When you first start out in business it seems like there are so many things to do just to try and get up and running. There is a great deal of flying by the seat of your pants, learning and implementing new skills, dealing with issues as and when they arise and fire fighting as and when things occur.
Over time, when you start getting your policies, processes and procedures in place, you will hopefully create time to be able to work on areas of your business which may not necessarily be at the forefront of your mind to begin with. One of these areas is how you manage and mitigate risk to your business.Risk comes in a number of forms such as financial, reputational, strategic and compliance. If not managed effectively, they can individually, or in combination, at worst, result in the closure of your business. The level of risk you are willing to take, known as your “Risk Appetite” will depend upon you as the business owner. There are risks that you may need to take, that are vital to the success of your organisation and there are risks that aren’t vital, but may lead to a higher level of return for you, the business owner.
There is no right or wrong answer to what risk appetite you may have, it will depend upon the circumstances around your business both internally and externally. However, one thing that shouldn’t be left to chance is having an effective risk management plan in place to aid in decision making.
An effective risk management plan will include four important steps in order:
- Identification
- Assessment
- Management
- Monitoring
Identification
It is easy to identify the risks that are blatantly obvious. The power cable trailing along the floor, the bald tyre on the company van etc. What isn’t so obvious are the items which haven’t yet occurred but would cause a major issue should they do so. What if your only skilled machine operator became long term sick? What if the supplier of your raw materials suffered a catastrophic event and closed down? Your computer system was hacked?
As the business owner, you need to take the time to think of the issues that may occur and determine the steps you may need to take in order to minimise the impact of each event.
Assessment
Each risk will have its own level. The power cable on the floor may cause a trip injury to one person before it is resolved while a complete lack of raw materials could bring the whole company to a grinding halt. In order to assess the level of risk, each event should be given a score calculated by a very simple formula as follows
Likelihood of the Risk X Consequence of the Risk ( you could score each event out of 5 for each and voila)
It is up to the members of the organization making the assessment to value the risks and the business owner or senior management should look to include other staff members as they will have specific knowledge of their area of the business and will assist in a more accurate risk score.
Management
Once the risks have been assessed, it is time to address each one based upon the score it has been given. It may be that there is a quick fix that can be utilized or it could be long term project that will require considerable resources to implement. Cost, personnel and other resources will have to be taken into consideration when determining which of the following strategies to implement:
- Avoid: can we change the way we do things?
- Reduce: training, maintenance and contingency planning
- Transfer: insurance and sub contract of work
- Accept: just accept that the risk is there, get on with it and monitor it
Monitor
This one is pretty self-explanatory but a process should be put in place whereby the risks to the organization should be regularly reviewed and reassessed in order to ensure that you are keeping up with developments and are reassessing risk scores and management steps accordingly.