When Taking a Risk Inventory, Here Are Three Major Categories of Risk

Risks to ProfileOnce your company has decided to conduct a risk inventory and committed to creating a risk register, you need to know what threats and opportunities to consider. This post explores that question.

When conducting your risk inventory, you need to consider financial, operational, and environmental (that is, contextual) risks. Your goal isn’t necessarily to look at each department and position within your organization separately, but instead to understand how each of your threats and opportunities could impact your organization.


When we think of risk, our minds go immediately to financial risks. For good reason – the financial function has to adhere to substantial regulations. Furthermore, without cash, nothing gets done. We have written before about how financial risks sometimes get more attention than they deserve, but financial threats and opportunities do remain important. Under the umbrella of “financial” risks, you could explore capital structure, cash controls, liquidity, and funding sources. Here are some questions that can help you uncover financial risks:

  • Who handles tax preparation and accounting? Look at the people responsible, the record-keeping procedures, document retention policy, accounting methods, and internal controls. Is tax compliance being handled accurately? Know what tax forms are needed, what regulations must be met, and who’s handling each tax requirement.
  • Who does what within your financial function? Look for a separation between those signing checks and those approving expenditures. Also look for who is setting fiscal policies and how they’re being applied. Understand how payroll, AP/AR, purchases, disbursements, and invoices are handled. Are there opportunities for streamlining, or should additional controls be put in place?
  • How secure are accounts/account information? How are passwords handled, where are checks stores, and how much of your company’s financials are on the cloud or accessible to hackers?
  • How is reporting handled? Know who reviews what, when reports are prepared and by whom, what’s included and what’s not, and at what level of budget variance requires explanation. When is audit required? Who conducts it and how often?


Under the umbrella of operational threats and opportunities, you would look at HR/talent management, marketing, sales, operations, accounting (as an operational function), customer retention, planning, ethics, compliance, organizational structure, core processes (what they are and how they are done), leadership structure, risk management, business continuity/emergency, and information technology. Here are some probing operational questions:

  • Who is your ownership? Is there a formal ownership agreement and a perpetuity plan in place? What are the intentions for the business going forward?
  • Who are your employees? Have you conducted business skills inventory on your people? How do you communicate company policy? Who has access to what software or company information? How are you protecting trade secrets?
  • Who are your vendors? What contracts exist with each and where could your supply chain fail should a vendor not deliver?
  • What are your core processes? Usually those include financial, various operational functions, marketing, sales, compliance, risk management, and HR/talent management, but if there are others, identify them. Do you have a clearly documented “way” of performing each process?
  • Who is your governing body? What bylaws are in place, and how is your company protected against corporate malfeasance at all levels? Do your board members have term limits?
  • What potential negative side-effects (pollution, noise, etc.) do your operations have on others?
  • How is your IT function being run? Who manages the security and operation of your equipment? Do you have a password-change policy that’s enforced? Where is data stored and what process keeps data secure?


Outside forces often can interfere with or multiply a company’s success. Understanding what some of the more common risks are, you can begin to formulate a prevention/reduction strategy or develop initiatives to take advantage of new opportunities for growth, revenue, impact, and sustainability. Contextual areas to explore include reputation management, economic trends, cultural trends, potential mergers and acquisitions, competition, and partnering opportunities. Questions include:

  • How is the company reputation being protected? Are the people in charge of marketing and social media keeping personal opinion out of the company’s professional accounts? What’s the strategy for reputation recovery?
  • How is the company adjusting to economic changes? When the economy wavers, do you have a plan in place to respond to losses? Are you tracking cultural changes and adapting products or services to remain current in the market? How often do you track competitors?
  • Are there plans for expansion or merger? Are all business owners, stakeholders, and partners in on the planning for sustainability growth? What is the process by which the business makes critical market and competitive decisions?

One Step at a Time.

This seems like a large list of issues, and it is. But even if you approach these questions at a high level, you are going to get much greater clarity about the threats and opportunities your organization confronts.

Please share this post if you found it useful.


Leave a reply

Your email address will not be published. Required fields are marked *