accept risks in
different ways
 A conditional accept
 A time-based accept
 An indefinite accept
isk-acceptance/ 28

Example of the conditional
risk
 An example of the conditional risk
acceptance can be that a web
application firewall should be in place.
This should be marked as a time
based acceptance to ensure that the
compensating control is still in place
and is still effective.
isk-acceptance/ 29

Time based acceptance
 The time based acceptance is the
number one most commonly used
form of risk acceptance, and it is
based on the very common statement
that something will be fixed “soon”.
isk-acceptance/ 30

Time based acceptance
Example
 for example it may not be possible to
patch now, but 3 months from now the
systems will be updated. This risk
should be set to accepted, but only for
3 months. After that, it is important to
follow up on the risk as if it is a new
risk.
isk-acceptance/ 31

Indefinite accept
 The indefinite accept should be used
carefully, only when there is a
business justification
 For example for risks when the tool
sets up a fulfilled condition for its
report, or where the conditional state
is known to be permanent.
https://blog.outpost24.com/2014/02/20/risk-
acceptance/
32

threats/ 33

“ Smoking can cause cancer”
ACCEPT TRANSFER MITIGATE AVOID
At the onset of
smoking habit,
you accept the
risk.
When you get
conscious of its
hazards, you
buy a insurance
cover to ease of
medical cost.
When negative
consequences
of the smoking
starts
appearing, you
tend to reduce
the intake
On the arrival of
the doctor’s
warning, that
you have
crossed the
threshold and
life is at risk, you
jump on ‘avoid’
strategy.
http://www.projectmanagementlexicon.com/topics/ BY Saket Bansel 35

Questionnaire
 You are working on a Road Construction Project and
you Realized that the Proposed Road is passing
through the disputed land and because of this dispute
you have a Risk of not getting the approval from
authorities on time, you discussed this problem with
your stakeholders and made them agreed to change the
path of road in such a way that this area is now not
covered in your project scope.
Which risk response strategy is applied here?
A. Avoid
B. Accept
C. Mitigate
D. Transfer
www.Forum.izenbridge.com 36

NEGATIVE_RESPONSE_STRATEGIES_V1.1

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (11)

Similar to NEGATIVE_RESPONSE_STRATEGIES_V1.1

Similar to NEGATIVE_RESPONSE_STRATEGIES_V1.1 (20)

More from Fahad Saleem

More from Fahad Saleem (20)

NEGATIVE_RESPONSE_STRATEGIES_V1.1