"The particular Risk Action Plans developed and implemented to treat an identified risk will depend on the nature of the project and the nature of the risk. They cannot be specified in detail in guidelines like these. However, some general suggestions can be provided. During the response identification and assessment process, it is often helpful to think about responses in terms of broad risk management strategies: - [[Risk Prevention]] (including risk avoidance); - [[Impact Mitigation]]; - [[Risk Sharing]]; - [[Insurance]]; - and [[Risk Retention]]. In practice, these categories overlap to some extent. Nevertheless, they provide a useful framework for thinking about how to deal with risks. These categories are in the nature of tactical responses. The organization should determine how they should be combined into its overall strategy, according to the extent to which it is prepared to accept or tolerate risk. Policy decisions such as this must be made at senior levels in the organization, not left to individual managers.” — Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements by Dale F. Cooper, Stephen Grey, et al. https://a.co/6GPKwX5