Risk mitigation actions reduce the chance that a risk will be realized and/or reduce the seriousness of a risk that is realized. The costs of these actions should be identified as part of the EVALUATION activities. There are two broad types of risk mitigation or treatment activities:
- Preventative - planned actions to reduce the LIKELIHOOD a risk will occur and the SERIOUSNESS if it does occur. In other words, what can be done now? For example, if a risk were identified that the project’s major clients will not have the technical expertise to utilize adequately the technology the project is implementing, an appropriate preventative action would be to provide technical training. Preventative actions for Grades A and B risks should be implemented before the project progresses very far into the MANAGE Phase.
- Contingency - planned actions to reduce the SERIOUSNESS of the risk if it does occur. In other words, what should be done if? For example, a possible action in response to the previous risk might be that ongoing technical support and advice is provided to the client organization once the technology is implemented.
For serious risks, an extremely effective risk mitigation strategy can be justified more easily in terms of its cost. Mitigation strategies to reduce the likelihood and seriousness of risks should be built into the budget and activities of the project. Mitigation strategies should be measured, comparing cost and benefits.
RECOVERY actions are those subsequent actions that allow you to move on after a risk has occurred. They include management of residual risks. Hopefully, the seriousness of a risk’s impact on the project will have been reduced due to the planned contingencies being implemented. These recovery actions should be built into the work breakdown structure for the project. In other words - what should be done and when.
Reference: Tasmanian Government Project Management Guidelines Version 6.0