Risk Management Strategies

(OBJ 5.2)

Four primary risk management strategies

• Risk Transference

  • Shifts risk to another party
  • Common methods
    • Insurance
      • By far the most common method of Risk Transference
    • Contract indemnity clauses
      • A contractual agreement where one party agrees to cover the other’s harm, liability, or loss stemming from the contract
  • Doesn’t remove the risk
    • Shifts the responsibility for handling the risk’s financial consequences

• Risk Acceptance

  • Acknowledge and deciding to deal with risk if it occurs
  • Used when cost of managing the risk outweighs potential loss or risk is unlikely to have a significant impact
  • No actions to mitigate the risk are taken
  • Methods
    • Exemption (excludes party from a rule)
      • Provision that grants an exception from a specific rule or requirement
      • The organization doesn’t have to obey a specific rule or requirement
      • There is no risk of not complying with the rule or requirement
        • "Free from the administrative burden of compliance"
      • There may be a benefit or mitigation offered by the rule or requirement which exempted organizations won’t receive because they are exempt
    • Exception (allows party to avoid rule under specific conditions)
      • Provision that permits a party to bypass a rule or requirement in certain situations
      • Example:
        • There might be exceptions that allow businesses to process personal data without consent under specific circumstances
        • This means that these businesses accept general risk of non-compliance with data protection regulations, but they can avoid the risk under specific conditions
  • In both Exemption and Exception, the organization assumes risk either by operating without the safeguards or mitigations offered by a rule (exemption), or by operating in a way that lets them evade the risk (exception).

• Risk Avoidance

  • Change plans or strategies to completely eliminate a specific risk
  • Chosen when the risk is too great to accept or transfer
  • Example:
    • A company may avoid a lawsuit by deciding not to launch a product that could potentially infringe on another company's patent.

• Risk Mitigation

  • Take steps to reduce likelihood or impact of risk
  • The most common risk management strategy
  • Common strategy involving various actions
    • Implementing controls, safety measures or other actions that help
  • Example:
    • A manufacturing company might mitigate the risk of workplace accidents by implementing rigorous safety training for all employees.
    • A tech company might mitigate the risk of data breaches by investing in robust cybersecurity measures.