CARDIO Assessment


The CARDIO assessment provides a comprehensive analysis of your organization’s initiatives, strategies, or objectives as part of an enterprise-wide risk management program. It addresses the areas of Constraints, Assumptions, Risks, Dependencies, & Issues. Performing the CARDIO assessment is a critical part of risk assessment and mitigation for your organization, and helps identify risk factors and potential obstacles that are commonly overlooked.

The CARDIO tool guides participants through identification of obstacles. These obstacles will then be classified and assessed using 5 different assessments:

  1. Constraints Identification & Monitoring
  2. Assumptions Identification & Validation
  3. Risk Identification & Assessment
  4. Dependencies Identification & Monitoring
  5. Issues Identification & Prioritization


This model can be used by project managers, risk managers, department directors, and managers.


Whether in day-to-day operations or big strategic decisions, the importance of making risk-informed decisions is immeasurable. Basing your decisions on comprehensive risk analyses can mean the difference between success and failure – and that’s where CARDIO can keep your organization healthy and ready to address any unforeseen circumstances.

The business environment is growing increasingly more complex, leading to greater numbers of unknowns that organizations need to handle. Since 75% of major loss events in organizations occur due to correlated, interdependent risks (Deloitte, 2012), understanding the risks involved in your initiative and how they may affect other areas can help avoid major losses cascading throughout your organization. The CARDIO assessment addresses all areas of concern, from potential sources of risk to those that have already surfaced. Understanding the relationships between each of these areas, how they affect one another, and how they can be monitored to avoid future obstacles allows your organization to remain prepared and secure, ensuring stakeholder trust.

 “Many [organizations] do not yet have a risk process in place that goes sufficiently beyond the identification of principal risks…there is also limited integration of the risk management processes into key business planning and decision-making processes.” (Deloitte Risk Advisory, 2015)


Identifying Obstacles: This process includes identifying obstacles that could impact the initiative and categorizing them based on their type:

  1. Constraints
  2. Assumptions
  3. Risk
  4. Dependencies
  5. Issues

Then, the tiles can be sorted/filtered by their category and/or exported to a topic specific to each of the five categories to create a mitigation plan specific to each obstacle.

Constraints Identification & Monitoring: This process includes classifying in categories, validating, ranking based on impact, and creating activities for monitoring.

Assumptions Identification & Validation: This process includes classifying assumptions by category, validating and ranking them based on confidence and impact, then creating an action plan to validate the assumptions.

Risk Identification & Assessment: This process includes classification of risk by category, rating based on impact and likelihood, prioritizing for management attention, and creating an action plan.

Dependencies Identification & Monitoring: This process includes classification of dependencies, validating and ranking them based on impact, and creating a monitoring action plan.

Issues Identification & Prioritization: This process includes classification of issues by category, ranking based on impact and urgency, and assigning ownership.


  • Comprehensive analysis and understanding of your organization’s risk factors
  • Security and preparedness for any obstacles that may arise
  • Specific action plans to address, monitor, and prevent the various risk factors involved in organizational processes


This exercise will enable:

Quality  Conduct a thoroughly comprehensive analysis of your organization’s risks to leave none uncovered or unchecked.

Efficiency – Resolve obstacles at their outset to minimize negative impact and increase productivity.

Engagement – Ensure all relevant stakeholders are involved and easily on the same page with your risk assessments.

Agility  Develop prioritized action plans to maximize impact and efficiency in risk assessments.


Deloitte. (2012). The value killers revisited – A risk management study.

Deloitte Risk Advisory. (2015). Enterprise Risk Management – A ‘risk-intelligent’ approach. Deloitte.

RiskJill PrinceRisk, pn7, TTLPE