Mitigate (Risk Strategy)
Mitigate is a threat response strategy that reduces the probability of occurrence and/or the impact of a threat to within acceptable limits. The risk is not eliminated but brought to a manageable level.
Explanation
Mitigation involves taking early action to decrease either the likelihood that a threat will materialize or the severity of its consequences if it does. Common mitigation techniques include adding testing or reviews, selecting more experienced resources, adopting proven methodologies, building prototypes, adding redundancy, and simplifying processes.
For example, if there is a risk of a critical system component not passing a performance test, mitigation might include conducting early performance benchmarks, engaging specialized engineers, or adding a parallel testing track. These actions do not eliminate the risk of test not passing, but they significantly reduce its probability.
Mitigation is the most commonly used threat response strategy because it is often more practical than avoidance and more proactive than acceptance. However, the cost of mitigation actions must be weighed against the expected reduction in risk exposure. Residual risk (the risk remaining after mitigation) should be documented in the risk register.
Key Points
- •Reduces probability or impact of a threat to acceptable levels
- •Does not eliminate the risk; residual risk remains
- •Examples: prototyping, testing, training, redundancy, proven methods
- •Most commonly used threat response strategy
Exam Tip
Mitigation reduces the risk but does not eliminate it. After mitigation, the remaining risk is called residual risk and must be documented.
Frequently Asked Questions
Related Topics
Risk Response Strategies for Threats
Risk response strategies for threats are the five approaches available to address negative risks: avoid, mitigate, transfer, accept, and escalate. Each strategy aims to reduce the probability, impact, or exposure of a threat.
Avoid (Risk Strategy)
Avoid is a threat response strategy that eliminates the threat by changing the project management plan to remove the risk entirely, protect the project objectives, or relax the objective that is at risk.
Secondary Risks and Residual Risks
Secondary risks are new risks that arise as a direct result of implementing a risk response. Residual risks are risks that remain after planned responses have been implemented, including minor risks that were deliberately accepted.
Plan Risk Responses
Plan Risk Responses is the process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure and to treat individual project risks.
Test your knowledge
Practice scenario-based questions on this topic with detailed explanations.