2.7 Risk management actions

A risk portfolio provides a good platform for planning risk management actions, defining responsibilities and monitoring.

A risk portfolio supports the risk management process

A risk portfolio supports the risk management process. A risk portfolio may, for example, remind the responsible persons of the necessary risk management measures and their schedule. A risk portfolio may guide the review of risks – if the risk has a separate recorder and owner, the changes made by the recorder may be indicated to the owner for approval. In this case, the risk portfolio remains constantly up to date. In the same way, for example, exceeding the risk tolerance may lead to a notification or the need for approval by higher authorities. A cyclical risk assessment round may also be started in the risk portfolio, whereby each risk is checked and approved again before reporting.

Procedure categories

Once an organization has identified and assessed its risks, it usually considers different strategies to deal with those risks. Categorizing measures may help to expand the understanding of possible management methods, but, sometimes, it is desired to choose it per risk in the risk portfolio. Its perspectives are as follows:

Elimination – Stopping the activity or practice that causes the risk. For example, if a product has too many defects and causes legal problems, the company may decide to stop producing it.

Mitigation – Actions are taken to reduce the possibility or impact of a risk. Examples could be safety protocols, quality checks, training programs or other preventive measures. Increasing resources can also be considered.

Transferring or Sharing – Transferring or sharing the risk with another party. Insurance is a common way to transfer financial risk. Organizations may also use contracts to transfer certain types of risk, such as disclaimers.

Acceptance Sometimes the best option is to accept the risk. This is especially true for risks that are unlikely or would have a minimal impact on the business. Companies usually retain risks when the cost of insuring the risk or implementing other risk management strategies exceeds the potential loss from the risk.

Exploitation – This is less common, but it is where the organization views certain risks as opportunities. If it was possible for a risk to be an opportunity under the right circumstances, organizations might plan to exploit it financially.

Management actions in the portfolio

The portfolio’s risk management plan consists of a combination of the strategies described above, which is tailored according to the organization’s specific risks and willingness to take risks.

The task of the risk owners is to ensure and monitor that the planned measures are implemented.

It is also very important to communicate and integrate risk management strategies at all levels of the organization so that management is consistent and effective.