negative risk response strategies

Today will discuss negative risk response strategies.

A risk is an unplanned event that may or may not occur. If it does, it can impact your project objectives, such as scope, cost, quality, or schedule. The impact can be positive or negative.

A positive risk has a positive effect, while the impact of a negative risk is negative. Your aim should be to increase the chances of positive risks while avoiding negative risks. If avoidance is not possible, you will try to reduce the impact or the probability of the latter. 

You will identify these risks during the planning phase and develop a strategy to manage them.

Strategies to manage negative and positive risks are different. We will discuss negative risk response strategies. I have discussed positive risk response strategies in another post.

Negative Risk Response Strategies

According to the PMBOK Guide, we have five strategies:

  • Escalate
  • Mitigate
  • Transfer
  • Avoid
  • Accept

Ideally, you want to avoid risks, but this is often not possible.

Escalate

You use the escalate risk response strategy when you cannot manage risk because you lack authority, resources, or knowledge. 

You contact your PMO or management to take responsibility for the risk. Once the higher authority accepts, you won’t take further action other than updating the risk register

For example, say your local government announces a regulation that could impact your project negatively. You have no resources to manage this risk, so you approach management.

You can use this risk response strategy for positive and negative risks.

Mitigate

This risk response strategy helps you lessen the impact or probability of the risk. This strategy decreases the severity. 

For example, a team member may leave during the peak of your project. To reduce the impact of their absence, you find another employee with similar qualifications in your organization. 

The new employee may not be as capable, but they can cover.

This is a purely negative risk response strategy.

Transfer

You use this strategy when you lack the skills or resources to manage the risk or are too busy to manage it. 

You simply transfer the responsibility to a third party. If the risk occurs, the third party will manage it, and you will be safe from the impact. Note that transferring does not eliminate the risk; it only shifts the responsibility. 

For example, you have to install equipment but don’t have much experience. The task is complex, and very few contractors have done it successfully. You find an expert and hire them to do the task for you, signing a fixed price contract

In this way, you have transferred the risk responsibility to a third party, and now they will complete the task at the agreed time and cost. 

Transferring risk can cause a secondary risk. For example, although you have given it to a third party, you are responsible for the project from the client’s point of view.

This is again a purely negative risk response strategy.

Avoid

Here, you try to eliminate the risk or its impact. You do this by changing your project management plan, scope, or schedule. 

You use this strategy with critical risks. This is the best technique, so use it when you can. 

It becomes easier if you identify the risk in an early stage, as changing the scope or plan in later stages is difficult and costly. 

You will have to convince the client or your management to change the scope or schedule to use this strategy. Avoid risk response strategies require after their approval. 

For example, you find that there is a chance of rain during certain periods, and you have work planned outdoors at that time. Therefore, you move these activities to a few days later to avoid the risk.

This is a negative risk response strategy.

Accept

You can use this risk response strategy with positive and negative risks. Here you take no action to manage the risk other than acknowledging it. 

You use this strategy with non-critical risks when it is not possible or practical to respond using other strategies or if it is of little importance and does not call for a response. 

You can accept the risk either by actively or passively acknowledging it. In an active acceptance strategy, you keep a separate contingency reserve to manage the risk, and in passive acceptance, you do nothing except record it to the risk register. 

For example, you are digging for a building foundation, and there is a risk of finding artifacts, though the chances are low. So you record this in the risk register and take no action because a response plan is costly, with no guarantee it will occur.

This risk response strategy can be used with negative and positive risks.

Summary

Negative risks affect your project objective negatively. As a project manager, you will try to minimize the impact. You have five negative risk response strategies to manage negative risks. Every strategy has its own importance, and you will select the most suitable for the situation and risk. Out of these five strategies, escalate is the only strategy where you don’t have any responsibility since management does. 

How do you select negative risk response strategies? Please share your thoughts in the comments section. 

This topic is vital from a PMP and PMI-RMP exam point of view, and you will see many questions on it.