Chapter 10. Project Risks

10.5 Developing and Implementing Risk Responses

After the risks are identified, described, and assigned to a team member to keep track, and their probability and impact scores are produced, hence risks are prioritized, the project team can continue with planning the risk responses. Which strategy and the action does the team have in order to respond to the risk’s negative or positive impact? These strategies depend on factors such as whether the risk is negative or positive, and its severity or significance. Project managers can utilize mathematical optimization models or real options analysis as a basis for a more robust economic analysis of alternative risk response strategies in projects with a greater complexity[1].

10.5.1    Strategies Developed for Negative Risks (Threats)

The project team responds to negative risks in various ways:

  1. Escalation
  2. Avoidance
  3. Transfer
  4. Mitigation
  5. Acceptance

Each of these responses can be an effective tool in reducing individual risks as well as the overall risk profile of the project. The risk response plan captures the risk management approach for each identified risk event and actions the project management team will take to manage the risk.

Escalation is implemented when the threat is outside of the scope of the project, and it is beyond the project manager’s control, that is the project manager isn’t capable of developing and implementing a response to this threat. Therefore, project manager should escalate the risk to a higher authority such as project sponsor, project steering committee, or the client. If there is a resource conflict with another project in our organization, it would be a wise move to escalate this issue to the sponsor or top management so that it can be solved at the program or portfolio level, or at the organizational level. Risks or issues related to project objectives, resource and inter-group conflicts, ambiguous roles and responsibilities, scope disagreements, third party dependencies are some known situations calling for escalations. Such issues require higher level intervention because many times the authority, decision making, resources or effort required to resolve them are beyond a project manager’s horizon. At times, the project manager may want to involve higher authorities for information-only escalations to keep them abreast of potential issues in the project. Escalation should be treated as a professional act and should be done in an effective way. Project managers should escalate timely if something is blocking the project and is beyond the project manager’s control. One should not hesitate to escalate within the performing organization and in the client’s organization as well. A proactive escalation and risk communication is far better than unpleasant surprises requiring costly fixes to the project[2].

Risk avoidance usually involves developing an alternative strategy with a higher probability of success, but, usually, the associated cost of task completion also becomes higher. A common risk avoidance technique is using proven and existing technologies rather than adopting new techniques, even though the new techniques may show promise of better performance and/or lower costs. A project team may choose a vendor with a proven track record over a new vendor that is providing significant price incentives to avoid the risk of working with a new vendor. Alternatively, a project team that requires drug testing for team members is practicing risk avoidance by attempting to evade damage done by someone under the influence.

Risk mitigation is a response to a risk that cannot be avoided or if it is unwise to avoid it (due to risk avoidance strategies being too expensive, too time-consuming, etc.). In this case, the project team is attempting to reduce the likelihood and impact of a risk. For instance, assigning highly skilled resources to an activity or performing more tests to detect irregularities and problems reduces the likelihood and impact of errors occurring. In product development projects, teams can develop prototypes to mitigate the risks by obtaining early feedback on requirements by providing a model of the expected product before actually building it. These prototypes can be small-scale products, computer generated 2D and 3D models, mock-ups, or simulations[3].

Risk transfer is a risk reduction method that shifts the ownership of a threat from the project to another party. The purchase of insurance on certain items is a risk-transfer method. The risk is transferred from the project to the insurance company by paying a risk premium to another party that takes on the risk. A construction project in the Caribbean may purchase hurricane insurance that would cover the cost of a hurricane damaging the construction site. The purchase of insurance is usually connected to risks that can significantly impact the project while being out of the project team’s control, such as weather, accidents, sharp fluctuations in currency, political unrest, and labor strikes. Using performance bonds, warranties and guarantee, and establishing agreements are also considered as responses to transfer the risks.

The fifth strategy, risk acceptance, involves doing nothing in response to the risk. The acceptance response is a good one when the likelihood and impact of a risk are low. In some cases, little else can be done about the risk, leading to acceptance being the only feasible option. When this response is chosen, an active strategy to deal with the risk would be to establish a contingency reserve that includes funds, time and/or resources to handle the threat.

