High Quality Risk Assessment means a process of sound planning; careful definition of context; and facilitating comprehensive risk ID. What is the true significance of the risk register you’ve built so carefully? How does it lead to dramatic, breakthrough risk mitigation?

Show Notes

Facilitating risk assessment
Last episode in our our discussion on how to facilitate High Quality Risk Assessment, we covered finer points on how to facilitate the session, as well as the minimum necessary steps to assess risk: Likelihood, Consequence, Existing controls; Tolerance. This methodology is presented as a generic model for your consideration.

Risk register - what goes into it? Let’s move on now to consider carefully the full significance of the risk register. 

What have we accomplished so far?
Do we have a one-dimensional risk assessment? No, it is multi-disciplinary. Do we have notes from a wandering discussion? No, we have the result of a disciplined procedure.

In fact, we have semi-quantitative analysis; that is, the numerical ranking of a series of qualitative statements which might otherwise have simply been lumped together indiscriminately.

The qualitative statements (risk statements) are themselves a product of refinement, informed by:
- sound planning process;
- opinion of key persons;
- consistent definition of context and risk;
- contemplation of many sources of risk (risk categories).

Significance: Quality is being infused into the process at each step -- without necessarily spending more time in planning and meetings than was done previously.

The risk ID process, using the closely defined and consistent formulation of risk statements -- always focused on the intended goals and objectives -- results in a document expressing a concentration of careful analysis.

The result: the risk register participants start to perceive the risk profile in a much more nuanced and insightful manner than they were able to do before.

Breakthrough Risk Mitigation
If the risk register is developed as we recommend, how does it lead to formulating mitigation action that is truly “breakthrough” and dramatic?

2 procedures
- expert participants in risk ID and mitigation sessions
- sorting on risk information to shed light on the risk profile

novel interpretation of risk profile: identify fundamental risks
- the risk profile that is more than the sum of its parts, thanks to the rigour in the process
- the insight is then possible into previously unnamed fundamental risks that undermine the business
- could be a trust issue, or personnel burnout, or something involving attitudes and motivations
- the sheer rigour in the process leads to addressing the issue and novel solutions

evidence-based decisions
- the risk register enables evidence-based decisions, where subjective experience can be gathered in a process that has credibility and rigour

consider values as serious risk criteria to arrive at novel solutions
- e.g., the mechanics of the operation seem fine, but confident complaints (and harm to the business) are values-related 

creativity and innovation
- introducing imaginative and unorthodox solutions
- taking it offline as special project
- do not short-change this part of the process

How is the risk register used going forward?
- transformed from a static snapshot to a dynamic management tool


1. Facilitating High Quality Risk Assessment signifies not only procedural tips but also reviewing 4 distinct criteria for each risk.
2. The risk register, when complete, consists of highly refined and carefully qualified information, and has validity by virtue of the quality that went into the planning and risk ID processes.
3. The result is that participants are able to gain a much more complete, nuanced and incisive view of the risk profile than they would normally think of.
4. This enables, in turn, dramatic, breakthrough risk mitigation, often consisting of finally recognizing and solving fundamental and chronic business problems that were undermining the organization’s mission and operations.

”Poorly understood chronic problems often have to do with the nebulous and difficult questions of communications and working relationships...” (Robertson, p.58, Section 2.5 Risk Mitigation and Review)

(E. Robertson 2016) Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation

(E.Robertson 2006) Navigating the Labyrinth: Risk Analysis for Tough Issues
This article relates 2 case studies: the consideration of corporate values led to breakthrough mitigation.