5 Tips for More Effective Risk Assessments

Regular risk assessments are one of the most important pillars of any risk management department. Although performing risk assessments is now considered best practice, it’s easy to overestimate their comprehensiveness. As a result, some risk managers are doomed from the start to mediocre results.

For a quick check on the adequacy of your risk assessments, determine how many of the following 5 best practices your program has ingrained in its ERM process.

See the graphic below to learn our 5 tips for more effective risk assessments:


  1. Adopt a root-cause approach: Root cause tells us why an event occurs and is the most effective way to collect risk data. Using the five root source categories (External, Process, Systems, People, Relationships) will help determine the most effective mitigation strategies.
  2. Standardize assessment scale and criteria: The biggest barrier to effective risk assessments is subjectivity. Subjectivity prevents assessments from being useful across multiple business silos, even when relevant. Standard, enterprise-wide scale and criteria make assessments applicable to every department, minimizing duplicative work.
  3. Link risks to action plans: Once risks have been identified and evaluated, the next step is assigning them action plan strategies (also known as controls or mitigation activities). Even if multiple risks are linked to the same mitigation, formalizing this step is the only tried and true way of ensuring activities neutralize the root cause. Without proper links, controls might mitigate a symptom rather than the source, and turn into form-over-substance activities. Also it is impossible to evaluate the effectiveness of a control without knowing the risk that the controls is managing.
  4. Connect risks to strategic goals: Identifying your organization’s most important goals is an indirect yet important facet of risk management; it is difficult to ensure strategic goal achievement if you don’t know what the risks are at the operational level. After identifying your most critical strategic goals, linking them to the root-cause risks from Step #2 will enable you to identify and prioritize vulnerabilities and build the business case for getting resources to address these vulnerabilities.
  5. Embed ERM in everyday activities: Simply put, risk should be a part of everyone’s job responsibility. You should begin integrating a risk-based approach, or what we refer to as enterprise risk management (ERM), into everyone’s day-to-day activities by starting with your own area. All surprises in business are bad, from minor surprises like missing a deadline to major surprises like audit findings, budget over-runs or regulatory scrutiny.

For more detailed information about improving your risk assessment process, download our free best-practice eBook, 5 Steps for Better Risk Assessments.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky is a recognized thought leader in risk management, CEO and Founder of LogicManager. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts and published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!