This article gives a summary of the responses that an organization or project can take to manage a risk. risk can be defined as uncertainty of outcome whether positive (an opportunity) or negative (a threat). The management of risk is critical to project success and it is the task of risk management to manage a project’s exposure to risk (PRINCE2, 2005, p251).
The response(s) to a given risk should reflect the risk type, the risk assessment (likelihood, impact, criticality) and the organization’s attitude to risk. There are a number of possible responses to risks and as risks can be threats or opportunities these include responses that are suitable for potential opportunities. The responses are summarised in the table below.
Possible responses to risk
What you can do about Risks that threaten your project
Avoid
The risk is avoided by changing the project in some way to bypass the risk.
Examples: Some political risks (e.g., adverse public opinion), technical/operational/infrastructure risks (e.g., maintenance problems), legal and regulatory risks (e.g., regulatory controls, licensing requirements).
Transfer
Some or all of the risk is transferred to a third party, for example, insurance.
Examples: Some strategic/commercial risks (e.g., theft, insolvency) can be insured against. Environmental risks (e.g., natural disasters, storms, flooding) may also be insured against.
Reduce
Action is taken to reduce either the likelihood of the risk occurring or the impact it will have.
Examples: Widely applicable for technical/operational/infrastructure risks (e.g., negligence, performance failure, scope creep, unclear expectations) and organizational/management/human factors (e.g., personality clashes, poor leadership).
Accept
The risk may be accepted because of low impact or likelihood, with a contingency plan identified should it occur.
Examples: Some political, legal, and regulatory risks (e.g., war, disorder, exchange rate fluctuation).
Contingency Plan
A plan is put in place to respond if the risk is realized.
Examples: Economic/financial/market risks, political risks, and legal and regulatory risks.
What you can do about risks that are an opportunity for your project
Share
An opportunity is shared with a partner or supplier to maximize benefits through shared resources or technology.
Examples: Technical/operational/infrastructure opportunities (e.g., new technology, improved designs).
Exploit
A project could be adjusted to take advantage of a change in technology or a new market.
Examples: Economic/financial/market opportunities (e.g., new and emerging markets, positive changes in exchange rates).
Enhance
Action is taken to increase the likelihood of the opportunity occurring or its positive impact.
Examples: Strategic/commercial opportunities (e.g., new partnerships, capital investments).
Reject
No action is taken, and the chance to gain from the opportunity is rejected. Contingency plans may be put in place.
Examples: Political or environmental opportunities (e.g., new transport links, policy changes).
The Top 50 Business Risks and how to manage them!
20 Common Project Risks - example Risk Register
Checklist of 30 Construction Risks
Risk Responses - references
Office of Government Commerce (2002), Managing Successful Projects with PRINCE2, London: TSO.
The Projects Group PLC, 2006, Risk Management Overview, Sutton: The Projects Group plc.
Read more on Risk Management
- Learn about Risk Assessment
- See a list of typical risks faced by business - Business Risk
- Construction Risk Management
- Review the Management of Risk (MoR) - Risk Management Glossary
- Read an overview to managing risk - Risk Management Guidelines
- Risk Identification - find out how to identify the risks that will impact your business.
- Risk Mitigation - review the ways you can mitigate risk.
- See a real world example of a poor risk register NHS Risk Register
- Risk Register template
- Risk Management Report
- Prince2 Risk Register
- Prince2 Risk Management Strategy