Hi Dhairya, that is actually a good question. From my point of view, these is how I would do in case of a low or high severity.
1) Hazards that fall into a low severity risk, are considered generally
acceptable and will not require further analysis. Additional mitigation can be done but is optional for hazards that fall into low severity risks..
2) Now, hazards that fall in between, more like a medium severity risk, are considered conditionally acceptable but these risks will require analysis and mitigation. These risks are conditionally acceptable because it can be considered as acceptable only when adequate mitigation are identified.
3) Hazards that fall into a high severity risk, are generally unacceptable. If
hazards at these level cannot be further mitigated to the point of
falling into an acceptance zone(low or medium), a formal risk/ benefit analysis
shall be performed and documented.
-Out of all the four, I believe that the least effective, the one that will not lower the risk of the device will be risk acceptance. Risk acceptance does not reduce any effects however it is still considered a strategy. This strategy is a common option when the cost of other risk management options such as avoidance or mitigation may outweigh the cost of the risk itself.

For low severity risks you are either going use acceptance or mitigation. You are going to have to determine if the benefit is worth the risk. If the benefit is worth the severity of risk you are taking on you can accept the risk and go on with our product. If the benefit is not significant enough for the risk you are going to have to mitigate severity and determine if the cost it takes to mitigate the product is worth not just avoiding it. For high severity risks you are either going to use transference or avoidance. If there is a high severity of risk but the benefit is too valuable to give up you use transference. This allows an insurance company to take on liability for this risk your product must take. If you find the benefit is not worth taking on such a high severity of risk you are better off just avoiding the risk entirely. Out of the four methods, acceptance does not affect the severity of the risk at all. You would accept when the benefit far outweighs the risk it brings to your product.

I agree with the comments above. The acceptance leads to a high severity of risk due to the company not any additional steps to deal with the risk. As Dr. Simon has mentioned, sometimes it is cheaper for the company to allocate certain money for the risk of the product rather than dealing with reducing the risk. The mitigation and transference would lie as a mid-severity of risk due to still dealing with the risk but by implementing controls, or other countermeasures that have a direct effect on risk identified. Lastly, avoidance of risk is with the company avoiding an activity or process that produces risk. This can be categorized as a low severity of risk due to eliminating the risk all together.

For high severity of risk I would use mitigation and avoidance. A device with a high severity risk has the potential to kill or severely harm someone which is not only morally wrong but leads to huge lawsuits. It is important to avoids or mitigate these types of risks as they would cause the most financial loss to a company. I would use acceptance for low severity risks. Acceptance does not reduce the risk and it used when the risk is small and would not effect the project or company much if it does arise. Transference can be used for both high or low severity risks as it deflects the risk to someone else. Another strategy of dealing with risk that has not been mentioned is exploiting the risk. This is used when the risk would have a positive impact. For example, the risk could be that if the item is too popular there would not be enough sales staff to keep up. A company would not want to transfer or stop this from happening, instead they would want to maximize the chances of this risk happening. Exploitation looks for ways to make the positive risk happen or for ways to increase the impact if it does.

I agree with you Luisa, I'd also like to add that risk transference is the involvement of handing risk off to a willing third party. In my opinion, in the case of low severity I think it is a good idea if a company outsources certain operations such as customer service, payroll services, etc. This can be beneficial for a company if a transferred risk is not a core competency of that company. It can also be used so a company can focus more on their core competencies. For high severity mitigation and avoidance would be recommended.

-Nicole

I like how you pointed out the importance of avoidance in high severity scenarios. It is also important to know in terms of cost, risk acceptance does not reduce any effects however it is still considered a strategy. This strategy is a common option when the cost of other risk management options such as avoidance or limitation may outweigh the cost of the risk itself. A company that doesn’t want to spend a lot of money on avoiding risks that do not have a high possibility of occurring will use the risk acceptance strategy. Risk avoidance is the opposite of risk acceptance. It is the action that avoids any exposure to the risk whatsoever. Risk avoidance is usually the most expensive of all risk mitigation options. In terms of company size and budget, I wonder if cost would play a factor in the steps of their risk assessment strategy.

