Risk Response

The approach an organization takes to address an identified risk. Common risk responses include:

- Accept (take the risk without additional controls)

- Avoid (eliminate the activity or circumstance creating the risk)

- Transfer (shift risk to a third party through insurance or outsourcing)

- Reduce (implement controls to decrease likelihood or impact)

- Exploit (take actions to increase the probability of beneficial outcomes)

In RBPM, risk responses should align with risk appetite and contribute to strategic objectives rather than simply minimizing all risks.