Risk: Mitigation Strategies And Decision Making
There exist several mitigation strategies that help managers in understanding risks and their impact on the business and on the organizational objectives. These treatment strategies are mainly branched into four common categories; risk avoidance or elimination, risk transference or share, risk mitigation, and risk acceptance. The choice of which of these methods to implement depends on the kind of the adopted decision-making model and on certain weighted, influential, organizational factors that should be taken into consideration in prioritizing, evaluating, and resolving risks. Since elimination of risk is unrealizable or almost impossible (Cervone 2006), managers should utilize the least cost methodology and the most appropriate control to lessen risks to a level corresponding to minimal impact. Besides, priority should be given to mitigating severe or high-impact risks since it would be impractical to address all recognized risks (Stoneburner, Goguen et al. 2002).
A risk manager should take into consideration several vital decision making tools to safely conduct an exhaustive risk analysis. An important tool might be the Decision Tree Analysis (DTA), which helps in identifying alternative risk mitigation responses. By calculating the weighted average of the expected payoff (the expected monetary value), while considering several factors (to be discussed later in the text) for each response, the DTA technique would help in choosing the most optimal and objective risk decision option (Prasanta Kumar 2001). Each alternative response generated by DTA would be categorized into one or more of the treatment strategies mentioned above. This categorization could possibly be based on a matrix-based scheme that includes the dimensions of probability and impact (Cervone 2006). A third possible dimension might be a discrimination factor that measures the impact of risk on the overall project or organizational strategy (Cervone 2006).
A common risk mitigation strategy is to identify the costs and benefits of implementing the various treatment options for a given risk. However, consideration for the compatibility, acceptance, and efficacy of these options, and the physical and human resource requirements for executing them is also crucial (Stoneburner, Goguen et al. 2002). Besides, Queensland Treasury’s Risk Management guide (2011) stresses on the internal and external environment, the risk appetite of the organization and the stakeholders, and the legal requirements as decisive factors in the risk treatment implementation. It also considers other important factors like the environmental, social, or political costs, stakeholders’ perceptions and involvement, the integration of treatment with the organization’s strategy and business, and finally the careful handling of secondary risks as a result of implementing the treatment controls. It would also be necessary to consider the time to implement the resolution activity versus the urgency of dealing with the risk (Dorian 2012). However, risk managers should be aware of the fact that time pressures can lead to misunderstanding of risks especially when they show overconfidence of quantitative data, which would consequently lead to deviation from organizational goals and an insensitivity to uncertainty (2005). All of these aforementioned controls would need to be rated through certain techniques and given specific weights that would aid in prioritizing risks. These ratings are highly dependent on the organizational behavior and culture and on its receptivity or adversity in absorbing risks (Jun Ying and Sui Pheng 2009).