Risk Responses

responses to risk
This article gives a summary of the responses that an organization or project can take to manage a risk. Risk can be defined as uncertainty of outcome whether positive (an opportunity) or negative (a threat). The management of risk is critical to project success and it is the task of risk management to manage a project’s exposure to risk (PRINCE2, 2005, p251).

The response(s) to a given risk should reflect the risk type, the risk assessment (likelihood, impact, criticality) and the organization’s attitude to risk. There are a number of possible responses to risks and as risks can be threats or opportunities these include responses that are suitable for potential opportunities. The responses are summarised in the table below.

Table of risk responses

Risk Response Description/example
Suitable for…. risk types (these are suggestions and not exhaustive)
The risk is avoided by changing the project in someway to bypass the risk.
Some political risks e.g. adverse public opinion. Some technical/operational/infrastructure risks e.g. maintenance problems. Legal and regulatory risks e.g. regulatory controls, licensing requirements.
Some or all of the risk is transferred to a third party for example insurance.
Some strategic/commercial risks e.g. theft, insolvency can be insured against. See business risks for more examples.
Environmental risks e.g. natural disasters, storms, flooding may also be insured against see risk insurance.
Action is taken to reduce either the likelihood of the risk occurring or the impact that it will have.

The most frequently used response to risk.

Widely applicable - Technical/Operational/Infrastructure e.g. negligence, performance failure, scope creep, unclear expectations.

Organisational/management/human factors e.g. personality clashes, poor leadership, and poor staff selection.
The risk may be accepted perhaps because there is a low impact or likelihood. A contingency plan will be identified should it occur.
Some political, legal and regulatory, and economic/financial risks may need to be accepted with a contingency plan in place e.g. war and disorder, exchange rate fluctuation.
Contingency Plan Here a plan is put in place to respond if the risk is realised.

Legal and regulatory

Arguably all risks can and should have a contingency plan in place.
Share An opportunity is shared with a partner or supplier to maximize the benefits through use of shared resource/technology etc. Technical/operational/infrastructure e.g. new technology, improved designs.
Exploit A project could be adjusted to take advantage of a change in technology or a new market. Economic/financial/market e.g. new and emerging markets, positive changes in exchange rates or interest rates.
Enhance Action is taken to increase the likelihood of the opportunity occurring or the positive impact it could have. Strategic/commercial opportunities such as new partnerships, new capital investment, new promoters.
Reject Here no action is taken and the chance to gain from the opportunity is rejected. Contingency plans may be put in place should the opportunity occur. Political or environmental e.g. new transport links, change of government bringing positive changes in policy/opportunities for lobbying etc.
Contingency plans should identify the actions that will be taken if a risk occurs. Contingent actions will often have an associated cost and a budget should be set aside in the business case to cover this.

The Top 50 Business Risks and how to manage them!

20 Common Project Risks - example Risk Register

Checklist of 30 Construction Risks

Risk Responses - references

Office of Government Commerce (2005), Managing Successful Projects with PRINCE2, London: TSO. Latest edition Managing Successful Projects with PRINCE2: 2009 Edition.

Office of Government Commerce (2002), Managing Successful Projects with PRINCE2, London: TSO.

The Projects Group PLC, 2006, Risk Management Overview, Sutton: The Projects Group plc.

Read more on Risk Management