How to think about all that can go wrong and still sleep better at night

09 Jun 2023 - Frans Vanhaelewijck

risk mitigation

Everyone with significant responsibilities, be it a startup founder, a project manager, or anyone else juggling various tasks, has been there - awake in the middle of the night, staring at the ceiling and obsessing over all the things that could potentially go wrong. This perpetual ‘what if’ scenario playing on repeat can cost you hours of sleep and lead to unnecessary stress.

Formal Risk Management using a simple tool

Thinking about all the things that can go wrong, not just occasionally but regularly, can actually be the key to sleeping better at night. It’s all about ‘Formal Risk Management’. If you have never done it, it might sound more complicated than it actually is.

Working with corporate customers has taught us the importance of formal risk management. We are required to identify, assess, and mitigate risks in a structured manner. This methodology gives you a simple tool to identify, track, decide, and follow-up on risks.

Don’t assume you’ll need expensive tools for this process. The tool to use for this is surprisingly simple - a spreadsheet. Start by listing down every possible risk that you can imagine, everything that could go wrong.

Identifying Risks

Each risk on the list should be identified by:

  1. Creation Date: The date when the risk was identified and recorded.
  2. Source Event: The cause or event that led to the risk’s identification.
  3. Impact: A measure of how serious the consequences would be if the risk materializes.
  4. Probability: An estimate of the chance that the risk will actually occur.
  5. Category: Typically you start this list by covering different categories like IT, Suppliers, Product, Customers, HR, and so on.

Setting your Acceptance Score

Assign a numeric score to each ‘Impact’ and ‘Probability’, ranging from 1 (representing a low impact or probability) to 5 (indicating a very high impact or probability). Multiply the ‘Impact’ score by the ‘Probability’ score for each risk, and then sort your spreadsheet from the highest to the lowest total score.

For risks scoring above a certain threshold (which you can set based on your comfort level), it’s essential to devise mitigation actions. Identify these action plans in your risk management spreadsheet. For actions you have identified, add values for these two columns in your sheet:

  1. Post mitigation Impact: If we complete this action, how will that change the Impact score.
  2. Post mitigation Probability: If we complete this action, how will that change the Probability.

Risk mitigation can be done in a number of ways. You can plan actions that

You can identify which risks you will need to act on using the diagram above. When the threshold is set to 10, every red square indicates the need to create and execute mitigation actions. If you set your threshold even lower to 5, then all white cells also need mitigation actions. The green cells are risks we accept. The combination of impact and probability is so low, that we accept we will deal with it when that risk materializes.

Make it Part of your Regular Review Processes

The essence of formal risk management lies not just in creating this risk register but in revisiting it regularly. Ensure you review and update your list of identified risks every quarter, or even more frequently if your situation warrants it.

And if you’re really committed to comprehensive risk management, go one step further and review the results of your action plans. Once an action plan has been executed, reassess the ‘Impact’ and ‘Probability’ scores of the associated risk and record the new values in your spreadsheet. Do this by adding values in these two extra columns in your sheet:

  1. Residual Risk Impact
  2. Residual Risk Probability

The goal of mitigation actions is to reduce the overall risk, thus the residual risk should ideally be lower than the initial risk. It’s essential to assess the residual risk to understand how effective your mitigation strategies have been and whether further action is needed.


By systematically identifying and addressing potential risks, you are essentially taking control of the ‘what if’ scenarios that haunt your sleep. You’re no longer passive but proactive, equipped with a plan for whatever curveball life might throw at you.

When you present such a well-structured risk management plan to auditors, your key customers, or compliance officers, it’s bound to instill confidence. It shows that you’re on top of things and managing risks.

And most importantly, it allows you to sleep better at night, knowing that you’ve done your best to anticipate, prepare for, and mitigate all the things that could possibly go wrong. It’s about turning your fears into plans and your uncertainties into strategies. After all, as the old saying goes, “The best way to predict the future is to create it.” So why not start creating your future now, one risk at a time?