GRAPE: the Generic Risk Assessment Process Explained
10 Jan 2017

Practically every risk assessment process is the same. Rather than reading boring stuff, use my handy checklist. I will then authorise you an additional fifteen (15) minutes of Facebook time to be used outside of working hours.

1. Write down all of the things that can go wrong

All of them.

Come on, use your imagination.

2. For each thing that can go wrong, tell me:

What is it?

How likely is it to happen? (Likelihood)

e.g. Trump gets elected President

You eat a second dessert with dinner tonight

Does the pope shit in the woods?

Supposing it happens, how bad will it be? (Impact)

Somebody ate the last bagel

Facebook is down

I’d lose my job. Oh, and people might die or something.

Will you go to prom with me? (Seriously)


3. How bad is it? (Risk)

How should I know? Just check some boxes!
It's fine

Go and sleep soundly.


It's probably nothing... but you should go check it out.


Time to call a meeting.

Super bad

Like Keeping Up With The Kardashians season 12.


Are you sure the building isn't on fire right now?


4. Bonus points: can you do anything to control the risk?

Go back and change the likelihood and impact figures yourself. What am I, your mother?

5. Are you happy with your current level of risk?

You might want to tell an adult. Your manager, your CEO or your dog are good candidates. Really, tell as many people as you can so that when they come looking for a scapegoat, you have someone else to point to.


This is meant to be funny. It’s still a better process than no process. Risk management is serious business and you should take all due care. I am not a lawyer, get professional advice, take two aspirin and call me in the morning, etc.

comments powered by Disqus