Business Risk Assessment Methodology

Mar 3rd '23

Business risk assessment methodology refers to the approach to the assessment of risks and opportunities affecting the achievements of the organisational goals and objectives. Business risk is normally assessed at three levels. Business risk assessment at all three levels is essential to identify the THREATS, OPPORTUNITIES and potential ALTERNATIVES for action to achieve the organisational goal and objectives: Strategically: guidance is typically for a time period of 5 to 10 years, but can be as little as 1 year projected forward in a fluid environment, and assessment is usually performed by senior management and ideally, with some kind of independent facilitator. Strategic assessment is usually limited to assessment i.e. Identification, Measurement and prioritisation of risk.


Project/Program/Process: for current period of organisational or change management activity. Project manager or process owner is responsible for initial assessment and monitoring or may also share with an oversight committee. It is a mixture/blend of risk assessment in the planning phase and risk management in the implementation phase. Operational: in everyday operations like health and safety issues. This is performed by supervisory level or by individuals or work team tasked with a particular management. It is usually focuses on standard workplace risks and hazards have been already identified in strategic process of assessment; the task is to manage risk to get the job done.


Strategic Risk Assessment Methodology. Understanding of overall goals and objectives by examining of fundamental documents and classification of identified goals and objectives into SHORT, MEDIUM and LONG TERMS issues. Choosing of strategic risks that are likely to be of greatest importance:


  • Operational risk is that entity will not meet its operational goals and objectives.
  • Fiscal risk is that deficiencies in expenditure control and revenues will adversely affect agreed-up outcomes or objectives.
  • Reputation risk is that some action by the entity will impair the ability to reach its goals and objectives.
  • Other strategic risk, such as Policy, Regulatory etc.


Definition of various important and relevant external environments and potential impact of uncertainties:


  • Political / Government
  • Technological
  • Legal and Regulatory
  • Competitors
  • Customers, Constituents and stakeholders
  • Physical
  • Markets
  • Suppliers
  • Economic/Financial


Creation of series of matrices such as environments (step 4) X identification based on time (step 1). Using of various creative processes such as brainstorming, imagine scenario of possible threats and opportunities for each cell of matrix. Thinking outside the box as much as possible. Combining of the risk assessment for various goals and objectives for each of the three time horizon to get a composite strategic risk assessment in a quantitative representation, i.e., likelihood x frequency on a SCP basis.


Project Risk Assessment. It uses a different method to identifying risk and opportunity. The method can be one or combination from the following:


  • Exposure analysis based on assets involved
  • Environmental analysis based on study of changes
  • Threats scenario by exploring various narrative scenarios under numbers of different conditions, especially for catastrophic events and frauds.


Observation or/and measurement of risk is a difficult and subjective activity, therefore, risk factors are used that are either observable or measurable characteristics of conditions at risk. A standard set of risk factors and criteria should be established to measure and rank projects according to their perceived risk. Each project, program or process to be formally assessed for risk should be scored by the project initiator with the established risk factors based on understanding of the project, program or process and the perception of risk as described.


Procedure of Project Risk Assessment 

Identify Risk: use one or more methods to identify risk i.e. Exposure, Environmental and/or Threat analysis.


Measure Risk/Develop Alternatives: 


  • Read each factor and sub-criteria for familiarisation with aim of each.
  • Consider the project, program or process using each of the factors/criteria.
  • Score each factor for the project, etc. on a scale of 1 to 5 (lowest to highest) based on your subjective assessment of the strength/weakness or presence/absence of the criteria.
  • Total the scores for the each factor and divide by the number of factors to get the average score.
  • High risk score are those with an average of 4.25 or more. Low risk scores are those with an average score less than 2.25. These are starting figures that can be adjusted for experience.
  • Analyse high-risk areas and develop alternatives i.e. controls and other risk management techniques, to deal with each of the high risk components.
  • Price out the alternatives and compare risk and cost.


Control design: choose the most cost-effective controls within reasonable prudential and organisational tolerance for accepting risk. Risk Management: monitor risk and hazards, making adjustments to the project plan as necessary to meet changing conditions.


Operational Risk Management. Operational risk in financial services is normally accepted as “risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. This is effectively the risks of employees performing their jobs.  The focus of operational risk is on risk management. Risk assessment usually done by a specialist.


If You Need To Create, Review Or Execute Your Governance. Risk Or Compliance Strategy, Call Us Today on 020 8087 2377 or send us an email.


This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.


About us

The Compliance workload shows no signs of decreasing. An ever-growing list of requirements and regulatory changes makes the compliance role harder than ever.


When you face business or regulatory challenges, we provide solutions that are tailor-made to your needs with a view to releasing your energies to focus on your clients.


LS Consultancy offer a complete solution with a range of cost effective, regulatory compliance and marketing products and solutions including copy advice and copy development which are uniquely suited to supporting firms.


Explore our full range today.

Contact us


Why Not Download our FREE Brochures! Click here.


Call Us Today on 020 8087 2377 or send us an email.


We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…


You can see our Google reviews here.


Contact us