High Quality Risk Assessment implies comprehensive risk identification using certain guidelines to elicit and record notions of risk, and a sensible assessment using four key criteria. I share a generic methodology developed and refined over years with clients.

Show Notes


Let’s review what we accomplished by using a round table of experts (described last time) for risk identification, then go ahead with further detail on the process: how to facilitate High Quality Risk Assessment. There are four key criteria essential to risk assessment.

Instead of the disparate and vague risk information often gathered through interviews and informal, ad hoc approaches, we used an ordered method. We want to benefit from many person-years of experience and professional memory, mapped against a common context, in the most efficient way possible, within the constraints of the limited resources. 

Risk identification, done properly, is:

- understood among participants using clear definitions;
- directly related to goals and core values;
- projection of future imagined possibilities by virtue of careful consideration of context;
- comprehensive by virtue of 3 elements;
- efficiently completed, within a focused context.

And referring to earlier podcast episodes, we see the quality of our risk ID rests on a firm foundation of informed planning and proper goal formulation.

Conducting the risk identification and assessment session
- the best use of meeting time;
- balance between free-flowing discussion and close analysis (risk formulation);
- practical tips in facilitating the session;
- my method is what I call LIFT: Listen; Interpret; Formulate; Test;
- your personal facilitation style;
- demonstration of method: skills transfer.

Risk assessment
What are the four aspects of risk assessment, to be captured in the risk register?
- particular design of the risk register: see recommendations in Tools and Templates;
- Likelihood (probability); Consequence (severity);
- Existing controls, not considered as just financial controls;
- Risk tolerance - use short high-medium-low statement in risk register;
- Making sense of “risk tolerance” (see article on risk tolerance and risk appetite);
- Order of operations at the risk identification session


1. The definition of High Quality Risk Assessment was given in Ep 04; I repeat it here for convenience.

2. The most advantageous method for risk identification is the round table of experts approach.
3. The whole method is grounded in consistent definitions and rigorous planning practice.
4. Facilitating the session is a matter of practice, with several nuances and finer points, ideally first explored in trial runs on smaller projects.
5. My method can be summarized as LIFT (Listen; Interpret; Formulate; Test).
6. Risk assessment per se is a matter of specifying four criteria (L; C; controls; tolerance).

Definition of High Quality Risk Assessment
“The comprehensive identification and analysis of phenomena that could prevent the achievement of objectives, or compromise associated values, of a researched and planned program, followed by a principled response.” (Solving the ERM Puzzle, p.11)

(Robertson 2016) Enterprise Risk Management Tools and Templates
(Robertson 2016) Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation
RIMS document, pdf download Exploring Risk Appetite and Risk Tolerance