What risk

Risks? We don’t have any… 6 Steps to Identify Organisational Risks

19 Feb 2024
by Marion Lepmets

More often than not, Risk Managers confess to us that when they ask their colleagues about the critical risks in their department, the answer is:

“We have no risks!”

This is a problem, since it highlights that the concept – what is a risk – is unclear.

We recommend Risk Managers to take an actionable list to their next risk management brainstorming session to help identify all possible risks that could impact their organisation:

1. Create a list of following categories to look into:

  1. Competitive
  2. Financial
  3. Safety
  4. Operational
  5. Technological
  6. Legal
  7. Political
  8. Reputational

You can combine the list items or rewrite / add them according to your company activities. This list helps you to look at your organisation’s activities from various angles.

2. Look at the processes in each department and think about the ways a process can go wrong and what can be the result of that. It might be that a person in a central role leaves the organisation. Or an important piece of information goes missing due to delays. The devices (computers) might malfunction or get hacked (yikes!). Pragmatically, you can start by listing processes together with the Department Heads, considering that each process should have at least one risk connected to it. Most probably you will end up with a long list of risks.

3. Consider your suppliers, sub-contractors, and collaboration partners who are associated with you – they too can impact the risk level. For a smaller company you can address this at an organisational level, bigger companies maintain a specific vendor risk management frameworks.

4. Take a wider look at your industry – What are the things that can go wrong at the industry level? What are the trends in your industry? Are there new regulations? Any industry news that might reflect badly on your company as well? Any new competitors with disruptive (e.g. AI) technologies in the horizon? Does it impact your overall strategy?

5. Watch out for the geo-political impacts. These can be weather conditions, upcoming elections, tax system changes, economical situations, etc. that you cannot influence but that might have an impact on your business or your industry in your region.

6. Seek continuous feedback. All employees, key stakeholders, customer feedback and customer support can unveil some new or emerging risks. Actual incidents and near-misses are the key indicators of problem areas that you will need to address.

By conducting a comprehensive risk analysis regularly based on your internal risk tolerance (we will talk about this soon) will make your business more resilient and productive.

The best way to do this is to organise brainstorming sessions across multifunctional teams. Risk Management is a collaborative process. That is why we love to do it in Jira.

SoftComply Risk Manager Plus is the most advanced risk management app on Jira Cloud today. Thanks to its high level of configurability and out-of-the-box templates for Risk Models and Risk Registers to kick-start your risk management in Jira, it is one of the fastest growing risk apps in Jira Cloud. Schedule a demo with our risk management experts to learn more or try out the app for 30 days for free.

Try us out on

SoftComply apps are available on Atlassian Marketplace – you can try them all out for free!