What strategy involves eliminating risks that exceed an organization's appetite for risk?

The strategy that involves eliminating risks that exceed an organization's appetite for risk is avoidance. This approach focuses on entirely removing the threat or risk instead of managing it. When an organization determines that a particular risk is too high in relation to its risk tolerance, it may choose to stop pursuing certain activities, processes, or projects that could lead to that risk materializing. By doing so, the organization aims to protect itself from potential harm, ensuring that it remains within its acceptable risk boundaries.

In contrast, mitigation focuses on reducing the impact or likelihood of the risk rather than eliminating it. Acceptance involves acknowledging the risk and deciding to live with it, often because the potential impact is deemed acceptable. Transference shifts the risk to another party, such as through insurance or outsourcing, rather than eliminating it. Thus, avoidance is the most direct strategy for eliminating risks that exceed an organization's risk appetite.