Risk control: The Four T’s Process

Michael Herrera

Determine your risk control strategy with our easy-to-follow “4 T’s Process.”

Risk control is the process by which an organization reduces the likelihood of a risk event occurring or mitigates the effects that risk should it occur. Our preferred way to determine your risk control strategy is to use the four T’s Process:

Transferring Risk

Transferring Risk can be achieved through the use of various forms of insurance, or the payment to third parties who are prepared to take the risk on behalf of the organization

Tolerating Risk

Tolerating Risk is where no action is taken to mitigate or reduce a risk. This may be because the cost of instituting risk reduction or mitigation activity is not cost-effective or the risks of impact are at so low that they are deemed acceptable to the business.  Even when these risks are tolerated they should be monitored because future changes may make it no longer tolerable.

Treating Risk

Treating Risk is a method of controlling risk through actions that reduce the likelihood of the risk occurring or minimize its impact prior to its occurrence.  Also, there are contingent measures that can be developed to reduce the impact of an event once it has occurred.

Terminating Risk

Terminating Risk is the simplest and most often ignored method of dealing with risk. It is the approach that should be most favored where possible and simply involves risk elimination. This can be done by altering an inherently risky process or practice to remove the risk. The same can be used when reviewing practices and processes in all areas of the business.

If an item presents a risk and can be changed or removed without it materially affecting the business, then removing the risk should be the first option considered; rather than attempting the treat, tolerate or transfer it.

After years of professional risk control planning, we’ve come across it all and have still maintained these tried and true risk mitigation strategies. Once you’ve reviewed each control option for each risk, you should have a complete risk mitigation strategy. Need additional help? Look into our post on the four risk mitigation strategies.

Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.