Use a Risk Assessment to Prioritize the Issues you Need to Manage


The cost of an adverse event, to both the organization’s business and its reputation, increases every year and it can take years to rebuild trust with stakeholders.

According to one recent study, corporate reputation accounts for more than a third of the valuations of stocks across the 15 leading equity markets around the world.

How does one plan for every crisis when they may arise in many forms: a cyber-attack, the sudden death, incapacity, or indiscretion of the CEO, whistle-blower allegations, regulatory evasion, and many others?

The foundation of an agile approach to mitigating future crises is understanding of the difference between an ‘issue’ and a ‘crisis.’

Here is how we define the two terms:

  • An issue typically does not pose an immediate threat to life, business (reputational, financial or performance), property or health. However, if an issue is not managed appropriately, it can evolve and have a direct impact on safety, reputation and stakeholder value.
  • A crisis is a situation that threatens immediate harm to people or property, serious business interruption, substantial damage to the company’s reputation, and/or a negative and material impact on stakeholder value.

By building your plans to anticipate the broader issues, when the worst happens you are able to cover more ground and create crisp, clear and unambiguous protocols, guidelines and resources—all adaptable, readable and usable quickly.

Quantifying the Risk of your Issues

Measuring risk lays the groundwork for building an effective business continuity plan to respond and overcome adverse events resulting from one of the risk situations. Determining a “risk score” helps you to accurately prioritize threats so you and your organization know where to focus first.

There are different methodologies to quantify and measure risk, for example:

  1. Describe the risk and explain how the risk is currently managed.
  2. Evaluate the impact of the risk, and assign a score between one and five, with one point indicating little or no impact, and five indicating catastrophic impact.
  3. Evaluate the likelihood of the risk occurring in the near future, and assign a score between one and five, with one point indicating very little probability, and five indicating a definite event.
  4. Calculate the risk score by multiplying the impact number by the likelihood number.

We’ve created a free Risk Assessment Kit that includes detailed instructions, an interactive worksheet that you can customize, examples of more than 70 risks you may need to watch out for across 15 different categories, a framework to understand and visualize your results, and next steps to manage and mitigate the impact of your specific risks. You can download this resource here.

Planning, the Indispensable Process

As Dwight Eisenhower said, “plans are useless – but planning is indispensable.” He knew that developing plans of attack would give him the resilience to respond to anything in battle.

The same is true for your organization, while you cannot plan for everything—you can plan for anything. Going through a risk assessment helps you look into the future, and plan for it. And while the issue many not unfold exactly as you anticipated, you'll know your approach, and can adapt your process as needed, versus starting from scratch. 

A scandal distracts management, can lead to painful regulatory scrutiny and destroy decades of trust and brand reputation.

Time and resources spent mitigating risk will have a ripple effect throughout your entire organization.


Risk Assessment Kit - Download Now


Learn how hundreds of organizations large and small are using our award-winning issue and crisis management platform, In Case of Crisis, to better prepare for and respond faster to emerging threats.