4 Reasons why mitigating project risks could be the wrong strategy

by Sylvie Edwards

Mitigating project risks just may be the wrong strategy. With the release of the latest version of the PMBOK® Guide from the Project Management Institute (PMI®) comes a change to the response strategies that have been in use since risk was introduced as a knowledge area in the 1996 First Edition.

Throughout the last five releases, these strategies had remained the same, while most people still did not comprehend how to properly put them to use and tended to favor one above all the rest. We will attempt to demystify a bit around the risk resolution strategies that are available, going beyond mitigation.

Ask anyone, “What are you going to do about this risk if it were to occur?” and most will tell you that they will mitigate the risk. In my experience, during the process of planning for risk responses, mitigation is, in fact, the risk response strategy used over 80% of the time, wrongly or not.

Teaching risk management at a college level, I hear it all the time in a variety of forms.

  1. Where can I find a mitigation plan?
  2. How do I mitigate this or that risk?

My favorite one? The fact that we see a mitigation column in the risk register and not a response strategy column.

According to the PMBOK® Guide (6th Edition), there are five risk strategies for dealing with each threats and opportunities in risk management. In an article to follow in the near future, I will discuss the issue for most people with threat and opportunity recognition but for the time being, let’s look at threats and how mitigation fits in predominantly.

Mitigating risks could be the wrong strategy

RISK MITIGATION, risk assessments, risk mitigation strategies, risk events, types of risk mitigation, project management, risk interactions, risk assumption, possible risks, mitigating risk, risk control, evaluate risks, prioritize risks, effective risk management, risk mitigation activities, operational risk, identifying risk, risk monitoring, strategic risk, risk reduction, risk mitigation plans, alternative mitigation strategies, reputational risk, benefit future projects, potential risks, common risk mitigation strategies, risk mitigation examples, risk analysis, risk identification, early warning systems, mitigate risks, quantitative risk assessment, risk mitigation process, risk mitigation efforts, risk avoidance strategy, risk management process, risk acceptance, risk mitigation, mitigate risk, risk mitigation planning, risk avoidance, risk transfer, specific risk mitigation alternatives, risk mitigation strategy, risk mitigation plan, risk management, risk occurring, risk assessment,

Why? In dealing with risks that are a threat to your project, you could be missing these four other possible response strategies.

1. Escalate

Escalate has been added to this list with this new edition of the PMBOK® Guide and basically deals with risks that are out of the normal control of a project manager. This might have a greater impact than just to the project itself. This response was needed for risks that need to be escalated outside of the project, potentially beyond even the sponsor. Think of risks that could impact an entire organization stemming from a project having to be resolved or examined from a different perspective. This response strategy has become necessary as there is much more riding on projects now than there used to be, and the connection to the nervous system of an organization is often exposed. Think of privacy risks, reputational risks, and operational risks whereby they are not within a project manager’s role to make the decision. Escalation can be used in cases of both threats or opportunities.

The rest of the responses follow the introduction of risk as a knowledge area in the body of knowledge of 1996 or the First Edition of the PMBOK® Guide.

2. Avoid

In avoiding risks, teams typically try to eliminate the source or cause of the threat, therefore taking away what is often a large threat to the project. This does not mean that you are taking away all of the risk, you have avoided head-on confrontation which will often mean that you will have a lesser or different impact on the objectives.

3. Accept

In accepting the risk, the team looks at the impact and the work that would need to be done in order to deal with the risk and makes a passive or active decision around how to best keep control without too much work. One cannot accept high-level risks, which implies that risks that are accepted are within a defined threshold set by the organization around the risks.

4. Transfer

Transfer is a bit misunderstood if not explained properly and is often confused with sharing, which is used to deal with opportunity risks. Transfer is actually simple if you define it in this manner, strategy used to transfer the burden of a risk to another entity or group. Associated with transfer is buying of insurance, bonds, and “expertise” to ensure that we are covered for certain risks for which we could not otherwise be able to deal with. An issue that often occurs with the transfer of a risk is the fact that it will more than likely create a secondary risk by employing other resources and having to now manage those as part of your plan. Transferring risks can be a double-edged strategy where caution and control should be used.

5. Mitigate

Finally, we have the last strategy, mitigation. That word just flows off the tongue, doesn’t it? People seem to love to use mitigation for responding to risks so much so that they often neglect to look at other strategies that might be much more favorable to the project’s outcomes. Mitigation in real life is a common response strategy as it is meant to lessen either the impact or the probability of a risk which would be considered too high for the project. In some cases, mitigation is used first, followed by acceptance or transfer if the risk still needs to be responded to and dealt within a threshold-specific level.

So, from this short review of risk response strategies, I hope that you can go beyond mitigating everything in site and can propose some other ways to deal with risks on your project. Mitigation is nice, but it should get a day off once in a while, especially if other responses are available and applicable.


What is the PMBOK® Guide, and why is it important for project management?

The PMBOK® Guide is a framework for project management developed by the Project Management Institute (PMI®). It provides a standard set of practices, terminology, and guidelines for project management professionals to follow. It is important because it helps ensure consistency and quality across different projects and provides a common language and understanding for all project stakeholders.

What are the different risk response strategies available in project management?

According to the PMBOK® Guide, there are five risk response strategies for dealing with both threats and opportunities in risk management. These strategies are: mitigate, avoid, accept, transfer, and escalate.

What is the difference between transferring and sharing risk in project management?

Transferring a risk in project management involves transferring the burden of the risk to another entity or group, such as buying insurance or bonds. Sharing a risk, on the other hand, involves sharing the benefits of an opportunity with other stakeholders, such as forming a joint venture or partnership.

Why might mitigating project risks be the wrong strategy?

Mitigating project risks may be wrong because four other possible response strategies could be more appropriate in certain situations. These include avoiding, accepting, transferring, and escalating the risk. Project managers should consider all available response strategies and choose the one best suited for the particular risk and project context.

Similar Content:

You may also like