Risk mitigation is also the process of controlling the actions, which are identified, and selecting those suitable to reduce the risk based on the project objectives (Pa , 2015). Risk mitigation is important in IT organizations in many ways. According to Ahdieh, Hashemitaba, Ow (2012), risk mitigation provides a mechanism that allows managers to manage risk effectively by providing phased execution of risk management (as cited in Pa, 2015, p. 49). Some risks, once identified, can be easily eliminated or reduced. However, most risks are much more difficult to mitigate, especially high-impact, low-probability risks. Therefore, risk mitigation and control must be long-term efforts by IT project managers throughout the project lifecycle. There are three types of risk mitigation strategies that are unique to business continuity and disasters