RISK TREATMENT STRATEGIES

Risk Treatment Strategies are as Follows;

1. Risk prevention (including risk avoidance)

2. Impact mitigation

3. Risk sharing

4. Insurance

5. Risk retention

1.Risk Prevention
Risk prevention strategies are directed to eliminating sources of risk or reducing substantially the
likelihood of their occurrence.

 More detailed planning

 The selection of alternative approaches
 Improving designs and systems engineering
 Adopting enhanced design standards
 Procedural changes
 Permits to work
 Protection and safety systems
 Preventive maintenance
 Formal processes and quality assurance procedures
 Operations reviews
 Regular inspections and audits
 Training and skills enhancement
 Contractual arrangements

1(a). Risk avoidance

It is a particular case of risk reduction, where undesired events are avoided completely by undertaking a
different course of action.

2.Impact Mitigation

Mitigation is directed to minimizing the consequences of risks. In case of unavoidable risks, it is more
desirable to reduce their impacts to ensure that adverse consequences of the projects are minimized.

 Contingency planning
 Engineering and structural barriers
 Separation or relocation of an activity and resources
 Quality assurance
 Contract terms and conditions
 Regular audits and checks to detect compliance or information security breaches
  Crisis Management and Disaster Recovery Plans

Impact mitigation strategies do not preclude/stop the use of risk prevention responses, and they are
commonly used together.

3.Risk sharing

 A general principle of risk management is that risks should be the responsibility of those best
able to control and manage them.
 Risk assessment, in identifying how risks might arise, can provide the initial guide to which party
is best able to manage the risks.
 Risk sharing occurs when contracts are negotiated between an organization and its suppliers or
sub-contractors. However, sharing a risk with a contractor or supplier does not transfer it fully,
and it may not really eliminate the risk.it just transforms it into a ‘contractor failure’ or
‘contractor performance’ risk.
 This process of allocation is called risk sharing rather than risk transfer because risks are rarely
transferred completely or shed entirely.

4.Insurance

 It is normally used for physical assets and a limited range of commercial risks, particularly for the
low probability but high impact residual risks that may remain after other risk treatment actions
have been implemented.
 It should be noted that an insurance contract, like most contracts, is also a process that
transforms the risk into something different.
 An insurance premium provides a direct measure of the cost of sharing the risk.
 Purchasing organizations frequently require their suppliers to have insurance policies in place to
cover risks that properly belong to the supplier. These may be policies to cover specific physical
risks, such as damage to goods in transit, or more general risks, such as professional indemnity.
 Many risk sharing strategies for projects or procurements require decisions to be taken at very
early stages, usually in the pre-tender phases.

5. Risk retention

 In most businesses in the private sector hedging or shedding all risks is rarely possible, and in
any case, it often costs so much that little or no profit can be made.
 In these circumstances, companies may become risk takers as an integral part of conducting
their business, and reap the associated rewards.
 In some instances, organizations may wish to consciously retain significant risks, particularly
where they have the appropriate expertise to manage them.
HOW A PARTICULAR RISK STRATEGY IS SELECTED BY AN
ORGANIZATION IN A NEW PRODUCT DEVELOPMENT PROJECT

RISKS DURING NEW PRODUCT DEVELOPMENT

Technology risks
When incorporating new technology in a product, there’s a chance your team may have blind spots or
lack specific capabilities that could cause roadblocks during development.

Performance risks
The function and reliability of the product in real-world conditions are always unknown until it’s built
and can be tested. However, any performance issue late in the game can be a major setback.

Market risks
Success of a new product can come down to several external factors, including customer sentiment,
economic conditions, and unforeseen circumstances (a certain pandemic comes to mind). Often, timing
is critical when introducing an innovative product into the market. Too early and customers may not
fully understand or appreciate the technology; too late and your competitors will already be established
as market leaders.

Organization risks
Internal conflict can stall or undermine any new product development initiative. Often, human
resources are one of the biggest capability question marks on a project.

Supply chain risks

Sourcing materials or components from vendors can reduce costs and internal workloads, but it also
makes your product vulnerable to supply chain disruptions. There’s always the possibility that a supplier
can’t meet its contractual obligations.

Financial risk
Certain stakeholders will be keeping an eye on the finances to make sure the project is a good
investment. Restricted access to capital or arising issues that put the project over budget can prevent a
new product from crossing the development finish line.

