What are the 4 Ways to Manage Risk?

Once risks have been identified, there are several ways to manage them. Here are four major catagories: Avoid, Reduce, Share or Retain.

"ROAM" the risks

We found the ROAM technique (SAFe, 2019) of managing risks useful in our projects:


1. Resolve the risk — The risk is not a problem.


2. Own the risk — Someone in the team takes ownership of the risk, as it was not resolved in the meeting.


3. Accept the risk — The risk cannot be resolved, so it has to be understood and accepted for what it is.


4. Mitigate the risk — Make a plan to reduce the risk.

Residual and secondary risks

When managing a risk, often new risks are triggered. Remember to think about the risk that remains after controlling it (i.e. "residual risk"). And what are new risks that come as a result (i.e. "secondary risks")?

Assess risk interactions

Take a holistic view of risks, by managing how they interact (Deloitte & Touche, 2012). Some risks might be considered small, yet as they interact with other risks, events, or conditions, they might cause great damage, or create a significant opportunity.

risk management

References and resources

Interested in learning more?

  • ISO 31000:2018, (2018) Risk management – Guidelines, provides principles, framework and a process for managing risk. Source
  • Scaled Agile Framework (SAFe, 2019) Source
  • Deloitte & Touche LLP. (2012). Risk assessment in practice. Deloitte. Source
  • Shore, D. A. (2016). What Could Go Wrong? How to Manage Risk for Successful Change Initiatives. Harvard Professional Development. Source