Summary
The goal of a risk management program is to drive effective decisions and actions based on an understanding of how uncertainty may affect objectives. However, even mature programs that have sophisticated risk identification and measurement methodologies often have only loosely defined guidelines for what to do with those risks once they've been identified and measured — and we've seen many high-profile corporate failures occur because of this gap. Addressing the "Evaluate the Risk" stage of the ISO 31000 risk management standard, this report outlines lessons learned from companies that did not respond effectively to the risks they assessed, provides an explanation of options that are available when choosing how to treat risks, and provides best practice examples of the criteria to use when making these choices.
- Stay ahead of changing market and customer dynamics with the latest insights.
- Partner with expert analysts to make progress on your top initiatives.
- Get answers from trusted research using Izola, Forrester's genAI tool.