Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
Risk Identification and Assessment

Processes to Identify Risks

When and how are organizations identifying risks for their organizations?

September 17, 2024 2-min. read
5 Questions to Identify Potential Risks on the Horizon

While business leaders likely think about various types of risks as they engage in day-to-day activities, there is value in employing an organized structured approach to identify risks so that management is more likely to move risks from an “unknown” to “known” state.

In the 15th edition of The State of Risk Oversight Report, which we publish annually in collaboration with AICPA, asked a series of questions to better understand the process of how management actively seeks to identify potential risks on the horizon, including the frequency and scope of those activities.

2024 Insights from Data

  • Over the past 15 years of this study, there has been a steady increase in the percentage of organizations that maintain an inventory of risks at the enterprise level. That is especially true for large organizations and public companies.
  • Most organizations (49% full sample; 67% of large organizations and public companies) follow a dedicated process to identify risks on an annual basis, with just under one-third doing so more frequently than once a year.
    • However, Most organizations do not have formal processes in place to prompt executives to consider long-term risks (e.g., risks five to ten years in the future).
  • Most organizations (58% full sample; 78% of large organizations and 86% of public companies) have a standardized template that they use to identify risks, suggesting that the risk identification processes for those organizations are more structured than ad hoc.
  • Among the different types of risks most frequently identified, emerging, strategic, market risks are least likely to be considered in the risk identification process. Most of the risk focus is on IT, operational, financial, and legal/compliance risks.
View Full Insights and Report

Discussion Items for Management and Board Consideration

The table below suggests 5 questions that risk leaders can use to prompt conversations with executives and boards about how to better identify potential risks on the horizon.

5 questions for Board consideration

Related Tools

We’ve created two downloadable tools to help risk leaders identify and assess potential risks. Click on the resource name to view a detailed page where you can download the tool or template.

More From Enterprise Risk Management Initiative

Business executives in a meeting

Strategic Value of Risk Management
Using Strategic Risk Analysis to Identify Potential Risks to Strategic Initiatives

ERM Tool: Using Strategic Risk Analysis to Identify Potential Risks to Strategic Initiatives

Maturity of Risk Management Practices