Risk Acceptance as a Risk Response Strategy | Risk Management (2024)

Table of Contents
5 Strategies to Deal with Negative Risks Types of Risk Acceptance Passive Risk Acceptance Active Risk Acceptance for the PMP Passive Risk Acceptance vs. Active Risk Acceptance When to Accept Risks The Nature of the Risk Risk Appetite Risk Tolerance Summary FAQs

Posted on August 31, 2022 December 1, 2022

A project risk is an event that has not yet happened and that may positively or negatively impact a project if it does happen. Negative risks are referred to as threats, and positive risks are referred to as opportunities. Every project is characterized by both types, but many project managers actually do not pay much attention to positive risks; an exclusive focus on the negative risks is embedded in the project culture of many organizations. Limiting the project risk management task to threats simplifies the effort, but the project manager is still left to figure out how to respond.

This article specifically explores the Accept risk response, including the types of acceptance and when a Project Manager, Project Management Professional (PMP)®, or Risk Management Professional (RMP)® should use this approach.

On this page:

  • 5 Strategies to Deal with Negative Risks
  • Types of Risk Acceptance
  • When to Accept Risks
  • Summary
Risk Acceptance as a Risk Response Strategy | Risk Management (1)

Get Your Comprehensive Guide to Risk Management

Learn how to manage risk in every project.

5 Strategies to Deal with Negative Risks

According to the Project Management Institute (PMI), there are five strategies to deal with negative risks or threats:

  • Avoid (eliminate) the risk
  • Transfer the risk
  • Mitigate the risk
  • Accept the risk
  • Escalate the risk

A Project Manager, Project Management Professional (PMP)®, or Risk Management Professional (RMP)® will look at several elements of risks to figure out which of the five strategies they will use.

  • The risk itself: Is it big or small?
  • The consequence if the risk happens: How will it affect project performance?
  • The probability of the risk happening: How likely is it to happen?
  • Potential responses: Is there anything we can do about the risk?

Types of Risk Acceptance

There are two types of risk acceptance: passive and active.

Passive Risk Acceptance

Passive risk acceptance means that the project team has accepted the risk and will not be proactively modifying the project management plan to do anything about it (this includes the Project Manager, PMP, and/or RMP). A typical reason for passively accepting a risk is that it is highly unlikely to occur and if it does it will not have much impact on the project – low probability and low impact.

Example: A project may have a team of contracted resources scheduled to work for one month on project activities not on the critical path. The risk of any of them leaving is not likely to happen during that month, and even if they do leave it won’t significantly impact the project.

How to Use Passive Risk Acceptance: If it costs more to develop a response for the risk than to deal with the risk when it happens, then it’s best to do nothing. Just make a note that you identified the risk.

Active Risk Acceptance for the PMP

Active risk acceptance means that the project team has accepted the risk and created a response plan to be executed if it does happen (this includes the Project Manager, PMP, and/or RMP). Often, this type of risk is something that would not have dire consequences for the project, so, as with passive acceptance, the team is not going to modify the project management plan to proactively address it. Rather, they will develop a plan to have ready to execute at the time it happens. Some examples include:

  • Establishing contingency reserves
  • Creating a backup plan that would be triggered by the event

Example: A project may have a team of contracted resources scheduled to work for one month on project activities not on the critical path, but on a path with little float. The risk of any of them leaving during that month is low, but the team actively accepts the risk by identifying contingency reserves to expedite hiring a replacement immediately if any of them do.

Passive Risk Acceptance vs. Active Risk Acceptance

As described, both passive and active acceptance of risk means not modifying the plan to proactively do something about the risks before they happen. However, it’s important to distinguish acceptance from ignoring risks! As a project manager, you still need to identify, understand, and quantify all risks in a project, even if you accept them.

The difference between passive vs. active risk acceptance is action. When passively accepting a risk, it is identified, documented, and monitored. If it happens, then we will figure out how to respond at that time. When actively accepting a risk, it is also identified, documented, and monitored, but if it does happen we just execute the plan we already have in place.

Studying for the PMP Exam?

When to Accept Risks

All risk management activities are impacted by a variety of factors related not only to the risks themselves but also to the project and organizational culture. A good project manager takes all these factors into consideration when collaborating with the team and others to identify when it makes sense to accept a risk and when to employ a different response. A few examples of these factors include:

The Nature of the Risk

What is the likelihood of the risk occurring and what will the impact be? A low probability, low-impact risk is a prime candidate for acceptance. In addition, it may not be reasonable to try to do something proactively. For example, if your organization is in negotiation with another company and it is likely that your organization is going to be acquired, that will likely have a significant impact on your project. However, it may not be a good use of project resources trying to proactively do anything about the likelihood or consequence of being acquired. You may just have to cross that bridge if you get to it.

