Page 371 -
P. 371
11 - PROJECT RISK MANAGEMENT
• Mitigate. Risk mitigation is a risk response strategy whereby the project team acts to reduce the
probability of occurrence or impact of a risk. It implies a reduction in the probability and/or impact of an
adverse risk to be within acceptable threshold limits. Taking early action to reduce the probability and/or
impact of a risk occurring on the project is often more effective than trying to repair the damage after the
risk has occurred. Adopting less complex processes, conducting more tests, or choosing a more stable
supplier are examples of mitigation actions. Mitigation may require prototype development to reduce the
risk of scaling up from a bench-scale model of a process or product. Where it is not possible to reduce
probability, a mitigation response might address the risk impact by targeting linkages that determine the
severity. For example, designing redundancy into a system may reduce the impact from a failure of the
original component.
• Accept. Risk acceptance is a risk response strategy whereby the project team decides to acknowledge
the risk and not take any action unless the risk occurs. This strategy is adopted where it is not possible
or cost-effective to address a specific risk in any other way. This strategy indicates that the project
team has decided not to change the project management plan to deal with a risk, or is unable to identify
any other suitable response strategy. This strategy can be either passive or active. Passive acceptance
requires no action except to document the strategy, leaving the project team to deal with the risks as
they occur, and to periodically review the threat to ensure that it does not change significantly. The 11
most common active acceptance strategy is to establish a contingency reserve, including amounts of
time, money, or resources to handle the risks.
11.5.2.2 Strategies for Positive risks or opportunities
Three of the four responses are suggested to deal with risks with potentially positive impacts on project objectives.
The fourth strategy, accept, can be used for negative risks or threats as well as positive risks or opportunities. These
strategies, described below, are to exploit, share, enhance, and accept.
• Exploit. The exploit strategy may be selected for risks with positive impacts where the organization wishes
to ensure that the opportunity is realized. This strategy seeks to eliminate the uncertainty associated with
a particular upside risk by ensuring the opportunity definitely happens. Examples of directly exploiting
responses include assigning an organization’s most talented resources to the project to reduce the time
to completion or using new technologies or technology upgrades to reduce cost and duration required to
realize project objectives.
©2013 Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide) – Fifth Edition 345
®
Licensed To: Jorge Diego Fuentes Sanchez PMI MemberID: 2399412
This copy is a PMI Member benefit, not for distribution, sale, or reproduction.
