In the same manner as risks, mitigation plans can be stored in the registry. Why do we need it? In many projects, one mitigation plan can be used to mitigate many risks. So the process of mitigating planning includes the following steps for each risk:
- Identify a risk strategy
- Find mitigation and response plans in the registry that include this strategy
- Add new plans to the registry if compatible ones do not currently exist
- Calculate cost of each of these plans
- Select the best plans
- Assign mitigation or response plans from the registry to the risk
- Add new mitigation or response plans to the registry
- Risk mitigation and response plan registries can be hierarchical to make it easier to organize and find plans.
Q the character seen in many James Bond films always had a complete risk mitigation and response registry. The only thing required of James Bond was to select an appropriate item from the registry and use it in case of particular risk. The table shows what Q’s risk mitigation and response registry might look like.
Other items in the risk mitigation and response registry could include:
- The Risks to which each plan is assigned; for example, mitigation plan “Use of shooting pen” will be assigned to the risk “James Bond is attacked in the Villain’s Kitchen”.
- Default probability and impact reduction. For example, the pen gun should reduce the threat from the kitchen staff and therefor the probability that Bond would be killed in the villain’s kitchen by 20%. Probability and impact reductions may be different if the mitigation plan is assigned to a different risk.
- Mitigation or response plan description: where and how mitigation plan will be executed.
