Which risk management practice is most likely to expose an organization to compliance risk?

The practice of risk transfer involves shifting the responsibility for managing a particular risk to another party, typically through mechanisms like insurance or outsourcing certain operations. While risk transfer can alleviate immediate financial exposures, it can also increase compliance risk if the organization relies on the third party to maintain regulatory requirements or standards. If the third party fails to comply with regulations, the original organization may still be held liable, exposing it to potential legal penalties and reputational damage.

In contrast, risk reduction aims to lower the likelihood or impact of risks through various measures, which can enhance compliance by proactively addressing potential issues. Risk avoidance involves eliminating activities that introduce risks altogether, effectively sidestepping compliance risks. Risk mitigation also seeks to minimize risk impacts through controls or safeguards, thereby reinforcing compliance efforts. Thus, while all these practices focus on managing risk, risk transfer is particularly associated with compliance concerns due to the reliance on external entities to uphold required standards.