Risk Identification and Mitigation:
- Significant risks to the operations identified and action taken to minimize their consequences
- No process is 100% effective
- Best practices: Manage risk through a systematic approach that minimizes the possibility that risk will go undetected
- Defines the problems or opportunities, and associated risk issues
- Decide on the people, expertise, tools and techniques
- Perform stakeholder analysis (determining risk tolerances, positions and attitudes)
Practical Strategies
- Assume the risk (decide that the risk is minor and do nothing)
- Reduce the risk (change people’s behaviour or the environment where they work so that risk is reduced)
- Pre-loss activity example: preparation, before a loss occurs, of contingency plans to expedite recovery from the loss
- Eliminate the risk (choose not to do something)
- Avoidance: remove the risk-producing activity entirely or never begin it
- Transfer the risk (accept the risk but transfer its liability to someone)
- Give the consequences for performing risky activities to another party
Control: Post-loss, control keeps the resulting damages to a minimum and controls the contingent consequences.
Examples:
- Effective administration of third party claims
- Use of previously established contingency plans to reinstate disrupted services
Contractual risk transfer: Assigns the risk of a specific activity or project to another party through a contract
Example:
- Assign responsibility to a contractor or vendor for the risks of loss arising from its provision of goods or services (Insurance is a form of risk transfer)
