Gartner Research

Essentials: Running an Effective Risk Assessment Process

Published: 29 April 2019

ID: G00707826

Analyst(s): Legal and Compliance Research Team


This resource provides an overview of the risk assessment process as well as best-practice implementation tips for legal leaders responsible for risk assessment in legal, compliance or privacy departments.

Table Of Contents

Step 1: Prepare Key Stakeholders for the Risk Assessment

Build Stakeholder Buy-In With a Tailored Business Case

Assign Clear Roles and Responsibilities for All Participating Parties

Table 1: Common Risk Assessment Roles

Step 2: Build an Effective Risk Assessment Process

Gather and Use Cross-Functional Data to Inform Your Risk Assessment

Define Your Risk Catalog Before Starting the Assessment

Choose the Assessment Method (or Methods) That Best Suits Your Objectives

Table 2: Advantages and Disadvantages of Risk Assessment Channels

Create or Adopt a Uniform Language for Risk

Step 3: Analyze, Report and Act on Assessment Results

Perform an In-Depth Analysis of Risk Assessment Results

Drive Action by Tailoring Risk Reporting to Stakeholder Needs

Plan for Effective Action

Supplement the Annual Risk Assessment With Project-Level Risk Assessments


About This Research

Presentation Deck


©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.