Checking It Twice: The Corporate Risk Mitigation Checklist

In recent posts, we’ve been talking about how important it is for organizations to reassess their risks as the economy opens up. Today, we provide a tool to help in doing that: MHA’s Corporate Risk Mitigation Checklist.

 

 

A Pressing Need to Reassess Risk

Recently in the blog, we’ve been emphasizing how important it is for companies to look anew at the threats and risks they’re facing now that the COVID pandemic is loosening its grip, at least in some parts of the world.

See “Know Your Gaps: Manage Residual Risk to Keep Your Company Safe” and “Every Single Day: Make Risk Management Part of Your Company’s Culture.”

The world has changed greatly in the past year and a half, and almost every organization of any size has seen fundamental changes in how it operates.  

To make sure they are prepared to deal with the world as it now is, rather than as it used to be, organizations need to take a fresh look at the risks in their operations and environments.

Today, we shift from giving general advice to providing practical help by offering our Corporate Risk Management Checklist.

The Corporate Risk Management Checklist

Here’s the checklist in bare-bones form. Explanations follow.

  Action Date Completed
1. Gain management support.           
2. Identify team members.  
3. Identify risks.         
4. Assess and prioritize the risks.   
5. Determine mitigation options.  
6. Develop the mitigation plan.        
7. Test the plan.  
8. Implement the plan.  
9. Monitor the plan.  
10. Review and update the plan.        

The Corporate Risk Mitigation Checklist Explained

Let’s take a closer look at the 10 items that make up the list.

  1. Gain management support. This gets overlooked a lot, but it’s very important. You have to communicate with management about the importance of assessing (and reassessing) risk and get their buy-in. Otherwise everything else you do will likely be for nothing.
  2. Identify team members. Who’s going to help you conduct the risk assessment? Needed are a leader, subject matter experts, and technical writers. The SMEs are key; you need to get to the operational leadership to be able to obtain a clear, informed view of the risks facing the company.
  3. Identify risks. What are the areas externally and internally that pose threats to the organization? Think about natural disasters, technological risks, risks involving single points of failure (whether they reside in equipment or people), and risks arising from your location. For more on identifying risks, see this post on conducting threat and risk assessments.
  4. Assess and prioritize the risks. Evaluate risks in terms of how severe the impact would be if they occurred and also the likelihood of their occurring. Prioritize in this order:
    • High impact and highly likely to occur
    • High impact and less likely to occur
    • Low impact and highly likely to occur
    • Low impact and less likely to occur
  5. Determine mitigation options. The main risk mitigation options are:
    • Avoid the risk (exit activities that bring it on or turn over to a third party)
    • Reduce the risk (take steps to reduce the likelihood of a negative event occurring)
    • Accept the risk (live with the risk, acknowledging that if the threat occurs the organization will have to bear the consequences)
  6. Develop the mitigation plan. Work out what approach the company will take to deal with each of its high priority risks.
  7. Test the plan. Where appropriate, test the mitigation solutions or steps to ensure they are working as intended.  
  8. Implement the plan. Execute on the mitigation plan as developed and tested.
  9. Monitor the plan. Keep taps on the progress of your implementation as well as on the business environment, which is subject to change.
  10. Review and update the plan. Repeat steps 3-8 on a continuous basis in recognition of the fact that risk mitigation is not a project but an on-going process.

An additional item that could be added is measuring residual risk, which was discussed in detail in this post from a couple of weeks ago.

Help is Available

Does the prospect of trying to reassess and manage your company’s risks using only inside personnel seem daunting? Help is available in the form of assistance from MHA Consulting and similar firms that are staffed with experts possessing deep experience in helping organizations gauge and mitigate their risks, internal and external. Most consulting companies are happy to work with clients to provide just as much help as is desired, whether it is high-level guidance or hands-on implementation of the entire risk mitigation process.

Adapting to the New World of Risk

As the pandemic loosens its grip, organizations of all types would be well advised to reassess the risks they face. Chances are, both your organization and the environment in which it operates have changed significantly in the past 18 months. Prudent organizations will actively adapt to the new world of risk.

Use the Corporate Risk Mitigation Checklist to guide you in assessing and managing the risks you face. Organizations that lack the time or expertise to efficiently assess and manage their risks might consider hiring an outside consultant.

Further Reading

For more information on corporate risk mitigation and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS:

About
Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.
manage residual riskBCM Plans Up to Date