Definitions Agile and Traditional Project Management

5.22 Plan Risk Responses

5.22 Plan Risk Responses
Inputs	Tools & Techniques	Outputs
Project management plan Resource management plan Risk management plan Cost baseline Project documents Lessons learned register Project schedule Project team assignments Resource calendars Risk register Risk report Stakeholder register Enterprise environmental factors Organizational process assets	Expert judgment Data gathering Interviews Interpersonal and team skills Facilitation Strategies for threats Strategies for opportunities Contingent response strategies Strategies for overall project risk Data analysis Alternatives analysis Cost-benefit analysis Decision making Multicriteria decision analysis	Change requests Project management plan updates Schedule management plan Cost management plan Quality management plan Resource management plan Procurement management plan Scope baseline Schedule baseline Cost baseline Project documents updates Assumption log Cost forecasts Lessons learned register Project schedule Project team assignments Risk register Risk report

This process selects and agrees on actions to address prioritized threats, opportunities, and overall project risk. It defines practical responses, assigns owners, and integrates the actions into the plan, budget, and schedule.

Purpose & When to Use

Plan Risk Responses turns analyzed risks into clear, owned actions. Use it after you have identified risks and completed qualitative and, when needed, quantitative analysis. Revisit it throughout the project as risks change, new risks appear, or assumptions shift.

Convert risk ratings into specific response strategies and actions for threats, opportunities, and overall project risk.
Assign risk owners and action owners, with timing, budgets, and success criteria.
Integrate responses into scope, schedule, cost, procurement, quality, and communications plans.
Plan contingency and fallback actions, and document residual and secondary risks.
Update the risk register and risk report, and obtain approvals through change control when baselines are affected.

Mini Flow (How It’s Done)

Review inputs: risk management plan, risk register and report, analysis results, stakeholder risk attitudes, and constraints.
Prioritize what to address now based on exposure, urgency, and manageability.
Select strategies for threats: avoid, reduce, transfer, accept, or escalate when outside the project scope or authority.
Select strategies for opportunities: exploit, enhance, share, accept, or escalate when outside the project scope or authority.
Address overall project risk using strategies such as shaping the approach, buffering with reserves, or changing scope or delivery strategy.
Design specific actions for each selected strategy, define triggers and early warning indicators, and estimate effort and cost.
Assign a risk owner and an action owner, and set due dates and measures of success.
Assess residual risk and identify secondary risks created by the response, adding them to the register.
Integrate responses into plans and baselines, raising change requests when schedule, cost, or scope is impacted.
Communicate the plan, gain agreement from stakeholders, and capture updates in the risk register and risk report.
Plan how responses will be monitored during execution and define when fallback actions will be deployed.

Quality & Acceptance Checklist

Each high-priority risk has a chosen strategy and specific, feasible actions.
Risk owners and action owners are named, with dates and success criteria.
Triggers and monitoring indicators are defined and measurable.
Budget and schedule impacts are estimated, funded, and approved if baselines change.
Residual risk is evaluated and documented after the planned response.
Secondary risks from responses are identified and added to the register.
Contingency and fallback plans are documented for significant risks.
Responses align with stakeholder risk appetite, thresholds, and contractual obligations.
Actions are integrated into scope, schedule, cost, and procurement plans as tasks and reserves.
Opportunities are addressed with the same rigor as threats where value exists.
Communication and reporting needs for each key risk are defined.
Approvals are obtained and recorded through the change control process when needed.

Common Mistakes & Exam Traps

Writing vague responses instead of concrete actions with owners and dates.
Ignoring opportunities or treating them as low priority by default.
Skipping change control when responses affect scope, schedule, or cost.
Confusing planning responses with implementing them; execution happens later.
Assuming the project manager is the owner for all risks instead of assigning the best owner.
Using only acceptance for high-exposure risks without rationale or contingency.
Mixing up escalate versus transfer; escalate moves the risk to higher authority, transfer shifts liability to a third party.
Adding contingency reserves without analysis or approvals.
Forgetting to capture residual and secondary risks created by responses.
Not updating the risk register and risk report after selecting responses.

PMP Example Question

A high-impact supplier risk sits outside the project manager’s authority to change. What is the best response strategy?

Transfer the risk by purchasing insurance.
Accept the risk and add a management reserve.
Escalate the risk to the sponsor or portfolio governance.
Mitigate the risk by adding inspection steps.

Correct Answer: C — Escalate the risk to the sponsor or portfolio governance.

Explanation: When the project team lacks authority to address the cause, the appropriate strategy is to escalate so it can be handled at the right level. Transfer and mitigate require authority over contracts or processes the team does not control.

HKSM

How to Get a Job For Project Managers

Leadership for Project Managers

Project Management Bootcamp

Agile Project Management and SCRUM with AI