Avoid, Mitigate, Transfer, or Accept? PMP Exam Guide

Editorial Team

Risk Avoid, Mitigate, Transfer, or Accept

Preparing for your PMP exam may take a significant toll on you since you only get two shots or wait for the next round of applications. Also, project management is pretty comprehensive and has lots of areas that you can be tested on. To be on the safe side, you should know certain common concepts that keep on appearing in this exam and increase your chances of success.

This article looks at the four main risk management techniques, an area that is commonly tested in the PMP exam. We will delve deeper into risk avoidance, mitigation, transfer, and acceptance to give you a complete understanding before sitting for your exams.

Risk Avoidance

Even though it may not be possible to avoid all the risks associated with projects completely, avoidance is a common risk management technique. It is the elimination of all the probabilities that may cause a given risk. This is done when project managers change their plans or the project parameters.

Avoidance reconfigures the whole project, ensuring that the given risk disappears or is crashed to a diminutive value. Unlike other risk management responses, it usually applies before the occurrence of the given risk.

Avoidance involves coming up with different solutions. These may be technical, financial, political, and engineering in nature as long as the risk is addressed. However, it may pose a different problem altogether.

The avoidance of one risk can result in other unknown risks or a far greater consequence. Project managers are therefore advised to be careful when taking this route. This technique calls for both quantitative and approximate risk assessments.

It is also worth mentioning that this technique is usually the most underutilized risk management strategy. Most people resort to risk transfer instead of eliminating its root cause. Also, restructuring the project is not an easy task, and most people resort to more accessible options.

One can best achieve this technique through policy and procedures, technological advancements, training, and education.

When is Risk Avoided?

Risk is usually avoided when the organization refuses to accept it, and t does not allow the exposure to come to life. As a result, it does not engage in any activities that may lead to the risk occurrence.

Here is a personal example that can help you understand how risk avoidance works. Concerning owning a car, this technique may stipulate that one does not buy a car to avoid the risks that come with ownership. The same also applies to property. To avoid the risks that come with a given property, the best move under this technique would be to refrain from obtaining it.

Advantages of risk avoidance

Even though it may be impossible to eliminate risks totally, this technique plays a vital role in detecting as many threats as possible and taking up measures to escape the consequences of unfortunate potential events. Remember, this technique works by eliminating all the potential causes of a given risk.


  • It may not be effective

Risk avoidance may work for one risk but later present other unseen risks, which may be costly. This explains why project managers are advised to be careful when relying on this technique as their primary risk response.

  • It is costly

Risk avoidance involves anticipating project risks and coming up with ways of eliminating them. Mainly, it forces project managers and stakeholders to restructure the entire project, which may be very costly. This explains why most project managers prefer to transfer the risk to an insurance company or any other body.

  • It may be unsatisfactory.

You should note that not all risks are adverse. Therefore, this technique is sometimes not the best way of dealing with risks. It may deprive the company of the opportunity to reap profits occasioned by some risks, which may prevent the company from meeting its objectives.

Therefore, this is usually more of a negative than a positive technique.

Risk Mitigation

There are other risk responses if you one does not want to avoid them.  One of them is risk mitigation. However, be careful not to confuse these two. This response technique does not eliminate the risk but minimizes the impact or probability of it taking place.

It involves proactively changing the plan to minimize impacts. Note that, unlike risk avoidance, this technique leaves behind some residual risk. It starts with coming up with an effective mitigation plan carefully crafted to manage or reduce the risk to a given level.

The most effective risk mitigation plan should have a list of individual risks, a risk rating based on their likelihood and impact, an action plan, and a complete assessment of the company’s existing practices and controls. One should stick to this order of arrangement. Therefore, start with listing all the individual risks as you move towards the plan.

You may also be asked to identify the person who defines and mitigates risks while sitting for your PMP exam. Risk management must be handled by a specific person. It cannot be handled by the entire project team and must be assigned to an individual. This can either be the risk or project manager or a qualified member of the project team.

However, the person in charge of risk mitigation should keep up with different industry standards, deal with any conflicts that may arise, lead the different groups to achieve tangible outcomes, and handle all the uncertainties that come with risk management.

One of the most common risk mitigation techniques that organizations undertake is risk limitation. It usually limits a company’s exposure to a given risk through an action or a series of actions. It, therefore, minimizes the negative consequences or impact of a given known risk and is usually applied when the risk cannot be avoided.

However, note that this is not a risk avoidance technique. It dictates that an organization should conduct proper evaluation and take steps to reduce the probability of occurrence or minimize its impact. One of the best ways of going about this is building a risk limitation strategy step by step, improving it based on different experiences.

