Mitigating Risks
To define the risk-mitigation strategy:
1. In the navigation bar, select Risks.
2. In the properties of a risk, select the Mitigation page.
3. Specify:
• your risk-mitigation Strategy.
• preventive, detective and corrective Controls.
Specifying the Risk-Mitigation Strategy
To define the risk-mitigation strategy:
In the Strategy section of the Mitigation page of risk properties, define the strategy that enable to face the risk:• Acceptance
This is the strategy of risk management that consists of accepting the risk having considered its consequences. As long as no desire to remediate the risk is expressed, this strategy will not protect the organization against the risk.
• Reduction
Risk frequency can be reduced by installing additional controls, or the impact of its consequences can be reduced if the risk occurs.
• Transfer (sub-contractor)
The risk can also be shared with other partners, in particular when they have greater skills in controlling the risk.
• Insurance
Complementing all previous approaches, it is often necessary to seek assurance, in particular for risks of low frequency but with high impact.
The different scenarios possible are analyzed to weigh up their positive and negative aspects, with a view to selecting a scenario compatible with the risk control level in question.
Specifying Risk Appetite
To specify the level of risk accepted by the organization:
In the Strategy section of the risk Mitigation page, define the strategy that enables to face the risk.
Implementing Controls
To define controls on the risk:
1. In the risk properties, select the Mitigation page.
2. In the Controls section, define corrective or preventive controls.
The control nature (corrective or preventive) is to specified in the control properties.• Implementation of prevention controls to reduce risk frequency and impact can be a solution for risk reduction.
• Implementing corrective controls enables to bring risk level to an acceptable level.