According to the PMBOKĀ® Guide, the process of Plan Risk Responses is specifically defined as the process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks.
Addressing Threats and Opportunities: This process identifies specific ways to handle risks. For threats (negative risks), strategies include Avoid, Transfer, Mitigate, or Accept. For opportunities (positive risks), strategies include Exploit, Share, Enhance, or Accept.
Enhancing and Reducing: The primary goal is to " enhance opportunities " by increasing their probability or impact and to " reduce threats " by decreasing their probability or impact.
Action-Oriented: Unlike the identification or analysis phases, this process results in the Risk Response Plan, which is integrated into the Project Management Plan and includes budget and schedule allocations for the chosen responses.
Why the other options are incorrect:
A. Identify Risks: This is the process of determining which risks may affect the project and documenting their characteristics. It focuses on finding the risks, not on developing the actions to fix them.
B. Control Risks (referred to as Monitor Risks in newer editions): This is a Monitoring and Controlling process. It involves tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness. It does not " develop " the initial options; it ensures the developed options are working.
C. Plan Risk Management: This process defines how to conduct risk management activities for a project. It establishes the " methodology " and " rules of engagement " for risk management but does not address specific individual risks or their response actions.
