Risk Response Strategies – Mitigate

Risk Response Mitigation

Project risk is an event if occurs can have a positive or negative impact on the project. We have discussed about the

Risk Management in a Project and

Project Risk Analysis and Management

Today we will cover one of the important risk response strategy and that is

What is Mitigate when we deal with Risk Response Strategy?

Risk Response MitigationAgain i am repeating the same word as Risk Strategy should be in line with Organizatiprojecton risk policy. The project team decides to take the Mitigation as  risk response means the chance for occurrence of the risk is not eliminated rather some mitigation plan is considered so  that the risk quantification becomes under control or in different word within the organization’s risk taking capabilities or Risk Appetites.

The risk will still be monitored and will be part of the Risk Register but impact will be less.

Let’s take an quick example.

At certain phase of the project it is observed that the project cannot be delivered within the schedule and that will have an impact on the customer relationship. The decision was taken to add the required number of resources to meet the deadline.

This has been one of the risk response -mitigation and budget was consumed from the project risk budget assigned by the management.

Risk response Strategies – Transfer

Risk Response Transfer

The idea behind the Project Risk Management is to identify the Risk and quantifying based on the likelihood and Impact. Once this major task is done, the next part is determining the risk response or how the project team wants to handle this. Everything is part of organization’s Risk Appetite and also inline with organization’s defined Risk Strategies.

For further reading on Risk Responses, please check Project Risk Analysis and Management.

One of the important Risk Response Strategy is Transfer.

What is Risk Response Strategy – Transfer ?

Transfer is nothing but as the name suggests to pass the risk to other party or person. Which does not mean the risk is being eliminated or avoided rather it passes the responsibility to other party.

Risk Response Transfer

Let’s see the below scenario.

One of the task in a project to shift the office to a low cost area. The business reason behind is during an assessment it is found office shifting will save significant amount of money which can be utilized in advertisement of newly launched product to generate a good amount of revenue (which is already calculated to start the project).

Now during the risk assessment phase it is observed the road condition to shift the goods is poor which can damage the office furniture. There were two options came during discussions/ brain storaming.

  1. To stop the project – Which was rejected.
  2. Continue the project but Transfer the Risk.

So as a decision to continue the project an Insurance was done for transferring the furniture.

Other ways to support the Risk Transfers are considering the options like Fixed Price Projects, Bonds, Performance bonus etc.

We will discuss the other Risk Responses in the next few write-ups.





Risk Response Strategies – Avoid

Risk response Avoid

The Project Risk management strategies are important as it determines to quantify the risk.  How the quantification is done?

After we determine the probability of the occurrence of the risk or likelihood and the impact of the risk, the risk quantification becomes,

RISK= Likelihood X Impact. 

Now project Risk strategies are closely based on the organization’s or Risk strategies. And that determines the what should be the

Project Risk Responses

When a project starts, An organization’s risk taking ability or how much risk the organization is ready to accept is document as part of risk strategies. This risk taking attitude is known as

Risk Appetite

Project board sets this limit, so that project management team can handle the risks and also know about the tolerance which is set. This is known as

Risk Tolerance.

Now the project may have risks which is beyond this tolerance. So during the risk strategies, how to deal with the risks are strategized for the identified  risks in the risk register. This is also known as

Risk Responses.

We have already seen the different Risk responses and we will see them one by one.

Risk response Avoid


There is a situation when the risks seems to be better to deal by completely avoiding this for the time being. let’s take an scenario. If an identified resource who is considered to work for one of the major process to complete the project like a Marketing Manager who is responsible for over all marketing of the product from its inception stage and that will in turn increase the market share once the product is launched.If during the risk analysis, it is found there is a chance that Marketing Manager will be going for leave due to some family issues, what should be the risk response? One of the decision is taken by the concerned team to replace him with another person to take care of the project. This risk response is known as AVOID or to avoid the risk completely before it occurs.

We will discuss about the other risk responses in the coming days.

Project Risk Analysis and Management

Project Risk Analysis Management

We already tried to understand why Risk management is important, you can give a quick read to check

What is Risk management in project Management?

