Risk Response
DE: Risikoreaktion
Strategies developed to address project risks effectively.
Detailed Explanation
Risk responses are strategies for addressing project risks. For threats (negative risks): Avoid (eliminate the threat), Transfer (shift impact to a third party), Mitigate (reduce probability or impact), or Accept (acknowledge and do nothing proactive). For opportunities (positive risks): Exploit, Share, Enhance, or Accept.
The choice of response strategy depends on the risk's probability, impact, cost of the response, and the organization's risk appetite. Not all risks warrant active responses — low-probability, low-impact risks may be accepted with monitoring.
Each risk response should be assigned to a risk owner, documented in the risk register, and include both a primary strategy and a fallback plan. Responses themselves can introduce secondary risks that need to be analyzed and managed.
Key Points
- Threats: Avoid, Transfer, Mitigate, Accept
- Opportunities: Exploit, Share, Enhance, Accept
- Response choice depends on probability, impact, cost, and risk appetite
- Each response needs a risk owner and documentation
- Include fallback plans for critical risks
- Responses may introduce secondary risks
Practical Example
Risk: 'Server hardware failure during launch.' Response strategy: Transfer — purchase cloud hosting with 99.99% SLA instead of self-hosting. This transfers the hardware risk to the cloud provider at a known monthly cost. Fallback: if cloud provider fails, activate disaster recovery on a secondary provider within 4 hours.
Tips for Learning and Applying
Match the response cost to the risk impact — do not overspend on low-impact risks
Always have a fallback plan for high-impact risks
Analyze secondary risks created by your response strategies
Review response effectiveness at regular risk review meetings
Want to Master These Concepts?
Our courses cover all these terms in depth with practical examples and exercises.