Part 83: Strategies for Threats
(Project Risk Management: Plan Risk Responses)
- How do we deal with Negative Risks (Threats)?
- There are five strategies to deal with a risk: Escalate, Avoid, Transfer, Mitigate, or Accept
- The chosen strategy should match the risk’s probability and impact on the project’s objectives
- Critical risks should be avoided or transferred, while smaller risks can be mitigated or accepted
- Escalate
- When the risk exceeds the project’s scope or when the project manager does not have authority to respond, we should escalate the risk
- Risks are escalated to the program manager, portfolio manager, or another part of our organization
- The project manager decides who to escalate the risk to
- The project team stops monitoring a risk after it has been escalated
- For example, we’re developing an automobile and a rival competitor is suing us for patent infringement. The project manager has no authority to respond to the lawsuit. This matter might be escalated to the legal department.
- Avoid
- When we have a high-probability risk, we can try to avoid the risk
- We avoid the risk by changing the project’s plans or objectives so that the risk can no longer occur
- For example, we’re developing an automobile and there is a risk that the vehicle’s air conditioner will catch fire. We remove the air conditioner from the vehicle. Our changes eliminate the fire risk.
- Transfer
- Impact of the risk and ownership of the response is shifted to a third party
- This does not eliminate the risk
- The risk cannot be transferred to another party unless they agree to accept it
- Transferring the risk usually costs money
- Many ways to transfer risks, including insurance, warranties, and contracts
- In a Cost-Plus contract, the cost risk is transferred to the buyer
- For example, we’re developing an automobile and there is a risk that the vehicle will catch fire. Instead of making changes to the design, we obtain an insurance policy to protect us against the potential future recalls and repairs.
- Mitigate
- Reduces the probability and/or impact of a risk
- More effective to reduce the risk before it happens than to wait until it has occurred and attempt to repair the damage
- Mitigation may require the development of a prototype to test
- For example, we’re developing an automobile and there is a risk that the vehicle will catch fire. We test several different designs of the vehicle until we identify the one with the lowest fire risk. We create a maintenance program and educate our dealers and technicians so that the risk is reduced.
- Accept
- Acknowledge the risk and take no action unless it occurs
- Sometimes it is not possible or cost-effective to use the other strategies
- In Passive Acceptance, the risk is documented, and nothing else is done. We check on the risk regularly to make sure it’s probability or impact doesn’t increase
- In Active Acceptance, we create contingency reserve (time, money, or resources) to deal with the risk in case it happens