The response(s) to a given risk should reflect the risk type, the risk assessment (likelihood, impact, criticality) and the organization’s attitude to risk. There are a number of possible responses to risks and as risks can be threats or opportunities these include responses that are suitable for potential opportunities. The responses are summarised in the table below.
Table of risk responses
Suitable for…. risk types (these are suggestions and not exhaustive)
The risk is avoided by changing the project in someway to bypass the risk.
Some political risks e.g. adverse public opinion. Some technical/operational/infrastructure risks e.g. maintenance problems. Legal and regulatory risks e.g. regulatory controls, licensing requirements.
Action is taken to reduce either the likelihood of the risk occurring or the impact that it will have.
The most frequently used response to risk.
Widely applicable - Technical/Operational/Infrastructure e.g. negligence, performance failure, scope creep, unclear expectations.
Organisational/management/human factors e.g. personality clashes, poor leadership, and poor staff selection.
Some political, legal and regulatory, and economic/financial risks may need to be accepted with a contingency plan in place e.g. war and disorder, exchange rate fluctuation.
|Contingency||Here a plan is put in place to respond if the risk is realised.||
|Share||An opportunity is shared with a partner or supplier to maximise the benefits through use of shared resource/technology etc.||Technical/operational/infrastructure e.g. new technology, improved designs.|
|Exploit||A project could be adjusted to take advantage of a change in technology or a new market.||Economic/financial/market e.g. new and emerging markets, positive changes in exchange rates or interest rates.|
|Enhance||Action is taken to increase the likelihood of the opportunity occurring or the positive impact it could have.||Strategic/commercial opportunities such as new partnerships, new capital investment, new promoters.|
|Reject||Here no action is taken and the chance to gain from the opportunity is rejected. Contingency plans may be put in place should the opportunity occur.||Political or environmental e.g. new transport links, change of government bringing positive changes in policy/opportunities for lobbying etc.|
Contingency plans should identify the actions that will be taken if a risk occurs. Contingent actions will often have an associated cost and a budget should be set aside in the business case to cover this.
Risk Responses - references
Office of Government Commerce (2005), Managing Successful Projects with PRINCE2, London: TSO. Latest edition Managing Successful Projects with PRINCE2: 2009 Edition
Office of Government Commerce (2002), Managing Successful Projects with PRINCE2, London: TSO.
The Projects Group PLC, 2006, Risk Management Overview, Sutton: The Projects Group plc.
Read more on Risk Management
- Learn about Risk Assessment
- See a list of typical risks faced by business - Business Risk
- Construction Risk Management
- Review the Management of Risk (MoR) - Risk Management Glossary
- Read an overview to managing risk - Risk Management Guidelines
- Risk Identification - find out how to identify the risks that will impact your business.
- Risk Mitigation - review the ways you can mitigate risk.
- See a real world example of a poor risk register NHS Risk Register
- Risk Register template
- Risk Management Report
- Prince2 Risk Register
- Prince2 Risk Management Strategy