To treat or not to treat risks? It can sometimes be a dilemma. How much should be spent in treating risks? At what point is it desirable to stop spending on risk reduction? With an understanding of risks as the effect of uncertainty on the achievement of objectives, it is vital to consider threats as well as opportunities. Having done thorough risk assessments, organizations need to move with pace to treating risk, implementing steps to reduce threats or maximize the value of opportunities. In this webinar, the presenter explores risk treatment as a key process in risk management, the various options available and how decisions are made on options, taking costs and benefits into consideration. Main points covered: • The importance of risk treatment in an effective risk management system • Determining whether to treat or not to treat risks(cost/benefit analysis and the ALARP principle) • Options for treating risks • Conclusions Presenter: This session was presented by PECB Trainer, Jacob McLean, Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited. Link of the recorded session published on YouTube: https://youtu.be/XzOh5G_TFW4

2. Jacob McClean
Managing Director
Jacob McLean is a Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited
(876) 475-1963/(876)631-0365 KTMCLimited@gmail.com www.ktmcltd.com

3. Outline
The importance of risk treatment in an effective risk
management system
Determining whether to treat or not to treat risks
(cost/benefit analysis and the ALARP principle)
Options for treating risks
Conclusions

4. Introduction
 It has been said that there are four possible approaches to
risk:
 The Gopher
 The Settler
 The Cowboy
 The Pioneer
 The key difference lies in risk awareness and assessment but
most importantly in the treatment or control of risk

5. SETTLER
Knows that there are
risks out there
Doesn’t want to chance
anything
COWBOY
Does what he feels like
Doesn’t think (or care)
about the risk
GOPHER
Doesn’t know what’s
out there & doesn’t care
Stays underground
where its safe
RISK AWARENESS
Risk Aware
Risk Oblivious
Risk
Averse
Risk
Taking
PIONEER
Understands the Risks
Takes chances but stays
in control
5

6. Risk Management Process

7. Risk Treatment
ISO 31000, Clause 5.5: Risk Treatment
5.5.1 General – Risk treatment involves
selecting one or more options for modifying
risks, and implementing those options
Once implemented, treatments provide or
modify controls

8. Risk Treatment
Having completed a risk assessment, risk treatment
involves selecting and agreeing to one or more
relevant options for changing the probability of
occurrence, the effect of risks, or both, and
implementing these

9. Risk Treatment
This is followed by a cyclical or iterative process of
reassessing the new level of risk, with a view to
determining its tolerability against the criteria
previously set, in order to decide whether further
treatment is required

10. Options for Risk Treatment
RISK
Avoid
Increase
Remove
Change/
Modify
Share
Retain
ISO 31000 – Clause 5.5.2

11. Risk Avoidance
Decisions taken when risks are so high that
treatment cannot be contemplated
Risks may be unknown or simply uncontrollable
Typically activities are cancelled in such risk
scenarios

12. Risk Increase
This is where deliberate actions are taken to
decrease the level of control of the risk or increase
exposure
These actions are predicated on the possible
benefits to be gained, hence the idea here is to
maximize or seize opportunities, or ride the waves
Risks might also be increased by reducing the level
of controls where costs exceeds benefit

13. Risk Removal
This is an unlikely option to exercise because
organizations usually do not have the leverage to
effect removal of risks entirely
In the case of unfavourable legislation, the
organization may join with industry members in
lobbying government to either amend, delay
implementation or remove legislation

14. Risk Modification
Changing of likelihood
Changing of impact

15. Risk Sharing
Involves engaging a partner that can manage the
risk more effectively
Decision is usually dependent on the inability on the
part of the organization to reduce the risk to within its
level of tolerability, lack of resources or economic
factors

16. Risk Sharing
The most popular approaches are insurance, in
which risks are covered via payment of a premium,
contracting or outsourcing

17. Retaining Risk
Risk remaining after risk treatment is retained. It is
most often referred to as residual risk
The level of risk retained is dependent on the risk
appetite of the organization. If the level of risk meets
accepted criteria, further treatment is unnecessary
Retained risks must be documented and there must
be cognizance that residual risk can include
unidentified risks

18. Balance in Risk Treatment
Costs Benefits
Continue
spending

19. Balance in Risk Treatment
Benefits Costs
Discontinue
spending

20. The ALARP Concept

21. The ALARP Concept

22. Sensible Risk Management
Risk management is essentially a trade-off between
risks and benefits (risks and costs)
Maximizing the us of controls means application of
controls to ensure balance between costs expended
and benefits gained by controlling the risks

23. Sensible Risk Management
Overspending on controls is gold plating
(incorporating costly features or refinements into
something unnecessarily)
The equilibrium point should be the aim – spending
too little is sometimes as bad as spending too much

24. Implementation of Risk Treatment
ISO 31000 (Clause 5.5.3)
 A plan is necessary:
 Justification for selection of treatment option, including benefits
expected
 Responsibility for approval and implementation of the plan
 Actions to be taken
 Resources required (including contingencies)
 Measures of performance and constraints
 Reporting and monitoring
 Timing and schedule (with indications of priority)

25. THANK YOU!
Kaizen Training and Management Consultants Limited
22B Old Hope Road,
Kingston 5
Jamaica, West Indies
Phone (land line): (876) 631- 0365
Phone (mobile): (876) 475 – 1963
Fax : (876) 906 – 7423
Email: ktmclimited@gmail.com
Website: www.ktmcltd.com
25

26. ?
QUESTIONS
(876) 475-1963/(876)631-0365 KTMCLimited@gmail.com www.ktmcltd.com
THANK YOU