Risk Mapping: Key points for its implementation

Published on -



Every organization, whether it’s a healthcare facility or a company, tries to minimize their risks. To achieve this, risk mapping is a key management tool. So what are the key points for its implementation?

According to the HAS (the French High Authority of Health), the definition of risk consists of:

an undesired situation with negative consequences resulting from the occurrence of one or more events whose occurrence is uncertain.

To ensure the effective implementation of a risk mapping, it is necessary to follow a few steps…


Risk mapping: the preliminary steps

First of all, I recommend using a Gantt chart to monitor the progress of the risk mapping project. This tool is often used in project management. It visually represents the progress of the different activities of a project.

         a) Scope and documentation

The first step is to define the scope of the mapping, i.e. to define a specific process to work on. At the same time, you will establish a multidisciplinary working group. Be sure to bring together different professionals to have different points of view (points of view differ depending on the profession and position held).

In order to understand the work to be done, a documentary research on the given process could be useful: analysis of previous reports, meeting minutes, indicators, non-conformities or AEs... Every element related to the process allows to understand its functioning and to identify certain risks more easily!

         b) Field observations

To define each step of the given process and in order to identify the risks for each of these steps, it is imperative to carry out investigations in the field. Observation and dialogue are the key words! Feel free to ask professionals about their practices. They will give you all the information you need to know on the risks inherent to their job.


Risk mapping: how to develop it?

Risk mapping provides you with a global view of critical risks that could have a significant impact on your organization. It summarizes the main quality risks. There are several maps established for each process.

           a) Establish the list of risks

During the meetings with your working group, list the most significant risks. Once these risks have been identified, the causes and consequences of each of them can be identified.

Severity/frequency is assessed on the basis of pre-defined scales. In the field of health, for example, the HAS has defined a five-level scale. For severity, we go from Minor (level 1) to Catastrophic (level 5); and for frequency, from Very unlikely (level 1) to Very likely (level 5).

When you multiply gravity by frequency, you get a criticality score.

Control measures implemented in the establishment must be associated with each of your risks. Depending on the existing systems in the institution, it is possible to establish a level of risk control (which can also be established on five levels). 


         b) Implementation of risk mapping

 Risk mapping is generally displayed as a table. Each line represents an identified risk. For each risk, we find all the associated elements such as causes / consequences, severity / frequency / criticality scores, as well as the control systems implemented and the associated level of control.

A colour code is used, generally from green (least critical) to red (most critical) in order to make the table as visual as possible.

         c) Relying on digital technology


Relying on digital technology and in particular a Quality / Risk Management software can be of great help. Thanks to a dedicated tool, you can sort your risks according to the HAS themes for example (or via other pre-established criteria, such as the categories of risk or the services concerned). 

 A digital tool is very useful to obtain statistics automatically. As soon as the risk analysis is done, you will have graphs illustrating the distribution of your various risks according to your criteria. Also, you will be able to create specific alerts. For example, when a certain criticality score is reached on one of your risks, the concerned pilot(s) is automatically alerted by email. Actions still need to be implemented....


 Why link risk mapping to your (digital) Action Plan?

You have identified some risks within your organization. It is now necessary to implement actions, particularly on the most critical risks (those with a high criticality score and a low level of control). Here too, the use of dedicated software can be of great help for correlating your risk mapping with your Global Action Plan. Actions resulting from your risk analysis will automatically be implemented in your action plan.

Thus, the elaboration of risk mapping is a complex exercise in which it is a matter of communicating with different stakeholders to ensure that no risk is omitted. In addition, this is a necessary step in the implementation of a certification process (V2020 in health, for example). To help you, there is nothing like digital tools: they will save you time and improve your efficiency.   


Go further:

EHSQ Managers