11.5 Plan Risk Responses

"The process of developing options and actions to enhance opportunities and to reduce threats to project objectives."

The definition shown above in italics is taken from the Glossary of the Project Management Institute, A Guide to the Project Management Body of Knowledge, (PMBOK® Guide) – Fifth Edition, Project Management Institute Inc., 2013

Project Management Institute, A Guide to the Project Management Body of Knowledge, (PMBOK® Guide) – Fifth Edition, Project Management Institute Inc., 2013 Figure 11-18 Page 342


Identify suitable response actions to address the risk. Each response action should be:

  • Appropriate
  • Cost effective
  • Realistic
  • Agreed by all parties concerned
  • Owned by a responsible person

Threat Risk Response Types


  • Taking actions now to prevent the risk event from happening – stay with old/existing supplier; cancel project


  • Attempts to reduce the probability or impact of a potential risk event to an acceptable threshold level, by taking some action now – improve staff skills sets by cross training; additional testing; more experienced staff


  • Shifts the impact of a risk event and ownership of the risk response to a third party; – insurance; guarantees; warranties


  • Monitoring the risk and doing nothing about it
    • Passive – doing nothing at all
    • Active – Contingency Plan with contingent risk responses – requires a Contingency Reserve for known-unknowns

Opportunity Risk Response Types


  • Often used when a project team wants to make sure that a positive risk is fully realized; e.g. give an extra bonus


  • Attempts to increase the probability that an opportunity will occur; e.g. add more resources


  • Form a partnership with another party to give your team the best chance of seizing the opportunity; responsibility and benefit is shared


  • Involves taking advantage of the opportunity when it happens, but not actively trying to make it happen

A work around (according to PMBOK) is a response to a threat that hasn‟t been identified before –

  • An unknown-unknown versus known-unknowns
  • Not a contingency plan action

Other Risk Terms

Fallback Plan – your Plan B

  • Is developed and actioned when the risk strategy is not fully effective – changing project scope; reverting to “the old technology”; developing alternatives

Inherent, Residual and Secondary

  • Inherent Risk – the risk identified originally
  • Residual – the risk remaining after one or more mitigation actions have been taken
  • Secondary – the new risk identified which only arises as a result of the mitigation action taken

Risk Related Contract Decisions

  • When the selected Risk Response Strategy requires third parties to (help) address the risk, there may be a need to put this involvement in a contract
  • professional indemnity insurance; bonding for contractors; formal transfer of risk handling responsibility to the third party/parties
  • Recorded in the Risk Register


Firebrand Training grants you a personal, non-exclusive, non-transferable license to access and use the site. You may download or print material from the site only for your own personal, non-commercial use. Read our full terms and conditions on https://firebrand.training/uk/learn/terms-and-conditions.