Skip to main content

Reviewing Risks

Set and manage review intervals in StartRisk to keep risks current and aligned with appetite, controls, and key indicators.

M
Written by Mark Scales
Updated over 3 weeks ago

Overview

Regular risk reviews are a critical component of effective risk management. In StartRisk, users are required to set risk review intervals (monthly, quarterly, or annually) to ensure that all risk information remains current and relevant. When selecting frequency, consider the following indicators for more frequent reviews:

  • the risk is outside of risk appetite

  • the risk is a key risk to the organisation (higher risk rating without controls)

  • the nature of the risk is likely to change over time

  • the risk has been realised in the recent past (e.g. prior 12 months)

  • there are no controls or limited controls in place for the risk

When reviewing a risk, check the risk title, risk description, inherent likelihood and consequence, and control effectiveness and impact. Keeping this information up-to-date helps in making informed decisions and maintaining an accurate picture of the business risk environment.

The ‘Last reviewed’ and ‘Next review’ date are shown in the Review section of the Risk Editor.

Changing the Review Interval

If you chose the change a review interval for a risk, a new ‘Next review’ date will be set based on the current ‘Last reviewed’ date plus the selected review interval. This may mean that a review will become overdue at the point of changing the review interval if you choose a shorter interval period.

Getting Started with StartRisk - Reviewing Your Risk Profile

Key Concepts

  • Risk Reviews are required to ensure that any changes to a risk have been reflected in a timely manner. This supports maintaining an accurate risk environment for decision making.

  • Inherent Likelihood is the probability of a risk occurring in the absence of any controls or actions to prevent or mitigate it. It's the 'natural' level of risk, untouched by any intervention.

  • Inherent Consequence is the potential impact of a risk event occurring without any mitigation or intervention measures in place. It represents the initial, raw level of impact a risk could have.

  • Control Effectiveness Rating is a measure indicating how well a control manages or reduces a risk.

  • Control Impact indicates if a control reduces the probability of a risk event, the impact of a risk event or both.

Did this answer your question?