Risk Strategies

The next step of the risk planning process is to determine how to deal with various project risks. In addition to resource constraints, an appropriate strategy will be determined by the project stakeholder's perceptions of risk and their willingness to take on a particular risk. Essentially, a project risk strategy will focus on one of the following for negative risks or threats:

1. Accept or ignore the risk.
2. Avoid the risk completely.
3. Reduce the likelihood or impact of the risk (or both) if the risk occurs.
4. Transfer the risk to someone else (i.e., insurance). 

Approaches for positive risks or opportunities may include:

1. Exploitation
2. Sharing ownership
3. Enhancement of the probability of the impact or probability of the positive event. 
4. Accept and take advantage

In addition, triggers or flags in the form of metrics should be identified to draw attention to a particular risk when it occurs. This system requires that each risk has an owner to monitor the risk and to ensure that resources are made available in order to respond to the risk appropriately. Once the risks, the risk triggers, and strategies or responses are documented, this document then becomes the risk response plan.

Seven steps for managing IT project risk

1) Risk Planning.

2) Risk Identification.

3) Risk Assessment.

4) Risk Strategies.

5) Risk Monitoring and Control.

6) Risk Response.

7) Risk Evaluation.