"Evaluating alternative responses to inherent risk requires consideration of risks that might result from the response itself.
This may prompt an iterative process where before management finalizes a decision, it considers risks resulting from the response,
including those that might not be immediately evident."
COSO