[email protected]


Conducting A Risk Assessment

  • Home
  • /
  • Conducting A Risk Assessment

Regardless of the size or scope of the issues to be assessed, or the length of time available, the process of assessing risk involves the same basic key steps.  Each of the key steps is outlined below with guidance on how you can address this within your own organisation, linking to additional supporting tools where appropriate.

1. Identify the risk

Refer back to the definition of risk and ask yourself, “Where is there uncertainty surrounding events or outcomes that could impact on our operational performance, ability to achieve our aims and objectives or our ability to meet the expectations of stakeholders?”


Sometimes it is useful to think of these grouped categories according to the various aspects of the organisation and its activities which you need to consider.  Click here for a profile of common areas of risk to prompt your thinking/considerations.

You can download our risk assessment worksheet for Step 1 to list the risks you identify.

2. Categorise/rate the risk


Risk identified:  Funding coming to an end.
Likelihood:  High  (Organisation has a lot of short term funding)
Impact:  High  (Most of the organisation’s functions rely on these funding streams, therefore an end to funding would prevent the organisation from achieving their aims and objectives.)

You now need to work out which of these risks you really need to worry about.  You can do this by categorising each risk according to:

There are many different ways of categorising risks – they can be given a numerical value (e.g. ranging from 1-5 according to seriousness in each category) or they can simply be rated as High, Medium or Low risks.

Click here to download a simple template for completing Step 2.

3. Managing the risks

Having identified and categorised the risks, you now need to work out what you can do about the most significant of these risks.  For each, you should consider four options:

Download our Step 3 template to document how you are already managing the risks you have identified and what more you could or should consider doing to reduce the overall level of risk.

4. Review the levels of Risk

At the end of this process you need to go back and review how these risks should be categorised.  Given the measures that you have put in place to eliminate or mitigate (reduce) these risks, do they still constitute major risks?

Example of reviewed risk:

Risk:  Organisation working with disabled persons identifies risk of losing current premises.

Risk management:

Choose a suitable template

Ensure the template you use for recording your risk management process suits the needs and expertise of your organisation.

Organisation implements the following actions:

Reviewed risk category:

What next?

Risk assessment should become an integral part of how you manage the organisation, its resources and its activities.  It is now the Management Committee’s responsibility to confirm that they are happy with this assessment of the risks faced by the organisation and are willing to accept the level of risk that remains.

The risk assessment should then feed into your overall and ongoing strategy for managing risk and should become an integral part of how you manage the organisation, its resources and its activities.