GRAPE: the Generic Risk Assessment Process Explained

10 Jan 2017

Practically every risk assessment process is the same. Rather than reading boring stuff, use my handy checklist. I will then authorise you an additional fifteen (15) minutes of Facebook time to be used outside of working hours.

1. Write down all of the things that can go wrong

All of them.

Come on, use your imagination.

2. For each thing that can go wrong, tell me:

What is it?

How likely is it to happen? (Likelihood)

Unlikely

e.g. Trump gets elected President

Moderate

You eat a second dessert with dinner tonight

Likely

Does the pope shit in the woods?

Supposing it happens, how bad will it be? (Impact)

Mild

Somebody ate the last bagel

Moderate

Facebook is down

Severe

I’d lose my job. Oh, and people might die or something.

Will you go to prom with me? (Seriously)

3. How bad is it? (Risk)

Super bad

Like Keeping Up With The Kardashians season 12.

4. Bonus points: can you do anything to control the risk?

Go back and change the likelihood and impact figures yourself. What am I, your mother?

5. Are you happy with your current level of risk?

You might want to tell an adult. Your manager, your CEO or your dog are good candidates. Really, tell as many people as you can so that when they come looking for a scapegoat, you have someone else to point to.

Disclaimer

This is meant to be funny. It’s still a better process than no process. Risk management is serious business and you should take all due care. I am not a lawyer, get professional advice, take two aspirin and call me in the morning, etc.