Risk Response is the activity following the Risk Assessment when a Risk has been identified. The response to the risk identified is usually completed by the management (or risk owner) of the business unit for which the risk was identified. The response should include an action plan of how the business unit management or risk owner plan to mitigate or eliminate the risk. Management or the owner of the risk have an obligation to carefully consider how the risk affects the business, and who should be included in crafting a response.
A key point in this process is that the output or deliverable needs to clearly defined for the risk owners. They need to know how to evaluate the risk. Not all risks need to be mitigated or eliminated, some risks must be incurred so that the business can continue to make money.
An important step in creating action plans id developing Key Risk Indicators. This is beneficial for two reasons; 1. you can measure remediation progress of a risk you wish to eliminate, and 2. if the risk is one you need incur for business viability this risk indicator will allow you to measure and monitor the risk and take action accordingly. There's some good resources on the web to get you started, but here's a link to get you going in the right direction: https://subscriber.riskbusiness.com/InterestingReading/42-47.pdf.
