An IT auditor identified a potential risk related to the organization's reliance on a legacy system that is no longer supported by the vendor. The management team decides to replace the legacy system with a modern, supported solution. What risk management strategy is the organization utilizing?