We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

5 Tips for More Effective Risk Assessments

Vote 0 Votes

Regular risk assessments are one of the most important pillars of any risk management department. Although performing risk assessments is now considered best practice, it's easy to overestimate their comprehensiveness. As a result, some risk managers are doomed from the start to mediocre results.

For a quick check on the adequacy of your risk assessments, determine how many of the following 5 best practices your program has ingrained in its ERM process.


5 Tips for More Effective Risk Assessments.png
  1. 1. Adopt a root-cause approach: Root cause tells us why an event occurs and is the most effective way to collect risk data. Using the five root source categories (External, Process, Systems, People, Relationships) will help determine the most effective mitigation strategies.
  2. 2. Standardize assessment scale and criteria: The biggest barrier to effective risk assessments is subjectivity. Subjectivity prevents assessments from being useful across multiple business silos, even when relevant. Standard, enterprise-wide scale and criteria make assessments applicable to every department, minimizing duplicative work.
  3. 3. Link risks to action plans: Once risks have been identified and evaluated, the next step is assigning them action plan strategies (also known as controls or mitigation activities). Even if multiple risks are linked to the same mitigation, formalizing this step is the only tried and true way of ensuring activities neutralize the root cause. Without proper links, controls might mitigate a symptom rather than the source, and turn into form-over-substance activities. Also it is impossible to evaluate the effectiveness of a control without knowing the risk that the controls is managing.
  4. 4. Connect risks to strategic goals: Identifying your organization's most important goals is an indirect yet important facet of risk management; it is difficult to ensure strategic goal achievement if you don't know what the risks are at the operational level. After identifying your most critical strategic goals, linking them to the root-cause risks from Step #2 will enable you to identify and prioritize vulnerabilities and build the business case for getting resources to address these vulnerabilities.
  5. 5. Embed ERM in everyday activities: Simply put, risk should be a part of everyone's job responsibility. You should begin integrating a risk-based approach, or what we refer to as enterprise risk management (ERM), into everyone's day-to-day activities by starting with your own area. All surprises in business are bad, from minor surprises like missing a deadline to major surprises like audit findings, budget over-runs or regulatory scrutiny.

For more detailed information about improving your risk assessment process, download our free best-practice eBook, 5 Steps for Better Risk Assessments.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives