Professional Documents
Culture Documents
12 Risk Mitigation Concept and Types (Risk Treatment)
12 Risk Mitigation Concept and Types (Risk Treatment)
AND TYPES
•
OPENING
•
RISK MITIGATION TYPES
•
RISK MITIGATION STRATEGIES
•
MONITORING
# 00
OPENING
# 00
WHAT IS RISK?
•
A basic dictionary definition says that risk is the
possibility of loss or injury
•
Risk involves understanding potential problems that
might occur on and how they might impede the
success
# 00
WHAT IS RISK
•
It is important to note that risk management is an
investment – there are costs associated with it. The
reason most people and organizations take risks is to
benefit from opportunities
# 00
WHAT IS RISK?
•
They took risks that created great opportunities. The
idea of striving to balance risks and opportunities
suggests that different organizations and people have
different tolerances for risks.
# 00
WHAT IS RISK ?
•
Some organizations or people have neutral tolerance
for risk, some have an aversion to risk, and others
are risk- seeking
# 00
RISK AVERSE
•
A person or organization that is risk- averse gains
less satisfaction from the risk or has lower tolerance
for the risk when more payoff or money is at stake
# 00
RISK SEEKING
•
Those who are risk-seeking have a higher tolerance
for risk and their satisfaction increases when more
payoff is at stake
•
A risk-seeker prefers more uncertain outcomes and is
often willing to pay a penalty to take risks
# 00
RISK NEUTRAL
•
The risk-neutral achieves a balance between risk and
payoff
# 00
RISK MITIGATION
•
Risk mitigation planning, implementation, and
progress monitoring are depicted in Figure 1
•
As part of an iterative process, the risk tracking tool
is used to record the results of risk prioritization
analysis (step 3) that provides input to both risk
mitigation (step 4) and risk impact assessment (step
2)
# 00
RISK MITIGATION
# 00
RISK MITIGATION
TYPES
# 00
RISK MITIGATION TYPES
# 00
AVOID THE RISK
# 00
AVOID RISK
•
Avoid risk : The business takes action to avoid the risk
•
Typically this means the business chooses not to
undertake an activity
•
For example : a farmer may decide not to grow lavender
because the growing conditions are unsuitable and the
probability of a crop failure is very high
# 00
MITIGATE THE RISK
# 00
MITIGATE THE RISK
•
Risk mitigating involves reducing the impact of a risk event
by reducing the probability of its occurrence
•
The business takes action to reduce either the probability or
consequence of the risk
•
Typical examples include worker safety training and safety
equipment, both of which are appropriate measures to reduce
the probability of its occurrence
# 00
MITIGATE THE RISK
•
The business owner could reduce the severe negative
consequences to the business with a succession plan
•
In operational risk, It includes three types of plans:
# 00
MITIGATE THE RISK
SUMMARISE OF MITIGATION PLAN
# 00
MITIGATE THE RISK
SUMMARISE OF MITIGATION PLAN
# 00
ACCEPT THE RISK
# 00
ACCEPT THE RISK
•
Risk acceptance means accepting the consequences should a
risk occur
•
The business recognizes that unanticipated events will occur
and will choose to accept those risks that are of low
consequence to the business
•
Businesses face many small risks such as a new employee
quitting or a bounced check, and the philosophical often call
these events, "The cost of doing business."
# 00
TRANSFER THE RISK
# 00
TRANSFER THE RISK
•
Transfer Risk--The business transfers the risk to an
insurance company
•
The insurance company will pay an indemnity when the
event occurs
•
Typical insurance for farmers includes crop insurance or
revenue insurance, while other types of insurance are
liability insurance, disability insurance, life insurance, etc.
# 00
RISK
MITIGATION
STRATEGIES
# 00
RISK MITIGATION
# 00
RISK MITIGATION STRATEGIES
•
General guidelines for applying risk mitigation handling
options are shown below
•
These options are based on the assessed combination of
the probability of occurrence and severity of the
consequence for an identified risk
•
These guidelines are appropriate for many, but not all,
projects and programs.
# 00
RISK MITIGATION HANDLING
# 00
RISK MITIGATION HANDLING
Assume/Accept:
•
Collaborate with the operational users to create a
collective understanding of risks and their implications
•
Risks can be characterized as impacting traditional cost,
schedule, and performance parameters
•
Risks should also be characterized as impact to mission
performance resulting from reduced technical
performance or capability.
