Are Risk Assessments a Waste of Resources?

risk_assessment_template_KC-500x271.png?width=300Where are there more homicides? Detroit or Michigan?

Most people would say Detroit, even though every murder in Detroit also takes place in Michigan. Our initial impressions, even those we have the utmost confidence in, can quickly and easily lead us astray. Avoiding such misconceptions is the value that risk assessments provide ERM programs.

Many risk managers we hear from rightfully criticize risk assessments designed around impact and likelihood to be too subjective, high level, and “fluffy” to provide meaningful analysis. These are accurate criticisms if high level risk assessments are the first and last step of your ERM process, but true Enterprise Risk Management encompasses a great deal more, such as the monitoring of incidents & key performance metrics, development of controls and contingency plans, as well as the integration of risk governance functions like vendor management and business continuity.

Those that recognize the need for ERM to encompass more than risk assessments are likely to ask: If risk assessments are only a small piece to the puzzle, why then is it even necessary to conduct them?

That is where perception vs reality comes in. Higher level risk assessments, when conducted with a standardized risk assessment criteria and evaluation template, are designed to align organizational priorities and point you to the risks and controls that require more detailed analysis and monitoring.

The problem is organization’s resources are limited, and conducting deep analysis of all enterprise risk is both resource intensive and ineffective. But as we’ve shown, using intuition to determine the most critical business areas and functions is also a risky assumption.

Risk assessments provide a method for risk owners to elevate their concerns so that they can be handled appropriately and escalated in accordance with their relative risk. Even the process of relating risks to strategic objectives can unveil hidden dependencies and leading indicators that would have otherwise slipped through the cracks.

Their role in formalizing priorities is why Risk Assessments are one of the most critical first steps in establishing an ERM process.

For the Risk Management programs that have moved beyond risk assessments, we encourage the more holistic, detailed analysis that accompanies all mature ERM programs. Be wary, however, of the trap that bypassing these assessments can have.

Risk assessments are not a waste of resources, they’re a more effective way of allocating them.


Just beginning to formalize your risk assessment process? Download our free risk assessment template or eBook on 5 Steps for Better Risk Assessments.


Votes: 0
E-mail me when people leave their comments –

Steven Minsky is a recognized thought leader in risk management, CEO and Founder of LogicManager. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts and published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!