What to Include in a Risk Assessment Checklist | ComplianceBridge

What to Include in a Risk Assessment Checklist

Written by Risk Management Team on April 16, 2019

Risk assessments help your company identify, estimate and prioritize risk. These risks can be things such as organizational operations or business assets. A risk assessment checklist ensures you’ve evaluated every area of your business when preparing to conduct a risk assessment. With a checklist, you can be sure you have considered risk from every direction and have all the information to allow your company to ultimately develop a risk management plan.

Compiling a risk assessment checklist is the first step to assessing risk. It can be used to inform an appropriate plan for assessing and managing risk. On this checklist, you should be able to quickly organize a list of potential areas of risk based on past experiences and forecasting.

Risk assessments can be created for a variety of cases, covering isolated situations such as a special project or a wider scope such as overall operational performance. Risk assessment checklist, for this reason, can also be molded to fit the situation. This blog details what areas you must consider on your risk assessment checklist to be certain you have identified any potential issues for assessment.

What Should a Risk Assessment Checklist Include?

This is not an exhaustive list, but it includes major stress areas for your company. It can help you begin to consider other areas of potential risk that may be unique to your company.


First, begin your checklist by determining the scope of the work you’ll be assessing. Will it be a particular area or department of your company or a specific project you’re undertaking? Within that purview, have any of the processes you’ll be evaluating been previously assessed? You can use the results from risk assessments performed on similar operations to help you identify any issues that may arise this time around. Also consider if any of the tasks or processes you’re looking at now are new for your company. Any untried methods carry with them some inherent risk, and they should be identified on your checklist, as well.


In this area of your risk assessment checklist, you should take a closer look at the resources available to you as well as resources you think you’ll need. ‘Resources’ is a broad term for all the different things that can be included in this category. In general, consider the two main areas of resources that can present risks: people in your company and external resources.

Your employees are definitely a resource for your company, and you should be prepared to assess those people that fall within the scope of the work you’re looking at. Are they well-trained for the task at hand? If there’s a new responsibility, have they been properly trained for the undertaking? Will you have enough workers to safely perform the operations required, or do you need to source more people, either internally or externally? With the answers to questions such as these, you can begin to determine where potential risks exist with your personnel.

External resources encompasses anything that you need to source from either another area of your company or outside of your company from, say, a supplier. First, consider if there are any materials, substances or assets you need to acquire to perform any of the tasks or processes you will assess? If the answer is yes, think critically about how you will obtain these resources and if the supply chain is sustainable. Due to circumstances both within and out of your control, you may fail to obtain the resources you need. What is the risk of not having enough or not having what you need in time? Do you have a contingency plan in place?

You should also consider potential compliance issues when you evaluate your resources. Spend a bit of time scrutinizing the employees; are they following appropriate rules and regulations? Also look at your list of external resources and determine if there are any questions of compliance that arise with any of them. If the use of a substance or material becomes restricted by regulators, you may need to consider an alternative, and there are risks associated with that, as well.


At this point, your risk assessment checklist should analyze the operational timeline for the area of work you’re going to assess. Whether it’s a particular project or daily operations, your company should have some kind of a schedule in place. At first glance, do you see any issues that may arise from the work schedule? Does the schedule allow for any flexibility or wiggle room? How confident are you that you will fulfill the work on schedule and that time has been estimated accurately? Failing to take a critical look at your timeline leaves you open to potential consequences later when you’re forced to readjust, especially financially.

You should also look at the timeline for other components such as the arrival of shipments or bringing on more personal. How can events like these potentially affect your forecasted timeline? There are a number of outside forces that can affect your timeline including weather, compliance issues and revenue. Determine the forces that could cause you to reevaluate your timeline, and include them on your risk assessment checklist.


It’s important to always evaluate costs when assessing any area of your company. A thorough evaluation now will save you a headache later. First, begin by compiling the operation costs for the project or operational area you plan to assess. Even if you believe you’ve accounted for all expenses, there could still be risks you haven’t planned for. Are there any unknowns in your planned expenses? What is the potential damage of them?

Consider how risks in other areas can affect the budget. For instance, what is the financial risk of falling behind schedule or being short-staffed? Depending on your organization, the types of events that could present a risk to your financials will vary. Other areas on your risk assessment checklist can be a good starting place for beginning your evaluation.

Outside Parties

We’ve already discussed the risks outside forces can carry. Outside parties are no different. Under this descriptor, you may find stakeholders, partners, wholesalers and more. These are individuals, groups or organizations that are in some way involved in the processes or project you are going to assess. Your company doesn’t have as much administrative or operational control over these parties, and that alone engenders risk. To begin assessing the risks they carry, first evaluate what responsibilities they have. What, if any, risk is there in them not fulfilling their responsibilities? How much does the success of a project or task rely on an outside party’s input; is there a risk that a project or task won’t be completed, or at least fall behind schedule? Do any of the risks of your outside parties affect your company or operations in any way? What happens if you lose a partner or stakeholder relationship? Identify potential risks related to your outside parties on your checklist.


After you’ve analyzed the areas detailed above for potential risk, you can better evaluate any risks related to the goals of the project, task or operational area you will assess. By assessing your goals, you’ll be able to identify any issues that could affect overall success. Principally, will you be able to deliver on the goals you’ve set? Are all of the processes, tasks and resources in line with these goals? This includes your employees. Are they all working in pursuit of the same overall goals? It is also worth asking yourself if achieving these goals will be worth it. After identifying the risks you may incur, do you still want to risk it?

Assessing risk with ComplianceBridge™ Risk by ComplianceBridge™

The only way to know if the issues you’ve compiled in your risk assessment checklist will actually affect you is by assessing them. Assessing risk can be a complex and time consuming process, especially when you perform them the old-fashioned way. ComplianceBridge Risk by ComplianceBridge provides you with a powerful platform for constructing and administering risk assessments.

Assessments are easy to build and allow you to decide the level of complexity you desire. You have multiple question types to build with including multiple choice, fill-in-the-blank, yes/no, short answer and ratings. Questions can be weighted for a more accurate quantitative analysis. Quickly finalize and distribute assessments to individuals, groups, distribution lists or to the whole workforce. With ComplianceBridge Risk, you can even assign specific questions or sections of assessments to different groups to best utilize your experts.

Track results in real-time. As responses come in, you can see how respondents answer each question. ComplianceBridge Risk allows you to assess risk at a granular level. With this data, you have the insights you need to develop a risk management strategy.

Automate the risk assessment process with ComplianceBridge and fulfill all the requirements you’ve compiled for yourself on your risk assessment checklist. Request a demo with us today and learn how we can help your company or organization manage risk.

To request a demo for ComplianceBridge Risk, contact Dave Carroll at dcarroll@compliancebridge.com or click the button below!

Watch a 2 Minute Demo of ComplianceBridge

Find out more about ComplianceBridge’s Policy & Procedure Software, as well as its Risk Management Software by watching a two-minute demo.

Watch Demo Now