Risk Treatment
• Avoid: this means avoid taking the risk by not starting the relevant activity, or
terminating the risk by discontinuing and thereby removing the risk source. This
will not always be possible, particularly where risks are posed by external events
outwith the University's control, such as Brexit or Covid.
• Treat: this means adding controls and/or taking mitigating actions to reduce the
likelihood of a risk occurring, or its consequences if it does. Unless a decision is
made to avoid a risk, almost all risks should undergo some form of treatment if
possible.
• Tolerate: this means accepting risk where this is an option, usually in pursuit of
an opportunity. This should always be an informed decision that takes account of
the expected cost-benefit trade-off. This might apply to opening an overseas
campus, as an example.
• Transfer (the risk): this is normally done via insurance or through contractual
arrangements; for example, on a capital construction project in Estates, the risk of
cost overrun could be transferred to the contractor by agreeing a fixed price
contract.
All controls applied to any risk, and all mitigating actions agreed, should be
recorded in the risk register. This will then be used as a key tool for monitoring and
controlling progress, which will include appraising the effectiveness of different
treatments, and their impact on risk scores.
Can you assign a risk treatment to the risks you identified
previously?