Image: Warner Bros.

3 Simple Steps to Prioritising your Critical Risks

February 27, 2024

“It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don’t keep your feet, there’s no knowing where you might be swept off to.” (B. Baggins)

The same applies in business in general – no company operates without risks. For you to have started a business, you have already made an assumption that the business opportunities outweigh the risks – else you would not have done it.

After having identified organisational risks, it is time to weigh the risks that you are willing to take (Risk Appetite) and set a Risk Tolerance level for them.

1. Determine your Risk Tolerance

Risk tolerance is what you as an organisation can handle (and for how long) without having a devastating impact on achieving your goals. You can determine the risk tolerance in a brainstorming session together with your (risk) management team.

Examples of the questions to answer could be the following:

Is a possible financial loss of 5K a high or medium impact to your company? What about 1M? If we will lose 1 key customer? If we lose 10 or more smaller customers? Possible result of a negative customer feedback in either a public article or social media post on how we conduct our business? Customer, employee, stakeholder satisfaction?

This exercise will help you define your company’s Risk Tolerance. It will also provide you with insight into how to assess each organisational risk, so that you will know exactly which are the most critical risks that you should address first. These may have a fatal impact to your business.

2. Define a Risk Assessment Model to quantify your risks

In the Risk Model you will have to determine the impact (severity of damage a risk can create) and likelihood (probability of the risk occurring) levels.

You may categorise impact levels as: Low-Medium-High.

Similarly, the likelihood levels may consist of: Unlikely-Probable-Likely.

Using these levels in a simple Risk Model, you will have a Matrix that looks like the image below.

Each of the coloured cell refers to either a Low (Green )- Medium (Amber) – High (Red) Risk.

3. Prioritise your Business Critical Risks

Once you have done the assessment of individual risks, you will have determined specific critical risks in your organisation – High Impact & Likely to Occur. These should be prioritised for risk controls/mitigation to manage the possible impact to your business.

More on how to control or mitigate critical risks, like Frodo having Sam with him on his adventure, in the next post.

Image: Warner Bros.

SoftComply Risk Manager Plus is the most advanced risk management app on Jira Cloud today. Thanks to its high level of configurability and out-of-the-box templates for Risk Models and Risk Registers to kick-start your risk management in Jira, it is one of the fastest growing risk apps in Jira Cloud. Join our Live Demo on Fridays, schedule a demo with our risk management experts or try out the app for 30 days for free.

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

Xray SoftComply Risk Based Testing Solution
Picture of Marion Lepmets

Marion Lepmets

CEO
July 7, 2026

Risk management is a critical part of product development and QA, especially in regulated industries where every feature must meet strict safety and compliance standards. Yet, as teams move faster in agile environments, managing the connection between risk and testing often becomes messy or manual. What if your risk management...

Frictionless CISO in Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
July 2, 2026

What if your next ISO 27001 audit required almost no preparation? That’s exactly how Lemuel Valdez, CISO at Cobham Satcom, approaches security. Instead of scrambling to collect evidence before an audit, he builds systems where audit readiness is simply a byproduct of everyday work. “Controls, risk approvals, documents and evidence...

e-signature
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
June 30, 2026

Not every Confluence e-signature app is designed for regulated industries. This guide explains how to evaluate Atlassian Marketplace apps against 21 CFR Part 11 and choose the right solution for MedTech, pharma, and biotech teams. Looking for an E-Signature App for Confluence? Open the Atlassian Marketplace and search for electronic...