After you identify the risks in your operations management project, you need to figure out a way to handle them. The best way to handle risks for a given project depends on the nature of the risk and the specifics of the project.
Here are the three basic varieties of risk:
Variance risk: Some risks have a probabilistic distribution resulting from uncertainties from concerning knowledge, materials, labor productivity, etc. The best way to respond to this type of risk is upfront by doing things like additional research, switching suppliers, and assigning additional resources.
Oftentimes, mitigation plans such as using more reliable suppliers may reduce the variance of a risk but increase cost. Even so, most project managers prefer the variance risk after response because it’s more predictable. Because most project managers are risk-averse — they have enough uncertainty in their lives and there is only so much aspirin can do — they prefer to mitigate the risk even if it costs some money.
Contingency risk: Here, if a contingency risk occurs, the base cost variance shifts to the right. Sources of contingency risk are things that are predominantly either/or in nature. For example, you either get a building permit, or you don’t. The new battery technology either works, or it doesn’t.
Oftentimes, it makes sense to not mitigate a contingency risk upfront, but put in place a contingency plan, should the contingency risk actually occur. One rather drastic contingency plan that sometimes makes sense is simply to terminate the project if the risk occurs.
Unknown unknowns (often referred to as black swans): These are the risks that you know exist but can’t identify. The only way to respond to these risks is to cope with them when you encounter them. One of the goals of the risk identification process in the planning stage is to uncover as many potential black swans as possible so they can be responded to ahead of time.
Black swan risks take their name because, since Roman times, it was proverbial in Europe to refer to something being rare “as a black swan.” As far as Europeans knew, there was no such thing as a black swan because there are no black swans in Europe. However, Dutch Captain Willem de Vlamingh’s explorations around western Australia in 1697 sighted a whole species of — you guessed it — black swans.
Let’s look at the Melville Island example filled out with response plans. One risk is “cannot acquire land from the Canadian government.” The experts during the planning phase judged this to have an unmitigated likelihood of 2 (low) but an impact of 5 (very high). This creates an unmitigated risk score of 10.
The policy at ExploriCo is to create response plans for all risks with scores over 5 and particularly for those with risk scores over 10. The mitigation plan the firm comes up with is to treat it upfront by hiring lobbyists to work with the Canadian government to sell the project and allow them to buy up the necessary land rights in Ottawa.
Additionally, if the lobbyists don’t succeed, ExploriCo makes a contingency plan to abandon the project early before much money is spent. Importantly, note the mix of upfront and contingency approaches in the response plan.
After they’ve developed the response plan, the experts decide the mitigated likelihood with the response plan in place is a 1 (very low), though the mitigated impact is only reduced slightly to a 4 (high). The resulting risk score is 1 4 = 4, which is considered acceptable by ExploriCo.
ExploriCo then proceeds with all the other risks with risk scores above 5. It can’t mitigate all risks to a 5 or below through response plans. However, the risk profile of the project is overall much better than prior to the development of response plans.
Response plans, as part of a project’s risk register, need to be continuously tracked and updated over the entire project. As time wears on, some risks can be deleted from the register because they don’t happen and the time period for them to occur passes.
Other risks are discovered and need to be added to the register. As this happens, risk management shifts from tracking and identification back to prioritization and response, continuing the risk management cycle until the end of the project.
In any project, opportunities exist as well as risks. Contingency plans for emerging opportunities, if they arise, make it more likely that you can take advantage of them.