Plan Risk Responses

Sensei Short Scroll 24 Planning Process Group

Plan Risk Responses

Introduction: Why This Matters

Identifying and analyzing risks only adds value if you take action. The Plan Risk Responses process develops strategies and actions to address risks, both threats and opportunities. It keeps the team proactive instead of reactive when uncertainty shows up.

On the PMP exam, this process appears often in situational questions that ask which response strategy is most appropriate. In practice, strong risk response planning reduces surprises, protects project objectives, and helps you capture opportunities that add real value (Project Management Institute, 2021).

Purpose and Objectives

Primary Purpose: Define actions that reduce threats and enhance opportunities so the project can meet its objectives.

Key Objectives:

  • Select appropriate response strategies for threats and opportunities.
  • Assign risk owners who are accountable for implementing responses.
  • Integrate responses into project baselines and subsidiary plans.
  • Document responses clearly in the risk register.
  • Increase the probability of project success by addressing risks proactively.

Overview

Plan Risk Responses takes the prioritized risks from analysis and turns them into concrete actions. It links each major threat or opportunity to a clear strategy, a risk owner, and changes to the project plan.

  • What it focuses on: Choosing and documenting the best response strategy for each key risk.
  • When it is used: After risk identification and analysis, and revisited throughout the project.
  • How it helps: Keeps the project team ahead of risks instead of chasing problems.

Inputs, Tools and Techniques, Outputs (ITTOs)

Inputs

  • Risk management plan.
  • Risk register with prioritized risks and analysis.
  • Risk reports with qualitative and quantitative results.
  • Stakeholder register.
  • Enterprise environmental factors.
  • Organizational process assets.

Tools and Techniques

  • Strategies for threats: Avoid, Mitigate, Transfer, Accept.
  • Strategies for opportunities: Exploit, Enhance, Share, Accept.
  • Contingent response strategies: Pre planned actions triggered by warning signs.
  • Expert judgment: Subject matter experts, risk managers, PMO.
  • Interpersonal skills: Facilitation, negotiation, conflict resolution.
  • Data analysis: Alternatives analysis, cost benefit analysis.

Outputs

  • Risk register updates with strategies, risk owners, and response actions.
  • Project management plan updates such as schedule, cost, quality, and procurement plans.
  • Project document updates where needed.

Characteristics

  • Action oriented: Converts analysis into specific tasks and changes to the plan.
  • Ownership based: Every key risk has a named owner responsible for the response.
  • Balanced: Addresses both threats and opportunities, not just negative risks.
  • Integrated: Responses are woven into baselines, contracts, and communication plans.

Risk Response Strategies

For Threats (Negative Risks)

  • Avoid: Eliminate the threat or its cause. Example: Change scope to remove a risky feature or adjust the schedule to avoid a risky time window.
  • Mitigate: Reduce probability or impact. Example: Add extra testing or training to reduce the chance of defects.
  • Transfer: Shift ownership to a third party. Example: Purchase insurance, warranties, or performance bonds, or subcontract high risk work.
  • Accept: Take no proactive action. Active acceptance may include contingency reserves. Passive acceptance means simply monitoring.

For Opportunities (Positive Risks)

  • Exploit: Ensure the opportunity is realized. Example: Assign your best resources to a high value task to guarantee the benefit.
  • Enhance: Increase probability or impact. Example: Add marketing efforts to boost potential product adoption.
  • Share: Partner with a third party to maximize benefit. Example: Create a joint venture to co develop and share gains.
  • Accept: Take advantage if the opportunity occurs but do not actively pursue it.

Contingent Response Strategies

  • Defined “if then” actions that are triggered by risk events or warning signs. Example: If vendor delivery is delayed by more than two days, then switch to the backup supplier.

Practical Example

Context: An organization is migrating its infrastructure to the cloud.

Selected risks and responses:

  • Threat: Legacy applications may not integrate.
    • Response: Mitigate by performing early pilot testing and proof of concept integrations.
  • Threat: Vendor contract costs may increase mid project.
    • Response: Transfer by locking in a fixed price contract or price cap.
  • Opportunity: Cloud migration may enable early rollout of new analytics capabilities.
    • Response: Exploit by allocating additional resources to accelerate the analytics workstream.
  • Opportunity: Vendor offers a beta program with discounted pricing.
    • Response: Share by partnering closely with the vendor and internal stakeholders to co design the beta.

Outcome: By proactively planning responses, the project reduces potential delays and cost surprises while capitalizing on new cloud capabilities for additional value.

Common Pitfalls

Not assigning owners

  • Pitfall: Responses are listed, but no one is accountable for execution.
  • Prevention: Assign a clear risk owner for each response in the register.

Vague response actions

  • Pitfall: “Mitigate risk” with no clear steps or timeline.
  • Prevention: Define specific, measurable, and realistic measures.

Over reliance on acceptance

  • Pitfall: Too many risks are marked as “accept” by default.
  • Prevention: Use acceptance only when other strategies are not feasible or cost effective.

Ignoring opportunities

  • Pitfall: All attention is placed on threats while positive risks are overlooked.
  • Prevention: Intentionally identify and plan responses for opportunities.

Sensei Tip : Always assign a risk owner to each response. Ownership drives accountability and is a common clue on the PMP exam for whether the plan is strong enough.

Exam Alert : Many questions hide the answer in the keywords of the scenario. “Eliminate the risk” points to Avoid, “reduce probability” to Mitigate, “shift to a third party” to Transfer, and “guarantee the opportunity” to Exploit.

Exam Lens

Patterns on the PMP Exam:

  • Many situational questions ask which response is most appropriate for a given scenario.
  • Avoid means eliminate. Mitigate means reduce. Transfer means shift ownership. Accept means live with the risk while possibly holding a reserve.
  • Exploit versus Enhance: Exploit seeks to guarantee the opportunity. Enhance increases the probability or impact.
  • Contingent strategies are pre planned “if then” actions tied to triggers.

Sample Question

Question: A project has identified that a critical component may arrive late. The project manager arranges a contract with a logistics provider who guarantees on time delivery. What strategy is this?

  1. Mitigate
  2. Transfer
  3. Accept
  4. Avoid

Correct Answer: B. Transfer. The risk is shifted to a third party through a contract.

Quick Recap Table

Strategy Type Description Exam Watch Point
Avoid Eliminate the risk or its cause. Often requires scope or schedule changes.
Mitigate Reduce probability or impact. Commonly adds redundancy, testing, or safeguards.
Transfer Shift risk ownership to another party through contract or insurance. Does not remove the risk. Usually involves additional cost.
Accept No proactive action is taken. Can be active (with reserve) or passive (monitor only).
Exploit Ensure an opportunity definitely occurs. Usually involves assigning the best resources and priority.
Enhance Increase probability or impact of an opportunity. Often means more effort or resources to boost benefit.
Share Allocate ownership and benefit to a third party who can help realize the opportunity. Shows up as partnerships, alliances, or joint ventures.

Key Takeaways

  • Plan Risk Responses defines specific strategies for both threats and opportunities.
  • Assigning risk owners ensures accountability for implementing each response.
  • Contingent responses provide flexible “if then” actions when conditions change.
  • On the PMP exam, focus on keywords that signal the correct strategy in scenario questions.
  • In practice, proactive responses reduce uncertainty and increase the chance of project success.

Next Step

With risk responses planned, the next process is Plan Procurement Management, which defines how goods and services will be acquired from outside the organization to support project needs.

Bibliography

Project Management Institute. (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) (7th ed.). Project Management Institute.

Scroll to Top