A wholesaler has decided to increase revenue streams by selling direct to the public through an
on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and
form part of the day to day business. The risk manager has raised two main business risks for the
initial trial:
1. IT staff has no experience with establishing and managing secure on-line credit card
processing.
2. An internal credit card processing system will expose the business to additional compliance
requirements.
Which of the following is the BEST risk mitigation strategy?
A.
Transfer the risks to another internal department, who have more resources to accept the risk.
B.
Accept the risks and log acceptance in the risk register. Once the risks have been accepted
close them out.
C.
Transfer the initial risks by outsourcing payment processing to a third party service provider.
D.
Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.