Part 2: Risk Mitigation and Risk Monitoring
Updated: Jan 15
In the last blog post before Christmas I introduced Risk Identification and Risk Assessment. This post will be covering the final two of the four stages; Risk Mitigation and Risk Monitoring.
As a recap, Risk Identification defines what the risk is, while Risk Assessment quantifies how the risk will affect you (often negatively) meeting your goals. Risk Mitigation is the efforts that are taken to address the Risk Identified and Risk Monitoring is a reporting and review process put in place to ensure the system continues to work.
Risk Mitgation is usually based on actions taken to address the risks identified and assessed. These actions maybe for example to change a process, or to introduce additional controls, or add resources or automation, and in some cases insure against the risk. There are generally speaking four types of risk mitigation strategies; avoidance, acceptance, transference and limitation.
Risk Monitoring is where the special controls and indicators are established to review the risk management process and risks identified to avoid any unexpected incidents or losses. These "key risk indicators" or risk reports will allow management to monitor the overall effectiveness of the risk process and ensure it becomes part of the organisation's culture.
In the next blog we will look why the Enterprise Risk Management (ERM) process is very effective method to reviewing a firm's risks framework.
If you would like to learn more about Risk Management please feel free to contact me for a meeting.