How To Run A Risk Assessment Workshop

About the Author

Resolver

Modified March 16, 2022

See risk. Discover value. Resolver gathers all risk data and analyzes it in context—revealing the true business impact within every risk.

Share this Article

Governance, Risk and Compliance

Modified March 16, 2022 By Resolver

I hope it’s safe to say that Risk Management has gained enough attention over the past few years to have become at least a consideration in most managers’ minds.

I hope that before embarking on every project a PM will conduct a project risk identification with key stakeholders and at least try to estimate which risks are the big ones.

I hope that Sr. Managers encourage risk assessments both within departments and across them, and finally I hope this information gets used to make more informed decisions. So - wearing my optimism hat - there are a lot of people out there conducting risk assessments with a wide range of topics, detail, and experience.

Consider this a layman’s guide to an effective risk assessment. First, a word of caution, I am not an accountant, auditor, or lawyer, in fact I’m a nerdy computer science guy, so this is purely a completely biased (yep, it is) but very effective way I personally have managed upwards of 20 corporate wide risk assessments. Before you dive into the risk assessment there are a couple of basics to get sorted:

Figure out who should be involved – make sure you have representation from all key stakeholder groups
Determine what format works for you – interviews, online surveys, workshops…
Determine what type of results you want out to get out of the session—rankings, discussions, ideas, response plans…

Preparing for the Workshop

Book a reasonable amount of time to cover the topics
Determine assessment scales that everyone will understand and get agreement from the two most senior people in the room.
Make sure they have a both qualitative and quantitative components and do not focus exclusively on financial risk.
Agree on a language for your risks that will reduce confusion (E.g. don’t put the word “or” in your risks)

Principles of the workshop

Ensure you get viewpoints from everyone
Use an effective technique for anonymous voting (i.e. Ballot by Resolver)
Have one person dedicated to writing everything down (not you, and not one of the participants)
Sample 90 min Workshop Agenda (30 risks) your group may be faster or slower depending on the # of risks and the depth of discussion.

After the workshop, share the results and the corresponding actions with participants; this will dramatically improve the process the next time around. Resolver*Ballot Feature: Auto generates PowerPoint and Excel documents to share with others.
Keep the voting results and use them next time to plot change over time. If you are doing a routine assessment (e.g. every quarter) which risks are changing? Which risks are increasing? Which actions did not get executed on? Resolver*Ballot Feature: Merge multiple files and plot them on a single Heatmap to understand change

By now hopefully you’ve got some ideas on how to run an effective risk assessment, and our software will improve the results with anonymous voting. We’ve helped hundreds of companies, large and small, get great results very efficiently. This includes companies like SONY, WAL-MART, PHILLIPS, HEINZ, DELOITTE, PWC, E&Y and small companies that you’ve never heard of. We’ve even helped the Canadian Government and the United Nations. Oh, and our software doesn’t cost much since it scales to the number of users that you need. So stop reading and buy our software.

If you are looking to learn more about running risk assessment workshops in your organization, feel free to contact us.

For more risk assessment related news and articles, follow us on LinkedIn, Facebook of Twitter.

[1]An online survey can reach more people but needs more structure going into the process. Requires more preparation and pre-work or the results will not represent the complete picture.

[2] The estimated risk that remains after existing controls or mitigating actions.

Cookie	Duration	Description
BIGipServersj13web-nginx-app_https	session	This cookie name is associated with the BIG-IP product suite from company F5. Usually associated with managing sessions on load balanced servers, to ensure user requests are routed consistently to the correct server. The common root is BIGipServer most commonly followed by a domain name, usually the one that it is hosted on, but not always.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__resolver-ref	session	This cookie is set by Resolver to ensure visitors receive unique content after submitting a form on our website.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
ADRUM_BT1	past	This cookie is set by AppDynamics and is used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.
ADRUM_BTa	past	This cookie is set by AppDynamics and used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.

Cookie	Duration	Description
ajs_anonymous_id	never	This cookie is set by Segment.io to check the number of ew and returning visitors to the website.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
CONSENT	16 years 2 months 17 days 10 hours	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_4655365_4	1 minute	Set by Google to distinguish users.
_gat_UA-4655365-4	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_omappvp	11 years	The _omappvp cookie is set by OptinMonster to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie set by OptinMonster, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.

Cookie	Duration	Description
anj	3 months	AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
uuid2	3 months	The uuid2 cookie is set by AppNexus and records information that helps in differentiating between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetvid	1 year 24 days	This cookie is set by Bing to store and track visits across websites.

About the Author

How To Run a Risk Assessment Workshop

Preparing for the Workshop

Principles of the workshop

Related