Risk treatment involves identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them.
The options available for the treatment of risks include:
- Retain/accept the risk - if, after controls are put in place, the remaining risk is deemed acceptable to the organisation, the risk can be retained. However, plans should be put in place to manage/fund the consequences of the risk should it occur.
- Reduce the Likelihood of the risk occurring - by preventative maintenance, audit & compliance programs, supervision, contract conditions, policies & procedures, testing, investment & portfolio management, training of staff, technical controls and quality assurance programs etc.
- Reduce the Consequences of the risk occurring - through contingency planning, contract conditions, disaster recovery & business continuity plans, off-site back-up, public relations, emergency procedures and staff training etc.
- Transfer the risk - this involves another party bearing or sharing some part of the risk by the use of contracts, insurance, outsourcing, joint ventures or partnerships etc.
- Avoid the risk - decide not to proceed with the activity likely to generate the risk, where this is practicable.
Updated: 30 July 2007