Negative Risk Response Strategies Table
(2013). the PMBOK® Guide (5th Ed.). Newton Square, PA: PMI
Negative Risk
Response
Definition
Strategy
Avoid
Risk avoidance is a risk response strategy whereby the project team
acts to eliminate the threat to protect the project from its impact. It
usually involves changing the project management plan to eliminate
the threat entirely. The project manager may also isolate the
project objectives from the risk's impact or change the objective
that is in jeopardy (2013, pg 47).
Once the root cause is identified, this technique seeks to
eliminate the root cause so that the risk is avoided altogether and
removes the risk as a possibility.
Transfer
Risk transfer is a risk response strategy whereby the project team
shifts the impact of the threat to a third party, together with
ownership of the response. Transferring the risk simply gives
another party responsibility for its management - it does not
eliminate it. Transferring does not mean disowning the risk by
transferring it to a larger project or another person without his or
her knowledge or agreement (2013, pg 47).
A transfer shifts the liability of risk to someone else, through terms
and conditions in a contract or through insurance.
Mitigate
Risk mitigation is a risk response strategy whereby the project team
acts to reduce the probability of occurrence of impact of a risk. It
implies a reduction in the probability and/or impact of an adverse
risk to be within acceptable threshold limits. Taking early action to
reduce the probability and/or impact of a risk occurring on the
project is often more effective than trying to repair the damage
after the risk has occurred (2013, pg 48).
When mitigating, the PM determines the factors that contribute to
or leads to the risk event. Once identified, they seek to
influence them in a manner that reduces their likelihood or impact.
Accept
Risk acceptance is a risk response strategy whereby the project
team decides to acknowledge the risk and not take any action
unless the risk occurs. This strategy is adopted where it is not
possible or cost-effective to address a specific risk in any other
way (2013, pg 48).
Acceptance, either passive or active, is a conscious decision to not
worry about a low impact or low probability risk until it should
happen. Passive acceptance means the risk will not be addressed at
all and, should it happen, it will be managed as an issue/change.
Active acceptance is being prepared should the event happen, it is
knowing what to do by creating contingency reserves and buffers.