Remember Me


Priortizing Risks Using a Risk Profile Heat Map

Asked on 8 September


1) Is there a best practice / standard way to prioritise risks?  Historically, we have used Likelihood (L) Impact (I) ^ 1.XX to give us a priority order.  The problem is, no one in my company knows where the 1.XX came from and whether it is still relevant.  Other suggestions have been L I or L X I, but neither of these allows us to determine a clear priority order (as risks with different ratings can end up with the same score – risk with I of 4 and L of 1 has the same score as a risk with I of 1 and L of 4 (under the L X I model)).


2) In relation to the heat map itself – is there a best practice to determine the colouring?  Currently extreme risks are coloured red, and our top 5 scored boxes as coloured red, with others in orange, yellow etc. 


Or do we need to think about this backwards and determine with the leadership team what the extreme risk red boxes should be and develop a priority ranking order based on this?


I have been charged with coming up with a starting point and any feedback would be appreciated.



Our Risk Assurance division holds annual Risk Champion workshops with functions that are considered material business risk areas.  We use set risk rating criteria (i.e. Impact and Likelihood criteria) for each risk and plot these on a risk profile (or heat map) to determine extreme, high, moderate and low risks.  Our current heat map looks is a 5 X 5 box with 5 levels for impact (i.e. severe, major etc) and 5 levels for likelihood (i.e. rare, possible etc).


One of the deliverables of this process is to present the top X risks in priority order and this is presented to, and monitored by, our leadership team.  We have had a lot of discussion around determining an appropriate way to develop a ranking system to be used across all the risk champion workshops.








About the Risk Management Implementation Forum

This forum allows risk professionals to pose questions around Enterprise Risk Management and related issues.

> Go to the CEB Risk Management Leadership Council Website


3967 Replies to 365 Questions
1132 Members


Gosia Pekala

Related Questions

<< Back to the Questions list
Edit Response