One Risk, One Treatment: Avoid, Mitigate, Transfer, or Accept
flowchart TD
Risk["Identified Risk
likelihood × impact rating"]:::startNode D1{"Can the activity be
eliminated without
unacceptable business loss?"}:::decisionNode Avoid["AVOID
Stop the activity.
Document the decision."]:::avoidNode D2{"Is residual risk after
available controls below
the risk appetite?"}:::decisionNode Mitigate["MITIGATE
Implement control(s).
Track residual risk."]:::mitigateNode D3{"Can the financial impact
be transferred to another
party (insurance, contract)?"}:::decisionNode Transfer["TRANSFER
Procure insurance / vendor
contract. Track coverage limits."]:::transferNode Accept["ACCEPT
Document, sign at the right
executive level, time-bound it
(~12 months), reassess on schedule."]:::acceptNode Risk --> D1 D1 -->|Yes| Avoid D1 -->|No| D2 D2 -->|"Yes (control feasible)"| Mitigate D2 -->|No| D3 D3 -->|Yes| Transfer D3 -->|No| Accept classDef startNode fill:#eceff1,stroke:#455a64,stroke-width:2px,color:#263238,font-size:15px classDef decisionNode fill:#cfd8dc,stroke:#455a64,stroke-width:2px,color:#263238,font-size:15px classDef avoidNode fill:#455a64,stroke:#263238,stroke-width:2px,color:#fff,font-size:15px classDef mitigateNode fill:#1565c0,stroke:#0d47a1,stroke-width:2px,color:#fff,font-size:15px classDef transferNode fill:#ffa000,stroke:#e65100,stroke-width:2px,color:#212529,font-size:15px classDef acceptNode fill:#d84315,stroke:#bf360c,stroke-width:2px,color:#fff,font-size:15px linkStyle default stroke:#90a4ae,stroke-width:2px,font-size:14px
likelihood × impact rating"]:::startNode D1{"Can the activity be
eliminated without
unacceptable business loss?"}:::decisionNode Avoid["AVOID
Stop the activity.
Document the decision."]:::avoidNode D2{"Is residual risk after
available controls below
the risk appetite?"}:::decisionNode Mitigate["MITIGATE
Implement control(s).
Track residual risk."]:::mitigateNode D3{"Can the financial impact
be transferred to another
party (insurance, contract)?"}:::decisionNode Transfer["TRANSFER
Procure insurance / vendor
contract. Track coverage limits."]:::transferNode Accept["ACCEPT
Document, sign at the right
executive level, time-bound it
(~12 months), reassess on schedule."]:::acceptNode Risk --> D1 D1 -->|Yes| Avoid D1 -->|No| D2 D2 -->|"Yes (control feasible)"| Mitigate D2 -->|No| D3 D3 -->|Yes| Transfer D3 -->|No| Accept classDef startNode fill:#eceff1,stroke:#455a64,stroke-width:2px,color:#263238,font-size:15px classDef decisionNode fill:#cfd8dc,stroke:#455a64,stroke-width:2px,color:#263238,font-size:15px classDef avoidNode fill:#455a64,stroke:#263238,stroke-width:2px,color:#fff,font-size:15px classDef mitigateNode fill:#1565c0,stroke:#0d47a1,stroke-width:2px,color:#fff,font-size:15px classDef transferNode fill:#ffa000,stroke:#e65100,stroke-width:2px,color:#212529,font-size:15px classDef acceptNode fill:#d84315,stroke:#bf360c,stroke-width:2px,color:#fff,font-size:15px linkStyle default stroke:#90a4ae,stroke-width:2px,font-size:14px
Color Key — Four Treatments
Avoid (eliminate the activity)
Mitigate (add controls)
Transfer (insure / contract)
Accept (sign off, date it)
Step Details
Hover or tap any box to see what that step means. The tree asks a fixed sequence of questions; the first "yes" assigns the treatment.
Implicit acceptance is the failure mode. Every risk gets exactly
one of these four labels — with an owner and a date.