The Engagement Manager should develop an overall control plan for the Service Engagement risks that will define the interval at which the risk status should be reviewed and determine the triggers for any actions. For each assessed risk, the Engagement Manager should determine the mitigation/contingency actions and the resource(s) responsible for those. Mitigation/contingency actions may be identified by comparing actual Service Engagement risks with risks previously encountered in similar Service Engagements and archived in a risk database at organizational level.

For each risk, consideration must be given to the development of individual mitigation plans that are aimed at preventing the risks from being realized, or reducing its potential impacts. These action plans will take one the following approaches and have the associated effect:

• When the severity and impact of the risk is considered to be high and a concern to the Service Engagement, the aim of the associated actions should be to reduce the potential impact to such an extent that the risk should theoretically disappear over time.
• When the severity and impact of the risk is considered to be low and of no real concern to the Service Engagement (at present), the aim of the associated actions should be to ensure that the level of impact does not increase.

In addition, consideration must also be given to the development of contingency plans for each risk, which will define the actions to be undertaken in the event that a risk materializes.

The Engagement Manager must determine the criteria/risk parameter that is most critical to the engagement. These could include risk priority, impact, category, visibility to the client, etc. The Risk policy (within the risk strategy)l determine the style of approach to take for the selected criteria.

For example if in an engagement probability and impact are the selected criterion, a high probability, high impact risk must have anapproach to reduce or remove the likelihood and consequence of the risk materializing and as such is best supported by a mitigation plan. Whereas the approach for a low probability, low impact risk where the level of consequence could be deemed acceptable to the Service Engagement, then a contingency plan might be more appropriate. Some risks can only be monitored on a regular basis to see if their probability or impact changes (e.g. external factors, such as new legislation, or an environmental impact, such as flooding).

Additionally the Engagement Manager must also take key risks as inputs while planning for various aspects of the Service Engagement, both engagement management as well as Service Delivery.