Which risk management strategy involves shifting risk from one organization to another?

The correct answer is transference, which is a risk management strategy focused on shifting risk from one organization to another, often to a third party. This strategy can involve transferring the financial consequences of risk through contracts or insurance policies. For example, when an organization purchases insurance, it effectively transfers the risk of potential losses to the insurance company. By doing this, the organization can protect itself against significant financial impacts from unforeseen events.

Transference does not eliminate the risk; rather, it redistributes the responsibility for managing that risk. This approach is suitable for organizations looking to reduce their risk exposure while retaining business continuity by relying on specialized entities that can manage specific risks more effectively.

Other strategies like avoidance, mitigation, and acceptance address risk differently. Avoidance means eliminating the risk entirely by not engaging in activities that generate risk. Mitigation focuses on reducing the likelihood or impact of the risk through proactive measures, such as implementing security controls. Acceptance involves recognizing the risk and choosing to absorb any potential losses, often because the risk is deemed manageable or the cost of mitigation is too high. These strategies serve different purposes in a comprehensive risk management framework, but transference specifically emphasizes the shifting of risk to another party.