
Risk management is a proactive process that helps you manage risks before they occur. In your project, you will encounter two types of risks: negative risks and positive risks. A negative risk could harm your objective and a positive risk can have some positive effects on your project.

Since these risks are different, the strategies to manage them are also different. You must manage bothtypes of risksaccordingly.


The following strategies can be used tomanage negative risks:

  • Mitigate
  • Avoid
  • Transfer
  • Accept
  • 升级

And for positive risks, you can use the following strategies:

  • Enhance
  • Exploit
  • Share
  • Accept
  • 升级

So, there are eight types of strategies to manage risks. Accept and escalate risk response strategies are common for both types of risks.

Inpositive risk response strategies, the enhance risk response strategy and the exploit risk response strategy seem to be similar and are a common cause of confusion among professionals, because in both cases you intend to realize the opportunity.

Therefore, in this blog post, we are going to discuss theserisk response strategiesin detail. I hope to help you understand them better.

Enhance Risk Response Strategy

Enhancing is about increasing the probability and/or impact of positive risks.

Here, you take measures to increase the chance of the event happening or its impact, but there is no assurance that it will occur, i.e., the opportunity may or may not be realized.


Assume you are constructing a building, and suddenly the client tells you that he will give you a monetary reward if you complete the project two months earlier than scheduled.

Therefore, you take several measures to realize the opportunity; for example, you usefast-tracking.

As you can see in the above example, you are only trying to complete the project early to gain the opportunity; i.e., you are increasing the probability of completingthe projectearly. There is no guarantee you will realize the opportunity.


Exploit Risk Response Strategy

Exploiting is about doing everything to ensure that the event happens. In this risk response strategy, you make sure you realize the opportunity, you take the opportunity seriously and develop a strategy to realize it.

Simply put, with the exploit risk response strategy, you increase the chance of the event happening to 100%.


Suppose you are constructing a building, and suddenly the client tells you that if you complete the project two months before the actual completion date, he will give you a financial incentive.

这是一个机会,和管理要求s that you realize this opportunity. Therefore, you do everything to complete the project ahead of time. You give overtime to your team members, bring in more employees, motivate the team members by announcing rewards if they help you complete the project ahead of time, etc.


In the exploit risk response strategy, you are doing everything to realize the opportunity. You do not merely try to get this opportunity; you ensure that you get it.

The Difference Between Enhance and Exploit Risk Response Strategies

The following are a few differences between enhance and exploit risk response strategies:

  • In the enhance risk response strategy you try to realize the opportunity, while in the exploit risk response strategy you ensure that you will realize the opportunity.
  • In the enhance risk response strategy you increase the probability of the opportunity happening, while in the exploit risk response strategy you increase the probability to 100%.
  • The enhance risk response strategy can be considered the opposite of the mitigation risk response strategy, while the exploit risk response strategy can be regarded as the opposite of the avoid risk response strategy.


Enhance and exploit are two kinds of positive risk response strategies. If the opportunity is not very important or you do not have any extra resources, you will use the enhance risk response strategy. In the enhance risk response strategy, you increase the chance of the risk occurring. However, if you have extra resources available or the opportunity is so important that you cannot let it go, you will use the exploit risk response strategy. In the exploit risk response strategy, you increase the chance of the risk happening to 100%.

The enhance risk response strategy takes the situation leniently, while the exploit risk response strategy takes it aggressively. The strategy chosen for the opportunity will depend on the situation, requirements, and resources available to you.

This topic is vital from a PMP and PMI-RMP exam point of view. You may see several questions from this topic on your exam.

所以,你觉得增强应对风险and exploit risk response strategies? Let me know in the comments section below.

PMP Question Bank

This is the most popular Question Bank for the PMP Exam. To date, this PMP Question Bank has helped over 10,000 PMP aspirants pass the PMP exam.

PMP Formula Guide

This is the most popular Formula Guide for the PMP Exam. If you face difficulty with attempting mathematical questions for the PMP exam.

Recommended Reading

Speak Your Mind

  • 谢谢for the explanation, I have been thinking about enhance vs exploit and stumbled upon your good post.
    Please correct me if i am wrong, in enhance i can work on enhancing probabilty and/or impact while in exploit i focus on probabilty making certian that the opportunity will occure so that i can exploit it.
    For example, if there is a 80% probabilty that Euro value will increase by 20%. I cannot exploit this opportunity i can only enhance it by increasing the impact by buying more euros.


  • Very nice explanation – especially like the idea of when to enhance and when to exploit. However, I feel PMI should do away with “exploit”. I don’t think PM can do a mitigation plan (which is supposed to be proactive) that will bring the probability of risk occurrence to 100%.

