How to conduct a risk assessment using a heat map
Below is the description on how to complete the boxes on the template. The following page is an example of a heat map template. The tables below give a value for Consequence and Likelihood.
- Process/Program/Project- Name or title of risk assessment
- Date- Date of risk assessment
- Process/Program/Project Owner- Name of the process owner
- Risk/Threat Description- Description of risk, event and/or threat that can impact achievement of business objectives
- Risk Identification- A Narrative of the consequence or severity and probability of it occurring. Include assumptions for analysis.
- Risk Description- Calculate likelihood and consequence of risk(s)
- Risk Analysis- Plot likelihood and consequences for each risk on the map
- Risk Evaluation- Compare risk evaluation against risk appetite or tolerance of the organization
- Risk Appetite/Tolerance and Action- determine to accept the risk or treat the risk
- Choice of Risk Treatment Strategies- Determine to avoid, accept, share or control risk
- Description of Risk Treatment Application- Describe the application of risk treatment or remediation
- Post Assessment of Risk Treatment Application- Recalculate likelihood & consequences of risk(s)
- Accept Risk or Additional Risk Treatment- Compare re-treatment against risk appetite or tolerance of the organization. Accept the risk or provide additional risk treatment.
The greater the impact or consequence, the higher the rating on the heat map. The highest level of consequence typically means there is a potential for loss of life, material loss to the organization, inability to provide critical services or inability to continue operations.
Likelihood is one of the axes on the heat map. Process owners rate the severity of risk in terms of likelihood of the risk to affect the ability to meet business objectives.
download the file here