Plan+Risk

6.1 Define the risk Planning Processtoc
The risk planning process is about coming up with different ways to approach a risk. The risk planning process can also be viewed internally and externally, just like the previous risk management processes. This section focuses on risk planning and what you can achieve with proper risk planning.

6.1.1 Process Goals
Process Goals are a set of rules that will suffice the risk planning process and also ensure the process quality. These goals are:
 * Provide visibility for key events and conditions. It’s easier to find alternate solution or plan properly for a risk if everyone has an idea of what’s going on with the project.
 * Reuse successful risk resolution strategies. Having a known strategy that works, is a big plus it would help to simplify the risk planning process.
 * Optimize selection criteria.
 * Understand the next action for each high-security risk. Risk planning should help determine what the next step should be, so that you will not get caught in a situation where you don’t know what your next move should be.
 * Establish automatic triggering mechanism. This rule helps you stay alert when something changes in the project, so no unwanted or unknown risk enters the process.

6.1.3 Process Definition
The IDEF0 diagram below shows the Risk planning process definition.
 * Process controls regulates the risk planning process and is located on the top right of the IDEF0 graph.
 * Process inputs includes triggers, risk list, and metrics, and is located on the top left of the IDEF0 graph.
 * Process outputs is the result of the risk planning process and should include scenarios, thresholds, and a risk action plan. It is located on the bottom right of the IDEF0 graph.
 * Process Mechanism are methods, or techniques used to provide structure to the project process, and it is located on the bottom left of the IDEF0 graph.



6.1.4 Process Activities
The risk plan analysis process activities transform the prioritize risk list into a plan for risk resolution. The activities needed to achieve this goal are:
 * 1) Develop risk scenarios for high-severity risks. Risk scenario is getting ready for a risk occurrence and should be develop for each risk that is critical to the project’s success. A risk scenario is simply thinking about what it would be like if this risk would occur.
 * 2) Develop risk resolution alternatives. Risk resolution alternatives are having different options to resolving a risk.
 * 3) Select the risk resolution Approach. Risk resolution approach is choosing the best method to resolve a risk.
 * 4) Develop a risk Action plan. A risk action plan is used to show in detail the risk resolution chosen on step 3. The risk action plan documents the approach, resources required, and approval authority, and many more elements.
 * 5) Establish threshold for early warning. You need to have a way to let you know when it is time to deal with risk that didn’t need your immediate attention in the beginning of the project. Quantitative or thresholds are used as triggers to remind the project team about risks.

6.2 Define Risk Resolution Strategies
This section deals with strategies that are used for risk resolution.

6.2.1 Risk Acceptance
Risk acceptance is a strategy for risk resolution of consciously choosing to live with the risk consequence. This decision is sometimes made by what the cost is, if the risk cost is minimal, companies sometimes decides to just live with the consequence.

6.2.2 Risk Avoidance
Risk avoidance, unlike risk acceptance, is avoiding the problem thus eliminating the risk. Risk avoidance is good when it’s a losing situation. For example, instead of adding a new circuit card and risk overheating, just forget about the whole thing and avoid the risk. The parameters for a lose-lose situation are the cost risk, schedule risk, performance risk, and operability risk.

6.2.3 Risk Protection
Risk Protection is minimizing the consequence of a risk. For example, Sky diving with a backup parachute system just in case the main one fails.

6.2.4 Risk Reduction
Risk reduction is reducing the probability of a risk occurring or the consequence when the risk is realized. An example of risk reduction is using the risk analysis plan on your project, which would reduce the probability of a risk occurring.

6.2.5 Risk Research
Risk research is learning as much as possible about a risk. You can research about risk by prototyping, or send a demo to the users and get their feedback.

**6.2.6 Risk Reserves**
Risk research is learning as much as possible about a risk. You can research about risk by prototyping, or send a demo to the users and get their feedback.

6.2.7 Risk Transfer
Risk transfer is moving the responsibility of a risk to a different person, or organization. Risk transfer is used widely to outsource jobs to cut cost, or hiring sub-contractors to handle the risk for a lower cost.

6.3 Define Selection Criteria
Selection criteria help to determine the best alternative to resolve a risk and provide an understanding of the characteristic of a good alternative. Leverage and diversification are two selection criteria policies.

6.3.1 Risk Leverage
Risk leverage is a measure of the relative cost-benefit of performing various candidate risk resolution activities. It’s a way of doing cost analysis on an alternate. The definition of leverage is that it is a rule for risk resolution that reduces risk by decreasing risk exposure (RE).The Risk resolution cost is the cost of implementing the risk action plan. Leverage is used to find the action with the highest payback. The formula is shown below:

6.3.2 Risk Diversification
Risk diversification is reducing risk by distribution. Just like you diversify your 401k to reduce the risk of losing all of your money, risk diversification is not putting all of your eggs in one basket. Risk diversification is not relying on one source, if that source goes down than you are risking everything.

6.4 Develop the Risk Action Plan Template
Risk action plan template is used to display the risk resolution strategy in a standard format, allowing you to add the events and conditions of the risk scenario.