Risk Assessment Report for Professional Services

# Risk Assessment Report - Professional Services

## Purpose
Complete annually or when entering new markets, launching products, or undertaking significant business changes.

## When to Use
A formal risk assessment report with risk register, likelihood-impact matrix, mitigation strategies, and risk owner assignments.

## Instructions
1. Review the template below and familiarise yourself with the structure
2. Replace all [bracketed placeholders] with your professional services business details
3. Customise the tone and formatting to match your brand
4. Save in your preferred tool (Notion or Airtable)

---

## Risk Assessment Report

**Organisation:** [Company Name]
**Assessment Date:** [Date]
**Assessed by:** [Your Name], [Your Role]
**Review Period:** [Annual / Project-specific / Event-driven]
**Next Review Due:** [Date]

---

### Executive Summary

This risk assessment identifies and evaluates [X] risks across [X] categories for [Company Name]. Of these, [X] are rated as high or critical, requiring immediate mitigation. [X] are rated as medium, requiring monitoring and planned responses. [X] are rated as low, requiring awareness only. The most significant risks relate to [area 1] and [area 2]. This report includes mitigation strategies and owner assignments for all identified risks.

### Risk Assessment Methodology

**Likelihood Scale:**

| Rating | Likelihood | Description |
|--------|-----------|-------------|
| 1 | Rare | May occur in exceptional circumstances (<5% chance) |
| 2 | Unlikely | Could occur but not expected (5-20% chance) |
| 3 | Possible | Might occur at some time (20-50% chance) |
| 4 | Likely | Will probably occur in most circumstances (50-80% chance) |
| 5 | Almost Certain | Expected to occur (>80% chance) |

**Impact Scale:**

| Rating | Impact | Description |
|--------|--------|-------------|
| 1 | Insignificant | Minimal impact, easily managed within normal operations |
| 2 | Minor | Some disruption, managed with minor adjustments |
| 3 | Moderate | Significant disruption requiring management attention and resources |
| 4 | Major | Serious impact on operations, reputation, or financial position |
| 5 | Catastrophic | Threatens business viability, severe financial loss, or regulatory action |

**Risk Rating Matrix:**

| | Impact 1 | Impact 2 | Impact 3 | Impact 4 | Impact 5 |
|---|---------|---------|---------|---------|---------|
| **Likelihood 5** | Medium | High | High | Critical | Critical |
| **Likelihood 4** | Medium | Medium | High | High | Critical |
| **Likelihood 3** | Low | Medium | Medium | High | High |
| **Likelihood 2** | Low | Low | Medium | Medium | High |
| **Likelihood 1** | Low | Low | Low | Medium | Medium |

### Risk Register

| ID | Risk | Category | Likelihood | Impact | Rating | Trend | Owner |
|----|------|----------|-----------|--------|--------|-------|-------|
| R01 | [Risk description] | Strategic | [1-5] | [1-5] | [Critical / High / Medium / Low] | [New / Increasing / Stable / Decreasing] | [Name] |
| R02 | [Risk description] | Financial | [1-5] | [1-5] | [Rating] | [Trend] | [Name] |
| R03 | [Risk description] | Operational | [1-5] | [1-5] | [Rating] | [Trend] | [Name] |
| R04 | [Risk description] | Compliance | [1-5] | [1-5] | [Rating] | [Trend] | [Name] |
| R05 | [Risk description] | Reputational | [1-5] | [1-5] | [Rating] | [Trend] | [Name] |
| R06 | [Risk description] | Technology | [1-5] | [1-5] | [Rating] | [Trend] | [Name] |
| R07 | [Risk description] | People | [1-5] | [1-5] | [Rating] | [Trend] | [Name] |
| R08 | [Risk description] | [Category] | [1-5] | [1-5] | [Rating] | [Trend] | [Name] |

### Risk Summary by Category

| Category | Total Risks | Critical | High | Medium | Low |
|----------|------------|----------|------|--------|-----|
| Strategic | [X] | [X] | [X] | [X] | [X] |
| Financial | [X] | [X] | [X] | [X] | [X] |
| Operational | [X] | [X] | [X] | [X] | [X] |
| Compliance | [X] | [X] | [X] | [X] | [X] |
| Reputational | [X] | [X] | [X] | [X] | [X] |
| Technology | [X] | [X] | [X] | [X] | [X] |
| People | [X] | [X] | [X] | [X] | [X] |
| **Total** | **[X]** | **[X]** | **[X]** | **[X]** | **[X]** |

### Detailed Risk Analysis (Critical & High Risks)

---

**R01: [Risk Description]**

| Attribute | Detail |
|-----------|--------|
| Category | [Category] |
| Likelihood | [X] - [Descriptor] |
| Impact | [X] - [Descriptor] |
| Risk Rating | [Critical / High] |
| Risk Owner | [Name, Title] |

**Description:** [Detailed description of the risk, including context and potential triggers]

**Potential Consequences:**
- [Consequence 1]
- [Consequence 2]
- [Consequence 3]

**Existing Controls:**
- [Control 1, e.g. Current insurance coverage]
- [Control 2, e.g. Existing policy or procedure]

**Additional Mitigation Required:**

| Action | Responsible | Due Date | Status |
|--------|-------------|----------|--------|
| [Action 1] | [Name] | [Date] | [Not Started / In Progress / Complete] |
| [Action 2] | [Name] | [Date] | [Not Started / In Progress / Complete] |

**Residual Risk (after mitigation):** [Likelihood] x [Impact] = [Rating]

---

**R02: [Risk Description]**

| Attribute | Detail |
|-----------|--------|
| Category | [Category] |
| Likelihood | [X] - [Descriptor] |
| Impact | [X] - [Descriptor] |
| Risk Rating | [Critical / High] |
| Risk Owner | [Name, Title] |

**Description:** [Detailed description]

**Potential Consequences:**
- [Consequence 1]
- [Consequence 2]

**Existing Controls:**
- [Control 1]
- [Control 2]

**Additional Mitigation Required:**

| Action | Responsible | Due Date | Status |
|--------|-------------|----------|--------|
| [Action 1] | [Name] | [Date] | [Status] |
| [Action 2] | [Name] | [Date] | [Status] |

**Residual Risk (after mitigation):** [Likelihood] x [Impact] = [Rating]

---

### Recommendations

1. [Recommendation 1, e.g. Prioritise mitigation actions for all Critical risks within 30 days]
2. [Recommendation 2, e.g. Review insurance coverage against identified risk exposures]
3. [Recommendation 3, e.g. Implement quarterly risk reviews with all risk owners]
4. [Recommendation 4, e.g. Develop business continuity plan to address [specific scenario]]

### Sign-Off

| Role | Name | Signature | Date |
|------|------|-----------|------|
| Prepared by | _______________ | _______________ | _______________ |
| Reviewed by | _______________ | _______________ | _______________ |
| Approved by | _______________ | _______________ | _______________ |

---

**Complexity:** advanced | **Setup time:** 30 minutes | **Tools:** Notion, Airtable

Note: This template has been tailored for professional services businesses in Australia. Adjust terminology and compliance references to match your specific context.