Once we've identified our project risks, we should plan and implement responses. In this article, let's look at ways to respond to project threats and opportunities.
In our projects, we discover threats that may limit our ability to achieve our goals. We also identify opportunities that could allow us to make more progress. Our job is to increase the opportunities and reduce the threats. We can optimize our risk responses over time.
Project Risk Strategies
How Can We Respond to Risks?
The PMBOK® Guide defines risk as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.” Therefore, project managers should work with risk owners to plan for both threats and opportunities. Here are strategies for threats and opportunities.
Strategies for Threats
Strategies for Opportunities
Avoid. Eliminate the threat entirely (e.g., reduce the scope).
Exploit. Ensure that the opportunity is realized (e.g., purchase supplies in a bulk quantity to receive a discount).
Transfer. Shift the ownership of a threat to a third party (e.g., insurance).
Share. Assign all or part of the opportunity to a third party (e.g., joint venture).
Mitigate. Reduce the probability or impact of a threat (e.g., more testing).
Enhance. Increase the probability or impact of an opportunity (e.g., add resources to an activity).
Accept. Acknowledge the threat but take no action unless the threat occurs.
Accept. Acknowledge the opportunity but take no action to ensure that the opportunity occurs.
Escalate. Assign the threat–one outside of the scope of the project–to someone within the organization.
Escalate. Assign the opportunity–outside of the scope of the project–to someone within the organization.
Notice how the risk strategies for threats and opportunities are mirror opposites. For example, in mitigating a threat, we reduce the probability or impact of the threat. As we enhance an opportunity, we increase the probability or impact of the opportunity.
Other Risk Response Tips
- The level of detail for the risk response plans should be commensurate with the significance of the risks.
- Validate risk owners that were assigned during the risk identification process. If a risk owner has not been assigned, assign the owner before developing the risk responses.
- Create contingency and fallback plans for residual risks (i.e., risk remaining after the risk response have been implemented) where appropriate.
- If you choose to accept the risk, determine whether you will passively accept the risk (i.e. no contingency plans are defined) or actively accept the risk (i.e. contingency plan are defined).