A new risk prioritisation matrix?

Year not in review

I imagine your inbox is peppered with annual wrap-ups around now. Risks included ongoing conflict, energy insecurity, climate volatility, cyber, new regulations (sustainability to fraud), inflation, more conflict, and varying degrees of economic prosperity or malaise.

How relevant each issue is will depend on what you do, where, with whom, and how.

That’s easy to write, harder to fathom in reality. I developed a matrix that might help.

Let’s use examples to help illustrate the point. Imagine you’re a manufacturer.

Alternatives: Tariffs, import restrictions, or conflict have made a commodity used in a component you purchase more volatile. Trying to understand (in detail) the complexities doesn’t make sense, but you might feel the sanctions exposure is concerning. Can you find alternative components? Do other providers source the commodity from stable markets? How does that impact timelines and costs?

Adapt: You’re in an industry on the wrong end of the ESG perception spectrum. Consider how you could innovate and create greener products. Initially, they will cost more, but is a part of the market willing to pay a premium? Or do you double down, recognising your products still have a need as competitors shift to try and appease consumer mores?

Act: Supply chain transparency requirements are increasing, especially around sustainability and human rights. Can you quickly audit your supplier list to determine where the greatest exposure might lie (countries, sectors, products/services with the highest risk)? Triaging the dataset down and starting there will undoubtedly be easier than a wholesale review (for now). It may require a strategic rethink of elements of your supply chain.

Get help: Workforce demographics are changing, and what was once acceptable on the shop floor is no longer. But who feels what? Where do people not know what’s expected of them? Where can’t people access support (to raise questions, suggestions, or concerns)? Do specific teams present elevated behavioural risks (low trust, low accountability)? Get data.

Risks will not always sit nicely in one quadrant and may travel between them. The critical step is understanding what to prioritise and where and when to act. The traditional approach of examining whatever appears most scary might skew our focus toward something indirect and hard to influence (e.g., geopolitical conflict and sanctions), ignoring sizeable exposures (fraud, psych safety, innovation constraints, workplace disputes, etc.) that we can more immediately change. The trick is striking the balance…

Need more?

Book a (free) strategy session, get new articles, and other content designed to be useful and fun.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Year not in review

Need more?

Services

Ethics Insight

Your Quick Guide To Managing Ethics & Compliance