A risk is an unplanned event that may or may not occur, but if it does, it will impact your project objectives such as scope, cost, quality or schedule. The impact can be positive or negative.
A positive risk has a positive impact while the impact of a negative risk is negative. You would like to realize a positive risk while avoiding a negative risk. If avoidance is not possible, you will try to reduce the impact or the probability of a negative risk.
You will identify these risks during the planning phase and develop a plan to manage them.
Strategies to manage negative and positive risks are different. In this blog post, we will discuss negative risk response strategies. I have discussed positive risk response strategies in another blog post.
Negative Risk Response Strategies
According to the PMBOK Guide, 6th edition, we have five strategies to manage negative risks:
Ideally, you want to avoid risks, but it is not possible in most cases.
You use the escalate risk response strategy when you cannot manage risk on your own because you lack the authority, resources, or knowledge required for a response.
You contact your PMO or management to take responsibility for managing the risk. Once management accepts, you won’t take any further action except recording it in the risk register.
For example, the government announces a regulation that could impact your project negatively. You have no resources to manage this risk, so you approach management.
This risk response strategy helps you lessen the impact or probability of the risk. Put simply, this strategy decreases the severity of the risk.
For example, a team member may leave during the peak of your project. To reduce the impact of his absence, you find another employee with similar qualifications in your organization and inform his boss that you may need him for your project.
The new employee may not be as capable, but he can cover.
You use this strategy when you lack skills or resources to manage the risk, or you are too busy to manage it.
In this strategy, you transfer the responsibility to a third party. If the risk occurs, the third party will manage it and you will be safe from the impact. Please note that transferring does not eliminate the risk; it only shifts the responsibility of managing the risk to a third party.
For example, you have to install equipment, and you have little experience with this task. The task is complex, and very few contractors have done it successfully. Therefore, you find a contractor and ask them to do the task for you and sign a fixed price contract.
In this way, you have transferred the risk responsibility to a third party, and now they will complete the task within the agreed time and cost.
Transferring a risk can cause a secondary risk. For example, although you have given a third party the responsibility, you are responsible for the project from the client’s point of view.
Here, you try to eliminate the risk or its impact. You do this by changing your project management plan, changing the project scope, or by changing the schedule.
You use this strategy with critical risks. This is the best technique for risks, but you cannot use it at all times.
Using this technique is easy if you identify the risk in an early stage, as changing the scope or plan in later stages is difficult and costly.
You will have to convince the client or your management to change the scope or schedule to use this strategy. You can only use the avoid risk response strategy after their approval.
For example, you find that there is a chance of rain during certain periods and you have work planned outdoors at that time. Therefore, you move these activities to a few days later to avoid the risk.
You can use this risk response strategy with positive and negative risks. Here you take no action to manage the risk other than acknowledging it.
You use this strategy with non-critical risks when it is not possible or practical to respond to the risk using other strategies, or if the importance of the risk does not call for a response.
You can accept the risk either by actively or passively acknowledging it. In an active acceptance strategy, you keep a separate contingency reserve to manage the risk, and in passive acceptance, you do nothing except record to the risk register.
For example, you are digging for construction works, and there is a risk of finding artifacts, though the chances are low. So you record this \ in the risk register and take no action because a response plan is costly with no guarantee of finding an object of interest.
Negative risks affect your project objective negatively and as a project manager, you will try to minimize the impact. You have five strategies to manage negative risks. Every strategy has its own importance and you will select the best strategy suitable for the situation and risk. Out of these five strategies, escalate is the only strategy where you don’t have any responsibility since top management handles it.
How do you select a risk response strategy for a negative risk? Please share your thoughts in the comments section.
This topic is vital from a PMP and PMI-RMP exam point of view, and you will see many questions on this topic. Therefore, have a better understanding of these concepts before attempting the exam.