Project Management

4 Ways to Mitigate Risk

From the The Money Files Blog
A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts. Written by Elizabeth Harrin from

About this Blog


Recent Posts

False Urgency

5 More Cost Types to Include in Your Business Case

7 Types of cost for your business case

New Year Goals: 2023 Edition

4 Different Types of Estimating

Categories: contingency, risk

Once you’ve ticked ‘mitigate’ as your risk management approach, you then have to think up ways to actually do that. What could you do to make the impact or likelihood of the risk less? Here are 4 options for reducing the risk – they won’t work on every risk, but they are general directions to consider when you’re wondering what to do to lighten the load for the project. And they are pretty easy to implement too, so that’s a bonus.

1. Start small

One of the easiest risk mitigation strategies is to start small. Consider prototypes, models, pilots. Think about how you can avoid a big bang launch and deliver results incrementally instead.

This works well as an approach if your project is using new technology, a new supplier, or is changing something sensitive, like a business critical process.

It doesn’t always work: on one large project I worked on we planned to deliver site by site, rolling out the new software and processes to groups at a time. But it didn’t work: for accounting reasons we had to maintain the integrity of the financial records and go big bang.

However, as a starting point, doing test runs and phased delivery is a good approach to mitigating all kinds of risk.

2. Schedule testing time

How many projects have you worked on where you’ve had enough time for testing? I’m embarrassed to say that plenty of my projects have ended up with testing time being squeezed.

As a project manager, you can control the schedule and double the amount of testing time planned (or whatever allocation of testing you feel appropriate, given input from the people involved in the work). That should give you long enough to wheedle out the bugs, which is another way of mitigating go live risks.

3. Add contingency to the schedule and budget

Explicit contingency is ‘extra’ time that is designed to offset risk: the risk of not knowing what you are doing, or whether it will work!

Manage uncertainty by adding a buffer to the duration of scheduled activities (or at phase level) and also to the budget.

I prefer contingency to be explicitly called out as an additional 10% of the budget and appropriate length for schedule contingency. Document what your approach will be in your schedule management plan and financial management plan.

4. Understand the guardrails for the project

Guardrails are like boundaries; tolerances for what freedom of action you have on the project. When you know where you have wiggle room and where you do not, you can make better decisions. Ultimately, your course of action to mitigate a risk should become easier because you know where you can save time and effort and where you cannot, because doing so will push you outside the guardrails.

When you’re working out what is the best course of action for a risk, think about where those boundaries lie and what options you have to work within them. That can help you decide whether your course of action requires an escalation or whether the team can manage without input from other layers of governance.

The right approach for risk mitigation depends on what the risk is, the risk appetite of your project and organisation, and what resources you have available to you. However, the above ideas are a starting point. What other common approaches do you use to mitigate project risks? Let us know in the comments!

Posted on: October 11, 2022 08:00 AM | Permalink

Comments (7)

Please login or join to subscribe to this item
Awesome key point

Contingency is what you do when your risk is triggered. You figure out your contingency actions then cost them in terms of budget and schedule. Finally, you multiply the cost items by the mitigated risk likelihood and, voilà, you have your contingency reserve for that risk.

Thanks for your comments!

Proto and testing are great ways to mitigate or reduce risk and is a must as a part of executing your project. Adding contingency of 5-10 percent is usually done for big projects like construction as a rule of thumb. But I wouldn't do this at my work. I calculate the probability of failures and assess the impact and assign a dollar value for known unknowns. Taking into account some positive risks as well. And the net contingency dollar value reduces is as minimal or per calculations. While doing this, I would have at least a second set of eyes review this. For unknown unknown there is always management reserves. This way you budget is as accurate as possible.

In some industry sectors is also common the transference of risk, diminishing the initial investment on risk management and the impact on the expectation of total use project budget which can be compromised when adopting percentages without a previous check on the precedent projects similar in the strategic and at the same level of investment already realized. Valuable tips, Mrs. Harrin. Thanks for sharing.

@Vijay: thanks for sharing your experience, this is really useful.

@Vagner: In my industry we don't do a lot of transference (beyond the 'normal' insurance) but I'm sure it's much more common in other industries. Is it used a lot in engineering?

Please Login/Register to leave a comment.


"No opera plot can be sensible, for in sensible situations people do not sing."

- W.H. Auden