What risks do you decide to not actively manage? Does the concept of not managing every identified risk make you go dizzy? Well, according to John Goodpasture, PMP, it's important to not only identify the risks you plan to address, but also the ones that are not likely to happen or have great impact if they do. Goodpasture explains how the plan of “no strategy” is still just as much a strategy as any other:
Frankly, for many, the idea that we're going to sit back and accept risk is an uncomfortable position to take. But it happens all the time. When my risk management students lament that their organization has no risk management process or strategy and just deals with risk as they come along, I respond: “No strategy” is a strategy of sorts in the sense that you've embraced “accept” as your risk response plan. In that event, the need to actually do a lot of work up front to identify risks is really not too productive. If the organization is risk-seeking in attitude, this may be just fine. After all, you're just going to accept whatever comes along and deal with it.