How to Create a Risk Response Strategy in Five Simple Steps

By Indeed Editorial Team

Published June 25, 2022

The Indeed Editorial Team comprises a diverse and talented team of writers, researchers and subject matter experts equipped with Indeed's data and insights to deliver useful tips to help guide your career journey.

Regardless of complexity, execution, or outcome, risk response is an inherent concern for most projects. Project managers typically design risk response strategies according to the specific needs of their projects. Understanding the workflow of risk response strategy creation can help you find effective, cost-efficient, and well-planned solutions. In this article, we discuss how to create risk response strategies and include some additional tips to help ensure an optimized and organized project.

How to create a risk response strategy

Knowing how to create a risk response strategy is mainly the responsibility of a project manager. The experience and expertise of these professionals allow them to anticipate foreseeable risks and make them accountable to their teams, stakeholders, and customers. Although it's a big responsibility, risk response strategies add value to the development process, preventing and mitigating further effects of negative risks. Project managers also encourage and utilize positive risks and potentially increase available resources.

Here are five basic steps to guide you through the creation and implementation of a risk response plan:

1. Conduct a pre-planning risk assessment

A pre-planning assessment helps you identify the risk types associated with the key priorities of your project. Managing risk can prevent delays and budget mismanagement and result in satisfied clients and a more positive working environment. Some examples of types of risk include:

  • Design risk: A design might fail practical use

  • Budget risk: Inaccurate project costs

  • Contract risk: Teams or partners fail to meet contractual obligations

  • Risk avoidance: Avoiding possible risk scenarios during planning

  • Benefit shortfall: Project outcomes lack traceable benefits

  • Information security risk: Unauthorized use of project-related information

  • Project planning risk: Bypassed planning steps during project management

  • Reputational risk: Diminished project outcomes

  • Residual risk: Risk that remains after risk management

  • Scope creep: Project growth not observed or managed

Assessing risks reduces their impact when they occur. Planning ahead makes it easier for you and your team to act effectively to handle any challenges that do occur. The desired outcome of risk assessment is that the team adapts to the planned, preventative processes rather than incurring the much higher costs of unplanned and reactive risk management.

Related: Why Risk Management Is Important (With Strategies)

2. Engage in risk response planning

Risk response planning results in a comprehensive strategy for risk mitigation during project operations. It's often a shareable outline accessible to all project participants. Risk response planning may involve calculating key data and finding risk-type probabilities. Quantifying risk and predicting its disruptive potential determine which strategic responses to invest in. Here are the four primary categories of risk response that help prioritize a strategy's approach:

Transfer of risk

Transfer of risk is the process of building relationships and partnerships outside the project and delegating a risk response to a larger community. For small teams, transfer strategies preserve human resources for tasks that lead to a finished product. By transferring risk, a company may avoid costs or delays during the project by utilizing specialized services like:

  • Insurance

  • Accounting

  • Public relations

  • First aid

  • Security

Mitigation of risk

Mitigation is the process of reducing project risk as a pre-emptive rather than a reactive measure. Redundant systems, like data backup or project management software, qualify as risk mitigation measures because they address the risks of data loss and miscommunication before they happen. Other examples of mitigation include:

  • Proximity alarms

  • Accessibility protocols

  • Sanitation

  • Questionnaires

  • Research

Related: A Guide to Risk Management Process (With Practical Examples)

Acceptance of risk

After risk assessment, you may learn that the total cost or consequences of accepting a risk are lower than planning to mitigate it through some other strategy. Projects that involve uncertainty may benefit from risk acceptance if the scheduling necessary to plan for risk exceeds the time budget of the project. Conversely, the risk may be so low that acceptance is better than other forms of risk management that disrupt operations. If project failure has negligible consequences, risk acceptance may also be appropriate. Here are other examples of risk acceptance in practice:

  • Legal waivers

  • Stock options

  • Informative advertising for consumers

  • Injury vs. enjoyment in extreme sports

  • Buying used products or materials

Avoidance of risk

With avoidance, project managers use contingency measures to avoid risk if possible. Risk avoidance might involve hiring experts at a higher rate rather than training new employees yourself. In extreme cases, risk avoidance may mean cancelling the project if the negative outcome is too costly. Other examples of risk avoidance include:

  • Project hiatus

  • Safety supervisors

  • Legal observers

  • Automation

  • Contractual obligations

3. Consider positive vs. negative risk

Not all risk leads to a negative outcome. Like a game of chance, risks might result in a favourable outcome for your project. Comparing negative and positive risks is one form of risk response. Depending on the type of project and the risks involved, a combination of mitigation, avoidance, and positive risk-taking might result in advantages.

Related: A Summary of Quantitative Risk Analysis Methods and Benefits

4. Conduct plan integration

Integrate your risk response strategy into the initial communications you send to your team. As you define the process and assign roles, include the relevant considerations and the documentation from the risk response assessment. As the project develops, you might continue with periodic risk assessment checks.

Related: What Does a Risk Manager Do? (And How to Become One)

5. Do a post-response assessment

Attempt a post-response assessment once the project has concluded. Compare your plan's preparedness against the project's outcome, using metrics and key factors identified and logged throughout project planning and execution. Sometimes it's worth rebalancing strategies to allow or disallow risks in the future based on those outcomes. Here are some criteria to assess your response effectiveness:

  • Allocation: Allocation is the practice of assigning responsibility within the response strategy team.

  • Consent: Consent is the assurance from stakeholders and your team that the response strategy has project-wide approval.

  • Function: Function represents the effectiveness of the response.

  • Achievable: Achievability measures ease or difficulty with risk response execution.

  • Actionable: Actionable response refers to how long you can wait to respond to a given risk, including its cost to the project at different times.

  • Cost-effective: The affordability of a response has an estimated cost during pre-planning, and the actual cost gets determined during post-planning.

  • Appropriate: Given the type of risk, the response execution, and the consequences, you may determine the appropriateness of a response.

Related: Risk Management Framework: Definition, Components, and Tips

Tips for risk response strategies

Here are some additional tips on how to create a risk response strategy:

  • Early detection: If resources allow, begin risk analysis early. This may include reflecting on assessments from other projects or assessing the risk response strategies of similar projects.

  • Transparent communication: Communicating about risk clearly and often, without omitting any detail, can help your team stay engaged and informed. The sooner they know the risks, the more opportunity they have to offer support.

  • Specific language: Describing risk types with specific and consistent language helps increase project-wide understanding of risk. Describing it in general terms may not prepare your team effectively.

  • Consistent formatting: When writing assessments and reports, ensure the page formatting is easy to follow. You can check assessments from previous projects for examples of effective formatting.

  • Bespoke approach: While reviewing the risk response strategies for other projects with effective preparation, you may find adopting a strategy from another project is risky. Customize each strategy to the exact details of the project you're working on to help ensure clarity and appropriate responses.

  • Objective-focused: It's essential to state project and strategy objectives clearly and often to keep your team focused. This also helps during the feedback process if your understanding needs adjustment.

  • Targeted readers: Stakeholders and engineers may not find risk response documentation meaningful in the same way. Target your documentation as needed to help ensure clarity and follow up whenever possible as an extra measure.


Explore more articles