Did you know that intangible assets – such as goodwill, customer experience and reputation – account for 87% of a company’s net worth? There’s no question that reputation matters to an organization’s success. In today’s world, with smart phones constantly in our hands, consumers learn about a company’s reputation online through social media. In fact, 9 out of 10 consumers say that they read online reviews before visiting a business. On average, 1 negative review can cost a business 30 customers.
We refer to this fast-paced age of transparency as the “See-Through Economy.” The See-Through Economy has empowered consumers, investors and regulators alike to influence the integrity of a company’s brand. This can be a scary thought, but it isn’t all doom and gloom: there’s a way to leverage our increased accessibility of information to better anticipate what’s ahead. It all starts with better risk assessments.
This guide will discuss an essential tool for improving risk assessments: a risk assessment matrix. We’ll explain what exactly a risk assessment matrix is, provide a template for what it should look like, offer some examples for how to use it and explain some best practices.
What is a Risk Assessment Matrix?
For context, risk assessments are a key component of any successful risk management program. No matter how basic or complex the framework, standardized assessment results serve as the foundation on which the rest of your risk management responsibilities, mitigation activities and monitoring controls are built. This is why it’s critical to standardize your risk assessments.
A risk assessment matrix is used during a risk assessment to determine and define the level and the implications of any particular risk. It should start by addressing a particular business area. Then, it includes a description of a risk that may be associated with that business area. It goes on to identify the source of the risk, what could go wrong, and the impact, likelihood and assurance of it occurring.
When assessing risk, a lot of organizations use a high-medium-low scale, but this actually isn’t best practice. High-medium-and low scales make it difficult and time-consuming to quantify, aggregate and objectively rank information. With only three options to choose from, they’ll likely feel conflicted about which one to choose. In reality, best practice favors a 1-10 scale, with 10 having the most unfavorable consequences to the organization.
Let’s examine what a few different line items on a risk assessment matrix would look like. In this particular matrix, we’ll examine a few different risks associated with returning to work amidst the pandemic.
Plan/Risk: Inadequate policies to prevent the spread of the virus to employees and/or visitors.
What Can Go Wrong?
Employees become uncomfortable wearing their mask for too long and decide to remove it while conversing with colleagues. Virus is then spread throughout the workforce.
Customer refuses to wear a mask out of principle and must be asked to leave the premises, causing a scene.
Employees and/or customers do not stay 6 feet apart from one another.
Enforcing strict consequences for employees who are caught not wearing their mask. Dedicating particular areas outside where employees can go to take a break from wearing their mask at lunch.
Hanging signs on the front door that refuse people entry without a mask. Stationing employees at the front door who do not let anyone in without a mask.
Placing dots six feet apart from one another to instruct people on where to stand in line and prevent crowding.
Plan/Risk: Interrupted supply chains and delayed deliveries.
What Can Go Wrong?
Customers can become extremely irritated when their orders do not ship to them during the window of time they were expecting. If they’re not home to retrieve a package, it could be stolen or damaged.
Customers can become angry when their package delivery is delayed, causing them to cancel the order altogether and take their business elsewhere.
Third party/vendor risk assessments to gain visibility into vendors’ capabilities and limitations.
Periodic inventory review and frequent customer email updates based on those findings to keep them informed.
Discounts issued to customers whose items were delayed, and full refund offerings for items that are stolen or broken.
Plan/Risk: Changes in domestic regulations, laws, statutes etc.
What Can Go Wrong? Your business can be found guilty of negligence by not following the most up-to-date set of guidelines from the various jurisdictions you must adhere to.
Using ERM software with pre-built best practices that track and prove your compliance efforts.
Leveraging a trusted advisor who is doing their due diligence to stay on top of various regulatory changes (and completing a level of due diligence yourself).
How to Use a Risk Assessment Matrix
Utilizing a template and learning through examples are valuable steps towards improving your risk management plan, but it’s important to implement best practices when building out your risk assessment matrix. By adopting a standardized and objective methodology, you can start to identify the overlapping activities that crowd your program, prioritize actions and help your organization make more informed decisions. Here are some best practices to keep in mind:
Submit your Favorites List and our experts will reach out to you with more information. You will also receive this list as an e-mail which you can share with others. Here are the solutions you've added to your list so far: