We’ve all learned the standard risk responses to threats (accept, avoid, mitigate or transfer) and opportunities (accept, exploit, enhance or share) from the Guide to the PMBOK, and Dr. David Hillson recently wrote about a ninth possible response of risk escalation. But these nine only represent a recommended set and hence aren’t inclusive of what we see practiced on projects every day.
So with tongue planted semi-firmly in cheek, here are some other common reactions to risk.
For every risk which a stakeholder is willing to accept or actively respond to, there is at least one which they will deny exists. Just like acceptance, this denial could be active or passive. With active denial, there’s no doubt that the stakeholder disagrees about the nature of the risk whereas with passive denial they might not confront you but they’ll ignore your attempts to get them to own the risk. These tend to be the same stakeholders who will take a strong “that won’t happen to us” stance when reviewing lessons from similar past projects.
Risk avoidance is an ideal strategy for responding to severe threats – as Mr. Miyagi would have said “Best way to avoid punch, no be there.”. Unfortunately, stakeholders sometimes act in a way which guarantees the realization of a risk. Think about a golfer who is preparing for a shot with a water hazard in the way. Even though there might be strategies to take the pond out of the picture, they unerringly manage to land their ball in it.
Project managers might feel very strongly about a risk event and the need for timely intervention to reduce its probability of occurrence or its severity. And maybe they do a good job of convincing potential risk owners of the need to take some action. But if those risk owners don’t place a high priority on the response, a planned active risk response (e.g. mitigation) might get replaced with passive acceptance.
Pass the buck
Sometimes we assign the task of coming up with a response to one stakeholder and instead of acting on it the way we’d like, they pass it on to someone else. That person either deflects it back to the original risk owner or passes it off to yet another stakeholder. After this game of hot potato has continued for a while, the risk lands back with the project team.
Sometimes we face risks on our projects which we really don’t want to communicate as we assume that certain stakeholders will not react favorably. However, as we can’t pretend that they haven’t been identified we document them in our risk registers in such a way as to make them extremely difficult to locate or to comprehend.
These are a few of the risk response anti-patterns I’ve witnessed. If you’ve encountered any which aren’t listed above feel free to contribute in the comments below!