Project Management

Risk Response Strategy and Contingency Plans

From the Risk Management for Complex Projects Blog
Project risk is a common threat to complex projects, and the track record of cost and time overruns is well documented. In this blog, risk management methods and tools are proposed according to the project type, project complexity, and environmental factors. Project risks and opportunities will be identified and analyzed, then risk response plans will be implemented in order to decrease the negative risk impacts. The risk management strategy can be agile or conventional, based on the project objectives and corporate strategy.

About this Blog


Recent Posts

Why stakeholder involvement is important for risk management?

Risk Response Strategy and Contingency Plans

Hybrid Risk Management Methodology adapted to project life-cycle and project management strategy



Developing the risk response strategy is one of the most important parts of the risk management plan. This could include risk acceptance criteria, the development of action plans for risks deemed critical, or contingency plans for unforeseen events. The application of the risk response strategy must be carried out in parallel with the project control and monitoring to closely observe the effectiveness of the action plans on the project management plan.

The risk response strategy can be developed based on the organization’s risk acceptance criteria and the results of the risk analysis. When project risk impacts or the overall risk level of the project are evaluated, risk response plans can be proposed to mitigate negative risk impacts, avoid potential risk sources and risk triggers, and transfer project risks. Risk response plans can be proposed using brainstorming sessions, meetings, interviews with experts, or using data analysis techniques and tools.

A contingency plan is an action plan designed to help an organization respond effectively to a risk event. It is part of a proactive risk management plan and should include preventive controls and recovery strategies. Risk managers, while developing a risk management strategy, should consider contingency plans to protect their organizations and the project progress from potential negative impacts after an unforeseen event. I can give two examples of contingency plans from my professional experience:

The first is a PPP construction project. Just before the signature of the contract with the public client, the financial sponsor/bank withdrew from the project. As defined in the PPP contractual framework, the general contractor is responsible for project funding, design, construction, and maintenance of the project. With the bank’s withdrawal from the project at the last minute, the general contractor ran the risk of ending the project. Fortunately, strategic risk managers had developed a contingency plan for this risk event and proposed some alternative internal/ external funding solutions.

The second example is a Design-Bid-Build construction project. During the project execution phase of the project, a contractor defaulted. In the risk management strategy, a contingency plan has been developed for this type of situation. To complete the construction works, an alternative co-contractor was identified and for additional costs due to the change of the critical path, management reserves were set up.

How do we choose a risk response plan (avoid, accept, mitigate, transfer risks)?

According to the risk acceptance criteria defined in the Organizational Process Assets and strategic planning, for some identified project risk events, the negative risk impacts are not acceptable at all, even with the mitigation of the probability of occurrence and potential impacts. For these risk events, a risk-avoiding or prevention plan must be applied to eliminate the source of risk or risk factor and risk trigger factor.

Risk response plans can help mitigate negative risk impacts, or eliminate the source of the risk event. We can control and monitor the effects of the risk response plans after their applications, in parallel with the project control techniques, then update the risk data with a new probability of occurrence and impact values. The impacts of the risk events can be identified and assessed on the project objectives “cost, time, quality and safety constraints”. The risk acceptance criteria are defined in the risk management strategy to evaluate and sort project risks into “high, medium, and low” risk levels. The risk acceptance criteria of the organization and the risk assessment with the potential impacts on the project objectives are two major axes for developing the necessary action plans. As risk managers, we need to find a balance between these two axes, analyzing the potential impacts of the risk events on the project objectives and evaluating them on the organization’s risk management strategy.

One effective way to illustrate the effectiveness of the risk response strategies is to use project performance measurement techniques. It can be cost performance control, schedule control, quality control, or safety control. Using these performance techniques, we can assess the changes in the probability of occurrence of the risk events and in the impacts on the project objectives after the proposition of the risk response plans. Then, we can organize meetings, brainstorming sessions with project team members to discuss risk data, project data, and the effects of the risk response plans on the project objectives. The communication factor is essential in risk management. We can apply a risk management plan in parallel with the project management steps to integrate risk data into project management outputs and to observe the results of risk response plans on project progress.

In the development of a risk management strategy, all steps of the risk management process should be connected in a systematic way. The risk management process begins with the project analysis for identifying the risk factors, then potential impacts and probability of occurrence are assessed, and the risk level is evaluated. Finally, risk response plans are applied. The risk management process should be applied throughout the project life-cycle and run parallel to the project management process to monitor impacts on the project constraints. We need to improve the communication channels and the decision-making process in the project organization for the effectiveness of the risk management strategy.

For further information, you can check my risk management training content in the PMI Training Program: An Agile Approach to a Formalized and Systematic Risk Management Process for Complex Projects.

Thank you!

Dr. Esra Tepeli


Posted on: January 04, 2023 01:47 PM | Permalink

Comments (5)

Please login or join to subscribe to this item
YI-CHI LAI Project Manager| EverMore Technology, Inc. Hsinchu, Hsq, Taiwan
Thanks, risk management indeed important to projects.

Luis Branco CEO| Business Insight, Consultores de Gestão, Ldª Carcavelos, Lisboa, Portugal
Dear Esra
The topic that brought to our reflection and debate is very interesting.
All project risk management processes are really very important

Stéphane Parent Self Employed / Semi-retired| Leader Maker Prince Edward Island, Canada
It's important to understand that our risk management plan will be dictated by the organization's risk appetite.

Latha Thamma reddi Sr Product and Portfolio Management (Automation Innovation)| DXC Technology Mckinney, Tx, USA
further information on PMI Project Risk Management topic you mentioned in the Blob is very useful.

Piotr Hajnus Poland
Thank you for sharing this blog Esra.

The examples from your experience and the whole content is captivating.

Please Login/Register to leave a comment.


"It takes a lot of courage to show your dreams to someone else."

- Erma Bombeck