With all of the risks that have the potential to derail a business, having a strong risk management plan in place can often mean the difference between a business surviving and folding should any of these risks come to fruition.
While risk management plans are certainly of benefit to your business, their overall breadth and depth can often be quite daunting to those who aren’t familiar with them. If a risk management plan seems like something you’d like to establish for your small business, but you aren’t really sure where to start, allow us to help break down the steps into bite-sized chunks that will make the process a bit easier and much less intimidating.
Where should I start?
The process of implementing a risk management plan involves multiple different steps in order to ensure that the plan you end up putting in place is as comprehensive as possible, enabling maximum effectiveness should the worst happen. This process can typically be broken down into the following three categories:
- Risk identification and assessment
- Risk treatment/control
- Risk monitoring and review
Each of these categories involves a further series of steps. For now, we’re going to focus on the first category — risk identification and assessment — and take a more in-depth look at what’s involved.
What does assessing my business risk involve in practice?
In the simplest of terms, identifying and assessing the risks associated with your business is basically you just giving thought to every risk imaginable and considering how it could potentially impact your business.
If we want to be a little more specific, identifying and assessing risks involves the following steps:
ESTABLISH A COMPREHENSIVE LIST OF RISKS
Think about your business and how it operates, the processes you have in place, the nature of the business, its location and the people responsible for ensuring it functions effectively. Now, have a think about everything that could go wrong — be it an internal event — over which you may have some control — or an external event — over which you may have no control. Note down every risk you can possibly think of, no matter how big or small and regardless of how easily it can be dealt with. You may wish to consult your employees or business partners, if you have them, as they may be in a position to be aware of risks you may not have considered. We have included a list of risks to consider further below, but our list doesn’t take into account the specifics of your business, so it is important that you create your own list and don’t rely solely on the one we have included.
DEFINE THE RISK
Define the risk by identifying how and why it can happen. Is it a stand-alone risk? Or is there a series of steps that lead up to it?
CALCULATE THE RISK
Calculating the risk involves assessing the likelihood and consequences of each risk you have noted. What are the chances of each risk eventuating and what sorts of things will influence its potential occurrence? Do you have any existing controls in place to minimise these risks? What is the scope of impact of each risk? Consider how manageable each risk and its potential impacts are. Are there any risks that are of greater concern than others?
Attempt to categorise these risks based on likelihood and impact, as this will help you determine which risks are the most pressing when it comes to the “risk treatment/control” step, which we will discuss at a later date.
What types of risks should I be looking out for?
Last week, we touched on some of the risks that have the potential to impact your business, and while that list may have seemed long, it was really only the tip of the iceberg when it comes to the types of risks you should be wary of.
Here is a more comprehensive list of risks you should be considering when conducting your assessment:
- Natural disasters (earthquakes, fires, floods, storms, cyclones, drought, etc.)
- Injuries in the workplace
- Damage to, theft or vandalism of property and equipment
- Environmental hazards, such as chemical spills, climate change and pollution
- Loss of customers, either due to a switch to competitors or due to a declining interest in your product
- Staff turnover
- Failure of utilities — for example, issues with electricity, gas and water supply
- Employee fraud
- Customer-related issues — for example, failure to pay on time, legal issues, etc.
- Delays in delivery of inventory and other issues with suppliers
- New laws and regulations
- Shortages of inventory
- Advances in and concerns related to technology — for example, hacking, your product or service being superseded or becoming obsolete and network failures
- Increases in interest rates and inflation
- Global or local pandemics
- Terrorist activity
Are there tools available to help me conduct a proper and comprehensive risk assessment?
Yep — there sure are! Here are some of the ones we recommend you make use of:
- Visit My Risk — this is a risk highlighting tool for people who own and operate small-to-medium-sized businesses. This tool has more than 70 different business categories; all you have to do is select the one that applies to you and it will generate a list of risks that are of most relevance to your business type
- Watch this short webisode featuring valuable tips on how to identify the risks to your business
- Download SAI Global’s “Risk management — principles and guidelines”standard
- Read CPA Australia’s PDFs for SMEs, which include information on financial risk, internal controls and a risk management guide
- Read “Good Security — Good Business”, which is a booklet containing a bunch of information on business continuity and how to manage risk
We know that a lot of this information can be quite overwhelming — not to mention, quite dry and clinical — so, if you’re still unsure about whether you’re on the right track, have a chat to a trusted business or financial adviser and ask for their advice and expertise. It might also be worthwhile tracking down the relevant representative body for your industry, as they may be able to provide you with some tailored advice on how best to assess the risks to your business.