Photo by Miguel A. Amutio on Unsplash

Diagnose your risk control strategy With 4 T’s

Pragati Singh 🇮🇳🇸🇦
3 min readJun 26, 2020


Some key insight form history

The word ‘risk’ is thought to derive either from the Arabic word ‘risq’ or the Latin word ‘risicum’.

The Latin word ‘risicum’ originally referred to the challenge presented to seafarers by a barrier reef and so implied a possible negative outcome.

Arabic word ‘risq’ ‘anything that has been given to you (by God) and from which you draw profit’

Good risk management isn’t about not taking any risks: it is about taking the right risks where there is an appropriate reward. It is about protecting assets and adding value.

Let’s Determine our Risk Precedence with Risk Matrix

Risk Matrix — Determine your Risk Precedence

Risk culture will consist of following components LILAC:
Leadership must be strong relating to strategy, projects and operations;
Involvement of all stakeholders in stages of the risk management process; Learning and training in risk management procedures;
Accountability that is appropriate and encourages reporting, not blame;
Communication and openness on issues so that lessons can be learnt.

Risk control is the process by which an organisation reduces the likelihood of a risk event occurring or mitigates the effects that risk should it occur. There 4 main control options that we use to manage risk.

Four T’s are:

Risk Management Strategy 4 T’s

More insight into 4 T’s

Terminating Risk
Terminating Risk is the simplest and most often ignored method of dealing with risk. It is the approach that should be most forwarded where possible and simply involves risk elimination. This can be done by altering an inherently risky process or practice to remove the risk. The same can be used when reviewing practices and processes in all areas of the business.

Treating Risk
Treating Risk is a method of controlling risk through actions that reduce the likelihood of the risk occurring or minimise its impact prior to its occurrence. Also, there are contingent measures that can be developed to reduce the impact of an event once it has occurred.

Transferring Risk
Transferring Risk can be achieved through the use of various forms of insurance, or the payment to third parties who are prepared to take the risk on behalf of the organisation

Tolerating Risk
Tolerating Risk is where no action is taken to mitigate or reduce a risk. This may be because the cost of instituting risk reduction or mitigation activity is not cost-effective or the risks of impact are at so low that they are deemed acceptable to the business. Even when these risks are tolerated they should be monitored because future changes may make it no longer tolerable.

If an item presents a risk and can be changed or removed without it materially affecting the business, then removing the risk should be the first option considered; rather than attempting the treat, tolerate or transfer it.

Key Glossary in Risk Management

BC business continuity

COSO The Committee of Sponsoring Organizations (of the Treadway Commission)

ERP The acronym for Enterprise Resource Planning

FCA The UK Financial Conduct Authority (responsible for the regulation of financial firms)

FDA The US Food and Drug Administration

Five Whys An interrogative technique where the question ‘why?’ is repeatedly asked to help identify the root of a problem or an issue

ISO The International Organization for Standardisation

NGO The acronym for non-governmental organisation

PERT The acronym for Programme Evaluation and Review Technique

PESTLE The acronym for a management brainstorming technique (i.e. what are the Political, Economic, Social, Technological, Legal, Environmental matters relating to an organisation?)

RACI The acronym for Responsible, Accountable, Consulted and Informed communications processes

SRA The acronym for Strategic Review Analysis

SWOT The acronym for a management brainstorming technique (i.e. what are the Strengths, Weaknesses, Opportunities, Threats of, or relating to, an organisation?)

The Institute of Risk Management (IRM) indicates some of the potential careers open to risk professionals (Institute of Risk Management)



Pragati Singh 🇮🇳🇸🇦

CISM | PMP | CISA | CHFI | GenAI | Program Director | Digital Transformation & Cybersecurity Leader | Chief Transformation Officer | ITO Head