2. Knowledge base
  3. Risk Management
  4. Step 3: How to Prioritize Risks

Step 3: How to Prioritize Risks

Last updated: 2024-12-13
See our solution:
Risk Management
Was this article helpful?
13 of total 13 found this helpful.

  • Risk prioritization is the third step in the risk management process.
  • It is preceded by a risk assessment

Why Prioritize Risks

  • The financial, human, and technological capacities of each organization are limited, so you can only focus on risks that have a high or critical priority. This makes performing a risk assessment and prioritizing them essential.
  • After the evaluation, you concentrate on the risks with the highest severity and priority. These priority risks can cause key processes to stop, such as power failures, worker fatalities, machine destruction, building damage, or theft of funds.
how to choose priority risks

How to prioritize risks

There are many ways and methods you can assess the importance and priority of individual risk. We recommend using the simplest method, because the more complex the risk assessment and prioritization system you choose, the more people in your organization you will discourage, because it becomes incomprehensible to them. The power is in simplicity, which is understood and accepted by all managers in your company.

The simplest way is to value risks according to their impact - i.e. the consequences on the company's operation and according to their probability that they will occur. A risk register that enables such an assessment will help you in this. 

However, sometimes the importance of the risk can be determined from several sub-factors. You can add or multiply factors. The key factor must be the severity and impact on the running of your organization:

Impact and consequences for your business

  • Severity of impacts and problems for your company's operation
  • Priority must be given to risks that directly threaten the running of your company
  • Priority risks causes paralysis of your key processes (for example, power failure, death of a worker, destruction of a machine, destruction of a building, theft of funds)

Impact of risk over time

  • How critical will the immediate impact be to the organization's operations?
  • How critical will the future impact be on the organization's operations?

The probability of occurrence has an overall priority effect

  • What matters is how likely the risk is to occur
  • Risks with a high probability have a high priority
  • On the contrary, low priority is given to low-probability risks and risks with a small impact
how to prioritize risks with calculated level

The levels of risk

Usually, there are three to five categories used to rank the risks and express their consequences. These are based on the potential severity of the damage caused. The following are examples of various levels of risks.

3 levels of risk 

  1. Low
  2. Moderate
  3. High

4 levels of risk

  1. Negligible
  2. Moderate
  3. Critical
  4. Catastrophic

5 levels of risk

  1. Tolerable  
  2. Low 
  3. Medium 
  4. High 
  5. Intolerable

How to select priority risks

  1. Sort the risks according to the level of risk
  2. Prioritize the risks with the highest level (Catastrophic, Excruciating, etc.)
  3. Prioritize measures for these risks (see next step)
evaluated risk level to prioritize risks

Overview of Risks by Priority

  • Once you have assessed and prioritized your risks, you can begin to manage them
  • You can see an overview of risks by priority on the card in the Kanban view
Risk overview by priority in Risk register

How to treat selected risks

Recommended to know
Where to go next