Techniques to Prioritize and Monitor Risks
How do organizations prioritize risks that are most important to their future — and monitor them over time?
There is no shortage of risks in today’s business environment. One challenge for management is agreeing on the risks that are most likely to have a significant impact on the organization’s business model and strategic plan.
In the 15th edition of The State of Risk Oversight Report, which we publish annually in collaboration with AICPA, We asked a series of questions to understand how organizations determine which risks are most critical to their organization.
2024 Insights from Data
- Organizations typically develop both likelihood and impact scales to provide guidelines for executives to rank order risks.
- Most approaches used by entities to prioritize risks are more qualitative than quantitative (59%), with few organizations mainly using quantitative approaches (20%) to assess risk probabilities and consequences. 21% of organizations reported having no formal techniques in place.
- Few organizations have robust reporting of key risk indicators (KRIs) that management can use to monitor shifts in risk conditions over time. Only 26% of organizations described their KRIs as ‘mostly’ or ‘extensively’ robust, with financial services organizations reporting the greatest use of KRIs (43%).
Discussion Items for Management and Board Consideration
The table below suggests 5 questions that risk leaders can use to prompt conversations with executives and boards about how to better prioritize risks and monitor them over time.
Related Tools
We’ve created two downloadable tools to help risk leaders prioritize and monitor potential risks. Click on the resource name to view a detailed page where you can download the tool or template.
