Risk Management

Read this page and watch the video to learn more about the purpose of risk management and the four stages of the risk management process. Before you move on, make sure you have a good understanding of the formulas, and that you are able to use the formulas on this page to calculate single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).

Instruction

Methods for Managing Risk

Risks should be ranked based on financial or operational impact and likelihood of occurrence. The results of this assessment will align risk events in one of four risk response categories:

  • Mitigate risk – activities with a high likelihood of occurring, but financial impact is small. The best response is to use management control systems to reduce the risk of potential loss.

  • Avoid risk – activities with a high likelihood of loss and large financial impact. The best response is to avoid the activity.

  • Transfer risk – activities with low probability of occurring, but with a large financial impact. The best response is to transfer a portion or all of the risk to a third party by purchasing insurance, hedging, outsourcing, or entering into partnerships.

  • Accept risk – if cost – benefit analysis determines the cost to mitigate risk is higher than the cost to bear the risk, the best response is to accept and continually monitor the risk.

Figure 7 – Methods for managing risk