risk management strategy

What is your Project Risk Management Strategy?

risk management strategy

“Duh! We will deal with the problem when it comes. Is there any other Project Risk Management Strategy?”

In my experience “deal with the problem when it comes” is the most frequently used Project Risk Management Strategy (also called Project Risk Response Strategy). Most Project Managers (and other professionals) deal with a problem when it comes. But it does not mean that it is a good Strategy. In fact, it is not even one of the project risk response strategies.

I believe Risk Management (essentially Project Management) should be proactive and preemptive rather than reactive.


Then, Why do most Project Managers follow Reactive Risk Response Strategies?

The answer is simple.

If a PM identifies & reports Project Risks, she/he is thought be inefficient, feeble & incompetent.

If a PM manages risks well (identifies, prioritizes, plan, responds & controls) and succeeds, then she/he is not appreciated & rewarded. It is believed that PM succeeded as the project was very simple.

Lastly, if a PM overcomes innumerable problems (that may have been partially caused as PM was not being proactive) against a few odds then she/he is treated as a Superhero.

Alas! This is the plain truth of Corporate Life.


So, should you also employ a Reactive Strategy?

You should employ proper project risk response strategies and manage your projects proactively. In my opinion project success is paramount. Rest everything would follow.

Everyone must be proactive and do all they can to help themselves to stay employed.

Stephen Covey

I have written this article about threats and project risk response strategies for threats. If you are looking for project risk response strategies for the opportunities then you should read my other article.

Let us assume that a Project Manager has identified a few Project Threats. Let us discuss how different Project Risk Management Strategies would help the Project Manager in dealing with Project Threats. Let us also understand which strategy would be useful in which scenario.

Proactive Project Risk Management Strategy

PMBOK Guide defines 4 Risk Management Strategies that deal with Project Threats.

  • Avoid
  • Mitigate
  • Transfer
  • Accept

There are 2 important components of any Risk EventProbability and Impact. In order to deal with the Project Threats, you can act upon one or both of these components . Let us understand the 4 Project Risk Management Strategies in the context of Probability and Impact.



This strategy is adopted if you want to completely remove the possibility of a Project Threat. This is an absolute risk response strategy eliminates the uncertainty (Probability) associated with the Negative Risk Event. By adopting this strategy, you make sure that the Threat event will not occur – you take steps to make the Probability of the Negative Risk Event as 0. This usually involves changing the project plan to eliminate the Project Threat entirely.


  • Negotiate to remove the penalty clause from the contract
  • Reduce Project Scope to isolate the threat
  • As an extreme case terminate the Project

Equivalent Strategy for Opportunities – Exploit.



AS the name suggests, this strategy is adopted if you want to reduce the Probability (reduce the uncertainty) or the Impact or both associated with a Negative Risk Event. By employing this strategy one of the following 3 things might happen:

Probability of the Negative Risk Event decreases

Impact of the Negative Risk Event decreases

Both Probability and Impact of the Negative Risk Event decrease


  • Developing prototype early to reduce rework
  • Assigning work to more skilled person to reduce duration
  • Regularly take feedback from customer to reduce chances of rejection

Equivalent Strategy for Opportunities – Enhance.



This strategy is usually adopted if the Project Team does not have the capability or capacity to deal with a Project Threat. In this strategy complete or part of the Impact is shifted to an external organization. The responsibility and the Ownership of the response is transferred to the external organization. It is important to note that the external organization just takes the Management responsibility for the Threat – the Threat itself is not eliminated. In this strategy the Project Team may pay a premium to the external organization that is assuming the Threat. As a result of this strategy, the Impact of the Negative Risk Event is Transferred but the Probability might not change.


  • Buying insurance and transferring the cost impact to insurance company
  • Hiring a sub-contractor

Equivalent Strategy for Opportunities – Share.



This strategy is adopted if the Project Manager does not want to actively deal with a Project Threat. This is really a “Do Nothing” Strategy. The Impact of the Negative Risk Event is Accepted if and when it comes. By employing this strategy project plan is not changed and no change happens to either Probability or Impact of the Negative Risk Event.

Equivalent Strategy for Opportunities – Accept.


Do you think change in PMP Exam is an Opportunity or a Threat? If you consider it as an Threat, how are you dealing with it? Please leave a comment.

You can refer to Max Wideman Glossary to read some standard definitions on Project Risk.

Similar Posts


Leave a Reply

Your email address will not be published.