Risk control: The Four T’s Process

Determine your risk control strategy with our easy-to-follow “4 T’s Process.”
Risk control is the process by which an organization reduces the likelihood of a risk event occurring or mitigates the effects that risk should it occur. Our preferred way to determine your risk control strategy is to use the four T’s Process:
Transferring Risk
Transferring Risk can be achieved through the use of various forms of insurance, or the payment to third parties who are prepared to take the risk on behalf of the organization
Tolerating Risk
Tolerating Risk is where no action is taken to mitigate or reduce a risk. This may be because the cost of instituting risk reduction or mitigation activity is not cost-effective or the risks of impact are at so low that they are deemed acceptable to the business.
Even when these risks are tolerated they should be monitored because future changes may make it no longer tolerable.
Treating Risk
Treating Risk is a method of controlling risk through actions that reduce the likelihood of the risk occurring or minimize its impact prior to its occurrence. Also, there are contingent measures that can be developed to reduce the impact of an event once it has occurred.
Terminating Risk
Terminating Risk is the simplest and most often ignored method of dealing with risk. It is the approach that should be most favored where possible and simply involves risk elimination. This can be done by altering an inherently risky process or practice to remove the risk. The same can be used when reviewing practices and processes in all areas of the business.
If an item presents a risk and can be changed or removed without it materially affecting the business, then removing the risk should be the first option considered; rather than attempting the treat, tolerate or transfer it.
After years of professional risk control planning, we’ve come across it all and have still maintained these tried and true risk mitigation strategies. Once you’ve reviewed each control option for each risk, you should have a complete risk mitigation strategy.
Need additional help? Look into our post on the four risk mitigation strategies.