These notes are also in our resources section as a PDF, which you can open in a new tab to follow along as you work through the tool.
When you start a new risk, you’ll see a list of steps on the left side of the screen. You can go back to any step highlighted in green, or use the “back” or “continue” buttons at the bottom of the page (avoid using the browser’s back button) to make sure the AI is refreshed and updated properly.
Please note, it may take up to 10 seconds to load each new page. This delay happens because the AI is reviewing inputs from all steps to provide better suggestions. We’re actively working on improving our servers and AI to speed things up.
This step helps the AI model get started. Please enter your Objective or provide some background on what you’re trying to achieve. For example, you might be aiming to win a new contract, purchase a new system or product, or improve part of your operations, such as hiring a contractor for renovations. If you’re unsure, just describe your goals in your own words.
Next, identify any uncertainty in the Event field. You can use “inversion thinking,” which means considering the opposite of your Objective. For example, if your goal is to secure a sale, the Event might be not securing it. You can always come back later and add more details as your risk develops. Another way to identify risks is by thinking through a logical sequence of activities. We will add some diagrams to help illustrate this in our resources. If you’re procuring cladding for a building, potential Events could include difficulty finding affordable suppliers, failing safety checks, or installation issues. We’re here to support your business and help identify risks at any point in your lifecycle. It’s never too late to uncover hidden risks.
For the Trigger Date, think about when you might first notice that the Event is happening and need to manage the negative consequences (which the AI will advise on in the next step). If you can’t pin down a date, that’s okay for now. Just describing the Trigger helps you recognize when the Event may occur.
The Expiry Date is when the Event can no longer happen because your objective is either complete or the consequences have been managed. Defining this can also help refine your understanding of the Event.
Step 2 focuses on understanding the Effects. If the Event happens, the Effects are the consequences you’ll need to manage. These often involve extra time and money to resolve, which we’ll cover later in the Reactive Assessment. Examples of Effects could be not finding a cost-effective supplier or failing safety checks. Effects can be straightforward and don’t need to be overly complicated.
Step 3 is about Reactive Plans, which help you prepare for what to do if the Effects occur and you can’t prevent them. These plans let you respond quickly and effectively in a worst-case scenario. For example, imagine heading to the airport for a 4 a.m. flight, and your car won’t start. You wouldn’t want to start searching for a taxi or asking a friend for help in that moment—you would have already prepared by having taxi numbers ready. We should apply the same thinking to our work projects by planning ahead for potential issues.
In Step 4, we estimate the impacts of the Effects. For example, this could include the cost of finding a new supplier that meets quality standards if the initial supplier cannot, or the extra time needed for additional safety checks etc. It’s helpful to explain your estimates in the Effects, which you can refine later once you’ve had more time to think. For now, it’s okay to use rough estimates, or whether you choose lower or higher figures. As long as you explain your reasoning, there’s no right or wrong answer. You’ll assess impacts based on cost, delays, quality, safety, and reputation—use whichever factors apply to your project. There’s also a likelihood definitions table in the resources to help you estimate the chances of the Event happening.
At this point, we have a clear understanding of the problem and its potential impact. Next, we’ll explore how to avoid the problem altogether.
Step 5 is straightforward. The AI will suggest possible Causes, and you can either accept all the recommendations or add your own. If you’re working with a team, you can also hold a workshop later to review and discuss these suggestions together.
Now it’s time to think about the details for your Proactive Plans. Start with a short title, and include key information like outcomes (what success looks like), outputs (such as documents or items that people need to produce), activities and tasks, dependencies (whether you rely on others for something), and assumptions (any unknowns and how you’re addressing them). Writing all of this down gives you clear plans to manage your risks. The SMART acronym can help: make your plans Specific, Measurable, Allocated to an Owner, Relevant, and Time-bound.
Step 7 is similar to Step 4, but this time we focus on the cost of delivering the Proactive Plans. This could include costs for hiring extra people or paying for services to prevent the Event or reduce the chances of it happening. You can then compare the cost of the Proactive Plans with the cost of Reactive Plans to calculate the return on investment (ROI).
Next, look at the reduced impacts. For example, if your Reactive Plan showed an 80% safety impact, your Proactive Plan should aim to lower that, say to 30%. Enter the reduced impact figures for delays, quality, safety, and reputation that you expect if your Proactive Plan is fully implemented.
We’ve designed the review process to be as simple as possible. Once the Risk is set up, you can just enter the % completeness of each Proactive Plan and add notes to explain any changes. This will automatically update the exposure from the Reactive score (how bad it could be) to show the current exposure today. This helps you track progress toward the Proactive (target) score. When a Risk reaches the target score, it is managed to a level that’s as low as reasonably practicable (ALARP).