Organization Name

Industry

Risk Manager Name

Phone Number

Email

1. Risk Identification

• All potential risks (financial, operational, reputational) are identified

• Risks are documented and regularly reviewed

• Key risks are aligned with business objectives

Unidentified or overlooked risks

2. Risk Assessment

• Risks are assessed for likelihood and impact

• Risk assessment process is consistent and thorough

• High-risk areas are prioritized for action

Gaps in risk assessment process

3. Risk Mitigation

• Effective strategies are in place to mitigate high-priority risks

• Risk mitigation strategies are regularly reviewed and updated

• Resources are allocated to manage critical risks

Areas requiring additional mitigation

4. Risk Monitoring

• Regular monitoring of risks and risk management strategies

• Clear metrics to evaluate the effectiveness of mitigation efforts

• Employees are trained to identify and report risks

Monitoring challenges

5. Risk Communication

• Clear communication of risk management policies to all employees

• Risks and mitigation strategies are communicated to stakeholders

• Crisis communication plan is in place and up to date

Communication gaps identified

6. Business Continuity & Recovery

• A business continuity plan is established

• Emergency response and recovery procedures are documented

• Key personnel are trained in crisis management

Business continuity plan gaps

7. Compliance & Legal

• Organization complies with relevant regulations and laws

• Legal risks are identified and managed

• Compliance audits are conducted regularly

Legal or compliance concerns

Action Items

List any risks or mitigation actions needed.

Rate your organization’s overall risk management practices.