At its simplest, the act of managing risk involves mapping out the processes within your business and identifying critical business risks. From there you should document these risks and source viable solutions in the event that these risks come to pass.
One way of doing this, according to the guides written by insurance and risk specialists, is to assess what standard risks a business might face.
Typically they state that “Each industry sector and organisation is prone to certain standard risks, and these should be seen only as the starting point and not the end result. The business should ultimately embark on internal information gathering, especially using questionnaires focused on providing customer service, sustainability and managing risks felt by the business both externally and internally”.
Any business that wants to flourish should implement strong risk-management principles as soon as possible.
What is a risk?
A risk can be defined as an event or circumstance that has a negative effect on your business, for example, the risk of having equipment or money stolen as a result of poor security procedures; the illness of a key business partner. Types of risk vary from business to business.
You must decide on how much risk you are prepared to take in your business. Some risks may be critical to your success; however, exposing your business to the wrong types of risk may be harmful.
The most common business risk categories are:
- strategic –decisions concerning your business’ objectives
- compliance –the need to comply with laws, regulations, standards and codes of practice
- financial –financial transactions, systems and structure of your business
- operational –your operational and administrative procedures
- environmental –external events that the business has little control over such unfavourable weather or economic conditions
- reputational –the character or goodwill of the business.
Others include health and safety, project, equipment, security, technology, stakeholder management and service delivery.
Preparing a risk management plan
Your risk management plan should detail strategies for dealing with risks specific to your business. It’s important to allocate time and resources to preparing your plan to reduce the likelihood of an incident affecting your business.
You can develop a risk management plan by following these steps:
- Identify the risk
- Assess the risk.
- Treat the risk.
- Monitor and review.
Identify the risk
Undertake a review of your business to identify potential risks. Some useful techniques for identifying risks are:
- Evaluate each function in your business and identify anything that could have a negative impact on your business.
- Review your records such as safety incidents or complaints to identify previous issues.
- Consider any external risks that could impact on your business.
- Brainstorm with your staff.
Ask yourself ‘what if’:
- you lost electric power?
- your premises were damaged or not accessible?
- your suppliers went out of business?
- there was a natural disaster in your area?
- one of your key staff members resigned or was injured at work?
- your computer system was hacked?
- your business documents were lost or destroyed?
Assess the risk
You can assess each identified risk by establishing:
- the likelihood (frequency) of it occurring
- the consequence (impact) if it occurred
TIP: The level of risk is calculated using this formula:
Level of risk = likelihood x consequence (see the matrix which follows).
To determine the likelihood and consequence of each risk it is useful to identify how each risk is currently controlled. Controls may include:
- engineering controls
- administrative controls
- personal protective equipment. (PPE)
A risk analysis matrix can assist you to determine the level of risk.
Manage the risk
Managing risks involves developing cost effective options to deal with them including:
Avoid the risk – change your business process, equipment or material to achieve a similar outcome but with less risk.
Reduce the risk – if a risk can’t be avoided reduce its likelihood and consequence. This could include staff training, documenting procedures and policies, complying with legislation, maintaining equipment, practicing emergency procedures, keeping records safely secured and contingency planning.
Transfer the risk – transfer some or all of the risk to another party through contracting, insurance, partnerships or joint ventures.
Accept the risk – this may be your only option.
Monitor and review
You should regularly monitor and review your risk management plan and ensure the control measures and insurance cover is adequate. Discuss your risk management plan with your insurer/banker to check your coverage.
About the contributor:
Jeff Hollingdale trained and qualified as an Industrial Engineer. He received internationally certified training in APICS (CPIM) Lean Manufacturing, TPM, TQM, SPC. Lean /Six Sigma and ISO 9000, ISO 14001, ISO 31000, ISO 50001, ISO 55000 implementation and audit requirements.
Jeff has worked within primarily the manufacturing sector assisting clients with coaching and implementation of Lean / Agile and ISO standards implementation, i.e. ISO 9001, ISO 14001, Energy and Asset management.
His current activity is in assisting the growth of SME’s which can sustainably generate growth and job creation in South Africa.
Jeff is a contributor to a wide range of industry focused journals ranging from commentary on current certification issues affecting industry to newsletters and focused articles on the impact of ISO standards.