“It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don’t keep your feet, there’s no knowing where you might be swept off to.” (B. Baggins)
The same applies in business in general – no company operates without risks. For you to have started a business, you have already made an assumption that the business opportunities outweigh the risks – else you would not have done it.
After having identified organisational risks, it is time to weigh the risks that you are willing to take (Risk Appetite) and set a Risk Tolerance level for them.
1. Determine your Risk Tolerance
Risk tolerance is what you as an organisation can handle (and for how long) without having a devastating impact on achieving your goals. You can determine the risk tolerance in a brainstorming session together with your (risk) management team.
Examples of the questions to answer could be the following:
Is a possible financial loss of 5K a high or medium impact to your company? What about 1M? If we will lose 1 key customer? If we lose 10 or more smaller customers? Possible result of a negative customer feedback in either a public article or social media post on how we conduct our business? Customer, employee, stakeholder satisfaction?
This exercise will help you define your company’s Risk Tolerance. It will also provide you with insight into how to assess each organisational risk, so that you will know exactly which are the most critical risks that you should address first. These may have a fatal impact to your business.
2. Define a Risk Assessment Model to quantify your risks
In the Risk Model you will have to determine the impact (severity of damage a risk can create) and likelihood (probability of the risk occurring) levels.
You may categorise impact levels as: Low-Medium-High.
Similarly, the likelihood levels may consist of: Unlikely-Probable-Likely.
Using these levels in a simple Risk Model, you will have a Matrix that looks like the image below.
Each of the coloured cell refers to either a Low (Green )- Medium (Amber) – High (Red) Risk.
3. Prioritise your Business Critical Risks
Once you have done the assessment of individual risks, you will have determined specific critical risks in your organisation – High Impact & Likely to Occur. These should be prioritised for risk controls/mitigation to manage the possible impact to your business.
More on how to control or mitigate critical risks, like Frodo having Sam with him on his adventure, in the next post.
SoftComply Risk Manager Plus is the most advanced risk management app on Jira Cloud today. Thanks to its high level of configurability and out-of-the-box templates for Risk Models and Risk Registers to kick-start your risk management in Jira, it is one of the fastest growing risk apps in Jira Cloud. Join our Live Demo on Fridays, schedule a demo with our risk management experts or try out the app for 30 days for free.