O'Reilly logo

Operational Risk Management by Ariane Chapelle

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 10Risk Mitigation

DEFINITIONS

In the International Organization for Standardization (ISO) vocabulary, risk mitigation is defined by the four Ts: Tolerate, Treat, Transfer, Terminate. Tolerate means accepting the risk as it is. Treat refers to internal controls, aimed at reducing either the likelihood or the impact of a risk (or both); it is the most common form of risk mitigation. Transfer means to move the consequence – or the causes – of a risk to another party, typically an insurer or a third‐party supplier. Terminate means to remove risk exposure altogether, when none of the other options is acceptable. This chapter concentrates on the two most common mitigation solutions: internal controls and risk transfers.

TYPES OF CONTROLS

There are many different classifications for controls. Given my background in internal audit, I tend to adopt the following simple classification used by the Institute of Internal Auditors (IIA):1 preventive, detective, corrective and directive controls.

The aim of preventive controls is obviously to reduce the likelihood of an event happening. The controls are executed before possible events and address their causes. A car seat belt is an example of a preventive control in everyday life, while the segregation of duties, where different people are in charge of initiating, approving and settling a transaction, is probably the most common and effective preventive control for internal fraud.

Detective controls take place during or just after ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required