Risk mitigation
Risk Mitigation
Risk mitigation involves creating a sound control environment that reduces internal and external threats to the institution’s tolerance level and establishes a structured environment for IT operations. Examples of controls include policies and procedures related to personnel and operations, segregation of duties and dual controls, data entry controls, quality assurance programs, industry certification, and operating thresholds and parameters. While not a control, insurance can be an effective risk mitigation tool. Management should balance controls against business operations requirements, cost, efficiency, and effectiveness.