The ISO-31000 Approach to Risk Treatment
Selecting Risk Treatments
ISO31000 suggests applying one or more of the following approaches to treating risks:
Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
Removing the risk source
Changing the likelihood
Changing the consequences
Sharing the risk (e.g. through contracts, buying insurance)
Retaining the risk by informed decision
Taking or increasing the risk in order to pursue an opportunity
Some treatments will be more effective than others. Some will focus on likelihood and others on consequence management.
Any one risk treatment will usually also address other risks, incidentally or directly. See also DDDRR, Hierarchy of Controls, Risk Tolerance, and Criteria.