
Available under Creative Commons-ShareAlike 4.0 International License.
Treatment of risks must be determined after a first evaluation and comparison of the risk profile and the risk appetite of the organization. The actions arising from this decision-making stage can be classified according to the following scheme:
- terminate: remove, dispose or outsource, where possible, the factors that can cause the risk. It can take the organization to refuse opportunities if the value at risk is higher than the risk appetite;
- treat: develop measures of mitigation in order to intervene on the values of significance of the risk, reducing the probability of occurrence (prevention), the potential impacts of the effects (protection) or determining actions of restoring (recovery) after damages are occurred. Passing from prevention to protection and recovery, the capability of controlling risks tends to decrease, while increasing the exposure of the organization;
- tolerate: accept the risk profile as compatible with the risk appetite, in relation to the resource involved;
- transfer: transfer the impacts to third parties through, for example, insurances or risk sharing actions. Possible uncertain effects are converted in certain payments;
- neutralize: balance two or more risk, for example increasing the number of unit exposed, so that they can cancel each other;
- take the opportunity: when developing actions of treatment, opportunities of positive impacts can be identified and explored.
- 1311 reads