Mitigating Risks
To specify risk-mitigating choices:
1. In the HOPEX IRM desktop, select Registers > Risks > All Risks.
2. In the properties of a risk, select the Mitigation page.
3. Define your risk management strategy and implement preventive, detective and corrective controls.
Risk Mitigation Strategies
There are various possible solutions to face risks.
• Acceptance
This is the strategy of risk management that consists of accepting the risk having considered its consequences. As long as no desire to remediate the risk is expressed, this strategy will not protect the organization against the risk.
• Reduction
Risk frequency can be reduced by installing additional controls, or the impact of its consequences can be reduced if the risk occurs.
• Transfer (sub-contractor)
The risk can also be shared with other partners, in particular when they have greater skills in controlling the risk.
• Insurance
Complementing all previous approaches, it is often necessary to seek assurance, in particular for risks of low frequency but with high impact.
The different scenarios possible are analyzed to weigh up their positive and negative aspects, with a view to selecting a scenario compatible with the risk control level in question.
Specifying Risk Appetite
To specify the level of risk accepted by the organization:
1. In the risk properties, select the Mitigation page.
2. Specify the Risk Appetite.
Implementing Controls
To define controls on the risk:
1. In the risk properties, select the Mitigation page.
2. In the Controls section, define corrective or preventive controls.
The control nature (corrective or preventive) is to specified in the control properties.• Implementation of prevention controls to reduce risk frequency and impact can be a solution for risk reduction.
• Implementing corrective controls enables to bring risk level to an acceptable level.