4. ๏
There are four types of risk control.
1) Accept Risk
2) Mitigate Risk
3) Eliminate Risk
4) Transfer Risk
Types of risk control
5. ๏
The stakeholders who are responsible for a risk
can choose to accept a risk. For example, the
risk that a project may fail may be accepted if
the project is of planned importance.
Risk management may include an approval
process for risk acceptance.
Accept Risk
6. ๏
Actions are taken to reduce risk to an
acceptable level. For example, the
organization assigns a top performing
project management team to a project to
reduce the risk that it will fail.
Mitigate Risk
7. ๏
When you mitigate risks it's important to
consider secondary risks. Secondary risks are
the risks that are caused by your risk mitigation
efforts.
If you reduce a security risk by applying an
update to software there's a risk that the update
itself contains security vulnerabilities. In some
cases, mitigation activities are higher risk than
the risk they reduce.
Secondary Risk
8. ๏
A risk may be reduced to zero. Normally
the only way to achieve this is to stop the
activity that generates the risk. For
example, selling a risky investment will
eliminate the risks associated with that
investment.
Eliminate Risk
9. ๏
A risk may be transferred to another
organization or individual. For
example, fire insurance transfers the
risk of asset damage due to fire.
Transfer Risk