Any given risk could have appropriate actions in any or all these categories.
There may be no cost-effective actions available to deal with a risk, in which case the risk must be accepted or the justification for the project revisited (to review whether the project is too risky), possibly resulting in the termination of the project.
The results of the risk evaluation activities are documented in the Risk Log.
If the project is part of a programme, project risks should be examined for any impact on the programme (and vice versa).
Where any cross-impact is found, the risk should be added to the other Risk Log.