Option

Description

Example

Keep

Retain accountability, responsibility, and authority.

You have the resources, knowledge, and position required to manage the risk. Another might accomplish part of the task, but you keep the responsibility and authority to commit resources and approve actions.

A manager has responsibility for a risk of inadequate JAVA training and decides to contract for externally provided JAVA instruction on a quarterly basis.

Delegate

Retain accountability, assign, responsibility, and authority.

Delegate to maximize effective use of resources and relocate management of the risk closer to the source of expertise or knowledge.

A manager is responsible for a computer performance risk. One of his team's engineers has the required knowledge and expertise and is given the risk to resolve. The manager as a part of accountability retains final approval of a mitigation strategy.

Transfer

Assign accountability, responsibility, and authority.

Someone who is outside your organizational group is best able to manage this risk. Transfer implies the ultimate accountability, responsibility, and authority to expend required resources, etc., exists somewhere else. Transfers require acceptance of the risk by the other party. Transfer may ask to be kept informed of the risk status if the risk is going to impact the transfer.

Note: If the-transferee does not accept responsibility for the risk, the transfer may need to develop a contingency plan.

A software manager has identified a risk to her development schedule that originates with the hardware team. She transfers the risk to the hardware manager for resolution and asks for monthly status reports to avoid unpleasant surprises in her development schedule.