Enterprise Risk Management
The purpose of risk response is to determine how to modify or manage the risk or opportunity. Risk response is a cyclical process of assessing the response, determining whether residual risk levels (after response) are acceptable, developing a new response if necessary, and assessing the response again. There are several standard options for risk response, but they are not mutually exclusive; they can be used in combination. A decision can be to not respond to the risk or opportunity other than maintaining existing management or control activities.
Risk response typically includes one or more of the following actions:
- Avoiding the risk (e.g., by changing or ceasing certain behaviors, activities, or programs)
- Mitigating the impact or likelihood of the risk through methods such as implementation of pre-loss planning, allocation of additional resources, changes to policy or procedure, education and training, operational controls or changes, organizational changes, monitoring, executive controls, or audit controls
- Transferring the risk to an outside entity or mitigating through contractual transfer
- Accepting the risk – no action is taken to affect the likelihood of the risk occurring or the impact of the risk because the results of a negative outcome are acceptable within existing operating parameters and the institution’s risk tolerance
- Financially funding the risk through commercial insurance, captive insurance, self-funded reserves, or budget contingencies.
Opportunity response typically involves one or more of the following actions:
- Enhancing the opportunity by seeking to increase the probability and/or the impact of the opportunity in order to maximize the benefit to the project.
- Exploiting the opportunity by seeking to make the opportunity definitely happen (i.e. increase probability to 100%). Aggressive measures are taken which seek to ensure that the benefits from this opportunity are realized by the project.
- Ignoring the opportunity by taking no active measures to deal with the opportunity; adopting a reactive approach without taking explicit actions.
- Sharing or transferring the opportunity by seeking a partner able to manage the opportunity that can maximize the chance of it happening and/or increase the potential benefits. This will involve sharing any upside in the same way as transfer involves passing penalties.
Last modified June 20 2012 12:52 PM