Hey Dhairya,

Maybe I'm mistaken but I don't think we can properly say which tactic we'd use for low severity or high severity without also noting the frequency of those risks. That being said, I think for low severity, I would choose either acceptance or mitigation. Because the risk is low, it would be okay to accept it and take chances. On the other hand, if it is low risk, it might be worth it to try and mitigate it. As for high risk, I think the proper tactics would be avoidance, mitigation, or transference. Because it is a big risk, avoiding it altogether would be favorable. Mitigation would obviously be good to reduce the severity of the risk, and transference would be good to hedge your own risk.

- Saad Ali

Hey Saad,

I agree that is important to mention frequency when also assessing risk. Low severity but at a high frequency could be very costly for a company because it would eventually add up and hurt the reputation of a company. Something that was thought to be minor issue but happens to every other customer is now a big issue and must be handled as such. Frequency and severity go hand in hand while creating a risk matrix.

-Murad Elias

One of the points for avoiding risk I would like to add to manage risk is Exploitation.

Exploitation: To exploit the risk. The techniques mentioned above are great when they have a negative impact in the project but what if the risk has the positive impact?

For example, the risk that the new washing machines are so popular that we don’t have enough Sales staff to do the demonstrations? That’s a real danger – something that would have a benefit to the project and the company if it happened. In those cases, we want to maximize the chance that the risk happens, not stop it from happening or transfer the benefit to someone else!

Exploitation is the risk management strategy to use in these situations. Look for ways to make the risk happen or for the means to increase the impact if it does. We could train a few junior Sales admin people also to give washing machine demonstrations and do lots of extra marketing, so that the chance that there is lots of interest in the new device is increased, and there are people to do the demos if needed

I certainly agree with everyone that acceptance would not reduce any risk out of these four. Accepting the risk means that once you have identified it, you take no action. You simply accept that it might happen and decide to deal with it if it does. It is a good strategy to use when risk is small and not frequent. Risks that will not have much of an impact on project if it happens and could be easily dealt with if or when it occurs.

I would most likely choose Acceptance Mitigation/Limitation for low severity. Mitigation would be my first choice because this action actually reduces a company's exposure to the risk unlike Acceptance which will not limit any of the effects. On the other hand, if the cost of the other risk management options will outweigh the cost of the risk itself, then Acceptance would be and ideal choice. For high severity, Risk Avoidance or Transference would work the best. Avoidance is the most expensive option but most effective as well because it completely absolves the company's exposure to any risk. If money is an issue, then Transference will help a company transfer any risk they may have to a third party to deal with.

Risk Management is the process of identifying, analyzing and responding to risk factors throughout the life of a project and in the best interests of its objectives.
Proper risk management implies control of possible future events and is proactive rather than reactive.
The acceptance or non-acceptance of a risk is usually dependent on the project manager’s tolerance level for risk.

I do feel, though that prediction is the very crucial to the risk Management, as mangers like employs who are proactive and can spot mistakes and risks early on before they happen. I say acceptance us lower because what does it serve. Ok so the product has risk and an error, immediately think to fix the problem and mitigate the error in the best and most cost effective way.

Dhairya,

For low severity of risk I would choose acceptance. If a risk is acceptable, it should be low by default. High risk items should be mitigated down to a medium or low risk whenever possible. I don’t think avoidance reduces the risk level out of the severity of a risk. I view avoidance as brushing something under the rug and hoping it won’t come back. I’ve always been a believer that you need to face the reality of any situation. I don’t believe there is a thing as an unmanageable risk. Everything is always manageable, even if a high risk has to be categorized into another type of high risk, perhaps it could be managed in a different category or through a different method but should never be avoided.