Risk Response Strategies for Threats
Risk response strategies for threats are the five approaches available to address negative risks: avoid, mitigate, transfer, accept, and escalate. Each strategy aims to reduce the probability, impact, or exposure of a threat.
Explanation
When responding to threats, the project manager selects from five strategies. Avoid eliminates the threat by changing the project plan. Mitigate reduces the probability or impact to an acceptable level. Transfer shifts the negative impact to a third party (e.g., insurance or contracts). Accept acknowledges the risk without proactive action, either passively or with a contingency reserve. Escalate moves the risk to a higher authority when it falls outside the project scope.
The choice of strategy depends on the risk's probability, impact, cost of the response, timing, and stakeholder risk appetite. High-priority threats often warrant avoidance or mitigation, while lower-priority threats may be accepted. Transfer is common for financial risks through insurance, bonds, or fixed-price contracts.
After selecting a strategy, the risk register is updated with the chosen response, the risk owner, trigger conditions, contingency and fallback plans, and any secondary risks introduced by the response itself.
Key Points
- •Five strategies: Avoid, Mitigate, Transfer, Accept, Escalate
- •Avoid eliminates the threat; Mitigate reduces probability or impact
- •Transfer shifts impact to a third party; Accept takes no proactive action
- •Escalate moves risks outside project scope to higher authority
Exam Tip
Memorize all five threat strategies. A common exam trap is to offer "Eliminate" as an option—the correct term is "Avoid."
Frequently Asked Questions
Related Topics
Avoid (Risk Strategy)
Avoid is a threat response strategy that eliminates the threat by changing the project management plan to remove the risk entirely, protect the project objectives, or relax the objective that is at risk.
Mitigate (Risk Strategy)
Mitigate is a threat response strategy that reduces the probability of occurrence and/or the impact of a threat to within acceptable limits. The risk is not eliminated but brought to a manageable level.
Transfer (Risk Strategy)
Transfer is a threat response strategy that shifts the negative impact and ownership of a threat to a third party. The risk is not eliminated but the responsibility for managing it moves to another entity.
Accept (Risk Strategy)
Accept is a risk response strategy where the project team acknowledges a risk but takes no proactive action to address it. Acceptance can be passive (do nothing) or active (establish a contingency reserve or plan).
Escalate (Risk Strategy)
Escalate is a risk response strategy used when a risk is outside the scope or authority of the project team. The risk is transferred upward to a program, portfolio, or organizational level where it can be effectively managed.
Plan Risk Responses
Plan Risk Responses is the process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure and to treat individual project risks.
Test your knowledge
Practice scenario-based questions on this topic with detailed explanations.