On Wednesday 17 October, VinciWorks ran its first risk identification masterclass in an impressive Central London venue, the Law Society. Facilitators, experts Dean Hughes and Karla Gahan, focussed on risk identification, one of the key steps of Enterprise Risk Management (ERM). They gave guidance to delegates on how to better facilitate risk conversations, reveal awkward risks and black swans, and present those risks to the leadership with clarity and insight. This class provided delegates with the skills and confidence required to identify risks at a whole new level through a safe and constructive process.

What is risk identification?

Risk identification is the term used to describe the process of collecting, collating, classifying, refining, aggregating and disseminating risks. It is a critical step in the ERM process and takes place within the context of the risk framework. While one-off workshops and department-wide meetings play a role in risk identification, the process itself is ongoing and should be revisited on a regular basis.

Risk identification – everyone is a risk manager

While many organisations employ a risk or compliance manager to manage risks, risk identification should involve the whole organisation, from management, to IT, to finance. Through surveys, face-to-face interviews, group interviews and workshops, everyone has a role in identifying risks that could affect their organisation. We have found that to create a comprehensive list of principal risks for an organisation, risk managers need to consider as many perspectives as possible. From our experience, risk management is far more effective when the Head of Risk gains insight from the whole organisation. This approach will help to create a broader list of risks and causes that are aligned with the strategic goals of the business.

The transparent risk identification process

The risk identification process is a four-step journey to having full transparency of your organisation’s risks. The four steps are:

1. Collect responses and perspectives
2. Analyse and prepare responses for interviews
3. Interview and elaborate to understand the risks
4. Aggregate and draft a single coherent risk register

Risk Identification Masterclass – key takeaways

• When collecting responses in surveys, be sure to ask the right questions in the right way to ensure you get a good understanding of the risks
• When analysing responses, be sure to distinguish between causes and consequences. A cause is a factor that could lead to a risk occurring and a consequence is an outcome or result that can or will happen should the risk occur
• When conducting face-to-face interviews, keep asking “why” when the interviewee is responding to get to the root causes
• When aggregating responses, better understand the root of individual risks by spotting similar or repetitive causes and consequences
• Note that bias plays a huge role in people’s perception of risk
• All delegates received posters, templates and digital tools to help them with the risk identification process in their organisation

Upcoming risk identification masterclass

This masterclass was just an introduction to a series that our experts Dean and Karla will be running. We received great feedback from our delegates and look forward to hosting future masterclasses. If you would like to know more about upcoming masterclasses, feel free to reach out using the form below.