When given the option, most people choose to extinguish a match rather than fight a fire; that’s the way of the world.

From the looks of it, humans prefer to prevent a problem from happening in the first place, than try to fix it later on. Smart? Maybe… but I guess it’s also why we avoid falling in love, if we know that there’s an end in sight!

But what’s love got to do with it? Well… everything! ❤️‍ One of those huge risks we often take in life, isn’t it? But… we’re not here to talk about love, no… we’re here to look at how we go about handling risks.

What's in here:

There are four ways to go about dealing with risks: Transfer, Accept, Mitigate, Eliminate: i.e. TAME! In this quick article, we look at each term and what it means.

What is TAME in risk management?

Once you’ve gone through the risk management process and assessed your risks, and you know what’s what, how do you move forward? That’s the big question. If you want to know how to go about assessing your risks in the first place, I’ve got a good article for you.

So… what to do with the risks you ask?

Risk management TAME: Transfer, Accept, Mitigate, Eliminate
TAME framework in risk management

For you to be able to effectively manage risk, it’s important you define what is and isn’t an acceptable level of risk; basically, you want to figure out your risk appetite. It’s not very hard to create this, you just need a proper risk management process.

What is the difference between risk appetite and risk tolerance?

Risk appetite and risk tolerance are often used interchangeably, but they’re actually different terms. According to the ISO Guide, risk appetite is the “amount and type of risk that an organization is willing to pursue or retain.” Risk appetite is a broad description of the desired level of risk an entity is willing to pursue.

Risk tolerance, on the other hand, is more granular and affects individual risks. It’s defined as “an organization’s or stakeholder’s readiness to bear the risk after risk treatment in order to achieve its objectives.” It shows you the change in outcome you’re willing to accept in relation to specific performance measures.

Here’s a nice article if you want to know more about this difference!

What is risk appetite / what is risk tolerance
Risk appetite vs. risk tolerance

So… once you’ve defined how much risk you can handle, you can then categorize your risks and create a remedy plan for them thanks to a framework we call TAME.

TAME stands for Transfer, Accept, Mitigate, and Eliminate.

Transfer the risk  🪢

If the risk is too much to handle, either because you don’t know how to manage, or you don’t have the resources for it, what you can do is transfer/move the risk somewhere else; usually a third-party that will take care of things for you.

Risk transference usually happens through an insurance policy or penalty clause; that’s the most common. As for the four main types of risk transfer, they are: insurance, derivatives, outsourcing and contract. It doesn’t mean that the risk won’t happen, it just means that the financial impact will be moved under some type of contractual agreement.

Pros and cons of risk transfer

Pros:

  • Helps with distribution of risks by placing the burden on a third party
  • You’re protected against future losses

Cons:

  • It’s quite expensive, and changes based on the value of your asset
  • It takes a lot of time to do research, pick your insurance, then of course, claim the insurance at the end!

Example of risk transfer

A risk transfer example would be: you buy an insurance policy that covers any kind of loss related to your new coffee shop; that includes dealing with a customer who unfortunately slips on your wet floor and decides to come after your money.

Mitigate the risk  🏹

Mitigating the risk means that you change your plan in order to deal with the risk, by either reducing its likelihood, or minimizing its impact. Basically, risk mitigation doesn’t eliminate your risk (meaning you’ll probably have residual risk left), nonetheless it minimizes the consequences.

The way you’d go about creating a risk mitigation plan is by creating a list of individual risks, rating them based on probability and impact, then finally implementing an action plan to deal with them, as well as an assessment plan. If you’re looking for a way to do this in Jira, here’s something to look into.

Example of risk mitigation

You add cup sleeves to your hot beverages in order to minimize the probability and impact of someone burning their hand as they grab the cup. This doesn’t mean that no one will ever burn their hand, who knows, the world is full of clumsiness; it just means that the probability/impact is now lower!

Eliminate the risk  😵

How do we eliminate the risk? We either avoid it completely, i.e. turn off the match before our fire has any chance of starting, or we resolve it. When you avoid a risk, you change your plan in order to completely remove the probability of your risk happening altogether, or you try to eliminate the impact, if it were to happen.

Pros and cons of risk avoidance

Pros:

  • Helps detect as many threats as possible
  • Helps you take up measures to escape future consequences

Cons:

  • It’s not always effective; it could work for one risk while creating another
  • It’s costly; it forces project managers to restructure the entire project, which is why some people choose to transfer instead of eliminate

Example of risk elimination

You simply don’t sell hot drinks altogether 😂

Accept the risk

Here, you acknowledge that the risk exists, but you choose not to do anything about it because you’re fine with it being there for the time being. Accepting the risk means that you’re neither avoiding, nor transferring or mitigating your risk; you just let it be.

Example of risk acceptance

You fall in love, and you allow yourself to go with the flow. There’s a high risk you’ll end up getting hurt but it doesn’t stop you; why? Because you know that you can handle it when/if it comes.