For decades, risk management frameworks have cited the same four risk treatment options: accept, mitigate, transfer, and avoid. There is, however, a fifth option that some organizations select: ignore the risk.
Ignoring a risk is a choice, although it is not considered a wise choice. Ignoring a risk means doing nothing about it – not even making a decision about it. It amounts to little more than pretending the risk does not exist. It’s off the books.
Organizations without risk management programs may be implicitly ignoring all risks, or many of them at least. Organizations might also be practicing informal and maybe even reckless risk management – risk management by gut feel. Without a systematic framework for identifying risks, many are likely to go undiscovered. This could also be considered ignoring risks through the implicit refusal to identify them and treat them properly.
- excerpt from an upcoming book on risk management