A risk is an event which has some impact on any of your project objectives such as scope, cost, quality, and schedule if it occurs; this impact can be negative or positive.
A risk is an unplanned event which may or may not occur, but you have to find such events during the planning phase and develop a plan to manage them.
The risk is known as a positive risk or opportunity if the impact is positive which you may want to actualize. The risk is known as a negative risk or threat if the impact is negative, and in this case, you will want to lessen its impact.
As risks differ, strategies to manage them also vary.
According to the PMBOK Guide 6th edition, we have the following strategies to manage negative risks:
- Escalate
- Mitigate
- Transfer
- Avoid
- Accept
The strategies to deal with positive risks are: escalate, enhance, exploit, accept and share.
In this blog post, we will discuss negative risk response strategies. Positive risk response strategies have been addressed in another blog post.
Negative Risk Response Strategies
As mentioned above, you have five strategies to deal with negative risks. Ideally, you would like to avoid the risk, but in most cases, it is not possible to use this strategy all the time. Thus, you will utilize other strategies such as mitigate, transfer or escalate.
Escalate
You use the escalate risk response strategy when you identify risk and find that you cannot manage it on your own because you lack the authority, resources or knowledge required for a response.
You will contact your PMO or top management to inform them about it and ask them to take the responsibility of managing the risk when this kind of situation happens. You won’t take any further action except to note it down in the risk register once the top management or PMO accepts your request to take responsibility for the risk.
For example, you know that the government is planning to announce a regulation and it could impact your project negatively if approved. You have no legal advisor and other resources to manage this risk, so you will approach your superiors to handle the risk.
Mitigate
You will try to lessen the impact of the risk in this risk response strategy. You can do so by either trying to decrease the probability of the risk happening or the effect of the risk. This strategy decreases the severity of the risk.
For example, you find that a team member may leave for a specific duration during the peak of your project. This is a negative risk; therefore to minimize the impact of his absence, you find another employee with similar qualifications from your organization and inform his boss that you may need him for your project for some time.
This employee may not be as capable as the old employee, but he can cover for the old employee.
Transfer
You use this strategy when you lack skills or resources to manage the risk, or you are too busy to manage it.
In the transfer risk response strategy, you transfer the risk to a third party to manage it. Please note that transferring does not eliminate the risk; it only shifts the responsibility of managing the risk to the third party.
For example, in your project, there is a task to install some equipment, and you have little experience with this task. The task is complex, and few contractors have successfully installed it. Therefore, you find a contractor and ask them to install it and sign a fixed price contract.
In this way, you have transferred the responsibility of the whole task to a third party, and now it is their responsibility to complete the task within the agreed time and cost.
Transferring a risk can cause a secondary risk. For example, although you have given a third party the responsibility of managing the risk, you are responsible for the guarantee with the client.
Avoid
Here, you try to eliminate the risk or its impact. You do this by changing your project management plan, by changing the project scope, or by changing the schedule.
This is a desired risk response strategy mainly used for critical risks. This is the best technique for all risks; however, it cannot be used most of the time.
It is easy to use this strategy if you identify the risk in a very early stage; otherwise, it is difficult to adopt this strategy because in a later stage changing scope or schedule is a costly affair.
You will have to convince the client or your management to change the scope or schedule to use this strategy. You can only utilize the avoid risk response strategy after their approval.
For example, you observe that during certain periods of your project there is a chance of rain and you have work planned outdoors at that time. Therefore, to avoid this risk, you move these activities to a few days later to avoid the impact of rain.
Accept
This risk response strategy can be used with both kinds of risks, i.e., positive risks or negative risks. Here you take no action to manage the risk except acknowledging it.
You use this strategy when the risk is not critical, if it is not possible or practical to respond to the risk through the other strategies, or if the importance of the risk does not warrant a response.
You can accept the risk either by actively acknowledging it or passively acknowledging it. In the active acceptance you keep a separate contingency reserve to manage the risk, and in passive acceptance, you do nothing except note down the risk in the risk register.
For example, you are digging to construct a building, and there is a risk that you may find artifacts, though the chances are low. So you note it down and take no action as a response plan may cost you a lot with no guarantee of finding an object of interest.
Summary
You have five risk response strategies to deal with negative risks, and you will select the strategy to manage the risk depending on the risk. If you see that you can manage the risk, you will go for the mitigation risk response strategy. If you see that a third party is better equipped to manage the risk than you, you will choose the transfer risk response strategy. If you find it difficult to manage the risk, you will avoid it. And in the accept risk response strategy, you acknowledge the risk and note it down and manage it only if it happens. Lastly, if managing the risk is beyond your ability, you will escalate it to your PMO or relevant superior to manage it.
What negative risk response strategies do you often use with your projects? If you want to share with us, you can do so through the comments section.
This topic is vital from a PMP and PMI-RMP exam point of view, and you will see many questions on this topic in your exam. Therefore, have a better understanding of these concepts attempting the exam.
ok
Great read.
Thanks Robert for your comment.
simple and clear. thank you
You are welcome Rajaa.
Hi Fahad,
Help me answer this question
You make a contingency plan for a negative risk, and assign it to a risk owner. What kind of risk response strategy is this?
(a) Transfer
(b) Avoid
(c) Mitigation
(d) Accept
Thanks
In transfer, avoid, and accept you do not make a contingency plan and assign a risk owner. So the correct answer is “mitigation”.
hi
could this be a active acceptance strategy? The question doesn’t clearly state if the negative risks is mitigated by any means in terms of reducing the probability of its occurrence or impact but just mentions a risk owner is assigned which could be part of contingency reserve (resources, schedule or money) set aside to address this risk should it occur
Thanks
mk
Yes, n active acceptance you set aside resource to manage the risk if it occurs.
What is the best sequence of negative risk. Is it
1. Try to mitigate
2. Transfer to third party
3. Accept
4 avoid
It depends on situation and the type of risk.
Hi Fahad,
I am reading your articles these days, this is very clear explanation. Keep it up.
I am planning to take a PMP exam on a few months.
Please advise.
Thanks
Prepare well, and dont forget the PMBOK Guide.
Hi Fahad,
Great work in summarizing in such a clear and descriptive way so many different topics.
Well done.
Yuri
Thanks Yuri for your comment.
Nice article!
Thanks Joey.
Is your current 400 PMP Exam Sample Questions are all new questions because I already bought your 200 PMP Exam Sample Questions for $5.00
200 new questions have been added to the eBook. I have already send the updated copy of it to any one, who bought the book from my blog.
Anyway, I have again send you the copy of this eBook. Please check your email and let me know.
Clear and to the point!
Is there a page where I can go to see all your posts?
Thanks!
Jane
Hello Jane,
You can find all of my blog posts on the below given page:
https://pmstudycircle.com/study-notes/
Great work as usual, keep it up..
Thanks Warsi Sahab for your comment.