Risk response

From CEOpedia | Management online
Risk response
See also

Risk response is a stakeholder's action towards identified risks and is an elementary step in the risk management process. It involves developing strategic options to enhance opportunities and weaken threats resulting from the occurrence of risk. The main purpose of risk response is to control already occurring risks by determining ways to avoid or reduce impact of any threats resulting from existence risks or to take advantage of potential opportunities caused by these risks. Risk response is step of risk management preceded with specifically prepared risk analysis. Each risk response needs to be documented in the risk register (which is describing both risk response categories and actions, risk description, probability, impact and proximity) and agreed on with stakeholders. Project manager is obligated to prepare the risk response plan to each of identified responses, monitor it or to delegate application of the response to subordinate (risk owner).

Risk response process consists of actions that should be taken to bring the situation to a stage, where the risk exposure level is acceptable for a given organization. It refers to planning and implementing stages. Proper response is constructed based on the risk type, assessment and stakeholder's approach to a given risk, by taking into account costs of implementing the response and its probability and impact.

Risk response categories

Risk responses have been classified in PRINCE2 methodology into two main categories, depending on whether the risk was identified as a threat or an opportunity.

With reference to opportunities, listed risk response categories are:

  • avoid
  • reduce
  • transfer
  • fallback
  • accept

With reference to threats, possible categories are:

  • exploit
  • enhance
  • reject

The common category for both threats and opportunities is ’’’share’’’ which stands for sharing profits and losses depending on the costs incurred on both sides.

Opportunity responses

Avoid stands for updating such aspects of the project as scope or activities sequence in order to bypass some risks. As a result, threats will either stop having impact on the project, or may no longer exist.

Reduce actions that are taken proactively in order to decrease probability of threat occurrence by conducting a certain form of control or to decrease the threat event impact.

Transfer category of reactions to a threat, where a third party partner assumes responsibilities for a part of the financial implications which are arising from the effects of that threat (for instance through insurance). Usually implicated to financial scope of risks and it can be used only to reduce financial impact of these risks.

Fallback or contingency is a reactive form of risk response in which there is fallback plan prepared in case of the risk is being materialized. The fallback plan contains actions that need to be taken in order to reduce the threat effects. Fallback response has no influence on the risk threat probability.

Accept the essence of accepting the threat is to take the decision of the lack of response to a threat in some cases and staying with monitoring the threats impact and making sure that it is still on the eligible level. Decision of accepting the risk is based on the premise, that abstaining from doing any action is more economically favorable than actioning to counteract the given risk. Important aspect here is that the decision needs to be taken consciously and deliberately.

Threat responses

Exploit (usage) is risk response related to taking advantage of opportunity and making sure that the opportunity is going to happen and that its potential will be utilized in the efficient way.

Enhance proactive risk response in order to undertake actions to increase the probability of the opportunity occurring or to increase its impact in the case the opportunity has already occurred.

Reject reaction to a risk consisting in not exploiting or enhancing the opportunity due to economical premises. It means that taking any action in order to strengthen that opportunity would be not profitable enough to the organization, but it still needs to be monitored. The decision of rejecting given opportunity needs to be taken consciously and deliberately.


Author: Natalia Kobos