Types of risk mitigation

Risk mitigation is the practice of reducing identified risks. It is one of four types of risk treatment with the others being risk avoidance, transfer and acceptance.

Techniques to mitigate risk are largely dependent on the type of risk that you want to reduce. The following are general types of mitigation technique, each with an example.

Audits

Regular audits may identify problems such as accounting errors or security vulnerabilities before they become larger problems. Audits can be used both as a process of risk identification and mitigation. For example, accounting audits are a way to reduce the risk of financial fraud.

Communication

Communicating a risk may serve to reduce it. For example, if a bank has identified a particular type of fraud as a risk, communicating it to front line managers may help to prevent it.

Contingency Plans 

Planning for critical situations such as natural disasters or security incidents can reduce the impact of such events should they occur.

Diversification

The process of allocating your capital and resources in diverse areas to reduce risk and volatility. For example, a company that sells 100 products in 12 different categories will typically have more stable revenue than a company with a single product.

Due Diligence

Due diligence is the process of investigation before committing to something such as a contract or strategy. Basic due diligence such as checking the financial, environmental, corporate social responsibility and management practices of a potential partner is a basic step in risk reduction that is often considered a legal obligation.

Ergonomics

Ergonomics is the design of products to suit human cognitive and physical characteristics. It is considered a tool of risk mitigation such as preventing the risk of repetitive strain injuries with well designed furniture and equipment.

Error Handling 

Designing systems so that errors are handled in such a way that processes, automation and user interfaces remain functional. Historically, systems were often designed to immediately halt upon finding any type of error. This is an unacceptable business risk in many scenarios. Well designed modern systems are designed to work around errors as far as possible.

Facilities

In some cases entire facilities are built to mitigate risks. For example, a data center may be built to reduce security related risks.

Graceful Degradation

Machines and systems that are designed to keep working with limited functionality when they are damaged or lose resources such as an internet connection. Important to the safety of equipment such as aircraft.

Infrastructure 

Infrastructure such as computing, network and communication equipment may be used to reduce business risks. For example, equipment that is designed to handle security threats such as denial of service attacks.

Measure & Reduce 

The first step in risk mitigation is typically to find a way to measure a risk. Once a framework for measuring risks is in place, business strategies and day to day operations can work to reduce risk. For example, measurements of financial risk such as value at risk can be used to make investment choices that reduce risk.

Mistake Proofing 

Designing systems, equipment, processes and procedures to reduce risks associated with human error. For example, aircraft maintenance tools may be kept in special cases that make it obvious if a tool is missing. Each maintenance typically involves a check to see that all tools are accounted for to prevent a forgotten tool from damaging an engine on takeoff.

Redundancy

Redundancy is the practice of eliminating single points of failure by having two or more of each critical resource. For example, a company with 2,000 employees who all work out of a single location might consider having at least two geographically distributed offices to mitigate risks such as an infrastructure failure or a disaster that strikes a location.

Scalability And Capacity 

Building enough capacity and ensuring that you can scale to meet business volumes. For example, hiring enough customer service representatives so that you have ample capacity when an unexpected number of staff call in sick.

Standards

Establishing standards to guide business practices, decision making and design. For example, a technical security standard can reduce security risks if applied to all technology projects.

Subject Matter Expert

A subject matter expert is an authority in a particular business, technical or scientific domain. Review of decisions, designs and implementations by experts can reduce risks. For example, having a workplace safety expert review your work processes to implement improvements may reduce health and safety risks.

Testing

Testing such as product or system testing is a core risk mitigation technique. For example, properly testing the quality of a system will reduce the risk that it will fail at launch.

Validation

Validation of information before it is accepted by systems and processes. For example, validating user input in an expense management tool may reduce the risk of accounting errors.

Verification

Verifying information with authoritative information sources. For example, verifying the information on a mortgage application may reduce credit risk.