A common misconception of risk management is that it's an overtly negative approach. That couldn't be further from the truth.

In reality, risk management is an optimistic and opportunistic practice that seeks to adopt a proactive outlook, as opposed to a reactive one.

The point of risk management is to make the most of the present, while preparing for the future (and capitalizing on deviations from standard procedure)

ISO describes risk management as:

"...[the] systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk." - ISO 31000 Guidelines for Risk Management

To successfully implement a risk management system, you need a good process.

The purpose of this checklist is to streamline the risk management process by automating tedious manual tasks and reducing human error by providing a reliable, simplified framework in the form of individual, actionable steps.

While it's important to note that the best kind of risk management systems are highly customized (and that risk management is never a one-size-fits-all solution), this template will provide you with a firm foothold to get started and figure out the best risk management approach for your organization.

Collect basic information

Use the form fields below to collect basic information about the risk management process.


Specify core business goals

Using the form fields below, and in no particular order, specify your most important business goals.

This is essential for aligning risk management program goals with overall business goals. This task should be performed by top management.

If you need to add or remove goals, feel free to edit this task to suit you best.

Set clear risk management goals

Once you've clarified the most important business objectives, you can set the objectives for the risk management program.

What kind of outcome is the risk management program intended to achieve? What are some of the focus points of the program?

Record clear risk management objectives with the form fields in this task.

This task should be performed by top management.

Ensure risk management goals support business goals

You now have two sets of objectives:

  • Core business objectives
  • Risk management objectives

The goal is to make sure that the risk management objectives support your core business objectives.

Using the form fields below, record how each of your risk management (RM) goals support wider business objectives.


Identify risks

Once you've aligned your business goals with the risk management program goals, it's time to begin the task of risk identification.

There are many ways to identify risk, from techniques like SWOT and FMEA, to risk matrices and internal audits.

Whatever method you decide on, record your findings in detail using the form fields below.

Here's a handy video showing you how to get started using a risk matrix:

Again, if you need to edit the details of this task, simply add it to your Process Street account and jump into edit mode.


Assess the impact of each risk

Risk impact should be thought of in terms of how core business objectives might be affected. For example, how will certain risks affect your ability to achieve certain objectives?

It should be the responsibility of top management to assess the impact of each risk on the core business goals.

Using the form fields below, detail the impact of each of the risks you've identified so far.

Organize risks by their perceived significance

You could use a prioritization matrix to order your risks by order of percieved significance. When doing this task, the most important factors to consider for each risk are:

  • Probability of the risk actually happening
  • Severity of the damage, if it actually happens

With this in mind, and using any/all resources at your disposal, rank your risks by order of percieved significance and use the form fields of this task to record your findings.

This task should be done by top management.


Determine risk response strategy

This is also known as risk treatment. The first step is deciding on the most appropriate risk response strategy for each risk.

The four main types of risk response are:

  • Risk avoidance
  • Risk reduction (or mitigation)
  • Risk sharing (or transfer)
  • Risk acceptance (or retention)

Using the drop-down fields of this task, record the most appropriate risk response for each risk.

Implement risk response strategies

Now that the general response type for each identified risk has been decided, it's time to implement strategies for each identified risk.

Use the sub-checklist in this task to record progress regarding risk response implementation.

Once all risks response strategies have been implemented, proceed to the next task.

  • 1
    Risk #1 response implemented
  • 2
    Risk #2 response implemented
  • 3
    Risk #3 response implemented


Ensure systems are in place for continuous risk monitoring

Part of any successful risk management approach is the principle of continuous improvement.

This involves acknowledging and embracing the fact that risk management is a constant, ongoing cycle, rather than a static set of sequential steps.

Top management should make sure that adequate systems are in place for the monitoring of all risk management components.

Once you can be sure that risk monitoring solutions are in effect, proceed to the next task.

Provide feedback for continuous improvement

Finally, in the spirit of continuous improvement, you should make an effort to provide feedback about this process so that it can be improved and optimized in the future.

Use the form field below to record feedback about the risk management process.


Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.