Is your risk assessment process up to scratch?

Image by mohamed Hassan from Pixabay

By Henry Brown

Today’s businesses face a host of risks – many of which they didn’t in the past. But the majority of them are running outdated risk assessment processes. They think that they’re up to speed on the latest tools and techniques, but they’re not.

In this post, we look at how your company can identify risks and implement a good process.

Identify the risks that your company faces

Identifying the risks that your company faces is the first step to a good risk assessment process. You want to know what types of events could interrupt the status quo and prevent your operations from moving forwards normally.

How you discover these risks depends on your type of business. If you run a knowledge-type business, a simple brainstorming session might suffice. However, if you do anything more complex or industrial, you’ll want to include other tools, such as process hazard analysis.

By the end of the process, you want to characterize all the risks that your organization faces fully and, if possible, associate a cost with them.

Categorize your risks

The next step is to put all your risks into different categories. How you do this is again down to the type of industry in which your company operates. But most firms like to use insurance risks, operations risks, strategic risks, and market risks as their categories. There are very few that don’t fit into these categories.

Identify controls

After you do that, the next step is to identify your controls: the things you do to mitigate risks – and how they fit into your overall operation.

Ideally, you want to associate each type of risk with a specific person. The buck should always stop somewhere.

By doing this, you create a situation where there are incentives in your business to control risks. If there is a problem, it will reflect poorly on the person responsible for it. And that is a great way to keep on top of the risks that your enterprise faces.

Conduct an annual risk assessment

Conducting an annual risk assessment is a great way to speed with how your company manages risks periodically. Many firms will conduct risk assessments every three or four years or so, but that doesn’t give you the granularity you need to respond to emerging threats. Market risks, for instance, don’t remain constant for long. They can escalate rapidly in the space of a few short months.

When conducting a risk assessment, you want to do two things: ask yourself about the significance of a particular event (in terms of its financial impact) and the likelihood that it will occur.

There may be some high-impact events, but they could be very unlikely – so much so that it isn’t worth worrying about them. Similarly, there could be a lot of small-impact events that are extremely likely to happen.

The most dangerous are those that are high impact and likely to occur at some point in your enterprise’s life. Those are the ones you need to focus on mitigating the most.


Henry Brown is an online marketing executive. When he isn’t talking shop, he’s roaming the streets of London, uncovering the extra-ordinary in the ordinary.


Leave a Reply

The Self-Employment Survival Guide can help you succeed. Learn all about it here.

Self-Employment Survival Guide book cover