Risk Management is the process of continuously identifying, analyzing, evaluating, and mitigating organizational risks.
Organizations face risks when uncertainty exits around strategy, profits, compliance, environment, health and safety. These risks can impact an organization’s bottom line and its reputation among customers, partners and investors. There are a number of risks, both internal and external, that can impact all parts of an organizational-wide impact, such as:
Risk Mitigation is the process of prioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures identified during the Risk Management process. These are the four strategies for mitigating risk:
Risk Avoidance is the process of reducing the probability of risk. It is a strategy that completely circumvents the likelihood of the risk occurring by the organization’s refusal to accept it. This is usually done by refusing to engage in activities that have been identified to present the possible risk
Risk Reduction (Limitation) is the most common risk management strategy used by businesses. This strategy limits a company’s exposure to risk by taking some action. It is a strategy employing a measure of risk acceptance, risk avoidance or a some combination of both.
Risk Transfer is a strategy in which risk is transferred to a third party. In other words, one party assumes the liabilities (risks) of another party.
Risk Acceptance does not reduce the risk’s effect, but it is a valid option in risk management. This option is commonly chosen when the cost of other risk mitigation strategies, such as avoidance or limitation, outweighs the cost of the risk itself.