Risk Control Level Selection
Target risk
For a given risk, you can define the level of risk acceptable for the organization.
The target risk presents the residual risk value expected by the risk manager after treatment of the risk.
If this risk level is higher than or equal to the previously assessed risk, the organization can accept the risk as it stands.
For each risk identified, a level of risk acceptable to the organization must be defined.
If the risk cannot be accepted as it stands, various solutions for facing the risk can be proposed.
• Acceptance
The risk is accepted and no action is taken to try to reduce the risk.
• Reduction
Risk likelihood can be reduced by installing additional controls, or the severity of its consequences can be reduced if the risk occurs.
• Transfer (sub-contractor)
The risk can also be shared with other partners, in particular when they have greater skills in controlling the risk. For example, you can sub-contract a dangerous activity to a partner specialized in the particular field. In such cases, it should be noted that it is often necessary to carry out a new risk study, since the introduction of a new partner can bring additional risks.
• Insurance
To supplement all the above approaches, it is often necessary to resort to insurance, in particular for risks of low likelihood but with high severity. In such cases, the insurer will generally request that risk prevention and reduction measures also be implemented.
We analyze the different possible scenarios, weighing up their positive and negative aspects, so as to select a scenario compatible with the desired risk control level.
Depending on the solution adopted, the effect of the different solutions in terms of likelihood and impact should be considered, as well as costs and benefits.
The choice should be the solution that reduces residual risk to within the tolerance limit required by management.
A Detailed description field allows you to specify the risk treatment method.