Carrying on a business involves exposing the company to unavoidable risks. Part of operating a business successfully is to manage these risks in a way that limits the company's exposure to them. Risk assessment identifies the threats to a company, matches them with business vulnerabilities, and evaluates the impact should a damaging event occur. A risk assessment checklist pinpoints where the risks are highest and helps rank the risks in order of priority.

Personnel Risks

A risk assessment checklist asks you to identify who is responsible for each aspect of security and safety for personnel. It specifies that you have to verify that employees and third parties receive adequate instructions and training to ensure safety, security, confidentiality, and non-disclosure of sensitive data. Finally, it has to specify a review of the terms and conditions of employment to make sure they identify and adequately address potential personnel risks.

Risks to Assets

In terms of risks to assets, you can use the checklist to verify that an inventory is accurate and updated regularly. It specifies that you have to identify the employees responsible for keeping inventory, and check for procedures to keep valuable assets safe.

Organizational Risks

Risks from faults in the organizational structure of the company are expressed in terms of responsibility for taking appropriate action for specific events. The risk assessment checklist asks you to verify that, for each event like a fire or an accident, a particular employee is responsible for taking specific action, such as calling 911, accounting for whereabouts or evacuation of staff, or getting the first aid kit.

Information Security

The risk assessment checklist requires a verification of the information security procedures and asks you to check that an employee is responsible for their application. The procedures must call for a review and possible revision of the procedures when a security breach occurs. In addition to covering general information security, the procedures have to specify what measures the company is taking to safeguard the private information of employees and customers.

Facility Risks

Facility risks include physical risks such as fire, operational risks such as electrical failure, and access control risks such as theft. The risk assessment checklist must ask you to identify each risk and verify the existence of corresponding procedures. The checklist should identify who is responsible for monitoring and mitigating each risk, and confirm that procedures include organized responses to incidents.

Operational Risks

The risk assessment checklist has to include items that address the safety and security of the company's operating procedures. It must ask you to verify that procedures for each production step exist and that the employees follow them. It specifies that you have to check for records of maintenance, testing and quality assurance. Each employee must be qualified to carry out his particular job.

Business Continuity Risks

Business continuity planning includes procedures for handling incidents that threaten company operations, as well as succession planning for the possibility of losing key employees. The risk assessment checklist must ask you to verify that such plans exists, that they are tested, reviewed, and updated regularly, and that they are effective in ensuring that the company can continue to function in the face of defined incidents.