2023 IT Examiner School

Risk Transference

• Risk transference is the decision to reduce loss through sharing that risk with another organization. • SLAs (Service Level Agreements) and contracts establish the degree of transference. • Supplementing risk activity with insurance.

Remember: You can’t transfer liability.

Risk Acceptance

• Examples of risk acceptance: • Provide no active mitigation • Based on risk appetite and cost-benefit analysis • Sometimes acceptance is the only choice • Risk acceptance must include due diligence • Level of risk is always changing, and acceptance decisions need to be regularly reviewed.