Mitigation Plan
PMBOK® Guide Fifth Edition defines risk mitigation “Risk mitigation is a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk.It is important to understand that the aim of Risk Mitigation is to bring down the risk exposure within the acceptable threshold limits. The risk exposure is the function of the probability of occurrence of the risk and the impact of this risk on the project. Now, you need to understand, since, mitigation strategy is all about taking advance and proactive actions, the probability of occurrence of risk and its impact is identified and calculated at an early stage so as to prevent the foreseen damage to the project. In short, risk Mitigation follows ‘Prevention is better than cure” dictum.
Contingency Plans
Risk responses identified using contingent response strategy is called contingency plans.
PMBOK® Guide Fifth Edition defines Contingent Response as “Some responses are designed for use only if certain events occur.Contingency responses are the ones that get executed only when certain risk events occur. You do not execute contingency responses unless you see a warning sign / trigger that some risk is about to occur. Now, take note we only execute contingency responses when sufficient warning signs are given. It is mandatory to track and define the triggers of the contingency response.
It’s often observed that test takers consider these two risk plans as mutually exclusive, which however is not the case. At times, you may have to plan both the mitigation risk response and the contingency response alongside. In such urgent situations, you have to make a proactive plan of actions to reduce the probability and impact of the risk and also stay prepared with the contingency plan and monitor triggers or warning signs in case the risk is inevitable.
You do not necessarily make both of these plans for all the identified risks. Instead the contingency plans are made for the risks which are under your threshold and flashes enough warning signs in advance.
Example:
Risk - A manufacturing unit has a risk of strike which could delay the project.
Mitigation plan: Tries to reduce probability &/or impact.
Probability reduction -> Management gives a pay rise to workers before the project starts. Reduces the probability of strike.
Impact reduction -> Design the product and manufacturing process such that there is as less human engagement as possible. Make automation a key criteria in the project.
Contingency plan: Trains engineers to operate the machinery till workers come back from strike.
Risk management needs to address both sides of an accidental event, the sources leading up to it and the consequences arising from it. In figurative terms, “barriers” are put in place on both sides aimed at stopping a circumstance from evolving into an event, or aimed at stopping an event from developing disastrous consequences.
Example: In a production facility running machinery that can overheat, a fire would be the accidental event, a heat detector would be a source barrier, while a fire sprinkler would be a consequence barrier.
Example: You are a manufacturing site delivering constant parts to you customer. Your commitment is to provide parts 24 hours a day.
Contingency Plan for your power is a standby generator; your contingency is the plan in place for what happens when the power fails across your facility.
Your FALL BACK plan is your process if the generator itself doesn’t start, what you do when it doesn’t start.
Differences
| Risk Mitigation Plan | Risk Contingency Plan |
|---|---|
| You identify actions which you will take in advance irrespective of the occurrence of risk | You plan actions, but you monitor certain warning signs. You take these actions only when you see the warning signs. |
| You spend time and money in advance for the given risk condition | You do not spend time or money in advance, but you keep them ready, and invest them when needed |
| We are expected to mitigate the risks which are outside the risk threshold. By applying a mitigation plan, we reduce the probability of impact of the identified risk. | By identifying the contingency plan, we do not change the probability or impact of the current risk, but we plan to control the impact as risk event looks like occurring. |
| This works as the first level of defense for the high exposure risks | This works as a fallback plan for the high exposure risks. |
