Learn how to build a risk heat map to successfully predict risk for your business

Learn how to build a risk heat map to successfully predict risk for your business

Camilla Viola

Introduction
Strategic decisions are becoming increasingly data-driven but, in the words of Thomas H. Davenport, “data is worthless if you don’t communicate it” [1]. In fact, McKinsey predicts a shortage of 1.5 million data-savvy managers and analysts to use data effectively [2].

Therefore, organisations need to implement strong data visualisation techniques to identify issues and communicate them in a way that is easy to understand. An effective tool for this purpose is the risk heat map.

A heat map is a risk assessment tool that represents data by plotting each risk against two axes, using a colour scale to indicate the magnitude of the threats. Although creating a heat map may seem intuitive, it is easy to make mistakes that can negatively affect the usefulness of the tool. This article explains how to create a robust heat map to help you identify and act on your organisation’s most pressing risks.

How to build a risk heat map
You can use a risk map to manage specific threats (e.g., coronavirus, cybersecurity) or to get a general overview of potential threats. At 180 DC Barcelona, we chose to focus our heat map on the effects of the pandemic.

Whichever way you choose, you should follow five simple steps to create a heatmap and transform it into a risk-management strategy.

Step 1: Identify risks
Firstly, you need to identify the risks by analysing each department of your organisation in detail. List different factors and threats and evaluate how they affect each team’s main goals and activities. Always remember to review the risks with your team members to ensure you cover all the possible risks. Some examples of risks we identified in our heat map include:

  1. Cyberattacks
  2. Loss of productivity
  3. Project cancellation
  4. Lower sponsorship opportunities

Step 2: Assess risks
Acting on risk means deploying financial resources and human capital, which are usually constrained. Therefore, you need to quantify your risks so you can prioritise them and allocate resources accordingly. Each risk should be weighed in terms of impact and likelihood. You may include more variables to create a more granular analysis, however, increasing complexity can make the model difficult to visualise and thus reduce the effectiveness of the map.

You will need to score each risk’s impact on your organisation and likelihood of occurrence, for example on a scale from one to five. This step is not strictly quantitative, and you will often find yourself carrying out a qualitative analysis, but you will need to be able to score each risk accordingly.
You should produce a table listing each risk and its corresponding score for each variable.

Step 3: create a heat map to show the risks visually
Now that risks have been quantified and organised in a table, it might still be hard to form a targeted strategy. Building a risk heat map helps to understand the data, derive insights and communicate the findings in a clear way, easy to understand across the company/ association. Below you can see a heat map we created for our organisation.


The heat map is colour coded from green to red to indicate the level of risk. ‘Likelihood’ and ‘Impact’ appear on the main axis, while the size of the bubbles to show the speed of onset.

You can easily build a heat map using PowerPoint or Excel. However, for a more professional and dynamic board, Power BI and Tableau offer a very intuitive platform for data visualisation, free to use for students.

Step 4: Implement a response strategy
Once you plot each risk in the graph, you can find the risks that pose the highest threats, and thus place a larger focus on those. You can then analyse the situation and devise a strategy with response-action goals to control each risk.

Step 5: monitor performance
Lastly, define KPIs to monitor the performance of the strategy. It is often impossible to annihilate risks, however, it is possible to mitigate each risk to a manageable level. Thus, it is important to set reasonable targets for the KPIs, attainable yet effective in decreasing risk.

Conclusion
Following these five simple steps will help you create an effective risk heat map that will allow you to identify, prioritise and mitigate the main threats to your operation. If you would like further advice regarding risk mitigation, do not hesitate to get in touch with us. To learn about how we mapped our risks, read our article: How we used a risk heat map to identify problems at 180 DC Barcelona.

References
[1] Davenport, T., 2013. Data is Worthless if You Don’t Communicate It. Harvard Business Review.
[2] Manika, J., Chui, M., Brown, B., Bughin, J., Dobbs, R., Roxburgh, C. and Bayers, A., 2011. Big data: The next frontier for innovation, competition, and productivity. McKinsey Global Institute.

