Control activities are designed to address the operational risks that a licensee has identified. For all material operational risks that have been identified, the licensee should decide whether to use appropriate procedures to control and/or mitigate the risks, or bear the risks. For those risks that cannot be controlled, the licensee should decide whether to accept these risks, reduce the level of business activity involved, or withdraw from this activity completely.