topic Re: Risk Mitigation vs Risk Treatment in CGRC Study Group

Risk Mitigation vs Risk Treatment

JYeager — Thu, 01 Jun 2023 14:05:56 GMT

Hello all!

I was hoping to get some input/clarification on the two terms I’ve seen some people use interchangeably, but I’m pretty sure they mean two different things.

Risk Mitigation is putting controls in place to reduce or limit the adverse affects of risks, identified or likely to occur.

Risk treatment is after the risk assessment, where you look at the identified risks and create controls to…treat them.

So basically Mitigation is proactive approach that can basically be done anytime, while risk treatment is reactive, something that is done only during the risk assessment and after a risk has been identified.

Thanks in advance!

Re: Risk Mitigation vs Risk Treatment

ericgeater — Thu, 01 Jun 2023 20:21:54 GMT

I've always understood risk mitigation to itself be one of the four risk treatments. The other three treatments are accept, avoid, or transfer.

Re: Risk Mitigation vs Risk Treatment

denbesten — Thu, 01 Jun 2023 23:49:18 GMT

@ericgeater wrote:
I've always understood risk mitigation to itself be one of the four risk treatments. The other three treatments are accept, avoid, or transfer.

That too is my understanding.

In some circles, I have seen claims that "ignoring" or "denying" are additional treatments, but truly those are just cases of implicitly accepting risk. Read up on the Challenger's demise as a great example of NASA management implicitly accepting risk by denying the engineers' assessment.

Re: Risk Mitigation vs Risk Treatment

ericgeater — Fri, 02 Jun 2023 13:20:04 GMT

For simplicity's sake, I chose to leave out "ignore" because it isn't part of the exam, nor the curriculum.

But yeah, "ignore" is a risk treatment, too. A very, very stupid risk treatment. 😆

Re: Risk Mitigation vs Risk Treatment

JYeager — Sat, 03 Jun 2023 14:07:50 GMT

Ty everyone!! I appreciate the answers and it helps me understand it now!