Image: Warner Bros.

3 Simple Steps to Prioritising your Critical Risks

February 27, 2024

“It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don’t keep your feet, there’s no knowing where you might be swept off to.” (B. Baggins)

The same applies in business in general – no company operates without risks. For you to have started a business, you have already made an assumption that the business opportunities outweigh the risks – else you would not have done it.

After having identified organisational risks, it is time to weigh the risks that you are willing to take (Risk Appetite) and set a Risk Tolerance level for them.

1. Determine your Risk Tolerance

Risk tolerance is what you as an organisation can handle (and for how long) without having a devastating impact on achieving your goals. You can determine the risk tolerance in a brainstorming session together with your (risk) management team.

Examples of the questions to answer could be the following:

Is a possible financial loss of 5K a high or medium impact to your company? What about 1M? If we will lose 1 key customer? If we lose 10 or more smaller customers? Possible result of a negative customer feedback in either a public article or social media post on how we conduct our business? Customer, employee, stakeholder satisfaction?

This exercise will help you define your company’s Risk Tolerance. It will also provide you with insight into how to assess each organisational risk, so that you will know exactly which are the most critical risks that you should address first. These may have a fatal impact to your business.

2. Define a Risk Assessment Model to quantify your risks

In the Risk Model you will have to determine the impact (severity of damage a risk can create) and likelihood (probability of the risk occurring) levels.

You may categorise impact levels as: Low-Medium-High.

Similarly, the likelihood levels may consist of: Unlikely-Probable-Likely.

Using these levels in a simple Risk Model, you will have a Matrix that looks like the image below.

Each of the coloured cell refers to either a Low (Green )- Medium (Amber) – High (Red) Risk.

3. Prioritise your Business Critical Risks

Once you have done the assessment of individual risks, you will have determined specific critical risks in your organisation – High Impact & Likely to Occur. These should be prioritised for risk controls/mitigation to manage the possible impact to your business.

More on how to control or mitigate critical risks, like Frodo having Sam with him on his adventure, in the next post.

Image: Warner Bros.

SoftComply Risk Manager Plus is the most advanced risk management app on Jira Cloud today. Thanks to its high level of configurability and out-of-the-box templates for Risk Models and Risk Registers to kick-start your risk management in Jira, it is one of the fastest growing risk apps in Jira Cloud. Join our Live Demo on Fridays, schedule a demo with our risk management experts or try out the app for 30 days for free.

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

SaMD Guide to Compliance
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
December 3, 2024

Introduction The first contact with the Medical Device regulatory world is a shock for most startups. These companies usually have excellent technical and clinical ideas on how to improve the patient’s life, but little knowledge of the legal burdens required to bring the medical device to the market. The technical...

e-signature
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
November 26, 2024

What is an “Electronic Signature”? Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. (21 CFR 11.3) In other words, to Electronically Sign a document means to...

New Cybersecurity Risk Management Features in Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
November 8, 2024

The Role of Cybersecurity in Medical Device Safety The Global medical device market is a $800 billion business that is rapidly growing, especially in the area of software as a medical device (SaMD). The majority of the SaMD segment is made up of the digital health and digital therapeutics solutions,...