Introduction to Risk Acceptance as a Risk Response Strategy

Risk Acceptance as a Risk Response Strategy

A project risk is an event that has not yet happened and that may positively or negatively impact a project if it does happen. Negative risks are referred to as threats, and positive risks are referred to as opportunities. Every project is characterized by both types, but many project managers actually do not pay much attention to positive risks; an exclusive focus on the negative risks is embedded in the project culture of many organizations. Limiting the project risk management task to threats simplifies the effort, but the project manager is still left to figure out how to respond.

This article specifically explores the Accept risk response, including the types of acceptance and when a Project Manager, Project Management Professional (PMP)®, or Risk Management Professional (RMP)® should use this approach.

On this page:


Ultimate Guide to Risk Management

Get Your Comprehensive Guide to Risk Management

Learn how to manage risk in every project.


5 Strategies to Deal with Negative Risks

According to the Project Management Institute (PMI), there are five strategies to deal with negative risks or threats:

  • Avoid (eliminate) the risk
  • Transfer the risk
  • Mitigate the risk
  • Accept the risk
  • Escalate the risk

A Project Manager, Project Management Professional (PMP)®, or Risk Management Professional (RMP)® will look at several elements of risks to figure out which of the five strategies they will use.

  • The risk itself: Is it big or small?
  • The consequence if the risk happens: How will it affect project performance?
  • The probability of the risk happening: How likely is it to happen?
  • Potential responses: Is there anything we can do about the risk?

Types of Risk Acceptance

There are two types of risk acceptance: passive and active.

Passive Risk Acceptance

Passive risk acceptance means that the project team has accepted the risk and will not be proactively modifying the project management plan to do anything about it (this includes the Project Manager, PMP, and/or RMP). A typical reason for passively accepting a risk is that it is highly unlikely to occur and if it does it will not have much impact on the project – low probability and low impact.

Example: A project may have a team of contracted resources scheduled to work for one month on project activities not on the critical path. The risk of any of them leaving is not likely to happen during that month, and even if they do leave it won’t significantly impact the project.

How to Use Passive Risk Acceptance: If it costs more to develop a response for the risk than to deal with the risk when it happens, then it’s best to do nothing. Just make a note that you identified the risk.

Active Risk Acceptance for the PMP

Active risk acceptance means that the project team has accepted the risk and created a response plan to be executed if it does happen (this includes the Project Manager, PMP, and/or RMP). Often, this type of risk is something that would not have dire consequences for the project, so, as with passive acceptance, the team is not going to modify the project management plan to proactively address it. Rather, they will develop a plan to have ready to execute at the time it happens. Some examples include:

  • Establishing contingency reserves
  • Creating a backup plan that would be triggered by the event

Example: A project may have a team of contracted resources scheduled to work for one month on project activities not on the critical path, but on a path with little float. The risk of any of them leaving during that month is low, but the team actively accepts the risk by identifying contingency reserves to expedite hiring a replacement immediately if any of them do.  

Passive Risk Acceptance vs. Active Risk Acceptance

As described, both passive and active acceptance of risk means not modifying the plan to proactively do something about the risks before they happen. However, it’s important to distinguish acceptance from ignoring risks! As a project manager, you still need to identify, understand, and quantify all risks in a project, even if you accept them.

The difference between passive vs. active risk acceptance is action. When passively accepting a risk, it is identified, documented, and monitored. If it happens, then we will figure out how to respond at that time. When actively accepting a risk, it is also identified, documented, and monitored, but if it does happen we just execute the plan we already have in place.


Studying for the PMP Exam?


When to Accept Risks

All risk management activities are impacted by a variety of factors related not only to the risks themselves but also to the project and organizational culture. A good project manager takes all these factors into consideration when collaborating with the team and others to identify when it makes sense to accept a risk and when to employ a different response. A few examples of these factors include:

The Nature of the Risk

What is the likelihood of the risk occurring and what will the impact be?  A low probability, low-impact risk is a prime candidate for acceptance. In addition, it may not be reasonable to try to do something proactively. For example, if your organization is in negotiation with another company and it is likely that your organization is going to be acquired, that will likely have a significant impact on your project. However, it may not be a good use of project resources trying to proactively do anything about the likelihood or consequence of being acquired. You may just have to cross that bridge if you get to it.

Risk Appetite

What is the risk appetite of the project stakeholders? That is, how much risk are they interested in taking on given what they expect to get in return? For example, there may be risk in implementing a new technology, but if it works it is expected to generate a lot of revenue. Stakeholders who will take on that risk given the potential reward are said to have a high-risk appetite. Working with stakeholders with large risk appetites likely means accepting risks is going to be part of a good risk strategy.

Risk Tolerance

Risk tolerance is the amount of risk that an organization is willing to accept. Stakeholders who are comfortable working through uncertainty and are willing to take on risk are said to have a risk tolerance; stakeholders who are cautious, not comfortable working through uncertainty, and not willing to take on risk are said to have low risk tolerance. A project manager working with low-risk tolerant stakeholders is not likely to accept as many risks as will a project manager working with high-risk tolerant stakeholders.

Summary

The project management responsibility for project risk management is considerable. It requires not only understanding the potential events that may impact the project, but also insight into the organizational culture and stakeholder attitudes toward threats to the project. When it comes to identifying responses to identified risks, project managers may find accepting the risks is an appropriate response that satisfies the stakeholders and serves the interest of the project. Passive risk acceptance might be the right strategy and won’t drain resources or time planning. Active risk acceptance may be the right response if you want to be prepared and quick to react to the project if it does occur. Project Management Academy can help you learn more about risk management to elevate your skills in this critical area of project management.

Upcoming PMP Certification Training – Live & Online Classes

: Widget class not found. Make sure this widget exists and the class name is correct


Author profile
PMA Logo
Erin Aldridge, PMP, PMI-ACP, & CSPO
Director of Product Development at
Erin Aldridge, PMP, PMI-ACP, & CSPO