We are explaining High Quality Risk Assessment, and can finally approach the process of risk identification itself. We can do so with confidence, because all of the procedural and conceptual elements we need are finally in place.

Show Notes

Main points

We discussed last time how supposed risk ID methods are a hodgepodge of (often problematic) procedures, addressing either ways to get at people, or to get at the content, or ways to think. What is needed is all of those elements in a coherent method.

What is the preferred method for High Quality Risk Assessment?

Preferred method: round-table of experts; several advantages; number and selection of participants

Prepared session: agenda, context paper and facilitation aids, including charts and risk categories

Risk formulation: rules - see blog post

Facilitation: tracing through the context; proper conceptualization of risk

Review: conceptual and procedural foundation

Notice that in our preparatory work, we have:
- a proper concept and definition of risk ID and assessment (Ep. 004)
- a procedural grounding in proper planning (Ep. 005, 006)
- a procedural refinement in the creation of a Context Paper for the risk ID session (Ep. 007,008)
- avoided pitfalls entrained by some of the conventional risk ID advice (Ep. 009).

With that kind of preparation, you can rest assured that the risk ID session itself will go much more smoothly, and yield much better results, than the informal, unstructured attempts that usually characterize the first efforts by people trying to get started in risk management. 

The question arises once more: is all of this too much work? I don’t think so. In much of what I describe, it really is a matter of doing what you’re already doing, but improving the quality.

Summary statement of your expected result:

As required in our definition of High Quality Risk Assessment (Ep. 4), we have to identify risk:

- that is consistently conceived among participants as uncertainty connected with goals
- in direct association to intended actions (goals/objectives) that are researched and substantiated
- in relation to defined corporate values which govern behaviour of staff and employees
- comprehensively, considering all possible relevant sources of risk
- as efficiently as possible, being mindful of the constraints in using people’s time
- rigorously, so as not to gather information based on vague and disparate ideas of risk
- within a context using defined assumptions that are documented and so contribute to due diligence
- in such way as to effectively aggregate qualitative and semi-quantitative information

So, there we have a summary description of all the prerequisites and elements of an effective risk identification exercise. In the next episode, we can continue our work in the the round table session by assessing the risks, once they are identified and formulated.

The deliverable for a risk ID and assessment session: "A comprehensive list of risks, arranged in several categories of analysis, with criticality rankings and mitigation measures, arrived at by consensus, to inform an improved business plan." (Robertson p.36)


E. Robertson Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation (2016)