•
Develop an understanding of all these impacts
# 00
RISK MITIGATION HANDLING
Assume/Accept:
•
Bringing users into the mission impact characterization is particularly
important to selecting which "assume/accept" option is ultimately
chosen
•
Users will decide whether accepting the consequences of a risk is
acceptable
•
Provide the users with the vulnerabilities affecting a risk,
countermeasures that can be performed, and residual risk that may occur.
Help the users understand the costs in terms of time and money
•
NOTE : Approval of project or program leaders is required.
# 00
RISK MITIGATION HANDLING
Avoid:
•
Work with users to achieve a collective understanding of
the implications of risks
•
Provide users with projections of schedule adjustments
needed to reduce risk associated with technology maturity
or additional development to improve performance
•
Identify capabilities that will be delayed and any impacts
resulting from dependencies on other efforts
•
This information better enables users to interpret the
operational implications of an "avoid" option.
# 00
RISK MITIGATION HANDLING
Control:
•
Implement actions to minimize the impact or likelihood of the risk
•
Help control risks by performing analyses of various mitigation
options.
•
For example, one option is to use a commercially available capability
instead of a contractor developed one
•
In developing options for controlling risk in your program, seek out
potential solutions from similar risk situations of other customers,
industry, and academia
•
When considering a solution from another organization, take special
care in assessing any architectural changes needed and their
implications.
# 00
RISK MITIGATION HANDLING
Transfer:
•
Reassigning accountability, responsibility, or authority for a risk
area to another organization can be a double-edged sword
•
It may make sense when the risk involves a narrow specialized
area of expertise not normally found in program offices
•
But, transferring a risk to another organization can result in
dependencies and loss of control that may have their own
complications. Position yourself and your customer to consider a
transfer option by acquiring and maintaining awareness of
organizations within your customer space that focus on specialized
needs and their solutions. Acquire this awareness as early in the
program acquisition cycle as possible, when transfer options are
more easily implemented.
# 00
RISK MITIGATION HANDLING
Watch/Assume:
•
Once a risk has been identified and a plan put in place to manage it
•
there can be a tendency to adopt a "heads down" attitude, particularly if
the execution of the mitigation appears to be operating on "cruise
control."
•
Resist that inclination. Periodically revisit the basic assumptions and
premises of the risk
•
Scan the environment to see whether the situation has changed in a way
that affects the nature or impact of the risk
•
The risk may have changed sufficiently so that the current mitigation is
ineffective and needs to be scrapped in favor of a different one
•
On the other hand, the risk may have diminished in a way that allows
resources devoted to it to be redirected
# 00
RISK MITIGATION HANDLING
•
Each of these options requires developing a plan that
is implemented and monitored for effectiveness
# 00
DETERMINING MITIGATION PLANS
5. Recognize Opportunities
# 00
DETERMINING MITIGATION PLANS
# 00
DETERMINING MITIGATION PLANS
# 00
DETERMINING MITIGATION PLANS
Recognize Opportunities
•
Understand and see opportunities that may arise
from a risk
•
When considering alternatives for managing a
particular risk, be sure to assess whether they
provide an opportunistic advantage by improving
performance, capacity, flexibility, or desirable
attributes in other areas not directly associated with
the risk.
# 00
DETERMINING MITIGATION PLANS
# 00
MITIGATION
CONTENT PLAN
# 00
MITIGATION CONTENT PLAN
# 00
MITIGATION CONTENT PLAN
Determine the appropriate risk manager
•
The risk manager is responsible for identifying and implementing
the risk mitigation plan
•
He or she must have the knowledge, authority, and resources to
implement the plan
•
Risk mitigation activities will not be effective without an engaged
risk manager. It may be necessary to engage higher levels in the
customer organization to ensure the need for the risk manager is
addressed
•
This can be difficult and usually involves engaging more senior
levels of team as well.
# 00
MITIGATION CONTENT PLAN
# 00
MITIGATION CONTENT PLAN
# 00
MONITORING
# 00
MONITORING
# 00
MONITORING
•
Review and track risk mitigation actions for progress
•
Determine when each action is expected to be completed
successfully
•
Refine and redefine strategies and action steps as needed.
•
Revisit risk analysis as plans and actions are successfully
completed.
•
Are the risks burning down? Evaluate impact to program critical
path.
•
Routinely reassess the program's risk exposure
•
Evaluate the current environment for new risks or modification to
existing risks.
# 00
# 00