5 Steps for Better Risk Assessments

Risk managers are charged with ensuring transparency, alignment, and forward looking views throughout the organization.  The way this is achieved is through risk assessments. 

Successful enterprise risk assessments can be a powerful tool for board and management level strategic decision making by connecting business activities to goals and identifying the risks that threaten to derail these strategic objectives.  An unsuccessful risk assessment is little more than a form over substance activity that lacks context and actionable results. 

So, how do you implement a successful enterprise risk assessment

The key is being able to compare information across functions and levels while keeping one comprehensive risk picture.

  1. Standardize your Risk Assessments Templates - Activities like vendor management, business continuity, compliance, IT, financial reporting, operations, internal audit, and others are all informal risk assessments. When these assessments are carried out on the same standards and assumptions, defined in a taxonomy, they can be compared and utilized cross-functionally.
  2. Common Root Cause Risk Identification Approach - Risk managers should provide a common root cause risk library to process owners so that when multiple areas chose the same risk, systemic risks as well as upstream and downstream dependencies can easily be identified and mitigated. This method also identifies areas that would benefit from centralized controls so the extra work of maintaining separate activity level controls is eliminated.
  3. Performance Management: Alignment of Activities, Goals and Risks - Risk managers need to tie root cause risks to strategic goals and trace these same risks through the process areas that they affect in order to determine which activities will roll-up to impact organizational objectives.  Once these connections are made clear, risk managers are able to prioritize the effectiveness of controls, so that resources and focus are allocated to the issues that will yield the greatest benefit to the organization.
  4. ERM Reporting: Group Information for Multiple Stakeholders - Because assessments are conducted on the same standards and assumptions and risks are identified at a root cause level from a common library, process owners can do one risk assessment, and the information can be sliced, diced, and aggregated to serve multiple purposes.  It will provide a functional insight for the process owner, tie into governance areas like vendor management, and serve a strategic purpose by rolling-up into board level objectives.
  5. Risk Appetite: Timing and Trends - Risk assessments must be conducted on a regular basis and when approaching business changes, new initiatives, or high risk issues.  Being able to view the trends over time gives the organization's static risk profile context and a reference point so that necessary actions can be taken when you start seeing small changes in your risk profile before things get out of tolerance.

To see these best practices in action to uncover changes in risk to prioritize controls, tests and business metrics, watch this 5 minute video.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!