Risk is an uncertain event or condition which has impacts the project objectives in case of its occurrence. This impact may be positive or negative. Basically, risk is an unforeseen event which may or may not happen, but you must identify risks and develop risk response strategies for negative and positive risks in order to complete your project successfully. If the risk is negative, you need to develop negative risk response strategies.
Table of Contents
On the other hand, if the impact of the event is favorable, the risk can be classified as a positive risk or an opportunity.
Project teams seek ways to realize positive risks and reduce the impacts of negative risks.
What are the Risk Response Strategies?
Risk management is an inseparable part of project management and the main purpose of the Plan Risk Responses process is to build the best strategies for managing project risks. Typically, the strategies to deal with risks can be divided into two major categories: strategies for responding to negative risks, or threats and strategies for responding to positive risks, or opportunities.
Strategies vary depending on the type of risk .
The PMBOK® Guide specifies below strategies to response negative risks
- Escalate
- Mitigate
- Transfer
- Avoid
- Accept
The PMBOK® Guide specifies below strategies to response positive risks
- Escalate
- Enhance
- Exploit
- Accept
- Share
In this article, we will focus on the the negative risk response strategies.
Risk Response Strategies for Negative Risks
The PMBOK® Guide there are five strategies to deal with negative risks. Avoid risks can be the most ideal strategy. However, it is not possible to use the same strategy all the time. Choosing the most effective strategy depends on the conditions. Now let’s discuss negative risk response strategies with examples.
Escalate
Escalate risk response strategy can be used when the risk is outside the project’s scope and/or the proposed response would exceed the authority of the project manager. Therefore escalate risks can be managed at program level, portfolio level but not at project level.
The project manager communicates with the portfolio or program manager to determine the risk owner. Because the project manager does not have the authority to assign a risk owner himself.
For instance, the government will increase the tax rates in the next year. In that case, your project’s revenue will be affected. You don’t have authority, resources or knowledge to manage this risk. Therefore you will communicate this problem with your portfolio manager to develop a risk response strategy.
Note that escalate strategy can be used for both negative and positive risks.
Mitigate
In this risk response strategy, the project team will try to minimize the probability of occurrence or impact of a risk.
For example, you are a project manager of a bridge construction project and you have identified a risk that it will rain in the next two days. In order to minimize the impact of rain to your worksite, you instructed your site manager to ditch channels for drainage.
Transfer
In the risk transference response strategy, the project team transfers the impact of
a risk to a third party, together with possession of the response. Transfer strategy does not remove the risk. It just transfers the responsibility of managing risk.
For example, in your project, there is a deep excavation activity and you don’t have enough experience for this type of activity. Therefore, you assigned a subcontractor to perform this deep excavation activity. In this way, you have shifted the impact of a threat to your subcontractor. Now it is in the subcontractor’s responsibility to complete the excavation within the agreed schedule and budget.
Avoid
In this risk response strategy, the project team tries to eliminate the risk or protect the project from its negative effects.
For example, you are a project manager of a pipeline construction project and you have identified a risk that there is a chance of snow in high altitudes. Therefore you moved your crews to high altitudes and completed the tasks before the snow. In this way, you avoided the effect of snow.
Accept
In the risk acceptance strategy, the project team decides to recognize the risk and not take any action if the risk does not arise.
For example, you have to perform blasting activity on the right of way. In order to protect your team against the effects of noise risk, you provided them personal protective equipment (PPE) like earplugs. This is a passive acceptance and you are managing this risk by using PPE.
Note that accept strategy can be used for both negative and positive risks.
Another Example for the Negative Risk Response Strategies
You are a project manager of a bridge project and you have identified a risk that there is a chance of a storm in the next two days. You are implementing a contingency plan and keeping a separate contingency reserve to manage it. This is an example of active acceptance.
Summary
Basically there are five risk response strategies to deal with negative risks. Choosing the right strategy depends on risk . You can use the mitigation strategy if the risk is controllable by your team. If employing a third party is a better solution to manage the risk, you can select the transfer strategy. If it is possible to avoid risk, you can select the avoid strategy depending on the circumstances. If it is not possible to respond to the risk or the risk is not critical, you will accept the risk and manage it only if it happens. A risk register should be prepared at early stages of a project and it should be updated throughout the entire life cycle of a project. Risk response strategies should be clearly defined in the risk register for successful risk management.
See Also
Residual Risks vs Secondary Risks
Risk Response Strategies for Positive Risks
Francois Simosa is the head of training for the Gragados Training Associates, which provides special project management and risk management training programs.