A close variant of the saying “Forewarned is forearmed” has origins dating back to the 1500’s (and possibly even earlier). This came to mind when evaluating the role of risk acceptance as a valid risk response strategy.
Risk acceptance is often treated as the odd cousin thrice-removed that no one wants to remember or mention in polite company. The terms “acceptance strategy” itself appears to be an oxymoron – acceptance conjures up thoughts of inertia while strategy inspires action. While documenting their risk registers, project teams feel good about those risks that can be mitigated (good), transferred (better) or avoided entirely (best) – acceptance seems a weak approach and they fear that sponsors or stakeholders might view the team in a poor light for bringing them problems instead of solutions.
Such environments are clearly risk immature – it is unrealistic to expect that all “known unknowns” can be controlled on anything other than the most basic project.
So what are the benefits of the risk acceptance strategy?
1. Communicating a risk is of benefit even if we can’t do anything about it. We are better able to deal with “known unknowns” than truly unexpected events. The latter often causes us to instinctively use our lizard brains resulting in fight-or-flight decisions that (should) have no place in business situations.
2. Acceptance does not mean “do nothing”. While little might be done actively in advance of a risk being realized to reduce its probability or to diminish its impacts, nothing prevents a project team from preparing contingency plans to be executed if it is realized. In many environments, an acceptance strategy may have a better chance of success than a more active one – proactive risk response plans are often not executed due to a lack of priority or resources, but developing a contingency plan may be more palatable.
3. Avoiding deja vu. A risk that is accepted on today’s project might be one that could be actively addressed on a future project. Risks of any sort are a good source of lessons learned, but accepted risks need to be considered with greater gravity if we don’t want to repeat past mistakes.
Perhaps the issue is with the term “acceptance” itself – maybe the next edition of the Guide to the PMBOK and the Project Risk Management standard might consider a less fatalistic term such as “acknowledgment”?