money it would have lent out, but it also means that the bank loses
            the opportunity to make any money on the transaction.
            These are examples of risk management. The risk to a bank means
            opportunity  but  also  potential  loss.  Refusing  credit  to  a  poor
            customer is an example of the risk response methodology known
            as risk avoidance. Loaning money to a client is an example of risk
            acceptance.  Lending  money  at  a  higher  rate  of  interest  or
            requiring the client to provide collateral to support the loan is a
            form of risk mitigation. Re-insuring the loan with other lending
            firms or spreading a jumbo loan across multiple lending firms is
            a form of risk transference.

            Risk management, therefore, is not just about avoiding risk. It is
            about managing risk by assessing risk, evaluating the level of risk,
            determining  what  would  be  an  acceptable  risk  level,  and  then
            continuing to monitor the threat once it has been accepted. Any
            changes  in  the  risk  level  should  be  identified  as  quickly  as
            possible  -  and  perhaps  mitigated  through  new  controls  or
            countermeasures.



            Controls
            The response to risk is control. Controls may be technical (tools
            - anti-virus, password-based access controls), managerial
            (policy, Human resources practices), operational (procedures),
            and physical (locks). Controls may also be known as safeguards
            (proactive) such as awareness training and countermeasures