    • Mitigation is for negative risk. Exploit means the project manager is doing everything in hand to make it happen.

  • Your project is halfway complete and you see an opportunity that if you are able to complete the project a little early, you will get another project. So you ask your team members to find ways to complete the project one month earlier. Your team members come up with various ideas such as running many activities in parallel, using extra resources, overtime, and renting new equipment. You review these ideas and find most of them very costly so you decide to run many activities in parallel so the project can finish earlier. What kind of response it this?


  • I had a long time doubt which is cleared by your blog.
    Really nice .
    Where I can look forward like this explanation for some other PMP terms

  • Thank you Fahd, as I understood, however, selecting the correct or best answer depends on the action has been made in the question

  • I want to appear in RMP exam. I have a question that what type of questions I would face in the exam except Risk Management process questions.


  • 1.Failure Mode and Effect Analysis is same as Risk, do we have to do a contingency for this?
    2. Cause and Effect Diagram is an analytical technique or not because in PMBOK 5 in the Glossary it is mentioned that it is a decomposing technique?

    • 1) FEMA is an analytic technique.

      2) Cause and effect diagram is a tool and technique of plan quality management process.

  • I get a lot of different answer scenarios from test preps. For example, I have seen in a source that you should assume “exploit” if a plan needs to be changed (such as increased schedule time). Also, I have seen crashing go both ways “exploit” and “enhance” (not knowing if it is 100% or not trying to get the opportunity. The question just says, “crashing is a form of…”. If the test does that, how would I choose (ucertify says enhance and PM Instructors says exploit).

    • Also, ucertify said that “training is a form of exploit”. How would I guess on that if I don’t know the ascertion of the PM?

      • Exploit and Enhance is not about any special technique. It is about the way that how you approach it. If you just trying to get it, it is enhancing. On the other hand, if you’re working hard to make sure to realize it, it is exploiting.

  • Don’t really agree with your example, although you are quite accurate in definition of exploit vs enhance. Though there are a lot of flaws in your interpretation of the scenario. Let me take one example. In the enhance part you have mentioned to enhance by using only fast tracking , and just by using crashing it becomes an exploitation effort? What if the project cannot be fast tracked due to a constraint in sequence of project schedule. And crashing and fast tracking both actually increase risk, doesn’t reduce it!

    The key to understand here is to go back to PMBOK and dig the concept in more depth.

    Exploit as per PMBOK means to “eliminate” the uncertainty
    Enhance as per PMBOK means to “reduce” the uncertainty.

    In many situations, the best we can do is really to enhance the opportunity, and cannot exploit it, especially when it comes to decisions regarding schedules. Remember, best you could do with a project schedule is to come up with a certain standard deviation on a target date. There is never an absolute schedule in PM terms.

    In your construction project, best we can do is to enhance the opportunity. We can’t really exploit it as there will always be some probability of work not being completed 2 months earlier.

    So when looking at enhance vs exploit, first we need to look at the situation, and determine what realistically is possible.

    Still, in your example, you can exploit many small risks to enhance the final risk. For example, you could look at your schedule and if possible adjust the timing, or resources of work package such that it guarantees a specific outcome at activity level.

    Hence, the risk of completing the whole building really cannot be exploited. Max it can be enhanced. Exploitation usually happens at smaller levels, such as resources, or work-package.

    • Crashing, fast tracking, etc. are not a complete list of action to be taken for either exploit or enhance risk response strategies. It is job of the project manager to decide the best course of action.

      Point is, in exploit you will eliminate the uncertainty, and in enhance you will reduce the uncertainty.


  • Your blog is fantastic and really helps everyone to fully understand difficult terms and conditions related with project management.

    I would like to ask you if you can provide tools and examples that calculate the total project risk. How calculated a total project risk and compared with other total project risks?

    谢谢in advance

    • Thank you John for your comment.

      I don’t have any tool or examples for the total project risk. Let me know if you have any specific question.


  • 我真的很喜欢阅读您的PMP材料。他们是清晰,简洁,很好的例子。不错的工作。
    Thank you

  • Broad explanation Usmani.

    Hence, from negative risk perspective we have another 2 response strategies: MITIGATION Risk Response Strategy (to try to minimize the threat) and AVOID Risk Response Strategy (to ensure threat elimination) ??

  • {“电子邮件”:“邮件地址无效”,“url”:”网站的广告dress invalid","required":"Required field missing"}

    Recommended Resources

    Use these resources for your PMP certification exam preparation and pass the exam with minimal effort.

    The PMP Training Program

    The PMI approved 35 contact hours training program that is 100% online, affordable, and help you prepare the PMP exam.


    A PMP exam preparation course, that is 100% online and provide you everything you need to pass the PMP exam.
