HKSM

A key step in risk management where the team designs and chooses a suitable response to a risk, aiming to reduce its likelihood, its impact, or both.

Key Points

• Focuses on lowering a risk's probability and/or impact, not eliminating all uncertainty.
• Involves selecting and planning concrete actions (e.g., spikes, tests, redundancy, training).
• Actions are documented in the risk response plan and tracked in the risk register with owners and dates.
• Results are monitored; residual and secondary risks are identified and managed.

Example

An agile team foresees a risk that a new encryption library could slow response times. They mitigate the risk by scheduling an early technical spike, adding automated performance tests to the CI pipeline, and setting a performance budget for each story. This reduces the chance and impact of performance degradation.

PMP Example Question

Which action best illustrates risk mitigation for a high-likelihood performance risk on an agile project?

1. Set aside extra funds to cover potential rework if the risk occurs.
2. Add early performance testing, run a spike to validate the approach, and optimize code paths.
3. Purchase insurance to cover financial losses if the system performs poorly.
4. Cancel the feature that might cause performance issues.

Correct Answer: B — Proactive steps to reduce the risk's likelihood and impact

Explanation: Mitigation reduces probability and/or impact through preventive actions (e.g., tests, spikes, optimization). Reserve funding is acceptance, insurance is transfer, and canceling the feature is avoidance.