PMP 2026 Choosing and Documenting Risk Responses for Threats and Opportunities
March 26, 2026
Study PMP 2026 Choosing and Documenting Risk Responses for Threats and Opportunities: key concepts, common traps, and exam decision cues.
On this page
Risk Response Selection is the choice of the most appropriate action for a threat or opportunity after the risk is understood well enough to act. PMP 2026 expects candidates to match the response to the exposure, not to choose the most aggressive option by habit.
That makes this a Business Environment skill as much as a planning skill. Responses affect contracts, budgets, accountability, stakeholder confidence, and governance transparency.
flowchart TD
A["Prioritized risk"] --> B{"Threat or opportunity?"}
B -->|"Threat"| C["Avoid, mitigate, transfer, or accept"]
B -->|"Opportunity"| D["Exploit, enhance, share, or accept"]
C --> E["Check cost, feasibility, and ownership"]
D --> E
E --> F["Document response, trigger, and residual risk"]
The strongest answer usually fits the response to the risk profile. Overreaction can be as weak as underreaction.
Matching the Response to the Risk
Threat responses and opportunity responses are not interchangeable. Avoiding a threat is different from exploiting an opportunity. Mitigation is different from transfer. Acceptance can be active or passive, but it still requires visibility and ownership.
The project manager should consider severity, timing, cost of response, contractual implications, and whether the team can actually implement the chosen approach. A response is weak if it looks good on paper but cannot be executed.
Documentation Matters
A selected response should not remain a vague idea. It should be recorded with an owner, trigger, action, deadline, and any related reserve or fallback logic. If the response introduces residual or secondary risk, that should also be visible.
This is one reason the exam often prefers “document and assign” over “decide informally and move on.” Good documentation keeps the response governable.
Common Pitfalls
Choosing the most aggressive response without checking feasibility or cost.
Confusing transfer with elimination.
Treating acceptance as neglect.
Failing to assign ownership or define triggers for the chosen response.
Key Takeaways
Choose the response that fits the risk, not the response that sounds most forceful.
Threat and opportunity responses should be distinguished clearly.
A selected response is incomplete until it is documented, owned, and made monitorable.
Check Your Understanding
### What is the main goal of risk response selection?
- [x] To choose the most appropriate action for the specific threat or opportunity.
- [ ] To remove the need for a risk owner.
- [ ] To escalate every high-priority risk automatically.
- [ ] To close the risk once a response name is chosen.
> **Explanation:** Response selection is about fit and practicality, not automatic escalation or closure.
### A team decides to buy insurance for a supplier-related exposure. Which response is this closest to?
- [ ] Avoid
- [x] Transfer
- [ ] Exploit
- [ ] Share
> **Explanation:** Transfer shifts part of the financial or contractual consequence to another party.
### Which action most clearly shows a weak response choice?
- [ ] Selecting mitigation because the threat can be reduced at reasonable cost.
- [ ] Accepting a low-impact risk while keeping it visible in the register.
- [x] Choosing avoidance without checking whether the project can still meet its objectives.
- [ ] Assigning an owner and trigger after selecting a response.
> **Explanation:** A response that destroys feasibility may be worse than the original risk.
### After choosing a response, what should happen next?
- [ ] The risk should be archived because the decision is complete.
- [ ] The team should wait until the next phase to name an owner.
- [ ] The response should stay verbal to preserve flexibility.
- [x] The response should be documented with ownership, trigger logic, and any residual risk implications.
> **Explanation:** Documentation turns a response choice into something the project can actually execute and monitor.
Sample Exam Question
Scenario: A project depends on a specialist vendor whose delay could affect a public launch. The team has already analyzed the risk and determined that some exposure will remain regardless of the chosen approach. The project manager now needs a response that is practical, proportionate, and clearly documented.
Question: What is the best immediate response?
A. Escalate the risk immediately without deciding on any response option.
B. Select and document the response strategy that best fits the threat, along with owner, trigger, and residual-risk considerations.
C. Accept the risk silently so the team can move faster.
D. Choose avoidance automatically because it sounds strongest.
Best answer: B
Explanation:B is best because the scenario calls for a proportionate, workable response that the team can execute and monitor. A PMP-style answer does not default to escalation, hidden acceptance, or the most aggressive response label. It matches the response to the actual exposure and documents the decision clearly.
Why the other options are weaker:
A: Escalation may still be needed later, but it does not replace response selection.
C: Silent acceptance removes control and visibility.
D: Avoidance is not automatically correct; it must still fit project objectives and feasibility.