Risk Appetite

What is the risk appetite of the project stakeholders? That is, how much risk are they interested in taking on given what they expect to get in return? For example, there may be risk in implementing a new technology, but if it works it is expected to generate a lot of revenue. Stakeholders who will take on that risk given the potential reward are said to have a high-risk appetite. Working with stakeholders with large risk appetites likely means accepting risks is going to be part of a good risk strategy.

Risk Tolerance

Risk tolerance is the amount of risk that an organization is willing to accept. Stakeholders who are comfortable working through uncertainty and are willing to take on risk are said to have a risk tolerance; stakeholders who are cautious, not comfortable working through uncertainty, and not willing to take on risk are said to have low risk tolerance. A project manager working with low-risk tolerant stakeholders is not likely to accept as many risks as will a project manager working with high-risk tolerant stakeholders.

Summary

The project management responsibility for project risk management is considerable. It requires not only understanding the potential events that may impact the project, but also insight into the organizational culture and stakeholder attitudes toward threats to the project. When it comes to identifying responses to identified risks, project managers may find accepting the risks is an appropriate response that satisfies the stakeholders and serves the interest of the project. Passive risk acceptance might be the right strategy and won’t drain resources or time planning. Active risk acceptance may be the right response if you want to be prepared and quick to react to the project if it does occur. Project Management Academy can help you learn more about risk management to elevate your skills in this critical area of project management.

Upcoming PMP Certification Training – Live & Online Classes

NameDatePlace
PMP Certification TrainingJun 3,4,5,6
8:30am-6:00pm		Boston, MAView Details
PMP Certification TrainingJul 22,23,24,25
8:30am-6:00pm		Boston, MAView Details
PMP Certification TrainingMay 13-16 & 20-23
5:00pm-9:30pm		Online - Green Mean Time (GMT)View Details

PMP Certification Training

Jun 3,4,5,6 8:30am-6:00pm

Boston, MA

View Details

PMP Certification Training

Jul 22,23,24,25 8:30am-6:00pm

Boston, MA

View Details

See Also
CFA Free 101 Concepts

PMP Certification Training

May 13-16 & 20-23 5:00pm-9:30pm

Online - Green Mean Time (GMT)

View Details

Author profile

Risk Acceptance as a Risk Response Strategy | Risk Management (2)

Erin Aldridge, PMP, PMI-ACP, & CSPO

Director of Product Development at Project Management Academy

Related entries

  • Erin Aldridge, PMP, PMI-ACP, & CSPO

    #molongui-disabled-link

    Ensuring Your PMI-ACP Certification Stays Current: Renewal and Validity Guide

  • Erin Aldridge, PMP, PMI-ACP, & CSPO

    #molongui-disabled-link

    Discovering the Count of PMI-ACP Certified Professionals Worldwide and Their Lucrative Careers

  • Erin Aldridge, PMP, PMI-ACP, & CSPO

    #molongui-disabled-link

    Simplify Your PMI-ACP Application Process: Expert Tips for Agile Certification

  • Erin Aldridge, PMP, PMI-ACP, & CSPO

    #molongui-disabled-link

    Understanding PMI-ACP Contact Hours for Agile Practitioners

Risk Acceptance as a Risk Response Strategy | Risk Management (2024)

FAQs

Risk Acceptance as a Risk Response Strategy | Risk Management? ›

Accepting risk, or risk acceptance, occurs when a business or individual acknowledges that the potential loss from a risk is not great enough to warrant spending money to avoid it. Also known as "risk retention," it is an aspect of risk management commonly found in the business or investment fields.

Keep Reading
What is risk acceptance as a risk management strategy? ›

Accepting risk is a concept where an individual or business identifies risk and renders it acceptable, thereby making no effort to reduce or mitigate it. The potential loss from the identified and accepted risk is considered bearable.

Explore More
What are the four main risk response strategies? ›

There are four main risk response strategies to deal with identified risks: avoiding, transferring, mitigating, and accepting. Each strategy has its own pros and cons depending on the nature, probability, and impact of the risk.

Show Me More
What are the 4 risk management strategies? ›

There are four common ways to treat risks: risk avoidance, risk mitigation, risk acceptance, and risk transference, which we'll cover a bit later. Responding to risks can be an ongoing project involving designing and implementing new control processes, or they can require immediate action, War Room style.

View Details
What is an example of risk acceptance in a project? ›

Example: A project may have a team of contracted resources scheduled to work for one month on project activities not on the critical path. The risk of any of them leaving is not likely to happen during that month, and even if they do leave it won't significantly impact the project.

Explore More
What is an example of a risk acceptance statement? ›

I understand and accept responsibility for the outstanding risk related to the deployment and use of this application or service for the requested scope and timeframe. I find the current controls adequate, additional controls need not be applied.

