 |
 |
 |
Download treatment plan template in Microsoft Word format.
Risk Treatment Plan: Responding to the Risk Assessment
Anyone who has ever held a management position at a medium to large-sized company has undoubtedly heard the term “risk assessment,” but the term “risk treatment plan” may not be quite as familiar. In short, a risk treatment plan is the written documentation that details how the company will respond to each of the risks or potential risks identified in the assessment. To help give you a clearer picture of how this document is formulated, in this article we will briefly define the purpose of the risk treatment plan and introduce you to the four main categories into which most perceived risks usually fall.
What Is the Purpose of the Risk Treatment Plan?
In developing a response as to how risks will be dealt with, the risk treatment plan is used to record and classify each of the perceived risks as either low, high or acceptable risks, based primarily on the financial liability they present to the company. This task is usually given to a group of stakeholders or team members on the risk assessment team who will then set the controls and decide how the company should respond. Once this document is completed, it is then presented to management and the Board of Directors who can either choose to adopt the team’s recommendations or suggest changes based on new information and ideas.
Developing the Risk Treatment Plan
The risk treatment plan, also called the risk assessment plan, will typically identify how to respond to certain risks by placing them into one of four main categories: avoid, transfer, mitigate and accept. This process is based on a number of criteria, but generally the main factor the team will consider is whether the risk is potentially damaging enough to warrant addressing it, and if it is, choosing how to address it. To get a better idea of how this works, the four categories are outlined below:
• Avoiding Risk. There are certain risks that are, for lack of a better phrase, “just not worth it.” Therefore, it is just better to avoid them by not performing the associated business activity that would cause it. These risks are generally classified as high, and when they are recognized as part of a particular activity or project, that activity or project should be avoided altogether.
• Transferring Risk. There are times when recognized risks can be transferred to a third party so that your company won’t have to deal with them. This does not mean the risks will go away; just that they will be handled by someone else, usually for a price.
• Mitigating Risk. When placing a risk into this category the company is choosing to implement certain controls and procedures to reduce or mitigate the risk to an acceptable level. These risks can usually be dealt with by taking appropriate steps to avoid the risk from occurring altogether, or by developing a contingency plan for dealing with the risk when faced with it.
• Accepting Risk. All projects have to deal with at least some level of risk. The risks in this category are usually deemed very low—so low that they present only minimal financial risk to the company. These types of risks can be handled most appropriately by instituting small controls or, in some cases, by doing nothing whatsoever.
The risk treatment plan is a vital component to any risk assessment strategy and should be developed and recorded immediately following the conclusion of the assessment.