We will see why the risk  analysis is important. Three main tasks are associated with it and are

  • Identification

  • Assessment and

  • Controlling the risk

Risk management starts at the very early stage when the project starts. But the important part is this process continues through out project life.  Risk management strategy should be based on corporate program risk management strategy if that exists.  First step towards this process is to identify. One need to understand the project context. Once that is understood, the process of identification of risks continues.
The risks are identified and documented in Risk Register. We will see the detail later.  Few risks are identified from the lesson learnt documents which is prepared based on the similar type of previous projects.  Lets’s consider the below scenario.

A project requires some of the deliverable to be executed by an external vendor because of their expertise on the matter. But previous experience with them implies the team who are likely to be working on the project are normally over booked. Which  gives rise of the risk that the project  may exceeds the schedules. So this is a candidate for a risk and should be part of the Risk Register.

After the Risk is identified, next step is to assess it.

Project Risk Analysis Management

What is Risk Assessment?

Assessment of Risk broadly covers two important areas.

  • Likelihood  of the occurrence of the risk
  • Impact of the risk

Based on which risk assessment and prioritization is done and that is called the Risk Assessment.

Now Likelihood of the risk implies how likely or what is the probability that the risk may occur. This is denoted by a number ranging from above 0 to less than 100. it is not denoted by 0 because that means the risk will not occur and also it cannot be 100 because that will not be denoting the risk probability rather than a certain event. The number is more will indicate the chance of occurrence is more.

The other important part of the Risk Assessment  is identifying the Impact. Impact is the consequences of the event if occurs. It is normally identified as Minor, Medium and Major.

But also can be additionally identified as Moderate and Catastrophic. 

Both likelihood and Impact together contributes towards the governing of the risk.

RISK = Likelihood X Impact

After this risk assessment is done, one is required to choose from the following approaches to deal with the risk.

  • Avoid
  • Transfer
  • Mitigate
  • Share
  • Accept
  • Enhance
  • Fallback
  • Reject

They are called thfe Risk responses and we will see more about it in the next few write ups.

What is Risk Management in Project Management?

What is Risk?

In our daily life, we are often dealing with this term .. RISK. Sometimes knowingly and sometimes unknowingly we try to measure the RISK. Let’s take an example.

You have planned your travel. on the day, you will be boarding the train as per the schedule. When will you start from home? You have already calculated or rather estimated the time. Now when you have done the calculation, you may have considered booking the cab, carry all the required luggage, carrying the print out of your train ticket and so on. It means you have already have done the necessary plannings and acted accordingly.

Wish you have a happy journey.

Mow the question is what if

  • the cab did not come on time
  • the road has unexpected traffic than usual
  • you realized, something you have missed to carry
  • at the last moment some urgent things have come, which you cannot ignore

There can be many more things which can hamper your holiday.

Now if you are an experienced  traveler, most of the things you are already aware of and taken the necessary precautions. Software industry also is not any different than life. to develop an website or to develop a product,we do need planning. We also need to be prepared from those happenings, that may restrict or create unintentional barrier to complete the project.

These are nothing but than Risks.


What is Risk?

PRINCE2 define risk as,

Risk is a set of events if occur will have an impact on project objective.

There are two important types of Risks:

  • Positive risks

  • Negative risks

First, let’s see what are negative risks. Negative risks are those which come to our mind first. You could not deliver the project within budget or could not deliver within schedule. In our previous example, you have missed the train and your complete holiday plan is now on a big question mark. In simple words, something has happened, that proved to be a loss, which you would like to avoid.

Similarly positive risk is also a risk but that will bring an opportunity for you, if you can deal with it properly.

In your project, you developed a website to sell products. But it became so popular that number of visitors increased than what you expected which may cause the system crash. This is a risk but you will like to occur as it will give you more revenue but you need to take suitable measures so that the system can support more users to your site.  Hence this becomes an opportunity for you.

So what is required?

We need to do a proper risk management for our project. For that the important activities are

  • Identify the risk

  • Do the assessment

  • Control the risk

Hope you have got some idea about the Risk.  We will discuss more about it and the risk management in the next few posts.

I would be happy to know your comments.