5 Mitigation through controls

Unlike actions, controls are a repeatable activity that, when designed and working correctly, maintain the level of the risk at its current level. However, when a control is not designed or operated correctly the level of risk will increase.

Controls and actions are therefore used in tandem: actions are used to reduce the risk level and controls are used to keep the risk at the new, lower level. Many risks never go away so the only way to keep the risk level within appetite is by using controls.

Not all controls are equal: they have different ‘strengths’ and operate on different parts of the risk. Some controls prevent the root causes from happening, whereas others reduce the consequence(s) once the event has occurred.

OpenLearn - Risk management
ou logoCreative Commons non-commercial share alike icon Except for third party materials and otherwise, this content is made available under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Licence, full copyright detail can be found in the acknowledgements section. Please see full copyright statement for details.