The response(s) to a given risk should reflect the risk type, the risk assessment (likelihood, impact, criticality) and the organization’s attitude to risk. There are a number of possible responses to risks and as risks can be threats or opportunities these include responses that are suitable for potential opportunities. The responses are summarised in the table below.
Table of risk responses
Risk Response | Description/example | Suitable for…. risk types (these are suggestions and not exhaustive) |
Threats | ||
Avoid | The risk is avoided by changing the project in someway to bypass the risk. |
Some political risks e.g. adverse public opinion. Some technical/operational/infrastructure risks e.g. maintenance problems. Legal and regulatory risks e.g. regulatory controls, licensing requirements. |
Transfer | Some strategic/commercial risks e.g. theft, insolvency can be insured against. See business risks for more examples.
Environmental risks e.g. natural disasters, storms, flooding may also be insured against see risk insurance.
|
|
Reduce | Action is taken to reduce either the likelihood of the risk occurring or the impact that it will have. |
The most frequently used response to risk. Widely applicable - Technical/Operational/Infrastructure e.g. negligence, performance failure, scope creep, unclear expectations. Organisational/management/human factors e.g. personality clashes, poor leadership, and poor staff selection.
|
Accept |
The risk may be accepted perhaps because there is a low impact or likelihood. A contingency plan will be identified should it occur. |
Some political, legal and regulatory, and economic/financial risks may need to be accepted with a contingency plan in place e.g. war and disorder, exchange rate fluctuation. |
Contingency Plan | Here a plan is put in place to respond if the risk is realised. | Economic/financial/market |
Opportunities | ||
Share | An opportunity is shared with a partner or supplier to maximize the benefits through use of shared resource/technology etc. | Technical/operational/infrastructure e.g. new technology, improved designs. |
Exploit | A project could be adjusted to take advantage of a change in technology or a new market. | Economic/financial/market e.g. new and emerging markets, positive changes in exchange rates or interest rates. |
Enhance | Action is taken to increase the likelihood of the opportunity occurring or the positive impact it could have. | Strategic/commercial opportunities such as new partnerships, new capital investment, new promoters. |
Reject | Here no action is taken and the chance to gain from the opportunity is rejected. Contingency plans may be put in place should the opportunity occur. | Political or environmental e.g. new transport links, change of government bringing positive changes in policy/opportunities for lobbying etc. |
The Top 50 Business Risks and how to manage them!
20 Common Project Risks - example Risk Register
Checklist of 30 Construction Risks
Risk Responses - references
Office of Government Commerce (2005), Managing Successful Projects with PRINCE2, London: TSO. Latest edition Managing Successful Projects with PRINCE2: 2009 Edition.
Office of Government Commerce (2002), Managing Successful Projects with PRINCE2, London: TSO.
The Projects Group PLC, 2006, Risk Management Overview, Sutton: The Projects Group plc.
Read more on Risk Management
- Learn about Risk Assessment
- See a list of typical risks faced by business - Business Risk
- Construction Risk Management
- Review the Management of Risk (MoR) - Risk Management Glossary
- Read an overview to managing risk - Risk Management Guidelines
- Risk Identification - find out how to identify the risks that will impact your business.
- Risk Mitigation - review the ways you can mitigate risk.
- See a real world example of a poor risk register NHS Risk Register
- Risk Register template
- Risk Management Report
- Prince2 Risk Register
- Prince2 Risk Management Strategy