Risk Response Strategies

Risk Response Strategies: A Comprehensive Guide for PMI-RMP

What are Risk Response Strategies?

Risk Response Strategies are systematic approaches used to deal with identified risks in a project. They form a critical component of the risk management process outlined in the PMI-RMP (Risk Management Professional) certification. These strategies define how an organization plans to address each risk based on its probability and impact.

Why Risk Response Strategies are Important

Effective risk response strategies are essential because they:

• Transform risk identification and analysis into practical actions
• Help optimize resource allocation based on risk priorities
• Provide clear direction to the project team on how to manage risks
• Increase the likelihood of project success by proactively addressing threats and opportunities
• Create accountability by assigning risk owners to specific response actions

The Four Primary Threat Response Strategies

1. Avoid - Eliminating the threat by changing the project plan or approach. Examples include changing scope, extending the schedule, or altering objectives.

2. Transfer - Shifting the impact and ownership of the threat to a third party. Common methods include insurance, performance bonds, warranties, and contracts.

3. Mitigate - Reducing the probability and/or impact of a threat to bring it within acceptable thresholds. This involves taking early action rather than dealing with consequences later.

4. Accept - Acknowledging the risk but deciding not to take any action unless the risk occurs. Acceptance can be:
• Active: Creating a contingency reserve (time, money, resources)
• Passive: No proactive action taken

The Four Primary Opportunity Response Strategies

1. Exploit - Ensuring the opportunity definitely happens by eliminating uncertainty associated with it.

2. Share - Allocating ownership of an opportunity to a third party best positioned to maximize its probability of occurrence or increase its potential benefits.

3. Enhance - Increasing the probability and/or positive impact of an opportunity.

4. Accept - Being willing to take advantage of an opportunity if it arises, but not actively pursuing it.

How to Implement Risk Response Strategies

1. Review identified risks and their priority rankings from your risk register
2. Select appropriate strategies based on the nature of each risk (threat or opportunity)
3. Develop specific action plans for implementing each strategy
4. Assign risk owners responsible for executing response plans
5. Determine triggers that will activate contingency plans
6. Establish metrics to measure the effectiveness of responses
7. Document all strategies in the risk register
8. Update project documents to reflect changes caused by risk responses

Risk Response Planning Considerations

• Cost-benefit analysis should justify each response strategy
• Responses should be appropriate to the significance of the risk
• Responses must be realistic within project constraints
• Responses should be agreed upon by all necessary stakeholders
• Each risk may require multiple response strategies
• Secondary risks resulting from responses must be identified and managed

Exam Tips: Answering Questions on Risk Response Strategies

• Know the vocabulary precisely - Understand the exact definitions of avoid, transfer, mitigate, accept (for threats) and exploit, share, enhance, accept (for opportunities)

• Recognize scenario indicators - Practice identifying which strategy is being described in a scenario-based question:
- "Eliminate the possibility" suggests Avoid
- "Insurance policy" suggests Transfer
- "Reduce likelihood" suggests Mitigate
- "Set aside funds" suggests Active Acceptance
- "Do nothing now" suggests Passive Acceptance

• Understand strategy selection factors - Be familiar with when each strategy is most appropriate based on:
- Risk severity (probability × impact)
- Organization's risk appetite
- Available resources
- Time constraints

• Remember strategy combinations - Multiple strategies can be applied to a single risk

• Pay attention to context - The same action might represent different strategies in different situations

• Focus on secondary risks - Exam questions often test your awareness that implementing a response can create new risks

• Distinguish between similar concepts - Be clear on differences between:
- Risk acceptance vs. risk ignorance
- Risk transfer vs. risk sharing
- Risk mitigation vs. risk avoidance

• Remember the flow of the process - Risk response planning comes after identification and analysis but before implementation

When taking the PMI-RMP exam, read each question carefully and look for keywords that point to specific strategies. Always consider whether the risk described is a threat or opportunity, as this determines which set of strategies applies.