Risks? We don’t have any… 6 Steps to Identify Organisational Risks

February 19, 2024

More often than not, Risk Managers confess to us that when they ask their colleagues about the critical risks in their department, the answer is:

“We have no risks!”

This is a problem, since it highlights that the concept – what is a risk – is unclear.

We recommend Risk Managers to take an actionable list to their next risk management brainstorming session to help identify all possible risks that could impact their organisation:

1. Create a list of following categories to look into:

  1. Competitive
  2. Financial
  3. Safety
  4. Operational
  5. Technological
  6. Legal
  7. Political
  8. Reputational

You can combine the list items or rewrite / add them according to your company activities. This list helps you to look at your organisation’s activities from various angles.

2. Look at the processes in each department and think about the ways a process can go wrong and what can be the result of that. It might be that a person in a central role leaves the organisation. Or an important piece of information goes missing due to delays. The devices (computers) might malfunction or get hacked (yikes!). Pragmatically, you can start by listing processes together with the Department Heads, considering that each process should have at least one risk connected to it. Most probably you will end up with a long list of risks.

3. Consider your suppliers, sub-contractors, and collaboration partners who are associated with you – they too can impact the risk level. For a smaller company you can address this at an organisational level, bigger companies maintain a specific vendor risk management frameworks.

4. Take a wider look at your industry – What are the things that can go wrong at the industry level? What are the trends in your industry? Are there new regulations? Any industry news that might reflect badly on your company as well? Any new competitors with disruptive (e.g. AI) technologies in the horizon? Does it impact your overall strategy?

5. Watch out for the geo-political impacts. These can be weather conditions, upcoming elections, tax system changes, economical situations, etc. that you cannot influence but that might have an impact on your business or your industry in your region.

6. Seek continuous feedback. All employees, key stakeholders, customer feedback and customer support can unveil some new or emerging risks. Actual incidents and near-misses are the key indicators of problem areas that you will need to address.

By conducting a comprehensive risk analysis regularly based on your internal risk tolerance (we will talk about this soon) will make your business more resilient and productive.

The best way to do this is to organise brainstorming sessions across multifunctional teams. Risk Management is a collaborative process. That is why we love to do it in Jira.

SoftComply Risk Manager Plus is the most advanced risk management app on Jira Cloud today. Thanks to its high level of configurability and out-of-the-box templates for Risk Models and Risk Registers to kick-start your risk management in Jira, it is one of the fastest growing risk apps in Jira Cloud. Schedule a demo with our risk management experts to learn more or try out the app for 30 days for free.

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

13485 implementation guide
Picture of Marion Lepmets

Marion Lepmets

CEO
December 18, 2024

The Internet is full of articles about the implementation of ISO 13485. They talk about “Getting management support”, “Obtain The Documents And Study The Requirements”, “Develop An Implementation Plan”, “Evolution of a Quality Management System”, and other seemingly complex topics. Although comprehensive, most of these articles are self-serving, aimed at...

SaMD Guide to Compliance
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
December 3, 2024

Introduction The first contact with the Medical Device regulatory world is a shock for most startups. These companies usually have excellent technical and clinical ideas on how to improve the patient’s life, but little knowledge of the legal burdens required to bring the medical device to the market. The technical...

e-signature
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
November 26, 2024

What is an “Electronic Signature”? Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. (21 CFR 11.3) In other words, to Electronically Sign a document means to...