Keep Reading
Which of the following is an example of risk acceptance? ›

An example of risk acceptance is when identified a risk (e.g. it could rain) you put it in your log but take a conscious action not to invest money in mitigating or avoid it, as this would cost more than the actual damage the rain will do if it happens.

Get More Info
What is the difference between risk acceptance and mitigation? ›

Risk mitigation is not about removing the likelihood of a risk but about reducing its impact to an acceptable level. Risk mitigation follows from risk acceptance. You accept that a risk may affect your organization and implement strategies and tactics to mitigate its impact. You don't avoid the risk.

Learn More Now
What are the 5 levels of risk response? ›

Some of the most common types of risk response strategies for negative risks include avoidance, risk mitigation, likelihood reduction, risk transfer, contingency plans, and acceptance of risks.

Find Out More
What is risk response in risk management? ›

Risk Response: Leadership's response or action towards the existence of a risk. There are different approaches, including: Avoidance - eliminate the conditions that allow the risk to exist. Reduction/mitigation - minimize the probability of the risk occurring and/or the likelihood that it will occur.

See Details

What are the 4 T's of risk management? ›

There are always several options for managing risk. A good way to summarise the different responses is with the 4Ts of risk management: tolerate, terminate, treat and transfer.

Find Out More
What is active risk acceptance? ›

Active acceptance involves further actions to be taken such as setting apart contingency to balance the effect of the risk. Active acceptance improves risk responses to be executed in case of risk occurrence. It includes exigence plans, contingency reserves, and distributes bigger time and budget to the project.

Read The Full Story
What are the 4 pillars of risk management? ›

The 4 Pillars of risk Management is an approach to the planning and delivery of risk management developed by Professor Hazel Kemshall at De Montfort University. The model is based on the four pillars of Supervision, Monitoring & Control, Interventions and Treatment and Victim Safety Planning.

View Details
What is a risk acceptance strategy? ›

Risk acceptance is a decision to accept risk instead of eliminating, avoiding, or mitigating it. Accepting the recognized risk without taking any mitigation measures usually means that the risk is within the risk tolerance level of the organization.

Learn More
What is the risk acceptance theory? ›

The risk acceptance decision affirms that the proposed conditions for allowing the operation to be initiated and the rules to allow the mission to continue to completion comply with best practices used to ensure that risk falls within accepted levels.

Read On
What is risk acceptance criteria in risk management? ›

Risk acceptance criterion defines the overall risk level that is considered acceptable, with respect to a defined activity period. The criteria are a reference for the evaluation of the need for risk reducing measures, and therefore need to be defined prior to initiating the risk analysis.

Find Out More
What is acceptable risk in risk management? ›

The level of potential losses a society or community considers acceptable given existing social, economic, political, cultural, technical, and environmental conditions.

Read The Full Story
What is risk acceptance in vulnerability management? ›

In the context of vulnerability management, risk acceptance means deciding which vulnerabilities to fix and which to live with. This can be a difficult decision, as it involves balancing the potential consequences of a security breach against the costs and resources required to fix the vulnerability.

Discover More Details
What is risk acceptance quizlet? ›

Risk is defined as chance of injury, damage or loss. Differentiate between risk assessment, risk acceptance and risk compensation. Risk assessment is the ability to recognize and determine level of risk. Risk acceptance is how much a person is willing to risk.

Know More
Top Articles
Watch ESPN - Stream Live Sports & ESPN Originals
Mavs have early control over Wolves in Western Conference finals with mature, savvy effort by Irving
Minneapolis St Paul Craigslist
Red Lobster Lunch Hours | Menu | Seafood Specials
Wisconsin Volleyball Team Boobs Uncensored
Tbg95Co
Fire Knight Queelign questline walkthrough and steps in Elden Ring: Shadow of the Erdtree
Madden 24: Beginner’s Guide For Superstar
A guide to Reddit's r/piracy subreddit, and how the community discussion site is combating illegal sharing
A guide to Reddit's r/piracy subreddit, and how the community discussion site is combating illegal sharing
Promotique By Vistaprint
Campanella Funeral Home Wamego Kansas
Latest Posts
FIFA World Rankings for all Euro 2024 Teams ahead of tournament
Phillies announcer Scott Franzke receives tributes from Tom McCarthy, Gregg Murphy following his father's death
Article information

Author: Annamae Dooley

Last Updated:

Views: 6125

Rating: 4.4 / 5 (65 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Annamae Dooley

Birthday: 2001-07-26

Address: 9687 Tambra Meadow, Bradleyhaven, TN 53219

Phone: +9316045904039

Job: Future Coordinator

Hobby: Archery, Couponing, Poi, Kite flying, Knitting, Rappelling, Baseball

Introduction: My name is Annamae Dooley, I am a witty, quaint, lovely, clever, rich, sparkling, powerful person who loves writing and wants to share my knowledge and understanding with you.