How To Handle Negative Risks-Learn Negative Risk Response Strategies

  • Project Management
Created on :
February 17, 2014
Saket Bansal
Updated on :
July 4, 2023

When planning to achieve a specific target, goal, or value, we must create a strategy to reach it. However, things may not always go as planned. Various situations can potentially derail our progress. In project management, we identify these potential threats to our plan or goal as negative risks. It may not be possible to predict all potential events in advance, but as project managers and project teams, we must proactively plan to address these potential threats. This blog discusses how to respond to such threats.

In the language of PMI’s PMP exam, risk is a common term used for both threats and opportunities. While threats have potential negative impacts on project objectives, opportunities can have positive effects. Our focus here is primarily on negative risks or threats.

The Project Management Body of Knowledge (PMBOK) Seventh Edition defines risk as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.”

Overview of the Risk Management Process:

Before delving into the details of negative risk responses, let’s briefly examine the risk management process in projects.

  • Projects should have an agreed-upon approach for managing risk, typically based on how organizations identify, register, respond to, manage, and track risks regularly. In many projects, this approach is documented in a Risk Management Plan that guides all risk management activities.
  • To identify risks, project managers examine various project information sources, brainstorm with stakeholders, perform environmental analyses, and continually seek ways to improve the probability of achieving project goals.
  • Not all risks require the same level of attention; prioritization is necessary and usually done based on estimates of probability and impact. This estimation can be based on subjective analysis or data-driven analysis.
  • After prioritization, project managers should apply appropriate responses, which will be discussed in detail later.
  • Continuously monitor risks by reevaluating their probability and impacts periodically, and keep an eye out for emerging threats and opportunities.
  • Risk management is often a topic of concern in management meetings.

Negative Risk Response Strategies

In project management, we employ five distinct response strategies to address negative risks or threats effectively:


The Avoid strategy is a vital approach in project management that focuses on eliminating threats entirely by adjusting the project plan or method. This may involve modifying the project scope, schedule, or resources to sidestep the risk.

  • Project managers and teams aim to avoid as many threats as possible when it is economically viable or when the risk jeopardizes the entire project’s feasibility.
  • The Avoid strategy typically necessitates changes to the project management plan, which may require alterations to the scope, technology, personnel, or implementation plan.
  • Early risk identification allows for easier avoidance, as more planning options are available at this stage. Technically, risk avoidance means reducing either the probability or the impact of the risk to zero. As a result, such risks no longer require tracking, as they cease to be risks.
  • Project teams often use this strategy as their first response to critical risks.

Examples :

  • Changing Technology: A project team discovers that the software platform initially chosen for a project has a high probability of becoming obsolete soon, which poses a significant risk to the project’s success. To avoid this risk, the team decides to switch to a more stable and updated technology platform.
  • Altering Scope: In a construction project, the project manager identifies a potential risk in the form of new government regulations for specific building materials. To avoid this risk, the team changes the project scope to exclude the use of those materials, opting for alternative, compliant materials instead.


Risk mitigation is a response strategy in which the project team takes action to decrease the likelihood of occurrence or the impact of a threat (or negative risk). This can be accomplished through various tactics, such as enhancing processes or conducting additional testing. Therefore, mitigation does not eliminate the threat; rather, it reduces the threat’s severity to an acceptable level for project planning.

  • Reduces the probability and/or impact of a threat to align with acceptable threshold limits
  • Takes a proactive approach to lower the risk’s criticality
  • Project teams implement mitigation strategies for critical risks when they cannot be avoided
  • Typically involves adding activities to the project schedule or expanding the project scope
  • Does not remove the risk from the risk register, but instead lowers the criticality level of the given risk, necessitating regular reviews of these mitigated risks

Examples :

  • Improving Processes: A manufacturing project faces a risk of production delays due to inefficient assembly line processes. To mitigate this risk, the project team invests in process improvement, optimizing assembly line operations, and providing additional training to employees, thus reducing the likelihood of delays.
  • Implementing Redundancy: A data center project has a risk of system failure and data loss due to hardware malfunction. To mitigate this risk, the project team introduces redundancy measures, such as using backup systems, implementing RAID configurations, and incorporating failover mechanisms. These actions reduce the potential impact of hardware failures on the project.


The Transfer strategy is a risk management approach that shifts the responsibility or impact of a threat to a third party, using methods such as insurance, outsourcing, or contractual agreements. Although this strategy does not eliminate the risk, it effectively redistributes the burden.

