Brad Egeland has a nice post Cover Your Risk From All Angles. Brad lists Risk Avoidance and Risk Mitigation as two (2) approaches to Risk Handling. While these are legitimate approaches, there is a critical flaw in all these approaches.
When we have identified a risk and a mitigation plan, the execution of that plan occurs when the risk turns into an issue. When the issue is be "handled" there must be budget assigned for this handling. And there must be time in the schedule for executing this "handling" work effort.
Now if the project is disciplined, the Risk Management Budget will be withheld and there will be "margin" in the schedule for this new work.
A Better Approach
In the current mission critical programs we work, the approach is Risk Retirement. This approach identifies the work activities needed to make the Risk go away before it turns into an Issue. This approach can be applied to High Risk items. If these were to turn into Issues, the schedule would likely be impacted.
In less disciplined environments, it is also likely that the budget for the Risk Handling would have been spent. So there is a double impact on the project - you're late and you're over budget.
Think about Risk Retirement for those risks that if they came true would have unfavorable impact.