2. Knowledge base
  3. Risk Management
  4. Step 4: How to Handle and Mitigate Risks

Step 4: How to Handle and Mitigate Risks

Last updated: 2024-12-13
See our solution:
Risk Management
Was this article helpful?
1 of total 1 found this helpful.

Deciding How to Treat Risks: The Fourth Step in the Risk Management Process

Now that you have identified the priority risks that pose the greatest threat, you must decide how to address each one.

What Options Do You Have to Deal with Risks?

You have four main options for dealing with individual risks. We assume that in the previous step, you eliminated risks with a low impact and are now focusing on priority risks that pose the greatest threat.

  1. Accept the Risk: Do nothing and hope it doesn't happen.
  2. Reduce the Risk: Take precautions to mitigate the risk.
  3. Transfer the Risk: Shift the risk to someone else.
  4. Avoid the Risk: Eliminate the source of the risk entirely.

Let's break down each option in more detail.

Decide How to Deal with Each Priority Risk

  1. For each individual risk, determine your approach.
  2. Select from the list of available options.
  3. Create follow-ups and assign tasks to responsible managers.

Accept the Risk as It Is

  • Accepting the risk is a passive way of dealing with it. You do nothing and just hope that the risk never occurs. This approach is suitable only for risks with low impact or probability that may be acceptable to you. It is definitely not a recommended approach for high-impact risks.
  • Accepting the risk means doing nothing and hoping it doesn't happen.
  • You might also accept the risk if the potential measures would be difficult to implement or disproportionately expensive.

2. Reduce Risk by Taking Measures

  • Implement technical or organizational measures to reduce the risk to an acceptable level. The measures should be proportionate to the risk and not more costly than the potential consequences.
  • Examples of risk reduction include providing medical care for employees, installing fire extinguishers, using personal protective equipment (PPE), setting up burglar alarms etc.

3. Completely Avoid the Risk

  • This is a radical approach to risk management. Risk avoidance means you eliminate the activity or asset that causes the risk. In other words, you remove the source of the risk entirely.
  • Examples of risk avoidance include canceling a planned project, taking obsolete equipment out of service, or replacing a hazardous material or chemical with a safer alternative.

4. Transfer the Risk to Someone Else

  • Transferring risk involves shifting it to a third party who can more easily manage the specific risk or bear its consequences. This can be done through insurance contracts or by outsourcing activities. In this case, the measure involves introducing insurance or outsourcing.
  • Examples of risk transfer include insurance, hedging, and outsourcing.

How to Enter a Risk Treatment in the Risk Register in Aptien GRC

  1. Open the risk register.
  2. Select a specific priority risk from the list.
  3. Open the Details tab.
  4. Select the Risk Treatment field.
  5. Enter your approach to managing the risk.
how to enter risk treatment
Recommended to know
Where to go next