What is the risk? Most of us understand risk as an uncertain event that can impact us negatively; however, as per PMBOK® Guide Risk exists at two levels within every project; Individual project risk and overall project risk.
An individual project risk is an unknown event or situation that, if it occurs, has a positive or negative impact on one or more project goals.
Overall project risk is the impact of uncertainty on the project as a whole, resulting from all causes of uncertainty including individual risks, describing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative.
The five basic strategies to deal with negative risks or threats are Escalate, Avoid, Transfer, Mitigate and Accept. Risk strategy is applied on the basis of the risk exposure. Now, how do you evaluate risk exposure, you do it on the basis of risk probability and its impact on the project objectives?
‘Avoid’ and ‘mitigation’ strategies are usually effective for critical risks where risk exposure is more than risk threshold agreed for the project, while ‘transfer’ and ‘accept’ are usually good strategies for less critical threats.
Escalate
As per the PMBOK® Guide
Risk avoidance is a risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact. –
- These threats are usually escalated to the level that is affected if the threat occurred
- These threats are not monitored further by the project team after an escalation
- These are recorded in risk Register
AvoidAs per the PMBOK® Guide
Risk avoidance is a risk response strategy whereby the project team acts to overcome the threat or protect the project from its impact.
- It generally calls for altering the project management plan, like you make changes in scope or design or even in the implementation plan
- Risks identified at an early stage can be avoided by improving communication or acquiring skills.
- Eliminates the probability of risk events and thus removes risk from the risk register.
- Implemented in critical risks which have a substantial impact on the viability of complete project. Project teams generally use this as a first response strategy for critical risks.
- The idea is to try to avoid as many critical risks as possible.
MitigateAs per the PMBOK® Guide
Risk mitigation is a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk. –
- Reduces the probability and/or impact of a threat to bring it within the acceptable threshold limits.
- A hands-on approach to lower the criticality of risk.
- Project team implements mitigate strategy to critical risks.
- Normally involves modifying the project management plan, like adding activities in project schedule or adding scope of the project.
- It does not remove risk from the risk register, instead brings down the criticality level of the given risk.
TransferAs per the PMBOK® Guide
Risk transference is a risk response strategy whereby the project team shifts the impact of
A threat to a third party, together with ownership of the response.- The responsibility of the risk gets transferred to another party. This however does not eliminate the risk.
- Risk transfer requires paying a risk premium as another party is managing the risk.
- Involves tools like insurance, performance bonds, warranties, guarantees, etc.
- You may identify secondary risks while doing the transfer. For example, transfer of the risk involves guarantees and you may identify new risk, what if vendor defaults the terms of the guarantee.
- Used normally in case of less critical risks.
AcceptAs per the PMBOK® Guide
Risk acceptance is a risk response strategy whereby the project team decides to acknowledge the risk and not take any action unless the risk occurs.
Here, it is very important to understand that risk acceptance can be either active or passive.
In Passive acceptance project team decide to take care of risks as they occur. On the other hand, the active acceptance asks the team to establish the contingency reserve, including amounts of time, money, or resources to handle the risks as it occur.- Adopted for non critical risks since it is not feasible or cost-effective to avoid, mitigate or transfer all risk.
- The identified risk remains in risk register and there is no change in its risk exposure.
- In case of active acceptance, the team identifies the warning signals for the given risk, and implements the contingency plans in time.
Hope, by now you must have understood what all negative risk response strategies we have. Risk response strategy is a very scoring topic from PMP® exam point. It is crucial to know that the identification of risk response strategy is not a one time activity rather in each risk review meeting team looks at the risk register and reassess the probability and the impacts of the risk, and based on this reassessment, the team may identify different response strategy for a given risk.
Risk: “Smoking can cause cancer”
- Escalate: Inform your parents or spouse about it.
- Accept: At the onset of smoking habit, you accept the risk.
- Transfer: When you get conscious of its hazards, you buy an insurance cover to ease of medical cost.
- Mitigate: When negative consequences of the smoking starts appearing, you tend to reduce the intake.
- Avoid: On the arrival of the doctor’s warning, that you have crossed the threshold and life is at risk, you jump on ‘avoid’ strategy.
You may also like to watch a video presentation on the strategies for handling negative risks:
I’m sure I have answered all your questions on the negative risk response strategies.
You can join the discussion on the same in our Discussion Forum . You can also log in to our YouTube channel watch the videos on the related topics.
Enroll to our FREE PMP® Introductory Program to learn more about PMP® certification
2 comments
Thanks
thousand thanks because many new ideas has been discovered.