Risk management is the process of identifying risks, analyzing
them to see which ones are the most important, responding to the risks and then
monitoring risks throughout the project. When considering how to respond to risk,
most people immediately think about ways to make sure that the risk event does
not happen. After all, risks are bad, right? So, you would normally want to put
a plan in place to make sure that the risk does not occur. But you actually
have five choices for responding to risks. Here they are:

  • Leave
    it. In this approach, the project manager looks at the risk and decides to
    do nothing. This can happen for one of three reasons. You may decide that
    the potential impact of the risk on the project is not substantial enough
    to require a risk response. You may feel that the negative impact of the risk
    is not worth the cost and effort required to manage the risk. You may
    determine there may not be any reasonable and practical activities
    available to manage the risk. For instance, it’s possible that there is a
    risk of your sponsor leaving and a new sponsor canceling the project.
    However, you may not be in a position to do much about it as long as the
    current sponsor is in place, and you may just need to leave it and see how
    events play out.
  • Tips in your inbox

    Looking for expert IT project management? Get the help you need from TechRepublic’s free Project Management newsletter, delivered each Wednesday.

    Automatically sign up today!

  • Monitor
    it. In this case, the project manager doesn’t proactively manage the risk,
    but monitors it. This is also a good approach if you have identified a
    risk that should be managed, but the risk event is far off in the future.
    For instance, if your risk event is nine months in the future, it may not
    make sense to spend resources to manage the risk at this time. It’s
    possible that over time the risk will go away because of other circumstances.
    However, if it doesn’t go away, the team will still need to manage the
    risk later in the project.
  • Avoid
    it. Avoiding the risk means that the condition causing the problem is
    eliminated. For instance, risks associated with a particular vendor might
    be avoided if another vendor is used instead. This is a very effective way
    to eliminate risks but obviously can be used only in unique circumstances.
  • Move
    it. In some instances, the responsibility for managing a risk can be
    transferred to a third party. For instance, outsourcing a function to a
    third party might eliminate that risk for the project team. The third
    party might have particular expertise that allows them to do the work
    without the risk.
  • Mitigate
    it. In most cases, this is the approach to take. Mitigating the risk means
    that you put in place a set of proactive steps to ensure that the risk does
    not occur, or, if the risk does occur, to ensure the negative impact to
    your project is minimized.
  • The
    project manager, client and project team can all work together to
    determine the most appropriate approach for responding to each risk. The
    key is to identify and respond to each significant risk.