Mitigation Approach

Description

Research

Investigate the risk until you know enough to be able to decide what to do (accept, watch, or mitigate). Research can range from making a few telephone calls to prototyping a system component.

Accept

Do nothing. The risk will be handled as a problem if it occurs (accepted risks are usually closed. No further resources are expended in managing this risk. These are usually risks which are not significant enough to justify any expenditures the project is willing to accept the consequences [Rowe 88].

Mitigate

Eliminate or reduce the risk by:

• Reducing the impact (by some degree or to zero)
• Reducing the probability (to a lower probability or zero)
• Shifting the timeframe (i.e., when action must be taken)

Note: recognize that mitigation plans may also introduce new risks to the project.

Watch

Monitor the risks and their attributes for early warning of critical changes in impact, probability, timeframe or other aspects. Decide what your goals for monitoring the risk are and what indicators will meet those goals [Basili 84]. Watched risks are usually those for which:

• Existing conditions are not favorable for taking action; monitor for improved conditions
• The potential for significant impact exists, but the probability is low
• An early warning is needed to prepare for the consequences (take contingency actions).