Understanding Risk Profiling: a key to effective risk management
In today’s rapidly changing business environment, understanding your current and emerging risks is essential. Did you know that, according to industry research from the Chartered Institute of Loss Adjusters, 43% of Business Interruption policies are thought to be under-insured by more than 50%? This is just one example of how misjudging your risk exposure can have serious financial consequences.
As the Australian insurance market softens for the first time in 4-5 years, now is the ideal time to assess and adjust your risk management strategies. Deciding which risks to transfer to the insurance market and which ones to retain can be daunting. But understanding these decisions - especially as the market turns in favour of buyers - can help you optimise your insurance programme and avoid over- or under-insurance.
What is Risk Profiling?
Risk profiling is a process that every organisation undergoes, but the outcomes can vary widely. In 2025, many organisations are finding themselves underinsured or even not insured at all. This often results from not properly establishing appropriate limits or sub-limits for specific risks. On the other hand, some organisations are over-insured and paying higher premiums than necessary.
Risk Profiling follows a structured, comprehensive process aligned with the international standard ISO31000, which helps businesses identify, assess, and categorise risks based on their likelihood and potential impact. This process helps businesses understand their exposure and develop strategies to mitigate risks effectively.
The Risk Profiling process
01. Scope setting
The first step in the process is defining the scope. It’s crucial to understand the goals for the Risk Profiling exercise, whether you are assessing risks at an enterprise, insurable, or specific level. Each engagement is unique, so the scope should be customised based on your previous risk analysis, organisational priorities, and factors such as recent claims or emerging concerns.
02. Risk assessment and analysis
The next phase involves analysing risks using a “bow-tie” framework. Here, the causes and impacts of each risk are identified, starting at a qualitative level. Workshops and structured meetings with key teams across the organisation help capture diverse views and enhance the overall understanding of each risk.
03. Risk quantification
Risk quantification focuses on estimating the economic loss of each risk, especially in terms of its financial implications. The “Maximum Foreseeable Loss” (MFL) is often used to guide insurance decisions. Various methods can be employed to estimate MFL or similar metrics, ensuring alignment with your insurance programme.
04. Risk evaluation
Once risk data is gathered, an insurance gap analysis is conducted to compare the identified risks with existing insurance coverage. This helps ensure that the insurance programme accurately reflects the organisation's risk exposure.
05. Reporting and recommendations
The process concludes with a comprehensive report, which includes:
The Risk Score, a unique assessment of insurability and risk controls.
Recommendations to enhance the insurance programme.
Identification of risks that require further analysis.
The end outcome: confidence and resilience
The goal of Risk Profiling is to empower your organisation with a clear understanding of what is insured, partially insured, or uninsured. By involving key stakeholders from leadership to technical experts, our process helps you make informed decisions that prioritise risk management across the organisation.
By gaining confidence in your risk management strategies, you can take the necessary steps to build resilience in the face of uncertainty.
Download our Risk Profiling Guide for more detailed insights into the process and how it can benefit your organisation.
The contents of this publication are provided for general information only. Lockton arranges the insurance and is not the insurer. While the content contributors have taken reasonable care in compiling the information presented, we do not warrant that the information is correct. It is not intended to be interpreted as advice on which you should rely and may not necessarily be suitable for you. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content in this publication.
