From Protiviti’s Guide to Enterprise Risk Management: Frequently Asked Questions
There are many ways to conduct a risk assessment. For example, companies may conduct interviews or surveys of key personnel, review key documents, conduct facilitated workshops, perform targeted reviews, or utilize any combination of these options. This guide outlines and compares various options and approaches to conducting an effective risk assessment, including interviews, online surveys, paper surveys, document review, facilitated workshops and targeted reviews.
For example, during the interview process the individual stakeholder is asked to identify potential events and prioritize associated risks. The advantage of this method is the interaction provides an opportunity to set the stage, ask the appropriate follow-up questions, probe/understand underlying root causes, clarify questions, if necessary, cover sensitive topics more thoroughly, and add more insight and depth regarding potential future events. The challenges of this method include:
They must be delivered by a certain time
Challenges with scheduling exist
Logistics must be managed
The interviewer must subjectively aggregate data points
The individual interviews do not directly support consensus-building