3170 Registered Users
Skip Navigation LinksHome > ITTO Section > Project Risk Management > Plan Risk Responses


- This process deals with developing risk responses for the risks identified in the risk register. It mainly deals with developing responses for contingent risks (known-unknowns).
- The idea of this process is to develop strategies to increase the opportunities (positive risks) and reduce the probability and impact of threats (negative risks).
- Risks include both threats and opportunities.
- While developing the risk responses, each risk response must have a owner assigned.
- A Fallback plan is usually implemented when a selected risk strategy turns not to be fully effective or an accepted risk occurs.
- Secondary risks occur after implementing a risk response. In other words, they are actually a result of implementing the risk response.
- Residual risks are risks that are left out after implementing the response, they usually have minor impact but need to be monitored.
- As a result of developing responses, the PM Plan and other project documents like schedule undergo an update due to impacts to cost and schedule baselines.


- Risk Register: The list of identified risks to be planned for responses.
- Risk management Plan: How should the plan risk responses process be carried out.

Tools & Techniques

- Strategies for positive risks or opportunities: How to increase the probability of positive risks. Here are the different types of strategies:
> Exploit: This is about utilizing the risk knowing that it is positive.
> Enhance: While exploit is about using the positive risk as it is and just increasing the chances for it to occur, enhance is to increase the probability and impact of the risk to gain the maximum out of it.
> Share: All parties involved, gain out of the partnership.
> Accept: While exploit or enhance involves taking some measure to use the opportunity, accept is about just doing nothing to pursue the opportunity but just accept.
- Strategies for negative risks or threats: How to decrease the probability or impact of negative risks. Here are the different strategies:
> Avoid: Usually used in case of risks with high impact. Examples include extending the schedule, changing the project objectives, reducing the scope or shutting down the project as such.
> Transfer: Shifting the risk totally to a third-party usually by paying a risk premium. Examples include insurance, contracts etc.
> Mitigate: Providing a response that will reduce the probability or impact or both of the risk. The idea here is to provide a solution that will negate the effect of the risk.
> Accept: Used in case of both positive and negative risks. Usually used in case of negative risks when the response can be planned at the point when the risk occurs or when there is no response available. Two types-
-> Active Acceptance: Usually has a contingency reserve allocated to use resources when the risk occurs.
-> Passive Acceptance: Leave the project team to handle the risk when it occurs.
- Contingent Risk Response Strategies: Develop response for all the identified risks in risk register. They have certain triggers to take not of before applying the strategy.
- Expert Judgment: Use risk analysts or risk experts if need be to develop effective strategies.


- PM Plan Updates: Changes to PM plan while developing responses to increase opportunities and decreasing the threats.
- Project Document Updates: Updates to Schedule or other documents while developing responses. Updates to the risk register can include the following among others -
> Risk owners and responsibilities
> Trigger Conditions

Match the Following

1. Exploit - a. Both Positive and Negative Response
2. Accept - b. Left-over risk
3. Enhance - c. Partner Benefit
4. Mitigate – d. Increase Chances
5. Share – e. Increase Probability and Impact
6. Residual Risk – f. Reduce Probability and Impact

Match the Following (Answers)

1. Exploit - d. Increase Chances
2. Accept - a. Both Positive and Negative Response
3. Enhance - e. Increase Probability and Impact
4. Mitigate – f. Reduce Probability and Impact
5. Share – c. Partner Benefit
6. Residual Risk – b. Left-over risk