“How to Mitigate Project Risks: Risk Mitigation Starter Kit, Examples, and Tips From the Experts” on Smartsheet, October 27, 2002
Types of Project Risk Mitigation Processes
Applying a risk mitigation strategy to each risk may help proactively address risk events. Alan Zucker, Founding Principal at Project Management Essentials, says, “Reducing, mitigating, or controlling the risk may be the most commonly used response strategy because avoiding the risk or transferring it to another party may not be feasible.”
Zucker shares an example of failed risk mitigation from his experience with software project management. “A new software application project required a new server to run in production,” he says. “The team knew this. However, the team did a bad job mitigating the project risk, and the project was delayed because a server was not purchased and configured in time. This was a relatively easy risk to manage. The risk statement would have been: if a new server is not purchased and configured by the release date, then the release may be delayed. The impact of this risk would have been high. Initially, the likelihood would have been low because there was plenty of time to address the threat, but as the project progressed, the likelihood of the risk impacting the release increased.”
Zucker proposes these risk mitigation strategies that the team could employ to reduce the impact of the risk on this project:
- Accept the Risk: “Establish time-based triggers so that at various points in the project, the lack of progress on procuring and configuring the new server will escalate,” he says.
- Reduce the Risk: “Reconfiguring existing lower environments to production or hosting the application with another could reduce the likelihood and impact of not having a new server,” explains Zucker.
- Transfer the Risk: “Move the application to the cloud,” he suggests. “The risk of running the app would then be on the service provider.”