1 Risk treatment overview
All risk treatment should be related to risk appetite (discussed in Session 2). Risk treatment is the term applied to ‘doing something’ about a risk, essentially the phase of risk management that delivers value to the organisation. Without effective risk treatment, risk management has little benefit. Risk treatment is mainly about seemingly obvious business activities: identifying options, evaluating them (will they reduce the risks and are they value for money?), selecting the best option and then making sure it is implemented.
At all levels, the organisation, through its risk management processes, must decide whether there is a business case for treating certain risks, based on a number of factors:
- What level of risk are you prepared to accept (risk appetite)?
- Is the current level of risk lower than the appetite?
- What measures can be taken?
- Are these measures affordable?
- Can the risk be accepted without further action?