Asking Unbiased Risk Assessment Questions

Originally coined by the U.S. Army War College in the early ‘90s, the acronym VUCA, short for volatile, uncertain, complex, and ambiguous, has become a popular term for describing today’s business environment.

I agree this oft-repeated mantra could almost be considered cliché, but that doesn’t make it any less true. To make the best decisions possible in pursuit of strategic goals, executives need timely and accurate information.

This reality is one of if not the main reason why a thorough and efficient risk assessment process is so important.

To quickly recap from another article exploring the basics of risk assessment, this step can be defined as:

…a carefully constructed, constantly evolving, and regularly executed process within the organization that examines risks, both positive and negative, and prioritizes them using a combination of qualitative and quantitative methods to understand the influence a risk will have on the organization.”

To elaborate, “influence” can include how risks connect with the strategic plan, organizational mission, or specific operation(s). Also, “regularly executed” means more frequently than annually because the business and its operating environment changes more often than once a year. Hence, VUCA.

Without this all-important step, there will be no way to know where the company should focus resources, leading to an array of consequences like missed goals, lost revenue, and even displacement or failure in more extreme but a growing number of cases. As an example, just in the last few months, multiple companies in the Florida property insurance market have gone insolvent, while others have suffered credit rating downgrades.

I briefly mention in the risk assessment article different methods for gathering information after identifying the risks, with the two most popular being surveys and one-on-one interviews.

Each of the approaches have their merits depending on the circumstances, but in my experience, one-on-one conversations tend to yield richer information on risks and the company’s strategy.

But there’s a catch beyond ensuring the person is comfortable speaking with you, and that is…

How risk assessment questions are asked affects the quality of insights decision-makers ultimately receive.

This point has just as much to do with the human dimension of risk management that can mean the difference between success and failure. As a risk professional, you’re certainly going to have thoughts on the company’s direction.

However, this is not your risk assessment; it’s the company’s, so you have to be mindful of your biases and prevent any leanings or preferences from influencing the information you obtain from business areas across the enterprise.

This coupled with the reality of today’s turbulent world is why you want to avoid pointing things out and leading people on.

Therefore, to obtain unvarnished information on the business’ perspective, you want to avoid leading people down the path you think they should go or even give the impression you already know the answers.

Instead of asking point-blank if they have problems in a certain area, phrase your questions in a way that don’t point to a specific trouble spot.

Get them to tell you their perceptions of issues facing the company and their impact on its strategic goals and success.

For example, in a one-on-one session, I may start out with the following three risk assessment questions to get a lay of the land:

  1. Does the company have a strategic plan?
  2. What are the company’s three biggest priorities right now?
  3. How are these priorities going right now?

These open-ended questions can help you identify trends, which can then be used to understand root causes of what could help or hinder the company from achieving its goals.

In my example, I’m looking at the consistency in answers. If 3 people give wildly different answers to what the company’s priorities are, this could indicate communication problems.

Now if these three people were asked directly about communication challenges, they would be led down that specific path. They will likely say something to the effect of “now that you mention it” OR they will say they do not know any problems (since, for all they know, they’re operating from the same place as everyone else). Leading them on and assuming you know the risks and issues facing them is pushing your opinion on them, which isn’t helpful.

Of course, it’s important to remember these open-ended risk assessment questions are not all about pinpointing weaknesses, but strengths as well. It’s helpful to understand a company’s strengths, as they can offset weaknesses until those weaknesses can be improved or otherwise resolved.

I also want to point out that it is possible (and highly recommended) to not use the word risk in your information gathering stage. “Risk” as a word and subject can evoke some pretty strong reactions in some cases. The only time I use this word myself during a one-on-one interview is when asking about perceptions of the company’s ERM practices, with the specific purpose of listening to the person’s understanding of risk management practices, which can vary.

This one-on-one method using open-ended risk assessment questions certainly takes more time, but the potential for robust insights is so much greater. While it’s strongly recommended that you speak with at least a few people one-on-one, I realize surveys are much more practical for soliciting input from a larger group. Borrowing a page the ASK Method marketing system, surveys can be used for the larger group, but from that, you can peel off individuals to speak with one-on-one.

The big drawback of most surveys is that they typically rely on numerical scores, which on their own, don’t tell you much of anything. Therefore, if you have to use surveys, try to mix it up a little by including different answer options, such as a scale (not the typical risk scoring scale), yes/no, or a multiple choice with an “other” option where participants can expand their thoughts.

Taking special care with how you ask risk assessment questions can mean the difference between obtaining the insights decision-makers need to navigate today’s turbulent waters or gathering fluff that is ultimately of little value.

How do you structure risk assessment questions and approach one-on-one discussions with business units at your company?

Insights from other readers is extremely helpful in ensuring ERM and related processes are the best they can be. To share your thoughts, please don’t hesitate to leave a comment below or join the conversation on LinkedIn.

If for any reason you need to share your insights privately, please send your remarks to

And if your company is struggling with risk assessment questions or other aspects of understanding threats and opportunities to achieving strategic objectives, please don’t hesitate to email me or click this link to view my calendar and schedule a meeting to discuss your specific challenges and potential solutions.

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More