The MBA Guide to IT

Episode 19 - Should I mitigate or transfer an IT risk?

In our previous videos, we talked about making a list of risks and then deciding whether to Accept, Avoid, Mitigate, or Transfer a risk.  Today, we’ll talk about the last two options:  Mitigate or Transfer.

When you take a risk, you need to be sure your clients are paying you to take that risk.  It’s really easy to take risks that aren’t making you money.

What if you want to take the risk, but only if you can reduce its impact?

Let’s return to our credit card example from yesterday.  You send out invoices and there’s a little box where your client can fill out their credit card number and mail it back to you.  You want to reduce the impact to your firm if someone starts stealing those credit card numbers.

So, you set up a website to accept those credit cards.  But how do you do it safely?  You can mitigate the risk by hiring a security firm to make you compliant.  Or you hire a service provider who is already good at handling credit cards.

Either way, you Mitigate the risk – you minimize the risk you are taking.  Of course, you seldom eliminate it.  The leftover risk is called Residual Risk.

On the other hand, you might decide online payments are too much trouble.  You’ll keep letting clients mail in their credit card numbers.  But you still want to reduce the financial impact if those numbers get stolen.  So you buy an insurance policy and Transfer the risk to them.

In real life, you’re probably doing a combination of these: Accept, Avoid, Mitigate, or Transfer.  Just make sure that each risk supports your business and makes you money.

I’m Carter Edmonds with 20Creek.  We solve IT challenges.

Episode #19 – 1/4/2019

We use cookies to operate the site, improve your experience, and personalize our interactions with you.
By continuing to use our site, you accept our use of cookies.
Please see our Privacy Policy, Terms of Use, Disclaimer, and Cookie Policy.