Risk management strategies

Risks play a crucial role in any planning, because recognizing and avoiding risks is often the reason for the success or failure of a project, in any field.  Therefore, it is important to know how to avoid them, or at least how to identify and control them. There are many different risk management strategies, and the first step is always to choose the right one for each risk. Here is an overview of the different strategies that define what is to be achieved with each measure.
A road with storm clouds above. In the background, the clouds are dissipating.


Risk avoidance

A strategy is the avoidance of a risk. You eliminate the risk or its cause so that the probability of the risk occurring is zero. One way to pursue such a strategy is to avoid doing the tasks that involve that risk in the first place. This may make sense for some projects and tasks, but not for others. This is illustrated by examples: 
  • When you apply for a permit, there is a risk that you will not receive it or that it will be delayed. With this risk, the avoidance strategy would be not to apply for permit. However, this does not make sense because you need the permit.
  • Imagine on the other hand you have a product that is to include a number of optional features. More features mean more test runs, more sources of error and more risks. Can you perhaps exclude or omit one of the features and thereby simply eliminate the associated risk? Risks can be avoided through trade-offs.
  • Do you have the option of choosing a supplier who is reliable and avoiding the supplier who delivered far too late last time? This is also an avoidance strategy that can bring a lot.
  • If the project goals are clearly defined from the beginning, many risks can be avoided. Therefore, this is also an avoidance strategy.

Risk reduction

When risks cannot be avoided, the next approach is to reduce the risk. Actions are taken to either reduce the likelihood of a risk occurring or to minimise its impact. If possible, both. Your action can either address the cause of the risk or influence the consequences of the risk. It is better to deal with the causes than to minimise the consequences. But sometimes this is not possible or practical. In such cases, you can develop contingency plans to mitigate the consequences of a risk. These plans could include, for example, making resources available for recovery after an incident or training staff to deal with crisis situations. But remember: good risk mitigation requires constant monitoring and updating of measures, as risks can change over time.

Risk mitigation

Risk mitigation is a strategic approach that seeks to contain or limit the potential negative impact of a risk. This strategy is usually applied when the risk has already occurred, and the potential impact of the risk could significantly affect the project or organisation. One method of limiting risk is to set 'stop loss' limits. These are pre-determined points at which action is taken to control the risk and prevent further loss. In a project, this might mean that if the cost of a particular task exceeds a certain amount, the task is cancelled or reassessed. 
Risk mitigation can also involve building up a buffer or reserve to deal with unexpected events or risks. This could be a financial reserve to cover unexpected costs, or a time reserve to deal with project delays.

Risk transfer

Risk transfer is the process of transferring responsibility for a risk, its potential consequences, and the actions to be taken, to a third party. Ideally, this third party is someone who is familiar with managing, avoiding and dealing with risks, and can do this better than you or your project team. A good example is an insurance company or a supplier. 
Insurance is a good solution if the risk is mainly financial. In general, risk transfer involves costs and contracts, as insurance companies charge premiums and suppliers take on additional risk and may take out insurance themselves. Remember that transferring risk to a third party puts you in a position of dependency as you have little control over the risk, especially if it is transferred to a subcontractor or supplier.

Risk acceptance

In many cases, a project team chooses not to transfer risk because it would mean losing control. Maintaining control and consciously accepting risk is an important and often correct decision. Sometimes insurance is so expensive that it is not worthwhile, and the team prefers to bear the risk itself. This way you can at least take active steps to manage the risk and develop your own contingency plan. 
Another way of dealing with a risk is to do nothing. For example, you build a tower, and you know that there is a risk that it will be destroyed by an earthquake. But the last earthquake in your area was 57 years ago and was not strong. So, you accept the risk without doing anything about it. 
Finally, there is the contingency strategy, which consists of reacting to a risk only when it occurs, or better still, when certain omens occur, i.e., the risk becomes more probable. In this case, you should only watch for these events and regularly review your risk list so that you can develop a strategy if necessary. You will save a lot of time if you do not have to work on risk avoidance strategies for risks that will not occur.


So, there are many ways to manage risk. Risk management is not just about what risks there are, it is also about how to manage those risks. There are different approaches, and they work differently well for different risks. However, the more often risk management is carried out, the better the experience gained can be used to choose good planning with effective coping strategies for future projects.

Risk management - the IAPM logo
Author: IAPM internal
Keywords: Project management, Risk management

The IAPM certification

The certification can be taken via a reputable online examination procedure. The costs are based on the gross domestic product of your country of origin.

From the IAPM Blog

Become a Network Official

Do you want to get involved in project management in your environment and contribute to the further development of project management? Then become active as an IAPM Network Official or as a Network Official of the IAPM Network University. 

For better readability, we usually only use the generic masculine form in our texts. Nevertheless, the expressions refer to members of all genders.