TAGS: Priority for treatment; Response actions; Risk mitigation; Risk reduction.

The purpose of addressing (treating) risks is to turn uncertainty to the organization’s benefit, by constraining threats and taking advantage of opportunities.

After assigning priority to risks, risk treatment should be identified both for corporate and operational risks, as well as linked to business planning processes. The challenge is to determine a portfolio of suitable responses that form a consistent and integrated strategy, so that the remaining risk falls within the acceptable level of exposure. It is worth noting that there is no right response to risk. The response chosen depends on issues such as the organization’s ‘risk appetite’[1] (see Section 1, Ch. 1), the impact and likelihood of risk, and costs and benefits of the mitigation plans.

Risk treatment should comply with legal requirements, as well as government and organizational policies. Therefore, decisions concerning whether risk treatment is required may be based on operational, technical, financial, legal, social, environmental or other criteria. Such criteria should reflect the organization’s context, and depend on its internal policies, goals and objectives, as well as its stakeholders’ needs. In this respect, a team approach is useful to help define the context properly and for well-targeted change management during risk treatment.

   

[1]Before responses are developed for each risk identified, it is necessary to determine the organization’s attitude to risk or ‘risk appetite’, influenced by the size and type of organization, its culture and its capacity to withstand the impacts of adverse occurrences.


  • No labels