top » risk » risk treatment » risk mitigation
30 Types of Risk Mitigation
John Spacey, January 12, 2016 updated on March 20, 2021
Risk mitigation is the practice of reducing identified risks. It is one of four types of risk treatment with the others being risk avoidance, transfer and acceptance. Techniques to mitigate risk are largely dependent on the type of risk that you want to reduce. The following are general types of mitigation technique, each with an example.
AuditsRegular audits may identify problems such as accounting errors or security vulnerabilities before they become larger problems. Audits can be used both as a process of risk identification and mitigation. For example, accounting audits are a way to reduce the risk of financial fraud.
BackupsBacking up business information in multiple secure physical locations.
Business As UsualContinuing with normal operations in the face of extraordinary events.
CommunicationCommunicating a risk may serve to reduce it. For example, if a bank has identified a particular type of fraud as a risk, communicating it to front line managers may help to prevent it.
Contingency PlansPlanning for critical situations such as natural disasters or security incidents can reduce the impact of such events should they occur.
DiversificationThe process of allocating your capital and resources in diverse areas to reduce risk and volatility. For example, a company that sells 100 products in 12 different categories will typically have more stable revenue than a company with a single product.
Due DiligenceDue diligence is the process of investigation before committing to something such as a contract or strategy. Basic due diligence such as checking the financial, environmental, corporate social responsibility and management practices of a potential partner is a basic step in risk reduction that is often considered a legal obligation.
EquipmentEquipment designed to mitigate risks such as safety gear for construction.
ErgonomicsErgonomics is the design of products to suit human cognitive and physical characteristics. It is considered a tool of risk mitigation such as preventing the risk of repetitive strain injuries with well designed furniture and equipment.
Error HandlingDesigning systems so that errors are handled in such a way that processes, automation and user interfaces remain functional. Historically, systems were often designed to immediately halt upon finding any type of error. This is an unacceptable business risk in many scenarios. Well designed modern systems are designed to work around errors as far as possible.
Error Tolerant DesignUser interfaces that prevent human error from having serious consequences. For example, a car may be designed not to let you put it into reverse when you're moving forward.
FacilitiesIn some cases entire facilities are built to mitigate risks. For example, a data center may be built to reduce security related risks.
Graceful DegradationMachines and systems that are designed to keep working with limited functionality when they are damaged or lose resources such as an internet connection. Important to the safety of equipment such as aircraft.
InfrastructureInfrastructure such as computing, network and communication equipment may be used to reduce business risks. For example, equipment that is designed to handle security threats such as denial of service attacks.
MaintenanceMaintenance such as applying patches to software.
Measure And ReduceThe first step in risk mitigation is typically to find a way to measure a risk. Once a framework for measuring risks is in place, business strategies and day to day operations can work to reduce risk. For example, measurements of financial risk such as value at risk can be used to make investment choices that reduce risk.
Mistake ProofingDesigning systems, equipment, processes and procedures to reduce risks associated with human error. For example, aircraft maintenance tools may be kept in special cases that make it obvious if a tool is missing. Each maintenance typically involves a check to see that all tools are accounted for to prevent a forgotten tool from damaging an engine on takeoff.
Performance ManagementSetting risk reduction goals as part of performance management.
PoliciesPolicies designed to reduce risk such as safety procedures at a construction site.
Process ControlControls built into processes such as approvals designed to reduce financial risks.
Process ImprovementProcess improvements such as automating steps to reduce errors.
RedundancyRedundancy is the practice of eliminating single points of failure by having two or more of each critical resource. For example, a company with 2,000 employees who all work out of a single location might consider having at least two geographically distributed offices to mitigate risks such as an infrastructure failure or a disaster that strikes a location.
Scalability And CapacityBuilding enough capacity and ensuring that you can scale to meet business volumes. For example, hiring enough customer service representatives so that you have ample capacity when an unexpected number of staff call in sick.
StandardsEstablishing standards to guide business practices, decision making and design. For example, a technical security standard can reduce security risks if applied to all technology projects.
Subject Matter ExpertA subject matter expert is an authority in a particular business, technical or scientific domain. Review of decisions, designs and implementations by experts can reduce risks. For example, having a workplace safety expert review your work processes to implement improvements may reduce health and safety risks.
SuppliesStoring supplies to reduce the impact of a risk. For example, extra parts for a critical machine may reduce operational risks if such parts take a long time to procure from a supplier.
TestingTesting such as product or system testing is a core risk mitigation technique. For example, properly testing the quality of a system will reduce the risk that it will fail at launch.
TrainingTraining such as compliance training for employees designed to reduce compliance and reputational risks.
ValidationValidation of information before it is accepted by systems and processes. For example, validating user input in an expense management tool may reduce the risk of accounting errors.
VerificationVerifying information with authoritative information sources. For example, verifying the information on a mortgage application may reduce credit risk.
Project ManagementThis is the complete list of articles we have written about project management.
If you enjoyed this page, please consider bookmarking Simplicable.
CommunicationA list of communication techniques.
Risk TreatmentThe four things that can be done about risk.
When risk management resulting in choosing to accept a risk.
A risk management technique that averts, sidesteps or deflects a risk.
Risk ControlA list of common risk controls.
Risk CommunicationA definition of risk communication with examples.
The four ways to reduce risk.
The practice of distributing risks.
A risk management technique that transfers risks to a third party.
A definition of risk contingency with examples.
Risk Minimization vs Risk Management
The difference between risk minimization and risk management.
Project RiskA guide to project risk.
Project RiskA list of common project risks.
Project StakeholderA list of common project stakeholders.
Business RisksA list of common business risks.
Risk vs Issue
The difference between a risk and an issue.
The definition of secondary risk with examples.
A guide to creating a risk register with an example.
A definition of risk perception with examples.
ImplementationThe common types of implementation.
Project Risk ManagementA reasonably complete guide to project risk management.
TrendingThe most popular articles on Simplicable in the past day.
New ArticlesRecent posts or updates on Simplicable. Site Map
© 2010-2023 Simplicable. All Rights Reserved. Reproduction of materials found on this site, in any form, without explicit permission is prohibited.
View credits & copyrights or citation information for this page.