10.5.2    Strategies Developed for Positive Risks (Opportunities)

As previously mentioned, positive risks (opportunities) are uncertainties that, if materialized, will have a positive impact on the project. The strategies to deal with positive risks can be listed as follows:

  1. Escalation
  2. Exploitation
  3. Sharing
  4. Enhancing
  5. Acceptance

Escalation of positive risks has the same process as is for negative risks. When the client tells the project manager that they are considering adapting the product for a different market and asks if we are interested in bidding for the work, we can escalate this opportunity to the project sponsor[4]. Another escalation strategy can be implemented when a team member identifies an opportunity to create a new value stream for the business. This opportunity is escalated for senior management attention[5].

Risk exploitation can be considered analogous to risk avoidance strategy in negative risks. Risk exploitation strategy attempts to eliminate the uncertainty and ensure the occurrence of the opportunity. An example of this could be pursuing a bonus that is available only if an activity is completed early. In this case, the project team will reallocate resources in order to ensure the activity finishes early and the bonus is obtained. Project managers can use new technologies or technology upgrades to reduce cost and duration by means of this strategy.

Risk-sharing can be considered analogous to risk transfer strategy in negative risks. It involves partnering with others to share responsibility for the risk. Partnering with another company via risk-sharing partnerships or joint ventures to share the risk is advantageous when the other company has the expertise and experience that the project team lacks. This increases the likelihood of the opportunity materializing and, if it does, both organizations share the gains.

Risk enhancement can be considered analogous to risk mitigation strategy in negative risks. This strategy attempts to increase the probability and/or impact of an opportunity. However, it does not seek to ensure its occurrence. Project teams need to focus on the causes of an opportunity to take the advantage of it. For one component of our project, we were aware of that an investor is interested in the deliverables of this component since their non-profit organization can benefit from them. We can communicate with this investor and their non-profit organization to learn more about their objectives.

The fifth strategy is the risk acceptance which is also used for negative risks. This risk strategy involves doing nothing in response to the positive risk (opportunity). This acceptance response is a good one when the likelihood and impact of a risk is low, or taking action is too costly or it needs a disproportionate amount of effort compared to the size of the work in the project and the benefit we can have. For example, for an activity, we want to have two highly-skilled engineers who work at another project. If we can convince them, we believe that we can have a better quality in our new product development, and we can finish this activity earlier. However, their project manager isn’t willing to release them since they are key people in that project. Thus, we just accept this risk, and decide to do nothing.

10.5.3    Contingency Plan

The project risk plan balances the investment of the risk response implementations against the benefit for the project. The project team often develops an alternative method for accomplishing a project goal when a risk event has been identified that may frustrate the accomplishment of that goal. These plans are called contingency plans. The risk of a truck drivers’ strike may be mitigated with a contingency plan that uses a train to transport the needed equipment for the project. If a critical piece of equipment is late, the impact on the schedule can be mitigated by making changes to the schedule to accommodate a late equipment delivery.

Contingency funds are funds set aside by the project team to address unforeseen events that cause the project costs to increase. Projects with a high-risk profile will typically have a large contingency budget. Although the amount of contingency allocated in the project budget is a function of the risks identified in the risk analysis process, contingency is typically managed as one line item in the project budget.

Some project managers allocate the contingency budget to the items in the budget that have high risk rather than developing one line item in the budget for contingencies. This approach allows the project team to track the use of contingency against the risk plan. This approach also allocates the responsibility to manage the risk budget to the managers responsible for those line items. The availability of contingency funds in the line item budget may also increase the use of contingency funds to solve problems rather than finding alternative, less costly solutions. Most project managers, especially on more complex projects, manage contingency funds at the project level, with approval of the project manager required before contingency funds can be used.

  1. Project Management Institute. (2017). A guide to the Project Management Body of Knowledge (PMBOK guide) (6th ed.). Project Management Institute.
  2. Retrieved from,the%20client's%20organization%20as%20well.
  3. Project Management Institute. (2017). A guide to the Project Management Body of Knowledge (PMBOK guide) (6th ed.). Project Management Institute.
  4. Retrieved from
  5. Retrieved from


Icon for the Creative Commons Attribution-NonCommercial 4.0 International License

Project Management by Abdullah Oguz is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted.

Share This Book