Once risks have been identified, there are several ways to manage them. Here are four major catagories: Avoid, Reduce, Share or Retain.
We found the ROAM technique (SAFe, 2019) of managing risks useful in our projects:
1. Resolve the risk — The risk is not a problem.
2. Own the risk — Someone in the team takes ownership of the risk, as it was not resolved in the meeting.
3. Accept the risk — The risk cannot be resolved, so it has to be understood and accepted for what it is.
4. Mitigate the risk — Make a plan to reduce the risk.
When managing a risk, often new risks are triggered. Remember to think about the risk that remains after controlling it (i.e. "residual risk"). And what are new risks that come as a result (i.e. "secondary risks")?
Take a holistic view of risks, by managing how they interact (Deloitte & Touche, 2012). Some risks might be considered small, yet as they interact with other risks, events, or conditions, they might cause great damage, or create a significant opportunity.
Interested in learning more?