Risk events may be classed as threats or opportunities. In each case there are four possible responses to a risk event.
Avoiding a threat means making changes to the project’s objectives or means of achieving them so that the risk can no longer have any affect.
This involves transferring all or part of the impact of the threat to a third party. A simple example of this is taking out insurance. A risk-sharing contract with a supplier is another example.
The reduction of a threat could be aimed at reducing the chance that it will occur or reducing the impact it would have if it did occur. For example: improving the specification of a component reduces the chance that it will fail. Introducing a second backup component reduces the impact of failure.
Passive acceptance of a threat is where there is nothing that can be done or, because the threat is small, it isn’t worth taking any action. While acceptance may mean that there is no proactive response to affect the probability or impact but a contingency plan may be developed that can be implemented if it does happen.
If new technology becomes available it may be possible to realign the project to take advantage of it and gain greater benefits as a result. This is ‘exploiting’ the opportunity.
Sharing an opportunity with a supplier or joint venture partner may be best where the combined skills or financial resources of the partnership are better able to realise the opportunity than either may be able to on their own.
The enhancement of an opportunity could be aimed at increasing the chance that it will occur or increasing the positive impact it would have if it did occur.
If the opportunity is too costly or uncertain it may simply be rejected.
The choice of response will be influenced by a probability/impact assessment.