"Risk responses fall within the following categories:
• Avoidance – Action is taken to exit the activities giving rise to risk. Risk avoidance
may involve exiting a product line, declining expansion to a new geographical
market, or selling a division.
• Reduction – Action is taken to reduce the risk likelihood or impact, or both. This
may involve any of a myriad of everyday business decisions.
• Sharing – Action is taken to reduce risk likelihood or impact by transferring or
otherwise sharing a portion of the risk. Common risk-sharing techniques include
purchasing insurance products, pooling risks, engaging in hedging transactions, or
outsourcing an activity.
• Acceptance – No action is taken to affect likelihood or impact."
COSO