Risks? We don’t have any… 6 Steps to Identify Organisational Risks

February 19, 2024

More often than not, Risk Managers confess to us that when they ask their colleagues about the critical risks in their department, the answer is:

“We have no risks!”

This is a problem, since it highlights that the concept – what is a risk – is unclear.

We recommend Risk Managers to take an actionable list to their next risk management brainstorming session to help identify all possible risks that could impact their organisation:

1. Create a list of following categories to look into:

  1. Competitive
  2. Financial
  3. Safety
  4. Operational
  5. Technological
  6. Legal
  7. Political
  8. Reputational

You can combine the list items or rewrite / add them according to your company activities. This list helps you to look at your organisation’s activities from various angles.

2. Look at the processes in each department and think about the ways a process can go wrong and what can be the result of that. It might be that a person in a central role leaves the organisation. Or an important piece of information goes missing due to delays. The devices (computers) might malfunction or get hacked (yikes!). Pragmatically, you can start by listing processes together with the Department Heads, considering that each process should have at least one risk connected to it. Most probably you will end up with a long list of risks.

3. Consider your suppliers, sub-contractors, and collaboration partners who are associated with you – they too can impact the risk level. For a smaller company you can address this at an organisational level, bigger companies maintain a specific vendor risk management frameworks.

4. Take a wider look at your industry – What are the things that can go wrong at the industry level? What are the trends in your industry? Are there new regulations? Any industry news that might reflect badly on your company as well? Any new competitors with disruptive (e.g. AI) technologies in the horizon? Does it impact your overall strategy?

5. Watch out for the geo-political impacts. These can be weather conditions, upcoming elections, tax system changes, economical situations, etc. that you cannot influence but that might have an impact on your business or your industry in your region.

6. Seek continuous feedback. All employees, key stakeholders, customer feedback and customer support can unveil some new or emerging risks. Actual incidents and near-misses are the key indicators of problem areas that you will need to address.

By conducting a comprehensive risk analysis regularly based on your internal risk tolerance (we will talk about this soon) will make your business more resilient and productive.

The best way to do this is to organise brainstorming sessions across multifunctional teams. Risk Management is a collaborative process. That is why we love to do it in Jira.

SoftComply Risk Manager Plus is the most advanced risk management app on Jira Cloud today. Thanks to its high level of configurability and out-of-the-box templates for Risk Models and Risk Registers to kick-start your risk management in Jira, it is one of the fastest growing risk apps in Jira Cloud. Schedule a demo with our risk management experts to learn more or try out the app for 30 days for free.

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

New Cybersecurity Risk Management Features in Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
November 8, 2024

The Role of Cybersecurity in Medical Device Safety The Global medical device market is a $800 billion business that is rapidly growing, especially in the area of software as a medical device (SaMD). The majority of the SaMD segment is made up of the digital health and digital therapeutics solutions,...

Medical Device Compliance Guide
Picture of Marion Lepmets

Marion Lepmets

CEO
September 23, 2024

Introduction This medical device compliance guide focuses on the key requirements and strategies for navigating the regulatory landscape. We will cover the role of major regulatory bodies like the FDA, the classification of devices, and the importance of quality management. We will also discuss the challenges of global compliance and...

CVSS-FDA-cybersecurity-medical-devices-1712x599-c
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
September 16, 2024

This case study describes the experience of a multinational medical device manufacturer meeting the FDA cybersecurity requirements. The company is operating in the MedTech sector developing a class 2/IIb device consisting of hardware and software. The company spent about 2 years working on the security risk management of the device....