FCA and PRA licenses (authorisations) and ongoing compliance support, training, recruitment. Contact us 7 days a week, 8am-11pm. Free consultations. Phone / Whatsapp: +4478 3368 4449  Email: hirett.co.uk@gmail.com

1 About the Mitigating Action Plan

When risks are identified and assessed as being acceptable to the functioning of the business and cannot be eliminated, we develop and implement mitigating actions where possible, to reduce the impact and/or likelihood of the risk. Managers use the Risk Mitigating Action Plan for each risk, detailing what actions, processes and controls can be used to reduce the risk.

Each risk is addressed and reviewed, with managers then developing and documenting measures and controls that will reduce the risk impact and likelihood. It is not possible to eliminate all risks, but we aim to reduce them to an acceptable level. Our aim is always to assess whether the impact to the business or an external individual or entity are proportionate to the objectives of the project/function and when deciding if the risk is acceptable. Mitigating actions aim to reduce the risk to its lowest rating when it is the re-assessed and given a revised rating.

2 Mitigating Action Plan

# Risk to be mitigated Current rating Detail corrective actions, solutions and mitigating controls that address the risk Reduced, Eliminated or Accepted Has the solution(s) reduced the risk enough to proceed/implement? New risk rating
PR1 E.g. Employee forgets to turn off call recording during payment processing  


1. Use automated recording system to turn off recording at set trigger

2. Audit all calls at end of each day to ensure no credit card details have been recorded


Risk Reduced

Human error removed from risk, although system could still fail to turn off at trigger. Manual call audit means any recording will still be identified and remove at end of each day.  


PR2 E.g. Customer data incorrectly imported onto system using automated process  


Utilise manual audits of files after import

Edit system to match fields with correct data

Accepted Mitigating actions will only slightly reduce risk, but automatically importing data is an essential business function that cannot be replaced with manual entry