What is a risk? Most of us understand risk as an uncertain event which can impact us negatively, however, the PMBOK® Guide Fifth Edition defines Project Risk as
Project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, and quality.
In this article, today I’m going to discuss at length about response strategies to the negative risks. Negative risks are commonly referred to as threats.
The Four basic strategies to deal with negative risks or threats are Avoid, Transfer, Mitigate and Accept. Risk strategy is applied on the basis of the risk exposure. Now, how do you evaluate risk exposure, you do it on the basis of risk probability and its impact on the project objectives.
‘Avoid’ and ‘mitigation’ strategies are usually effective for critical risks where risk exposure is more than risk threshold agreed for the project, while ‘transfer’ and ‘accept’ are usually good strategies for less critical threats.
Risk avoidance is a risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact. – PMBOK® Guide Fifth Edition
- It generally calls for altering the project management plan, like you make changes in scope or design or even in the implementation plan.
- Risks identified at an early stage can be avoided by improving communication or acquiring skills.
- Eliminates the probability of risk events and thus removes risk from the risk register.
- Implemented in critical risks which have a substantial impact on the viability of complete project. Project teams generally use this as a first response strategy for critical risks.
- The idea is to try to avoid as many critical risks as possible.
Risk mitigation is a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk. – PMBOK® Guide Fifth Edition
- Reduces the probability and/or impact of a threat to bring it within the acceptable threshold limits.
- A hands-on approach to lower the criticality of risk.
- Project team implements mitigate strategy to critical risks.
- Normally involves modifying the project management plan, like adding activities in project schedule or adding scope of the project.
- It does not remove risk from the risk register, instead brings down the criticality level of the given risk.
Risk transference is a risk response strategy whereby the project team shifts the impact of
A threat to a third party, together with ownership of the response. – PMBOK® Guide Fifth Edition
- The responsibility of the risk gets transferred to another party. This however does not eliminate the risk.
- Risk transfer requires to pay a risk premium as another party is managing the risk.
- Involves tools like insurance, performance bonds, warranties, guarantees, etc.
- You may identify secondary risks while doing the transfer. For example, transfer of the risk involves guarantees and you may identify new risk, what if vendor defaults the terms of the guarantee.
- Used normally in case of less critical risks.
Risk acceptance is a risk response strategy whereby the project team decides to acknowledge the risk and not take any action unless the risk occurs. – PMBOK® Guide Fifth Edition
Here, it is very important to understand that risk acceptance can be either active or passive.
In Passive acceptance project team decide to take care of risks as they occur. On the other hand, the active acceptance asks the team to establish the contingency reserve, including amounts of time, money, or resources to handle the risks as it occur.
- Adopted for non critical risks since it is not feasible or cost-effective to avoid, mitigate or transfer all risk.
- The identified risk remains in risk register and there is no change in its risk exposure.
- In case of active acceptance, the team identifies the warning signals for the given risk, and implements the contingency plans in time.
Hope, by now you must have understood what all negative risk response strategies we have. Risk response strategy is a very scoring topic from PMP® exam point. It is crucial to know that the identification of risk response strategy is not a one time activity rather in each risk review meeting team looks at the risk register and reassess the probability and the impacts of the risk, and based on this reassessment, the team may identify different response strategy for a given risk.
Risk: “Smoking can cause cancer”
You may also like to watch a video presentation on the strategies for handling negative risks:
I’m sure I have answered all your questions on the negative risk response strategies.
Enroll to our FREE PMP® Introductory Program to learn more about PMP® certification Find out FREE PMP® Resources Find out FREE PMP® Math Program