Part 83: Strategies for Threats
(Project Risk Management: Plan Risk Responses)

  • How do we deal with Negative Risks (Threats)?
  • There are five strategies to deal with a risk: Escalate, Avoid, Transfer, Mitigate, or Accept
  • The chosen strategy should match the risk’s probability and impact on the project’s objectives
  • Critical risks should be avoided or transferred, while smaller risks can be mitigated or accepted
  • Escalate
    • When the risk exceeds the project’s scope or when the project manager does not have authority to respond, we should escalate the risk
    • Risks are escalated to the program manager, portfolio manager, or another part of our organization
    • The project manager decides who to escalate the risk to
    • The project team stops monitoring a risk after it has been escalated
    • For example, we’re developing an automobile and a rival competitor is suing us for patent infringement.  The project manager has no authority to respond to the lawsuit. This matter might be escalated to the legal department.
  • Avoid
    • When we have a high-probability risk, we can try to avoid the risk
    • We avoid the risk by changing the project’s plans or objectives so that the risk can no longer occur
    • For example, we’re developing an automobile and there is a risk that the vehicle’s air conditioner will catch fire.  We remove the air conditioner from the vehicle.  Our changes eliminate the fire risk.
  • Transfer
    • Impact of the risk and ownership of the response is shifted to a third party
    • This does not eliminate the risk
    • The risk cannot be transferred to another party unless they agree to accept it
    • Transferring the risk usually costs money
    • Many ways to transfer risks, including insurance, warranties, and contracts
    • In a Cost-Plus contract, the cost risk is transferred to the buyer
    • For example, we’re developing an automobile and there is a risk that the vehicle will catch fire.  Instead of making changes to the design, we obtain an insurance policy to protect us against the potential future recalls and repairs.
  • Mitigate
    • Reduces the probability and/or impact of a risk
    • More effective to reduce the risk before it happens than to wait until it has occurred and attempt to repair the damage
    • Mitigation may require the development of a prototype to test
    • For example, we’re developing an automobile and there is a risk that the vehicle will catch fire.  We test several different designs of the vehicle until we identify the one with the lowest fire risk.  We create a maintenance program and educate our dealers and technicians so that the risk is reduced.
  • Accept
    • Acknowledge the risk and take no action unless it occurs
    • Sometimes it is not possible or cost-effective to use the other strategies
    • In Passive Acceptance, the risk is documented, and nothing else is done.  We check on the risk regularly to make sure it’s probability or impact doesn’t increase
    • In Active Acceptance, we create contingency reserve (time, money, or resources) to deal with the risk in case it happens