High Quality Risk Assessment implies comprehensive risk identification using certain guidelines to elicit and record notions of risk, and a sensible assessment using four key criteria. I share a generic methodology developed and refined over years with clients.
Instead of the disparate and vague risk information often gathered through interviews and informal, ad hoc approaches, we used an ordered method. We want to benefit from many person-years of experience and professional memory, mapped against a common context, in the most efficient way possible, within the constraints of the limited resources.
- directly related to goals and core values;
- projection of future imagined possibilities by virtue of careful consideration of context;
- comprehensive by virtue of 3 elements;
- efficiently completed, within a focused context.
And referring to earlier podcast episodes, we see the quality of our risk ID rests on a firm foundation of informed planning and proper goal formulation.
Conducting the risk identification and assessment session
- the best use of meeting time;
- balance between free-flowing discussion and close analysis (risk formulation);
- practical tips in facilitating the session;
- my method is what I call LIFT: Listen; Interpret; Formulate; Test;
- your personal facilitation style;
- demonstration of method: skills transfer.
What are the four aspects of risk assessment, to be captured in the risk register?
- particular design of the risk register: see recommendations in Tools and Templates;
- Likelihood (probability); Consequence (severity);
- Existing controls, not considered as just financial controls;
- Risk tolerance - use short high-medium-low statement in risk register;
- Making sense of “risk tolerance” (see article on risk tolerance and risk appetite);
- Order of operations at the risk identification session
1. The definition of High Quality Risk Assessment was given in Ep 04; I repeat it here for convenience.
3. The whole method is grounded in consistent definitions and rigorous planning practice.
4. Facilitating the session is a matter of practice, with several nuances and finer points, ideally first explored in trial runs on smaller projects.
5. My method can be summarized as LIFT (Listen; Interpret; Formulate; Test).
6. Risk assessment per se is a matter of specifying four criteria (L; C; controls; tolerance).
Definition of High Quality Risk Assessment
“The comprehensive identification and analysis of phenomena that could prevent the achievement of objectives, or compromise associated values, of a researched and planned program, followed by a principled response.” (Solving the ERM Puzzle, p.11)
(Robertson 2016) Enterprise Risk Management Tools and Templates
(Robertson 2016) Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation
RIMS document, pdf download Exploring Risk Appetite and Risk Tolerance
What is Risk Commentary?
We see a striking contradiction in all businesses: the sharply increasing need for Enterprise Risk Management, as opposed to risk managers' persistent reports of low perceived value of their own processes. Correctly implemented, High Quality Risk Assessment will not only address uncertainty, but even solve chronic business problems. Join Edward Robertson, successful ERM practitioner and thought leader, to discover a simple process that delivers clear value.