RISK TREATMENT
Risk treatment is a collective term for all the tactics, options, and strategies chosen to respond to a
specific risk, bound to achieve the desired outcome concerning the threat. Consequently, risk treatment
is not a concept functioning on its own. On the contrary, it should always be examined, understood, and
implemented as a part of a bigger whole, i.e., risk management.
Simply put, the risk management process is a firm's policy, composed of different steps taken to ensure
proper management of occurring threats. In general, risk management's actions include:
  Risk identification: The inspection process and identifying the organization's potential risks
meant to ensure all the threats are recognized.
 Risk assessment and evaluation: The analysis is bound to reveal the threat's consequences, the
outcome, the likelihood, and severity. Thus, the analysis examines both the risk factor and the
harm that it is bound to produce.
 Risk treatment: The plan of implementing various strategies, activities, and actions to
appropriately deal with the threat and manage it in a possibly profitable way.
 Risk monitoring: The implementation of a continuous control system over the threat after
treating it.

Notably, risk treatment should always go hand in hand with other processes enlisted in the company's
risk management plan to ensure the alignment of the tactics with the firm's policy.

STEPS OF RISK TREATMENT

In the risk treatment process, it's recommended to follow five main steps ensuring correct logistics and
effectiveness of the strategy:

1. Brainstorming and selecting the right risk treatment option.

2. Planning and use of options chosen.
3. Examining the effectiveness of the chosen tactics.
4. Deciding whether the level of the remaining risk, i.e., residual risk, is acceptable or not.
5. If it's not acceptable, implementing new risk treatment activities to reduce the residual risk.

RISK TREATMENT OPTIONS

There are typically used several risk treatment strategies to deal with the risks. Notably, one kind of
treatment cannot apply to all possible threats. It's crucial to review each threat individually to predict
the effect of each solution.
Notably, the risk treatment options should be chosen based on a detailed analysis of the accompanying
factors: the overall risk strategy of the company, its resources, the objectives of the organization, as well
as predicted costs against the benefits.

“RISK AVOIDANCE” TREATMENT STRATEGY IS ADOPTED FOR

NEW PRODUCT DEVELOPMENT PROJECT
If the risk assessment concludes that the risk is too high to be mitigated, it's possible to avoid the risk by
resigning from performing specific actions or processes. The avoidance strategy is linked to interpreting
the risk as unfavorable to the point that it should be excluded entirely. To avoid the risk, the company
might choose to perform another action instead, as the alternative generating a lower threat.
For example, suppose the launch of a new product line is identified as high-risk, and the impact of the
expected cost is deemed as not acceptable. In that case, the product line will be exited and replaced
with the one expected not to generate a threat.
RISK TREATMENT PLAN
It's recommended to create a Risk Treatment Plan to avoid confusion in planning treatment activities. A
Risk Treatment Plan is a document in which the company's policy regarding risk treatment is outlined in
detail. The outline should contain information about the parties responsible for implementing each
control option, the date and the timeframe, the available budget, etc. The detailed form will ensure a
clear and unified strategy that will be easier to follow.

ISO/IEC 2005
More specific information regarding risk management processes, available treatment plans, and correct
responses to possible threats can be found in the risk management standard ISO/IEC 27005.
This set of standards developed by the International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC) provides guidelines for ensuring information security
and recommended processes and models concerning risk management. It is also applicable to all kinds
of businesses that wish to develop concrete strategies and gain knowledge on risk management.

CONCLUSION
Risks are an inherent part of any business, and each company is bound to face them multiple times at
every stage of its development. That's why adequate risk management policies need to be
implemented while planning the overall management plan.
To ensure fast and adequate action in the face of a threat, it's crucial to regularly do a thorough analysis
of the risk strategy and keep improving the risk management plan, including risk identification, risk
assessment, risk treatment, and risk monitoring. Preferably, the appropriate treatment plan should be
created, whose implementation could ensure each treatment activity responds to specific risk types.
When choosing the adequate risk treatment, it's important to remember to review the company's
available resources and ensure the project's alignment with good policies as defined by ISO. Only a
thorough understanding and correct implementation of all those factors will provide correct risk
responses and, consequently, constitute the firm's success.