Action on Risk: Update and Document

A.

When an action is taken on a risk, it means that the project team is trying to manage the risk in some way. There are four common ways to manage risks: mitigating, accepting, avoiding, and exploiting.

A. Mitigating risk means taking actions to reduce the probability or impact of a risk. For example, if the risk is that a critical team member might leave the project, the project team might cross-train other team members to take over that person's responsibilities. When a risk is mitigated, the risk register should be updated to reflect the new risk score and any new mitigation strategies that have been put in place.

B. Accepting risk means that the project team has decided not to take any action to manage the risk. This might be because the risk is considered low probability or impact, or because the cost of managing the risk outweighs the potential benefit. When a risk is accepted, the risk review document should be updated to reflect this decision.

C. Avoiding risk means taking actions to eliminate the risk altogether. For example, if the risk is that the project will not meet its deadline because of a dependency on a vendor, the project team might decide to find an alternative vendor or to bring the work in-house. When a risk is avoided, the risk review document should be updated to reflect this decision.

D. Exploiting risk means taking actions to increase the probability or impact of a positive risk. Positive risks are also called opportunities. For example, if the risk is that the project might finish ahead of schedule because of a streamlined process, the project team might take actions to optimize that process even further. When a positive risk is exploited, the risk register should be updated to reflect the new risk score and any new exploitation strategies that have been put in place.

In summary, when an action is taken on a risk, it is important to update the appropriate risk management document to reflect the decision and any new strategies that have been put in place. If the risk is mitigated or exploited, the risk register should be updated. If the risk is accepted or avoided, the risk review document should be updated.