There is a management science maxim that, “If you can’t measure it, you can’t manage it.” The problem with managing risk is that you first have to identify ‘it’, and this is not simple. So Carol Williams’s, an Enterprise Risk Management Consultant, guide Five Effective Methods To Identify Risks In Your Organization - Tools, techniques, and best practices for identifying risks to company strategy and everyday operations starts at the right place.

However, she is well aware that most people “define risks as potential events that can have a negative consequence to the organization. So Williams points out that, the risk identification process should also consider “positive” risks that could “enhance” the achievement of objectives or represent an opportunity for the organization.’ So it is vital she writes. “to identify positive risks or opportunities because: 

1. While you may have a positive outcome in a particular situation, you may be creating risks elsewhere, and 
2. Identifying opportunities can help ensure goals are met faster or with better results.’

The purpose of this guide is to help organizations of all sizes develop a methodical process for identifying risks, whether it’s for the whole enterprise or within specific business units, projects, or activities. 

Basics and common misconceptions and missteps

Basics of risk identification are explored and the various definitions that are used to describe risk. This is a big problem and is dealt with sensitively.

The discussion of the misconceptions and misssteps (and dangers) covers:

• Being reactive to a problem
• Not using a methodical approach to identifying risks
• Not viewing a risk within the larger context of the organization
• Identifying a risk without understanding scope
• Not tailoring the risk identification process to your organization or the participants
• Relying on a single identification method
• Thinking risk identification is a once-and-done activity.

Five Risk Identification Methods And Choosing The Right One

As you read the report you can hear Williams worrying away about ensuring that before you choose the ‘right’ approach you must carryout her three pre-steps.

Williams’s five risk identification methods (and where to use them) are:

1. Workshops (Top-Down) 
2. Interviews (Top-Down) 
3. Scenario Analysis (Top-Down or Bottom-Up)
4. Surveys (Bottom-Up)
5. Root Cause Analysis (Bottom-Up)

Conclusion

Williams conclusion is that, “I agree with other ERM thought leaders and professionals that risk identification is the essential foundation for the entire risk management process. That’s why mistakes at this point can lead to a host of consequences, including wasting time and resources and limiting the value of ERM.”

---

CTMfile take: Worth a read in our turbulent times.