CEB Blogs


Risk Management

Risk Heat Maps: 7 Hot Tips

Heat maps are popular and powerful

Fire Kindling SparkAccording to risk reporting benchmarks gleaned from enterprise risk management (ERM) teams at more than 50 companies in over 20 global industries, ERM teams find heat maps to be the most compelling way to explain the nature of the risks faced by the company.

In fact, 82% said they use heat maps in board-level reports (76% in executive-level reports) and only 51% said they use risk dashboards, the next most common method.

That’s because a well-designed heat map will help an audience understand the multiple variables that combine to threaten a company. ERM teams that want to make their heat maps as good as they can be should use the seven tips below.

  1. Separate the “impact ratings” for different kinds of risk (e.g. financial, operational, and strategic).

  2. Add layers to traditional impact and likelihood displays. Display additional variables like risk velocity and control effectiveness.

  3. Demonstrate the effectiveness of risk mitigation plans by including inherent and residual risks. Illustrate reductions in risk exposure based on mitigation/internal controls.

  4. Differentiate zones of acceptable and unacceptable risk exposure on the heat map.

  5. Display changes over time by demonstrating movements in risk exposure value.

  6. Establish risk reduction targets by inserting desired risk levels that can instigate conversations about specific mitigation activities.

  7. If possible, filter the risk assessment data to show different perspectives across the organization.

It Sounds Complicated, But It Doesn’t Have to Be

While incorporating all of these factors may seem to make something that should be simple into something overly complex, this isn’t the case if it’s done correctly.

For example, Pepco Holdings Inc. maps the trajectory of a risk (see chart 1 and this post for more detail). This depiction not only shows the inherent and residual risk levels, but also the target threat level and mitigation plans, alongside probability and impact scores. Yet the format is easy to read.

Pepco Risk Trajectory

Chart 1: Pepco risk trajectory  Illustrative example  Source: CEB analysis

More On…

Leave a Reply



Recommended For You

ERM and Government Affairs: Two Heads Are Better Than One

Legislative and regulatory change now worries risk managers more than any other single risk faced...