Back To Blog
Camilla Viola

Introduction
Strategic decisions are becoming increasingly data-driven but, in the words of Thomas H. Davenport, “data is worthless if you don’t communicate it” [1]. In fact, McKinsey predicts a shortage of 1.5 million data-savvy managers and analysts to use data effectively [2].

Therefore, organisations need to implement strong data visualisation techniques to identify issues and communicate them in a way that is easy to understand. An effective tool for this purpose is the risk heat map.

A heat map is a risk assessment tool that represents data by plotting each risk against two axes, using a colour scale to indicate the magnitude of the threats. Although creating a heat map may seem intuitive, it is easy to make mistakes that can negatively affect the usefulness of the tool. This article explains how to create a robust heat map to help you identify and act on your organisation’s most pressing risks.

How to build a risk heat map
You can use a risk map to manage specific threats (e.g., coronavirus, cybersecurity) or to get a general overview of potential threats. At 180 DC Barcelona, we chose to focus our heat map on the effects of the pandemic.

Whichever way you choose, you should follow five simple steps to create a heatmap and transform it into a risk-management strategy.

Step 1: Identify risks
Firstly, you need to identify the risks by analysing each department of your organisation in detail. List different factors and threats and evaluate how they affect each team’s main goals and activities. Always remember to review the risks with your team members to ensure you cover all the possible risks. Some examples of risks we identified in our heat map include:

  1. Cyberattacks
  2. Loss of productivity
  3. Project cancellation
  4. Lower sponsorship opportunities

Step 2: Assess risks
Acting on risk means deploying financial resources and human capital, which are usually constrained. Therefore, you need to quantify your risks so you can prioritise them and allocate resources accordingly. Each risk should be weighed in terms of impact and likelihood. You may include more variables to create a more granular analysis, however, increasing complexity can make the model difficult to visualise and thus reduce the effectiveness of the map.

You will need to score each risk’s impact on your organisation and likelihood of occurrence, for example on a scale from one to five. This step is not strictly quantitative, and you will often find yourself carrying out a qualitative analysis, but you will need to be able to score each risk accordingly.
You should produce a table listing each risk and its corresponding score for each variable.

Step 3: create a heat map to show the risks visually
Now that risks have been quantified and organised in a table, it might still be hard to form a targeted strategy. Building a risk heat map helps to understand the data, derive insights and communicate the findings in a clear way, easy to understand across the company/ association. Below you can see a heat map we created for our organisation.


The heat map is colour coded from green to red to indicate the level of risk. ‘Likelihood’ and ‘Impact’ appear on the main axis, while the size of the bubbles to show the speed of onset.

You can easily build a heat map using PowerPoint or Excel. However, for a more professional and dynamic board, Power BI and Tableau offer a very intuitive platform for data visualisation, free to use for students.

Step 4: Implement a response strategy
Once you plot each risk in the graph, you can find the risks that pose the highest threats, and thus place a larger focus on those. You can then analyse the situation and devise a strategy with response-action goals to control each risk.

Step 5: monitor performance
Lastly, define KPIs to monitor the performance of the strategy. It is often impossible to annihilate risks, however, it is possible to mitigate each risk to a manageable level. Thus, it is important to set reasonable targets for the KPIs, attainable yet effective in decreasing risk.

Conclusion
Following these five simple steps will help you create an effective risk heat map that will allow you to identify, prioritise and mitigate the main threats to your operation. If you would like further advice regarding risk mitigation, do not hesitate to get in touch with us. To learn about how we mapped our risks, read our article: How we used a risk heat map to identify problems at 180 DC Barcelona.

References
[1] Davenport, T., 2013. Data is Worthless if You Don’t Communicate It. Harvard Business Review.
[2] Manika, J., Chui, M., Brown, B., Bughin, J., Dobbs, R., Roxburgh, C. and Bayers, A., 2011. Big data: The next frontier for innovation, competition, and productivity. McKinsey Global Institute.

Back To Blog