In risk management, which strategy is about addressing the risk after it has occurred?

Risk retention is the strategy that focuses on managing risks after they have occurred, acknowledging that some risks may be unavoidable or inherent to the business processes. When an organization opts for risk retention, it essentially decides to accept the consequences of a risk and manage it internally rather than trying to prevent or transfer it. This can involve budgeting for potential losses or developing response plans to mitigate the impact of the risk once it materializes.

This approach often makes sense for risks that are low in severity or frequency, allowing the organization to allocate resources to other areas while still being prepared to handle the aftermath of a risk event. In contrast, the other risk management strategies aim to either eliminate (avoidance), shift (transfer), or minimize (control) risks before they occur. Each of these strategies plays a crucial role, but risk retention specifically deals with the situation after a risk has unfolded, making it the correct answer in this context.