Control Level Selection of a Risk
For each risk identified, a level of risk acceptable to the organization must be defined.
If the risk cannot be accepted as it stands, various solutions for facing the risk can be proposed.
• Acceptance
The risk is accepted and no action is taken to try to reduce the risk.
• Reduction
Risk likelihood can be reduced by installing additional controls, or the severity of its consequences can be reduced if the risk occurs.
• Transfer (sub-contractor)
The risk can also be shared with other partners, in particular when they have greater skills in controlling the risk. For example, you can sub-contract a dangerous activity to a partner specialized in the particular field. In such cases, it should be noted that it is often necessary to carry out a new risk study, since the introduction of a new partner can bring additional risks.
• Insurance
To supplement all the above approaches, it is often necessary to resort to insurance, in particular for risks of low likelihood but with high severity. In such cases, the insurer will generally request that risk prevention and reduction measures also be implemented.
We analyze the different possible scenarios, weighing up their positive and negative aspects, so as to select a scenario compatible with the desired risk control level.
Depending on the solution adopted, the effect of the different solutions in terms of likelihood and impact should be considered, as well as costs and benefits.
The choice should be the solution that reduces residual risk to within the tolerance limit required by management.
A comment allows you to specify the risk treatment method.
