Many large and medium companies spend a lot of time and resources on risk management and have it embedded in their culture. This includes defining the components of risk, and developing frameworks and processes on how to identify, measure and manage risk. It is never too soon in the life of a small business to think about and address these elements.
Risk management is a process in which businesses identify, assess and treat risks that could potentially affect their business operations.
What is a risk?
A risk can be defined as an event or circumstance that has a negative effect on your business, for example, the risk of having equipment or money stolen as a result of poor security procedures.
Common types of risk for small businesses
Types of risk vary from business to business, small business owners must decide on how much risk you are prepared to take. Some risks may be critical to your success; however, exposing your business to the wrong types of risk may be harmful and may even lead to bankruptcy. The most common business risk categories are:
Strategic risk – decisions concerning your business’ objectives
Compliance risk – the need to comply with laws, regulations, standards and codes of practice
Financial risk– financial transactions, systems and structure of your business
Operational risk – your operational and administrative procedures
Environmental risk – external events that the business has little control over such unfavorable weather or economic conditions
Reputational risk – the character or goodwill of the business.
Others include health and safety, project, equipment, security, technology, stakeholder management and service delivery.
Preparing a risk management plan
As a small business owner, you may be wearing many hats and overwhelmed as everything is a priority. How do you drive your business and manage all of these areas of risk and the associated costs?
Consider adopting an enterprise risk management method instead of approaching risk management within categories or silos as described above. Enterprise risk management is a strategic, top-down and holistic approach to risk management which incorporates market, credit, operational and reputational risk. Enterprise risk management can help you to define and align your risk appetite with strategy, and with the way you operate your business
Your risk management plan should detail strategies for dealing with risks specific to your business. It’s important to allocate time and resources to preparing your plan to reduce the likelihood of an incident affecting your business.
You can develop a risk management plan by following these steps:
Identify the risk
Assess the risk.
Treat the risk.
Monitor and review
Identify the risk
Undertake a review of your business to identify potential risks. Some useful techniques for identifying risks are:
Evaluate each function in your business and identify anything that could have a negative impact on your business.
Review your records such as safety incidents or complaints to identify previous issues.
Consider any external risks that could impact on your business.
Brainstorm with your staff.
Ask yourself ‘what if’:
Your premises were damaged or not accessible?
Your suppliers went out of business?
There was a natural disaster in your area?
One of your key staff members resigned or was injured at work?
Your computer system was hacked?
Your business documents were destroyed?
Assess the risk
You can assess each identified risk by establishing:
The likelihood (frequency) of it occurring
The consequence (impact) if it occurred
To determine the likelihood and consequence of each risk it is useful to identify how each risk is currently controlled. Controls may include:
Elimination
Substitution
Controls
Personal protective equipment.
Manage the risk
Managing risks involves developing cost effective options to deal with them including:
Avoid the risk – change your business process, equipment or material to achieve a similar outcome but with less risk.
Reduce the risk – if a risk can’t be avoided reduce its likelihood and consequence. This could include staff training, documenting procedures and policies, complying with legislation, maintaining equipment, practicing emergency procedures, keeping records safely secured and contingency planning.
Transfer the risk – transfer some or all of the risk to another party through contracting, insurance, partnerships or joint ventures.
Accept the risk – this may be your only option.
Monitor and review the risk
You should regularly monitor and review your risk management plan and ensure the control measures and insurance cover is adequate. Discuss your risk management plan with your insurer to check your coverage.