Risk Management Process

A common misconception of risk management is that it’s an overtly negative approach. That couldn’t be further from the truth.

In reality, risk management is an optimistic and opportunistic practice that seeks to adopt a proactive outlook, as opposed to a reactive one.

The point of risk management is to make the most of the present, while preparing for the future (and capitalizing on deviations from standard procedure)

ISO describes risk management as:

“…[the] systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk.” – ISO 31000 Guidelines for Risk Management

To successfully implement a risk management system, you need a good process.

The purpose of this checklist is to streamline the risk management process by automating tedious manual tasks and reducing human error by providing a reliable, simplified framework in the form of individual, actionable steps.

While it’s important to note that the best kind of risk management systems are highly customized (and that risk management is never a one-size-fits-all solution), this template will provide you with a firm foothold to get started and figure out the best risk management approach for your organization.

Use the form fields below to collect basic information about the risk management process.

Using the form fields below, and in no particular order, specify your most important business goals.

This is essential for aligning risk management program goals with overall business goals. This task should be performed by top management.

If you need to add or remove goals, feel free to edit this task to suit you best.

Once you’ve clarified the most important business objectives, you can set the objectives for the risk management program.

What kind of outcome is the risk management program intended to achieve? What are some of the focus points of the program?

Record clear risk management objectives with the form fields in this task.

This task should be performed by top management.

You now have two sets of objectives:

• Core business objectives
• Risk management objectives

The goal is to make sure that the risk management objectives support your core business objectives.

Using the form fields below, record how each of your risk management (RM) goals support wider business objectives.

Once you’ve aligned your business goals with the risk management program goals, it’s time to begin the task of risk identification.

There are many ways to identify risk, from techniques like SWOT and FMEA, to risk matrices and internal audits.

Whatever method you decide on, record your findings in detail using the form fields below.

Here’s a handy video showing you how to get started using a risk matrix:

Again, if you need to edit the details of this task, simply add it to your Process Street account and jump into edit mode.

Risk impact should be thought of in terms of how core business objectives might be affected. For example, how will certain risks affect your ability to achieve certain objectives?

It should be the responsibility of top management to assess the impact of each risk on the core business goals.

Using the form fields below, detail the impact of each of the risks you’ve identified so far.

You could use a prioritization matrix to order your risks by order of percieved significance. When doing this task, the most important factors to consider for each risk are:

• Probability of the risk actually happening
• Severity of the damage, if it actually happens

With this in mind, and using any/all resources at your disposal, rank your risks by order of percieved significance and use the form fields of this task to record your findings.

This task should be done by top management.

This is also known as risk treatment. The first step is deciding on the most appropriate risk response strategy for each risk.

The four main types of risk response are:

• Risk avoidance
• Risk reduction (or mitigation)
• Risk sharing (or transfer)
• Risk acceptance (or retention)

Using the drop-down fields of this task, record the most appropriate risk response for each risk.

Now that the general response type for each identified risk has been decided, it’s time to implement strategies for each identified risk.

Use the sub-checklist in this task to record progress regarding risk response implementation.

Once all risks response strategies have been implemented, proceed to the next task.

Part of any successful risk management approach is the principle of continuous improvement.

This involves acknowledging and embracing the fact that risk management is a constant, ongoing cycle, rather than a static set of sequential steps.

Top management should make sure that adequate systems are in place for the monitoring of all risk management components.

Once you can be sure that risk monitoring solutions are in effect, proceed to the next task.

Finally, in the spirit of continuous improvement, you should make an effort to provide feedback about this process so that it can be improved and optimized in the future.

Use the form field below to record feedback about the risk management process.

• cpd.org – What are the 5 Risk Management Steps in a Sound Risk Management Process?
• Solar Winds MSP – Risk Management Process Definition
• iEduNote – Risk Management: 7 Steps of Risk Management Process
• ProjectManager – The Risk Management Process in Project Management
• ISO – ISO 31000:2018
• Process Street – What Is ISO 31000? Getting Started with Risk Management

• FMEA Template: Failure Mode and Effects Analysis
• SWOT Analysis Template
• Prioritization Matrix Template
• ISO 19011 Audit Template
• ISO 9001 Audit Template
• ISO 14011 Audit Template
• Electrical Inspection Template
• Hotel Sustainability Audit