If you have read our previous blogs, you know we always say to prepare for the unexpected. The best way to prepare is to create a risk register, which is a document that includes all possible dangers to your business. This can be a daunting task, and it often takes multiple managers, employees, and outside help to create a comprehensive risk register.
Steps to create a risk register:
1. The best place to start is to fully understand what a risk register is. A risk register is a security management tool that outlines potential risks to a business, steps to mitigate the risk, and measurements of how likely the risk is to occur. Think of it as your security Bible. Risk registers can be used not only in security but also in marketing, sales, project management, trip planning, etc.
2. Step two is to start listing potential risks. The risks do not need to be written out in extensive detail, but should provide a clear picture as to what to look out for.
3. After identifying all potential risks, identify how likely it is that a risk will occur. Generally, we use “high,” “medium,” and “unlikely” to categorize each risk. It is helpful to color code this section, with green denoting “unlikely,” yellow denoting “medium,” and red denoting “high,” as the very likely risks will pop out and your team can take higher notice of them.
4. Step four is to rate the impact of each risk. We use the same color coding and risk levels as in step 3. An example of a low-impact risk would be the water leaking, and a high-impact risk would be a trespasser on the business’s property. We also include a description of the impact in a separate column, to make sure we are as detailed as possible.
5. The next step is to combine the likeliest and the outcome into a severity score. The best way to do this is to give each level of likeness/impact a numerical rating, and then multiply the likelihood by the impact to get an overall severity score. We use (1) as the score for low/unlikely, (2) as the score for medium, and (3) as the score for high/likely. An example of scoring severity would be if a risk is a 3 on the likeness scale, and a 3 on the impact scale, it would be a 9 for severity (3*3).
6. Step 6 is to write out ways to mitigate and control the risk. The mitigation measure does not have to be incredibly detailed, but it will give direction as to how to respond if a potential risk is realized.
7. Finally, the last step is to assign the risk to a member of your team. A defined individual must be in control and organizing the response, so that mitigation efforts are as efficient as possible.
We have created a sample risk register and template for you to use in your business’s security planning which can be found here.
At Evans Brothers Consulting, we have been in the risk mitigation industry for over 100 years. We have seen everything and can use our wealth of experience to help your business build a risk register of its own.
Take the initiative today and contact info@evansbrothersconsulting.com or call 617-545-1500 to set up a short, no-cost, preliminary discussion.
No one knows Boston like the Evans Brothers.