It is important not to lose sight of risks that may prevent us from achieving our goals. On reflection, it is not hard to come up with examples. One could encounter unforeseen health problems, physical damage from fire or flood could occur, loss of a major customer or source of funding, a serious information technology problem such as a loss of data or breach of security, or departure of a key employee.
Quite often it is challenging for small and medium size organizations to get a handle on the risks they face and as a result risk management is overlooked. Your business plan can be a very good starting point to establish a risk management plan. Consider your key objectives and ask questions including what can go wrong, how can problems happen and why could they occur. By looking at your business through this lens, you can get a reasonable perspective on the risks you should be concerned with.
Usually no one individual has a full perspective of the risks that could impact your organization. As such, it is necessary to ensure that you include all those who have relevant knowledge of risks that could impact your business as you complete your risk analysis. Completion of a strengths, weaknesses, opportunities and threats (SWOT) analysis may be helpful to identify risks that could impact your organization.
Typically it is not possible to address all risks that have been identified. Risk analysis serves to identify which risks can have a greater impact than others. Risk analysis involves combining the impact of an event with the likelihood of the event occurring using the risk analysis equation which is Risk = Consequence x Likelihood. You may want to rank the impact of a risk as significant, major or minor and rank the likelihood of occurrence as high, medium or low and document your risks in a risk matrix.
Completing this exercise will help you to identify those risks that are more likely to occur and those which may have a greater impact, and help you make decisions about committing resources and effort to manage specific risks.
After risks have been identified and analyzed, the focus shifts to risk treatment. There are various strategies to consider. Risks can be avoided by not proceeding with the activity to which a risk relates. However, such an approach can lead to missed opportunities and elevation of other risks. The likelihood of occurrence could be reduced, perhaps for example by providing safety training to staff assigned to more dangerous activities. The consequences related to a risk could be reduced. For example, if there is a risk of fire, installation of monitored fire detection equipment and suppression systems can reduce impact if a fire occurs. Risks can be shared. A common example of how risks can be shared is through insurance. A firm providing professional advisory services may wish to share risk by acquiring errors and omissions insurance. Finally a decision may be made to retain exposure to certain risks if the exposure is at an acceptable level. Overall, the treatment approach for any specific risk requires a cost benefit analysis to determine the extent to which the cost of treating a potential risk is justified.
Risk management has significant business benefits. Examples include greater potential to achieve goals and objectives, reduced exposure to litigation and non-compliance with legal obligations, enhanced relationships with external stakeholders such as your bank and greater likelihood of operating within prescribed budgets.
Francis Liska