Skip navigation

Risk assessment

Identifying, analysing and evaluating risks to your business

Assessing risks in your business is as simple as working out what can go wrong, how and why.

A risk assessment involves identifying, analysing and evaluating risks. Using the following steps, document all risks that have, or may, impact your business. Include internal, external, market and industry risks.

Step 1. Identify potential risks

To identify risks, think about what could go wrong in your business considering past events, and possible future changes within your business or in the wider community, that could impact your business.

For each potential issue think of how and why it could happen. Research may help to create a thorough assessment.

Your research may include:

  • checking incident reports, hazard logs, customer feedback and complaints, and survey reports
  • review audit reports, for example, workplace safety reports or financial audit reports
  • consider your business' strengths, weaknesses, opportunities and threats (SWOT) - use the SWOT analysis template
  • discuss issues with stakeholders - your staff, customers, suppliers and advisers.

Step 2. Analyse

After identifying the risks to your business, work out each item's level of risk and which need to be attended to urgently.

Analyse risks related to an event by considering:

  • the damage the risk would cause
  • the likelihood of the risk happening

For example, if a competitor moves onto the same street (risk), you may receive fewer customers (damage). Consider how similar the competitor's business is to yours, and how loyal your customers are (likelihood the damage will occur).

Step 3. Evaluate

Compare the risk against your set of risk criteria to decide what action to take. Some risks require immediate action, while for others, taking action may be more costly than allowing the risk to occur. Evaluating the risk helps you decide whether or not to accept it.

You may choose to accept a risk if:

  • the benefits of taking the risk greatly outweigh the possible damage
  • the event has a low risk level
  • the cost of avoiding the risk is higher than the cost of incurring it.

The Australian Government has developed a simple risk analysis template to help you identify the potential risks your business might face and how you can control or minimise these risks.

Announcements and practical advice straight to your mailbox.

Please enter a personal email address. Generic addresses beginning with ‘info@’ or ‘admin@’ may be blocked from our email distribution system.

All information is collected and used in accordance with the DIIS Privacy Statement.