Dorian 2011 (†489)Dorian, Lisa. "Risk Management: Understanding Risk Mitigation." Industry Insights: A Newsletter for the CA Industry (Chartered Accountants of British Columbia, 11 February 2011).
- acceptable risk : Without risk there is no reward. If the risk is low enough, then accept it as a cost of doing business–acknowledging that little to no action is being taken to mitigate that risk. An entity could establish a contingency fund or build a contingency plan to minimize any loss not previously anticipated from these risks. (†745)
- risk mitigation : Risk management is all about understanding risks that can impact your organizational objectives, and implementing strategies to mitigate and manage those risks. . . . When mitigating or managing risks, here are three steps to consider: · What is the organization's appetite and tolerance for risk? Set the level of risk the board and management is willing to take. · Prioritize, or rank, each risk for significance and likelihood. By ranking risk, management is better able to determine the strategy that will be most effective. · Determine appropriate risk mitigation strategies. The four most common mitigation strategies are avoidance, acceptance, transference, and control. (†743)
- risk mitigation : Risk mitigation strategies ¶ Avoidance Some risks aren't worth taking in the first place. Is the risk a result of activities within the core business or outside of it? If outside, and the level of risk is deemed relatively high, then consideration should be given to ceasing or avoiding to undertake those activities. If the activities are part of the core business, then consider if there is another way of doing things that will avoid or minimize the risk or loss. ¶ Acceptance Without risk there is no reward. If the risk is low enough, then accept it as a cost of doing business–acknowledging that little to no action is being taken to mitigate that risk. An entity could establish a contingency fund or build a contingency plan to minimize any loss not previously anticipated from these risks. ¶ Transference Risk transference is the process of transferring any losses incurred to a third party, such as through the use of insurance policies. Another method of transferring risk is to outsource activities to a third party. If there are activities that are not core to the business, then it might make more sense to transfer these activities to a third party to whose core business they do belong, especially if internal resources are limited. Many back-office functions, such as payroll and purchasing, are outsourced to service providers that specialize in these areas. ¶ Control A control is a procedure used to either prevent a risk from occurring or detect a risk after it has occurred. If the risk is worth taking and is part of an organization's core operating activities, then controls can be used to mitigate and manage the risk. (†744)