Why A Matrix Approach Makes It Easier To Map Business Risks

A risk assessment is one of the key foundational pieces of every organization’s business continuity plan, and the first piece that needs to be completed.

By identifying and prioritizing key risks, businesses know where to focus their time, resources and training. While no company can plan for every possible risk, there is a way to capture key risks and easily prioritize them.

Using a 5 by 5 grid allows companies to prioritize risks on two factors - severity of the risk and likelihood of it occurring. With its visual format, the risk assessment makes it easy for emergency preparedness and business continuity managers to quick identify the major risks.

Risks To Consider

There are many factors that influence the types of risks a company faces and how severe and likely it is to affect the business. Things like geography, markets, industries, global change, seasonality and business moves like mergers and acquisitions all affect a company’s risk assessment.

If your organization already has a risk management process in place, use that. If not, start by identifying all applicable risks.

Here are some risks to consider:

  • Hurricanes
  • Wildfires
  • Earthquakes
  • Mudslides
  • Tornadoes
  • Active shooters/workplace violence
  • Denial of access events (fire, flood, etc.)
  • Pandemics
  • Cyber attacks
  • Terrorism

Using A 5 By 5 Matrix

Once you have a working list of risks, map them to a 5 by 5 matrix. The horizontal axis determines the likelihood of the threat occuring in the next five years while the vertical axis determines the severity of the risk’s impact on your business.

Each company’s risk assessment will vary. Factors such as locations of offices around the world, sensitive or high-value data or business operations in unstable regions all play into how severe these risks are.

Once you’ve determined the severity and likelihood of these risks, map them to the matrix. Make this matrix part of your business continuity plan. Review it as part of your regular updates and update as needed.

When reviewing, take into account changes in your organization, industry, community and the world at large. All these changes can dramatically affect how serious an impact these risks present.

Adapt your risk matrix as needed, and remember that your top threat five years ago may now be only a minor risk as other risks have emerged and become a priority.

Use your risk assessment to prioritize your planning and training resources. Even the largest companies can’t focus on every risk, so make sure you’re preparing your organization and your employees for the most likely threats.

To learn more from Bob Clark about how companies can evolve their business continuity planning, listen to our new webinar, “No Threat Too Large Or Small: Business Continuity Planning for Today’s Risks.

Watch the Webinar Now

You are well on your way toward protecting your staff and organization.

Take the next step toward protecting your organization by learning more about emergency notification systems and the vital role they play in your emergency preparedness plan.