Risk treatment involves working through options to treat unacceptable risks to your business. Unacceptable risks range in severity; some require immediate treatment, others can be monitored and treated later.
Before you decide which risks to treat, you need to gather information about the:
- method of treatment
- people responsible for treatment
- costs involved
- benefits of treatment
- likelihood of success
- ways to measure and assess treatments.
Once you decide how to treat identified risks you will need to develop, and regularly review, your risk management plan.
The following are different options for treating risk.
Avoid the risk
You may decide not to proceed with the activity likely to generate the risk, where practical. Alternatively, you may think of another way to reach the same outcome.
Reduce the risk
You can control a risk by:
- reducing the likelihood of the risk occurring - for example, through quality control processes, managing debtors, auditing, compliance with legislation, staff training, regular maintenance or a change in procedures
- reducing the impact if the risk occurs - for example, through emergency procedures, off-site data backup, minimising exposure to sources of risk or public relations.
Transfer the risk
You may be able to shift some or all of the responsibility for the risk to another party through insurance, outsourcing, joint ventures or partnerships.
Accept the risk
You may accept a risk if it cannot be avoided, reduced or transferred. However, you will need to have plans for managing and funding the consequences of the risk if it occurs.
- Find out how you can use the PPRR risk management model to treat business risk.
- Consider purchasing Risk management - guidelines (Standards Australia AS ISO 31000:2018).
- Find out more about information technology risk management.
- Read about how to manage risk in supply chains.