In general, a risk management strategy implies the following steps:
- Know what the risks are (identification)
- Ranking and prioritizing risks (quantification and evaluation)
- Choose an appropriate risk management strategy (accept, avoid, mitigate/transfer)
- Implement the risk management strategy
- Develop an action plan in case the risk that was mitigated or accepted occurs
For technical regulation authorities, risk identification and assessment is performed through regulatory impact assessments. Risk mitigation generally implies imposing a regulation, risk avoidance, banning the activity that poses a risk, risk acceptance, developing a crisis management plan only. Regulators can also transfer risks to economic operators making them responsible for addressing possible hazards.
Guidance on and use of risk management in technical regulations in:
An essential part of the regulators’ job is properly interacting with all stakeholders, through a stepwise and strategic risk communication process: the German Federal Institute for Risk Assessment sets best practice in this domain.