Risk Treatment

Risk treatment involves identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them.

The options available for the treatment of risks include:

• Retain/accept the risk - if, after controls are put in place, the remaining risk is deemed acceptable to the organisation, the risk can be retained. However, plans should be put in place to manage/fund the consequences of the risk should it occur.
• Reduce the Likelihood of the risk occurring - by preventative maintenance, audit & compliance programs, supervision, contract conditions, policies & procedures, testing, investment & portfolio management, training of staff, technical controls and quality assurance programs etc.
• Reduce the Consequences of the risk occurring - through contingency planning, contract conditions, disaster recovery & business continuity plans, off-site back-up, public relations, emergency procedures and staff training etc.
• Transfer the risk - this involves another party bearing or sharing some part of the risk by the use of contracts, insurance, outsourcing, joint ventures or partnerships etc.
• Avoid the risk - decide not to proceed with the activity likely to generate the risk, where this is practicable.

Updated: 30 July 2007