Risk Assessments

We have taken a slightly different approach which eliminates the need for weighting categories/dimensions of risk. For any given question, we have a dropdown list of answers. Whether it be 2, 3, or 4 answer choices, each answer choice is rated (low, moderate, high or critical). Then the highest risk rating of all answers is the inherent risk rating for that service. We risk rate each service a vendor provides. Then the service with the highest risk rating determines the Vendor inherent risk rating. We found that the traditional risk rating method which is a sum of scores for each answer created a tremendous grey area once you get over 4-5 questions, and gets worse with every question added. The method we use now is much more accurate and does not become less accurate with the addition of more questions.

I've done this at other institutions as well and I agree with Stanley it does work well, it drives action for fixable risks, and takes out the complexity and questions.

I am fascinated by this approach. Would you be able to share your questions with me and potentially have a conversation. 

I am interested in this approach as well, please let me know if you can share some question templates to fully understand the approach. 

Hi all, in efforts to keep your personal/professional emails confidential, please consider using the messaging function within Third Party ThinkTank. 

I am interested in this approach as well.