The best course of action when an organization wants to reduce likelihood in order to reduce a risk level is to implement preventive measures. Likelihood is the probability or chance of a risk occurring, and risk level is the combination of likelihood and impact of a risk. Preventive measures are controls that are designed to prevent or deter the occurrence of a risk, such as policies, standards, procedures, guidelines, etc. Implementing preventive measures is the best course of action, because it helps to reduce the likelihood of a risk, and consequently, the risk level. Implementing preventive measures also helps to protect and enhance the organization’s objectives, performance, and improvement. The other options are not the best course of action, although they may be related to the risk management process. Monitoring risk controls, implementing detective controls, and transferring the risk are all activities that can help to manage or mitigate the risks, but they do not necessarily reduce the likelihood or the risk level. References = Risk and Information Systems Control Study Manual, Chapter 4, Section 4.3.1, page 4-21.