ABSTRACT
This chapter covers the concepts of risk treatment and the various methods available to treat risk. It outlines the main elements to assessing control effectiveness. One of the key outcomes of an operational risk management process is the development and maintenance of an efficient and effective framework of risk treatments. Risk acceptance is a common treatment method. It involves an informed decision to accept and take responsibility for the risk at its current level without taking any further modifying action. Improvements to treatment methods may be initiated from a number of sources including from: the Risk and Control Self Assessment process; the key risk indicator (KRI) process, particularly for the KRIs in the amber and red zones; risk incidents, based on implementing changes to ensure the incident does not happen again; compliance breaches and non-attestation of external compliance requirements or internal controls; internal and external audit, regulators, consultants and other third parties; and any other source.
