Risk Mitigation vs. Risk Contingency: What You Need To Know

Lots of business decisions are risky. Your products might go out of fashion, or a new product line might tank with your customers. Risk mitigation and contingency planning both help you prepare for trouble. Mitigation strategies are things you should be doing now, whereas your risk contingency plan only kicks in if disaster strikes.

Once youve identified potential risks, you can assess them. Ideally, you can quantify how likely they are to happen and how bad the impact will be. Then, you can develop strategies for the most probable and most damaging risks to either improve the odds or mitigate the damage if they come to pass.

Risk contingency measures are the things your business will do if X happens. A risk mitigation plan might, for example, try to reduce the risk of your vendors hiking prices. A risk contingency plan spells out what to do if prices go up anyway. Risks for which you can prepare contingency plans include supply chain problems, fire, flood, data breaches and major network failure.

On one axis, you list the probability of a contingency coming to pass. If, say, your raw material prices are locked in by contract for the next three years, the risk of a price hike this year is nil. On the other axis, you list the damage factor: minor, moderate, major or critical.

The initial plan for a given contingency should make clear what youll do, but it doesnt have to go into detail. Your risk contingency measures for a government shutdown might include keeping your key employees working full time. You dont have to sit down and identify the employees until you see the contingency is shifting into the “going to happen soon” category.

Whenever anything major changes at your company, pull out the plan and review it. If youve moved to a new building, changed suppliers or changed key personnel, that may change some of your contingencies or render them null and void. Regular review will keep the plan relevant to the contingencies of your current situation.

Fraser Sherman has written about every aspect of business: how to start one, how to keep one in the black, the best business structure, the details of financial statements. Hes also run a couple of small businesses of his own. He lives in Durham NC with his awesome wife and two wonderful dogs. His website is frasersherman.com

A mitigation plan attempts to decrease the chances of a risk occurring, or decrease the impact of the risk if it occurs. It is implemented in advance. A contingency plan explains the steps to take after the identified risk occurs, in order to reduce its impact. Think of a contingency plan as the last line of defense.

PMBOK® Guide: Difference Between Mitigation Plan And Contingency Plan

What is a risk contingency plan?

A risk contingency plan provides guidelines that address what an organization should do if a hypothetical risk becomes a reality. Their intent is to minimize the harm an undesirable sequence of events could do to an organization and its assets. Risk contingency plans respond to both internal and external risks, offering a sense of order when operations become complicated and urgent action is necessary.

Risk contingency plans account for the fact that most problematic scenarios unfold in stages. For instance, airlines have risk contingency plans for responding to storms. If a storm approaches before takeoff, risk contingency plans recommend a delay for departure. If the storm occurs while the plane is flying, the risk contingency plan might require the plane to change its course. Both instructions address the same problem but in different contexts of risk.

What is a risk mitigation plan?

A risk mitigation plan is a set of guidelines an organization uses to protect its interests when conducting operations or activities. Organizations avoid risk to defend their financial well-being, project outcomes, physical and digital assets, employee health and legal standing. Risk mitigation plans define internal risks (those within their control) and external risks (those outside of it) and develop strategies to limit them as much as possible. Companies also analyze different risks to determine if theyre avoidable or have to be tolerated to a certain extent.

Risk mitigation plans address the conditions that precede an event or activity. They ensure a more successful future by taking action in the present. For example, airlines create risk mitigation plans to operate flights that are profitable and safe for all parties. They train pilots and check systems to limit internal risks and create guidelines that specify acceptable flying conditions.

Risk mitigation plans vs. risk contingency plans

Here are the key comparisons that can clarify the differences between risk mitigation plans and risk contingency plans:

Timing of implementation

Businesses implement risk mitigation plans before operations or projects. They often involve actions that take time to plan, organize and execute. However, sometimes businesses dont recognize a source of risk until after a problem occurs. Risk mitigation planning is an ongoing process that also takes place each time an organization identifies an additional complication.

Companies make their risk contingency plans in advance but only implement them when predetermined cues occur. Ideally, early recognition of warning signs can prevent risky conditions from becoming severe problems. For example, a corporate accountant might recognize a troubling irregularity in a companys financial records. A successful risk contingency plan would ensure the company quickly investigates and resolves the issue to prevent any future harm to the business.

Conditions for activation

Risk mitigation plans are not typically conditions-based. For each operational activity, a company benefits from taking as many protective actions as possible, especially since many risk mitigation measures are legally mandated. For instance, to mitigate the risk of food contamination, restaurants must prove to the local government that theyve developed sanitation procedures. These procedures form the basis of its operations and apply every day.

Risk contingency plans are, by definition, conditions-based. A business and its employees only enact contingency measures when specific circumstances arise. However, its essential that an organization educates its team on risk contingency plans before theyre needed. Employees need to rehearse their contingency plan responsibilities so that theyre prepared to perform them in a live situation.

Relationship to risk

Risk mitigation has a direct relationship with risk probability. When properly implemented, risk mitigation plans reduce the possibility of many risks happening at all, especially internal ones. When adverse events occur, the preventative measures taken by an organization can also lower the probability of substantial losses. For instance, a store might install signs informing patrons that security cameras are watching them. This is part of a risk mitigation plan, but if someone steals merchandise anyway, the camera footage increases the likelihood that authorities catch the responsible individual and recover the property.

Risk contingency plans do not affect the probability of a risk becoming an actual issue. However, if a risk contingency plan provides steps to take when warning signs appear, the probability of extensive harm to an organization goes down. For example, properly training a sports teams medical personnel doesnt reduce the chances of an athlete getting hurt, but it prepares them to lessen the effects of an injury with proper care.

Typical costs

Both risk mitigation plans and risk contingency plans involve costs. Risk mitigation plans, though, typically represent more regular and substantial ones. Maintaining a sufficient level of risk awareness can entail paying specialized employees, contracting services, buying materials and investing time into risk assessment.

Risk contingency plans rarely cost an organization significant money until an event requires the use of contingent resources. For instance, a shipping company doesnt experience the cost of using longer backup routes until some event forces the company to abandon its usual ones.

Examples of a risk mitigation plan and a risk contingency plan

Here are examples of a risk mitigation plan and a risk contingency plan as an entertainment company hosting an outdoor concert would use them.

Risk mitigation plan example

The entertainment companys risk mitigation plan might set the following objectives and deliverables:

Risk contingency plan example

The entertainment companys risk contingency plan might contain the following directives:


What is the difference between risk and contingency?

A contingency plan is executed when the risk presents itself. The purpose of the plan is to lessen the damage of the risk when it occurs. Without the plan in place, the full impact of the risk could greatly affect the project. The contingency plan is the last line of defense against the risk.

What are some examples of mitigation?

A contingency plan is a plan for a “what if” scenario that could ruin your project or business. A simple example of a contingency plan is to back up all website data in case your site gets hacked. If this scenario happens, you can then restore the data after regaining access and changing passwords.

Is mitigation the same as planning?

Other examples of mitigation measures include:
  • Hazard mapping.
  • Adoption and enforcement of land use and zoning practices.
  • Implementing and enforcing building codes.
  • Flood plain mapping.
  • Reinforced tornado safe rooms.
  • Burying of electrical cables to prevent ice build-up.
  • Raising of homes in flood-prone areas.

Related Posts

Leave a Reply

Your email address will not be published.