Risk Mitigation

What is Risk Mitigation?

The process by which an organization introduces specific measures to minimize or eliminate unacceptable risks associated with its operations. Risk mitigation measures can be directed towards reducing the severity of risk consequences, the probability of the risk materializing, or reducing the organization's exposure to the risk.^[1]

Types of Risk Mitigation^[2]

Four types of risk mitigation strategies hold unique to Business Continuity and Disaster Recovery. It’s important to develop a strategy that closely relates to and matches your company’s profile.

• Risk Acceptance: Risk acceptance does not reduce effects but is still considered a strategy. This strategy is a common option when the cost of other risk management options such as avoidance or limitation, may outweigh the cost of the risk itself. A company that doesn’t want to spend a lot of money on avoiding risks that do not have a high possibility of occurring will use the risk acceptance strategy.
• Risk Avoidance: Risk avoidance is the opposite of risk acceptance. It is the action that avoids any exposure to the risk whatsoever. It’s important to note that risk avoidance is usually the most expensive of all risk mitigation options.
• Risk Limitation: Risk limitation is the most common risk management strategy businesses use. This strategy limits a company’s exposure by taking some action. It is a strategy employing a bit of risk acceptance along with a bit of risk avoidance or an average of both. An example of risk limitation would be a company accepting that a disk drive may fail and avoiding a long period of failure by having backups.
• Risk Transference: Risk transference involves handing risk off to a willing third party. For example, numerous companies outsource operations such as customer service, payroll services, etc. This can be beneficial for a company if a transferred risk is not a core competency of that company. It can also be used so a company can focus more on its core competencies.

Risk Mitigation Planning^[3]

Risk mitigation action plans should be incorporated in the project execution plan, or risk analyses are just so much wallpaper. Risk mitigation plans should:

• Characterize the root causes of risks that have been identified and quantified in earlier phases of the risk management process.
• Evaluate risk interactions and common causes.
• Identify alternative mitigation strategies, methods, and tools for each major risk.
• Assess and prioritize mitigation alternatives.
• Select and commit the resources required for specific risk mitigation alternatives.
• Communicate planning results to all project participants for implementation.

Although risk mitigation plans may be developed in detail and executed by contractors, the owner’s program and project management should develop standards for a consistent risk mitigation planning process. Owners should have independent, unbiased outside experts review the project’s risk mitigation plans before final approval. This should be done prior to completing the project design or allocating funds for construction. Risk mitigation planning should continue beyond the end of the project by capturing data and lessons learned that can benefit future projects.

Risk Mitigation Strategies

Several risk mitigation strategies can be used to assess risks, as demonstrated in the image below.

source: Workiva

• Accept: Make a deliberate decision to accept the risk and not develop further plans to control it.
• Monitor: Review the risk universe for any changes that may influence the impact of the risk.
• Avoid: Change the risk processes and requirements to eliminate or reduce the risk.
• Control: Develop further risk mitigation plans to minimize the impact and/or likelihood of the risk.
• Transfer: Reassign responsibility for the risk to another department or organizational stakeholder for acceptance.

Risk Mitigation Approach^[4]

Risk mitigation strategies must match the degree of control within the enterprise. Where the enterprise has significant control, the strategy should call for prevention measures; where there is limited control, mitigation, and resiliency are the keys to reducing risk.

source: JAS Global Advisors

See Also

• Risk Management
• Risk Assessment

References

Further Reading

• Risk Mitigation Planning, Implementation, and Progress Monitoring
• 7 Ways To Mitigate Risk on Projects
• Risk Mitigation And Management Scheme Based On Risk Priority
• Risk Mitigation, Monitoring, and Management Plan