Risk management involves talking appropriate action to risks identified. As part of that process an internal audit department might classify risks based on the probability that an event will occur and the impact of that event if it does occur. This gives four possible classifications:

i. High impact, high likelihood; for example, in a market where there are no significant barriers to entry, new suppliers may easily enter the market place enter the market place reducing the company's market share and profit margins.

ii. High impact, low likelihood; for example, a fire in a company's warehouse destroying inventory.

iii. Low impact, low likelihood; for example, minor damage caused by unlikely weather events.

iv. Low impact, high likelihood; for example, low level theft of the company's inventories from retail stores.

Strategies to deal with these risks include: transfer, reduce, or accept risks.

Required

For each of the examples given above describe how the business might manage the risk.