Desktop version

Home arrow Sociology

  • Increase font
  • Decrease font

<<   CONTENTS   >>


The fourth and final step in the plan is risk response (also known as risk treatment). At this step we develop options and actions to address the highest-ranking risks and opportunities and put in place controls to remove or reduce threats (or, in case of opportunities, to strengthen their drivers and enhance the opportunities). Developing, selecting and implementing risk controls can be as simple as one person monitoring a to-do list. But sometimes it involves a team of experts, a full list of all identified risks and a record of the responses. The optimum is perhaps somewhere in the middle: a record of what is needed to manage the risks through monitoring and control, without too much paperwork. Again, both likelihood and consequences matter. The options generally available for risk response include the following:

  • • accept or retain the risk
  • • reduce the likelihood of the risk occurring
  • • reduce the consequences of the risk occurring
  • • transfer or share the risk
  • • avoid the risk.[1]

Before committing to a contract, all options related to contract risk response are open. After a contract is made, there are fewer options. Transferring the risk might mean transferring it to another party, such as a customer, supplier, subcontractor, or insurance company. the risk might also be shared and managed together, which in many cases of mutual dependence is the ideal option. As already noted, risk transfer does not mean that the risk goes away; in reality it still usually results in shared risk. Avoiding the risk might mean deciding not to proceed—for example, deciding not to bid or order, or to walk away from a proposed deal. It may also mean changing the roles and responsibilities in a contract.

When discussing contract risks, contractual responses may come to mind first. In addition to frequently-used liabilities and indemnities clauses, these responses might include contract provisions such as grace periods, force majeure, and timing of notices and claims. Yet other kinds of responses, such as relational controls or performance controls, might be more effective than contractual responses. In our example, while it is not realistic to attempt to change the contractual provisions at this point, reducing the likelihood and the impact through other means remains an option.

the likelihood of a risk occurring can be reduced in various ways, depending on the risk. table 6.3 shows an extract from a sample Risk Response Plan (sometimes also called Risk Register) completed from our hypothetical equipment supplier's point of view. the Risk Response Plan builds on (and may be part of) the risk Matrix (see table 6.2) or a separate document. In addition to the main headings and information found in table 6.2 it includes the response plan, the name or job function of the risk owner and responsible person(s), and the schedule for the response as well as room for follow-up to make sure the plan has been implemented.

Table 6.3 Extract from a supplier's risk response plan








owner /



By Date



Delay of completion by more than 7 days

Component supplier's late delivery of critical component

Delay of cash-flow


1. Notify customer of possible delay; request extension or seek to change contract if possible.


Misunderstanding of the time and terms of delivery

Customer claims for compensation

2. Monitor

component supplier's timely preparation and performance.


3. Seek to obtain missing components from another source.


4. Follow up all subs' actual understanding of their contracts' time and terms of delivery.


Ideally, generating ideas for risk responses and controls is a team effort. Visual tools such as the bow-tie diagram[2] can be used to help team members see the big picture and identify what needs to be done to deal effectively with the risk before and after the event. The plan may also include contingency or fallback plans for each risk, along with the trigger for those plans. Probably the most important piece of information in this plan is the name of the person accountable for the risk, the "risk owner” and the names of those in charge of implementing the response plan. These persons need to accept accountability and may need resources and support.

The next action within Step Four is to implement the plan and then to monitor and review its success. Depending on the nature of the business and projects, the monitoring can be continuous, and reviews of the recognized risks and selected responses can be carried out at regular intervals. The tools and information collected may also be used at the end of each project to ensure that the organization learns from its successes and failures.

This example, if it were real, would teach the equipment supplier important lessons that should be documented and shared when preparing future quotations and contracts. The lessons include developing a contracting policy; using risk lists and other risk review and management tools at the earliest possible stage, before committing to a contract; reviewing and synchronizing contracts in the supply chain; securing a seamless flow-through of commitments from customers on one side to component suppliers and other subcontractors on the other; and noting potential gaps in contracts and back-to-back provisions that transfer (or should transfer) to subcontractors the obligations the company has undertaken in the main contract.

The example also illustrates that contract provisions alone do not remove the cause of the problem or minimize its likelihood. The supplier needs to secure a realistic schedule and clarity as to the parties' (including subcontractors') responsibilities. it needs to implement sound contract and project management practices, integrate sales contracting with procurement, and closely monitor its own and its subcontractors' progress. With regard to the consequences of a delay, the supplier learned a lesson about the importance of clear, understandable contractual provisions dealing with delivery[3] and other obligations, as well as the importance of limitations of liabilities and remedies and procedures for handling problem situations.

  • [1] In connection with opportunities, the response options could include thefollowing: accept or retain the opportunity, increase its likelihood or consequences,exploit, share, or enhance the opportunity. A key concept of opportunity engineeringis making uncertainty work for you rather than against you. See, generally, van Putten,A.B. and MacMillan, i.C. (2009) Unlocking Opportunities for Growth. How to Profit fromUncertainty While Limiting Your Risk. upper Saddle River, NJ: Wharton School Publishing.
  • [2] Visual tools are discussed later in this chapter. For the bow-tie diagram, seeFigure 6.6.
  • [3] For common misunderstandings about what “delivery" means, especially ininternational trade, and what to do about them, see Haapio, H. (2004) invisible termsin international contracts and what to do about them. Contract Management, July, 32-5,available at
<<   CONTENTS   >>

Related topics