Risk Mitigation Best Practices

There are a number of practices that can help you come up with the best risk mitigation plan to deal with project risks. These are:

  • Classify all the root causes of risks identified and quantified in the first phases of the project management processes.
  • Assess the risk interactions and some of their common causes.
  • For every significant risk, come up with alternative mitigation strategies, methods, and tools.
  • Evaluate and prioritize the mitigation alternatives
  • Identify and commit all the resources required for your preferred risk mitigation alternatives.
  • Brief all the project participants to implement what you have come up with.

When owners or clients are involved, they should engage an independent and unbiased expert to review the mitigation plan before it is passed. Risk mitigation is not a one-time thing. It goes on even after the end of the project since there is a need to capture different data and lessons to be used in future projects.

Risk Transfer

This is the commonest means of dealing with risks. This risk management technique takes the risk from one person’s shoulder and places it on another. It engages a willing third party in risk management.

A good example would be different companies outsourcing certain essential operations. You must have noticed that specific organizations engage outside customer and payroll service providers. It takes the load off the main party.

Risk transfer is generally used by companies aiming at focusing more on their competencies. This means that it may harm an organization if the transferred risk is one of its key competencies. This method, therefore, transfers future risks from one person to the other.

Another typical risk transfer example is engaging an insurance company and insuring your business against fire and other common risks. Keep in mind that these transferred risks do not have to take place in the future. Insuring your house against fire does not mean that it will burn down in the future.

How it Works

To explain how this risk management strategy works, we will use one of the commonest examples-insurance. In this arrangement, one party is usually insured against given potential financial risks when it purchases an insurance policy from the insurer.

The policyholder will then make regular payments to the insurer to keep the insurance policy active. These are known as premiums.

When Should One Transfer Risks?

Risk transfer comes in handy for future risks. It is the best way of cushioning a financial asset against a future unpredictable event.

Types of Risk Transfer

There are four main types of risk transfer. These are insurance, derivatives, outsourcing, and contract with an indemnification clause. We have already explained how insurance works. A derivative is a financial product whose value is pegged on a financial asset or interest rate. A firm can buy a derivative to cushion it against financial risk

s, such as a drastic change in currency exchange rates.

An indemnitee can use contracts with an indemnification clause to transfer risks to the Indemnitor. All the future economic losses are transferred to the Indemnitor. In outsourcing, the organization seeks outside parties or firms to run some of their services, shifting the burden from them. 


It aids in the equitable distribution of risks by placing the burden of financial risk on a third party. A policyholder or an indemnitee is therefore protected against losses occurring from different risk events. Another advantage that we may have mentioned in our discussion is that this technique protects against future losses.


  • It is expensive– This is by far the biggest drawback of risk transfer. Organizations must factor in expenses on the purchase and maintenance of insurance covers, derivatives, and indemnity clauses. Also, the higher the value of an asset, the more expensive the premiums are.
  • Time consumption– Risk transfer is time-consuming. Getting the best insurance policy is not instantaneous. One must conduct a level of research to determine the best insurance coverage and getting into an agreement. Also, claiming the insurance takes a lot of time.

Risk Acceptance

This is the less-traveled road. Like the name suggests, risk acceptance dictates that one recognizes and accepts a given risk without taking any mitigating or eliminating actions. Nothing is done to reduce the risk once it has been established that the possible consequences and impacts can be forgiven.

Acceptance involves a level of risking.

When Should Risk Be Accepted?

This risk management strategy is used after establishing that the most economical option to handle the risk is to do nothing about it. It comes in handy if a risk is too small or unlikely and that the organization can shoulder and properly handle its consequences if it happens.

Risk acceptance is considered when the potential loss from the risk does not warrant spending lots of money to avoid or mitigate it. It is also known as risk retention and is generally used in different business and investment fields.

One example of risk acceptance is self-insurance. However, do not confuse this with insurance as the latter is a form of risk transfer. Any risk that is not accepted, transferred, or avoided is usually retained. Most businesses are tactful when going about this as they only accept minimal risks.

However, note that organizations may at times be forced to accept a considerable risk if insurance fails to be a feasible option due to high premium costs. Also, if one omits other potential losses from an insurance cover, he/she has accepted the risk.

Pros and Cons

This risk management technique is cheaper than all the options that we have covered. The business does not spend a dime on mitigation or waste time coming up with a risk response plan. It also eliminates the need for insurance which may be costly.

However, it poses one big challenge.  The decision to accept risk is usually arrived at by the project manager and not by considering the systematic profits and risks. This means that the manager’s opinion is believed to be optimal for the entire company, which may not be the case.


You need to understand risk management before sitting for a PMP exam. We have covered some of the most common risk management responses that you can be examined on. Keep in mind that these techniques are suitable for different circumstances, and therefore, one cannot rely on a singular one to manage all risks.