  • Involves collaboration with third parties
  • Project managers may need to conduct cost-benefit analyses before deciding to transfer the risk
  • Transfers the responsibility of the risk to another party without eliminating it
  • Requires payment of a risk premium, as another party takes on the risk management responsibilities
  • Utilizes tools like insurance, performance bonds, warranties, and guarantees
  • May introduce secondary risks during the transfer process, such as the possibility of a vendor defaulting on guarantee terms

Examples :

  • Insurance Coverage: A construction project faces the risk of property damage due to unforeseen natural disasters. To transfer this risk, the project team acquires insurance coverage that would compensate for any potential damages, thereby shifting the financial responsibility to the insurance company.
  • Outsourcing: A software development project has a risk of delay due to a lack of in-house expertise in a specific programming language. To transfer this risk, the project manager outsources that part of the project to an experienced third-party contractor, effectively transferring the responsibility for timely delivery and quality assurance to the external team.


Escalation involves passing the responsibility for managing a specific risk to a higher authority within the organization. This approach is typically employed when the risk is beyond the project manager’s control or requires a higher level of decision-making authority.

  • Project managers adopt this approach for risks outside their sphere of influence, such as risks associated with business strategy
  • Threats are typically escalated to the level most affected if the threat were to occur
  • After escalation, the project team generally does not continue monitoring these threats
  • Project managers and teams are expected to provide analysis of the risks that are being escalated

Examples :

  • Regulatory Changes: A pharmaceutical project faces the risk of new regulations affecting the approval process for a drug under development. The project manager escalates this risk to the executive management or legal department, as they possess the expertise and authority to navigate the regulatory landscape and determine the appropriate course of action.
  • High-Level Stakeholder Conflict: A construction project encounters the risk of significant delays due to conflicts between high-level stakeholders, such as disputes between the landowner and local authorities. As the project manager has limited influence over these parties, they escalate the risk to the company’s executive team or legal department, who have the authority to negotiate and resolve the conflict.


Risk acceptance is a risk response strategy in which the project team acknowledges the risk and refrains from taking action until the risk materializes. It is crucial to understand that risk acceptance can be either active or passive. Passive acceptance entails addressing risks as they arise, while active acceptance requires the team to establish a contingency reserve, including time, money, or resources to handle the risks when they occur.

  • Generally employed for non-critical risks, as it is not always feasible or cost-effective to avoid, mitigate, or transfer all risks
  • The identified risk remains in the risk register with no change in its risk exposure
  • In the case of active acceptance, the team identifies warning signals for the given risk and implements contingency plans in a timely manner


  • Technology Adoption: In a software development project, the team recognizes the risk of slow user adoption of the new software due to its learning curve. The project team accepts this risk and is prepared to provide additional support and training resources as needed when the software is launched.
  • Weather-Related Risks: A construction project encounters the risk of work delays due to inclement weather conditions, such as rain or snow. The project team accepts this risk as a natural part of working in an outdoor environment and is ready to adjust the project timeline and resources accordingly when weather-related delays occur.

Continuous Risk Assessment

Hope, by now you must have understood what all negative risk response strategies we have. Risk response strategy is a very scoring topic from PMP® exam point. It is crucial to know that the identification of risk response strategy is not a one time activity rather in each risk review meeting team looks at the risk register and reassess the probability and the impacts of the risk, and based on this reassessment, the team may identify different response strategy for a given risk. Risk: “Smoking can cause cancer”.

Negative Risks

  • Escalate: Inform your parents or spouse about it.
  • Accept: At the onset of smoking habit, you accept the risk.
  • Transfer: When you get conscious of its hazards, you buy an insurance cover to ease of medical cost.
  • Mitigate: When negative consequences of the smoking starts appearing, you tend to reduce the intake.
  • Avoid: On the arrival of the doctor’s warning, that you have crossed the threshold & life is at risk, you jump on ‘avoid’ strategy.

We invite you to enroll in our PMP Program to gain a deeper understanding of project management and earn a certification. By participating in our program, you will develop the skills necessary to manage projects successfully and master the essential risk management concepts covered in this article. Don’t miss this opportunity to enhance your project management expertise and advance your career. Enroll now and take the first step towards becoming a certified Project Management Professional (PMP).

In conclusion, understanding and employing the appropriate negative risk response strategies are essential for effective project management. By proactively identifying, prioritizing, and addressing potential threats, project teams can better manage risks and increase their chances of success. The PMBOK Guide’s five negative risk response strategies – avoid, mitigate, transfer, escalate, and accept – offer a comprehensive approach to managing project risks.

Name Date Place
PMP Certification and Training 23 Sept – 21 Oct 2023 Bangalore More Details
PMP Certification and Training 12 Oct – 10 Nov 2023 Chennai More Details
PMP Certification and Training 18 Nov – 17 Dec 2023 Delhi More Details

Related Post

Understanding and Differentiating Risk and Issues in Project Management - PMP Topic

Project management revolves around addressing risk and issues, but these two concepts are often misunderstood ...

May 3, 2023
Saket Bansal

Know The Difference Between Mitigation Plan And Contingency Plan

Successful project management relies heavily on the project manager and the team's ability to identify ...

December 4, 2019
Saket Bansal

Project Charter: A Critical Component of Project Management

A Project charter is a vital aspect of project management, which authorizes the project for ...

February 13, 2023
Saket Bansal