Skip to Content
Resource Articles //

DBA Course Insight: The Methods and Process for Identifying Risk

These four risk identification techniques can help business leaders improve risk management in their organizations.

Business leaders have many roles. They’re strategists, innovators, visionaries, problem solvers, and managers. They navigate risk, tackle complex business issues, and influence change across organizations and industries.

If you’re a business professional who wants to step into a leadership role, you might consider advancing your skills and expertise by earning a Doctor of Business Administration degree. In the online DBA program at Walden University, doctoral students study the latest business research, theories, and trends, and they learn to apply this knowledge to create evidence-based solutions relevant to their workplaces and careers.

DBA Course Insight: The Methods and Process for Identifying Risk

For example, DBA students in the online course Homeland Security – Business Planning are studying risk management by reading “Modern Methods of Risk Identification in Risk Management,” by Ana-Maria Dinu. The article defines specific techniques for identifying risk that business leaders and senior-level managers can use to minimize and manage risk in their companies.

“Risk management is an important part of planning for businesses. The process of risk management is designed to reduce or eliminate the risk of certain kinds of events happening or having an impact on the business,” according to Dinu’s article.

The article summarizes the risk management process with this diagram:

Read along with our online DBA students to learn about the techniques for identifying risk—what the Dinu calls the “most important step” in managing risk in your organization:1

Identifying risks is the first and perhaps the most important step in the risk management process. If there is a failure to identify any particular risk, then the other steps in the risk management cannot be implemented for that risk.

Risk management uses formulas and templates to narrow in on and to identify risk. Which formulas and templates are used, is often determined by the industry that they are being practiced in. Some common methods of risk identification are brainstorming, flowchart method, SWOT analysis, risk questionnaires, and risk surveys.

1. Brainstorming

When objectives are stated clearly and understood by the participants, a brainstorming session drawing on the creativity of the participants can be used to generate a list of risks. In a well facilitated brainstorming session, the participants are collaborators, comprising a team that works together to articulate the risks that may be known by some in the group. In the session, risks that are known unknowns may emerge, and perhaps even some risks that were previously unknown unknowns may become known.

Facilitating a brainstorming session takes special leadership skills, and, in some organizations, members of the internal audit and enterprise risk management (ERM) staff have been trained and certified to conduct risk brainstorming sessions. In addition to well-trained facilitators, the participants need to understand the ERM framework and how the brainstorming session fits into the ERM process. The participants may very well be required to do some preparation prior to the session.

In using this technique, one company familiar to the authors noted that, because the objectives were unclear to some of the participants, the process had to back up and clarify the objectives before proceeding. Using a cross-functional team of employees greatly increases the value of the process because it sheds light on how risks and objectives are correlated and how they can impact business units differently.

Often in brainstorming sessions focused on risk identification, a participant may mention a risk only to have another person say: “Come to think of it, my area has that risk, and I have never thought of it before.” With the team sharing experiences, coming from different backgrounds, and having different perspectives, brainstorming can be successful in identifying risk. It is also powerful when used at the executive level or with the audit committee and/or board of directors.

2. Flowchart Method

The Flowchart Method is used to graphically and sequentially depict the activities of an operation or process to identify exposures, perils, and hazards. There are a variety of methods that can be used including: product analysis, dependency analysis, site analysis, decision analysis, and critical path analysis. These methods can illustrate interdependency within your organization; they can easily pinpoint bottlenecks and can determine a critical path. They do not indicate frequency or severity, but only show minor processes with major loss potential, they have a limited applicability to liability exposures and in most situations, they are too process oriented.

3. SWOT Analysis

SWOT (Strengths-Weaknesses-Opportunities-Threats) analysis is a technique often used in the formulation of strategy. The strengths and weaknesses are internal to the company and include the company’s culture, structure, and financial and human resources. The major strengths of the company combine to form the core competencies that provide the basis for the company to achieve a competitive advantage. The opportunities and threats consist of variables outside the company and typically are not under the control of senior management in the short run, such as the broad spectrum of political, societal, environmental, and industry risks.

For SWOT analysis to be effective in risk identification, the appropriate time and effort must be spent on thinking seriously about the organization’s weaknesses and threats. The tendency is to devote more time to strengths and opportunities and give the discussion of weaknesses and threats short shrift. Taking the latter discussion further and developing a risk map based on consensus will ensure that this side of the discussion gets a robust analysis. In a possible acquisition or merger consideration, a company familiar to the authors uses a SWOT analysis that includes explicit identification of risks. The written business case presented to the board for the proposed acquisition includes a discussion of the top risks together with a risk map.

4. Risk Questionnaires and Risk Surveys

A risk questionnaire that includes a series of questions on both internal and external events can also be used effectively to identify risks. For the external area, questions might be directed at political and social risk, regulatory risk, industry risk, economic risk, environmental risk, competition risk, and so forth. Questions on the internal perspective might address risk relating to customers, creditors/investors, suppliers, operations, products, production processes, facilities, information systems, and so on.

Questionnaires are valuable because they can help a company think through its own risks by providing a list of questions around certain risks. The disadvantage of questionnaires is that they usually are not linked to strategy.

Rather than a lengthy questionnaire, a risk survey can be used. In one company, surveys were sent to both lower- and senior-level management. The survey for lower management asked respondents to “List the five most important risks to achieving your unit’s goals/objectives.” The survey to senior management asked participants to “List the five most important risks to achieving the company’s strategic objectives.” The survey instruments included a column for respondents to rank the effectiveness of management for each of the five risks listed, using a range of one (ineffective) to 10 (highly effective). Whether using a questionnaire or survey, the consolidated information can be used in conjunction with a facilitated workshop. In that session, the risks are discussed and defined further. Then interactive voting software is used to narrow that risk list to the vital few.

A Doctorate in Business Can Help You Stand Out

Do you want the business-oriented critical thinking and problem-solving skills required to manage risk and develop effective business solutions? Earning a doctorate through an online DBA program could be a great option for you.

The DBA degree is respected by top employers and can help you emerge as a business expert. By advancing your credentials and education in an online doctoral program, you can get the next-level business knowledge, management skills, and leadership training needed to move up in your company and career.

Walden University is an accredited institution offering a Doctor of Business Administration degree program online. Expand your career options and earn your degree in a convenient, flexible format that fits your busy life.


Walden University is accredited by The Higher Learning Commission,