Risk Mitigation Planning (it used to be called Risk Handling) is the process that identifies, evaluates, selects, and implements options in order to set risk at acceptable levels given program constraints and objectives. This includes the specifics on what should be done, when it should be accomplished, who is responsible, and associated cost and schedule. The most appropriate strategy is selected from these mitigation options: [1, 2]
- Risk Avoidance
- Rick Controlling
- Risk Transfer/Sharing
- Risk Assumption
For each risk the type of mitigation strategy must be determined and the details of the mitigation described in the Risk Mitigation Plan. The intent of the risk mitigation plan is to ensure successful risk mitigation occurs.
Risk mitigation planning is the activity that identifies, evaluates, and selects options to set risk at acceptable levels given program constraints and objectives. Risk mitigation planning is intended to enable program success. It includes the specifics of what should be done, when it should be accomplished, who is responsible, and the funding required to implement the risk mitigation plan. The most appropriate program approach is selected from the mitigation options listed above and documented in a risk mitigation plan. 
The level of detail depends on the program life-cycle phase and the nature of the need to be addressed. However, there must be enough detail to allow a general estimate of the effort required and technological capabilities needed based on system complexity. 
Is when it’s decided to perform other activities that don’t carry the identified risk by eliminating the root cause and/or consequence. It seeks to reconfigure the project such that the risk in question disappears or is reduced to an acceptable value.
Is when you control the risk by managing the cause and/or consequence. Risk control can take the form of installing data-gathering or early warning systems that provide information to assess more accurately the impact, likelihood, or timing of a risk. If warning of risk can be obtained early enough to take action against it, then information gathering may be preferable to more tangible and possibly more expensive actions.
Is when you share the risk with a third party like an insurance company or subcontractor.
Is accepting the loss, or benefit of gain, from a risk when it occurs. Risk assumption is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained.
- For a more detailed explanation on risk, visit the DoD Risk Issue and Opportunity Management Guidance for Defense Acquisition Programs – June 2015.
AcqLinks and References:
- DoD Risk, Issue, and Opportunity Management Guide for Defense Acquisitions- Jan 2017
-  DoD Risk Management Guidebook – Section 5.0 – Aug 06 (Outdated)
- Defense Acquisition Guidebook (DAG) – Chapter 2 & 4
- Risk Assessment Checklist
- Risk Assessment Worksheet and Management Plan
- Continuous Risk Management Guidebook by Carnegie Melon
- Template: Risk Management Plan
- Template: Project Rick Management Template