PMP Exam Strategies for Risk Response: Mitigate Risk, Avoid, or Transfer

PMP Exam Strategies for Risk Response: Mitigate Risk, Avoid, or Transfer

To earn a Project Management Institute (PMI) certification, project managers must know risk response strategies for mitigation, avoidance, transfer, exploitation, enhancement, sharing, and acceptance. All projects have risks; thus, project managers must plan risk responses to ensure positive project outcomes.

On this page:

Ultimate Guide to Risk Management

Get Your Comprehensive Guide to Risk Management

Learn how to manage risk in every project.

What is Risk Mitigation PMP or Mitigate Risk PMP?

Project managers should know the risk responses used in risk management. Project Management Professional (PMP)® certification exam questions might include how to plan for risk, how to mitigate risk, and what risk control is. The terms “risk mitigation PMP” and “mitigate risk PMP” refer to risk response strategies.

PMP Risk Mitigation Strategies: Negative and Positive

PMI defines risk as “An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.” Project Management Academy, a Premier PMI Authorized Training Partner (ATP), provides students with this list of risk response strategies:


A project manager may use any combination of risk control techniques depending on the circumstances of the project risk.

PMP Risk Response Strategies: Negative

Increased costs, delayed deliverables, inferior quality, and regulatory fines are negative risk examples. Project managers cannot fully control risk but can use specific risk response strategies to manage it.

Escalate Risk

Escalate risk is used when a risk response authorization is needed from outside a project’s team.

For example, if a customized shipping container cracks after the project closes, the risk will be high for the next project requiring it. Escalation, such as notifying the shipping manager of the container damage, can help ensure a risk response is activated to help future projects.

Avoid Risk

Avoiding risk means taking steps to keep a risk from happening. PMI defines avoid risk as “…eliminating the threat or protecting the project from its impact.” Avoidance eliminates the risk altogether when there is no risk tolerance.

For instance, if the project’s computers have no internet access, you avoid malicious external software attacks and the risk of losing data.

Transfer Risk

The most common risk response is transfer. PMI defines transfer risk as “…shifting the impact of a threat to a third party.” The definition’s use of the word “threat” signals a negative risk. To transfer risk is a deflection of it.

When a company outsources customer service operations, for example, the risk of personnel recruitment expenses will transfer from the project company to the vendor. Should the vendor fail to meet the requirements, the risk transfers back to the project company to address.

Mitigate Risk

Mitigating risks means the risk is just slightly above your organization’s risk appetite or tolerance level, so you take steps to reduce the risk’s impact to within acceptable limits. PMI defines mitigate risk as “…decreasing the probability of occurrence or impact of a threat.” As it is decreased, not removed, there can be residual risk.

For example, to mitigate theft, a company installs exterior security cameras. The residual risk is that a fire might destroy the building and its contents without internal warning systems.

Accept Risk

Negative risk response also includes acceptance. PMI defines accepting risk as “…not taking any action unless the risk occurs.” The company’s tolerance level for risk influences the use of the accept risk response.

In our external security camera example, the lack of a sprinkler system shows that they accept the risk of fire but do not accept the risk of theft.

Studying for the PMP Exam?

PMP Risk Response Strategies: Positive

Positive risk response strategies are focused on leveraging opportunities for your project. The risk can benefit the project, and the risk response should maximize that.

Escalate Risk

Risk elevation is used when a risk needs to be addressed by an authority beyond the project team.

If, for example, a potential customer asks for a one-time discount, the positive risk of gaining the business may be escalated to the company owner to decide if the sale is worth it.

Exploit Risk

PMI defines the positive risk response of exploit as “…ensuring that an opportunity occurs”. In these instances, the project manager may delay, avoid, or activate specific project activities to increase the probability of a risk occurring.

For instance, to exploit the positive risk (opportunity) of early delivery of a project deliverable, an incentive (free lunch) is offered to the team to work overtime.

Share Risk

PMI defines sharing risk as the allocation of the “…ownership of an opportunity to a third party who is best able to capture the benefit for the project.” Tapping into a partner to share the risk is a strategy to increase the possibility that the positive risk occurs to everyone’s benefit.

If a manufacturer provides a part to help you meet new customer requirements, you may share the risk of internal costs so that you both benefit from increased sales.

Enhance Risk

The opposite of eliminating risk, enhancement increases the possibility of occurrence. PMI defines enhance risk as the work to “…increase the probability of occurrence or impact.”

Consider a government-funded project example. If a vendor knows that certification will increase their preferred status, they may obtain it to enhance the opportunity of being selected for more government contracts.

Accept Risk

The accept response applies to negative and positive risks. PMI defines accept risk as when no action is taken. The company’s tolerance level for risk influences the use of the accept risk response strategy.

Returning to our vendor seeking government contracts, if a lack of certification means the risk of not winning projects with dangerous and costly materials handling requirements, the company may accept it to save safety protocol costs.

PMP Risk Response Strategies: Avoid vs. Mitigate

To understand the difference between avoiding and mitigating risk responses, let’s use the example of the risks of taking the PMP exam. You must manage the risk of being late to take the PMP exam to prevent disqualification.

First, you look at how to avoid the risk of being late to take the PMP exam:

  • you never submit your PMP application to avoid being late for the PMP exam session because you never sign up for it.
  • you book a hotel room within walking distance to the exam center the night before you are scheduled to take the PMP exam to avoid risks associated with transportation.

Your risk response could be to remove and mitigate the possibility of being late to take the PMP exam. Remember, residual risks may be present with this strategy. Consider these responses:

  • you take the exam virtually to avoid transportation issues (late bus, dead car battery, etc.)
  • additionally, you hire a pet sitter to prevent distractions during the time you are taking the exam at home

The negative risk is being late to the PMP exam session. Responses include avoid (risk removed) and mitigation (residual risk reduced). A combination of risk responses may be the strongest course of action.

PMP Risk Mitigation Strategies: Takeaways

PMP credential holders use different risk response strategies, including risk avoidance, mitigating risk, or escalating risks to an authority outside the project team to achieve the desired results. For every project, the Project Manager works with the team to plan and activate appropriate risk responses. Commitment to using these risk response strategies, such as risk mitigation, can benefit your projects.

Upcoming PMP Certification Training – Live & Online Classes

PMP Certification TrainingApr 22,23,24,25
Boston, MAView Details
PMP Certification TrainingJun 3,4,5,6
Boston, MAView Details
PMP Certification TrainingApr 15-18 & 22-25
Online - Green Mean Time (GMT)View Details
PMP Certification Training
Apr 22,23,24,25 8:30am-6:00pm
Boston, MA
PMP Certification Training
Jun 3,4,5,6 8:30am-6:00pm
Boston, MA
PMP Certification Training
Apr 15-18 & 22-25 5:00pm-9:30pm
Online - Green Mean Time (GMT)

Author profile
Megan Bell
Megan Bell
Project Manager & Writer at Project Management Academy
Megan Bell