Business owners are brave. They’ve created a product or service they believe meets a need or solves a problem and then pour their heart and soul into turning that into a successful business. Smart business owners plan. Even smarter ones do business risk assessments and create proper mitigation strategies. It’s a common misconception that only large
Business owners are brave. They’ve created a product or service they believe meets a need or solves a problem and then pour their heart and soul into turning that into a successful business.
Smart business owners plan. Even smarter ones do business risk assessments and create proper mitigation strategies. It’s a common misconception that only large businesses need to do formal risk assessments. This couldn’t be further from the truth. It’s true that large firms are accountable to more people, e.g. shareholders and employees, and because of that, tend to have more robust business practices.
But this doesn’t mean that SMEs are off the hook. In fact, small businesses are usually much less resilient than larger organisations, so a seemingly small problem for a large business may have a huge impact on a small business.
We will give you 5-step risk management approach and discuss some of the most common risk considerations that many SMEs fail to plan for in their early years.
5-step risk management approach for SMEs
Follow this approach to risk management and you’ll have most bases covered.
Step 1. Find your areas of weakness.
The point of this step is to scan your business for any areas where there are signs of weakness, e.g. where you haven’t done enough research, where things are not going very smoothly, where there are actions/improvements you need to do, or that you simply haven’t considered at all.
An example might be the insurance coverage for your business, i.e. you may have car and house insurance but no professional indemnity, workers compensation, product liability, etc that your business requires.
Step 2. Define the risks.
For each area of weakness, think about what might happen if they continue to go on as is. Ask yourself: will this weakness, if not addressed, affect any one of the following:
- Financial position,
- Legal position,
- Reputation, or
- Client experience.
If the answer is yes, then it’s a risk you need to address. Make a list of these and try to state clearly the risk and the impact for each one. For example, one risk may be “Financial loss if an event occurs which is not covered by insurance”. Here, the risk is that an event occurs that is not covered by insurance. The impact is the financial loss.
Step 3. Assess the impact of the risks.
We use a really simple two-pronged rating: Likelihood (how likely is it that this will happen) and Impact (if it does happen, how bad will the impact it be). And for each I use a simple scale of High, Medium, Low. You can also assign a number (1, 2, 3) corresponding to the Likelihood or Impact, and then multiply these numbers to get a Risk Rating.
So for our hypothetical example above, the likelihood may be Medium and the impact may be High (say, because the small business doesn’t earn a huge income and would be greatly affected if an accident occurs or a client makes a claim against the business).
Step 4. Prioritize and address the risks.
Once you have done this for all your risks, you can rank them by Risk Rating, decide on the course of action you will take to mitigate (i.e. reduce that risk happening or reduce the impact if it does happen) and then of course take the action.
Step 5. Rinse and repeat.
Ideally you want to review this risk assessment quarterly and redo the 5-steps every year or when a major change to your business occurs. It doesn’t have to be a big deal. The first risk assessment will involve some detailed work but after that it should be just a quick review of your risk table to ensure you’ve mitigated the medium and high risks (anything with a Risk Rating of 3 and above).
12 common risks many SMEs ignore until it’s too late
Well, that was the theory. Let’s now look at some practical examples of the most common risks that many SMEs either don’t identify or just ignore until it’s too late.
- Financial and reputation loss if a client or employee injures themselves on business premises and the business is not covered by adequate insurance.
- Client and financial impacts if a sole trader/key resource is unable to work for an extended period.
- Financial or reputation loss if any other event occurs which is not covered by insurance.
- Inability to meet client deadlines due to inefficient or inconsistent work processes.
- Insufficient income being generated due to lack of active sales and marketing.
- Insufficient cashflow for daily expenses due to lumpy/ad hoc income flow.
- Inability to pay GST or income tax because there is no provisioning for GST/tax during each quarter/year.
- No funds available in the event of an emergency or ad hoc large payment required, because there is no savings plan.
- Legal impact of not having the correct licences or permits to conduct the business activities.
- Client, reputation and financial loss due to non-existent or poorly written client contracts or Terms & Conditions.
- Negative impacts to service/product delivery due to staff absences, as a result of inadequate staff coverage or succession planning.
- Negative impacts to service/product delivery due to poor supplier performance, as a result of non-existent or poorly written Service Level Agreements (SLA).
Risk management is often seen as one of the boring aspects of running a business… until things go wrong. We hope you’ve found this article useful and can see now why risk management is so important for all businesses, regardless of size.
This piece appeared here.