Risk is an adverse event that may hinder the performance of a business due to both internal and external factors. Being able to manage and minimise risk in everyday business operations is an integral part in the success of a business.
Many businesses implement risk management plans to assist with the risks the business may face. A risk management plan recognises these risks and provides a strategy to deal with them should they occur. It is important to be proactive and develop a plan and recognise the potential risks of the business as it will potentially help reduce the severity should the potential risks occur.
There a few steps required to develop a risk management plan.
The first step in implementing procedures to help minimise risk is to identify any risks that the business may face, whether it be internal or external factors. In order to identify risks ask ‘what if?’ questions. If something were to happen in the economy, how would this effect the business? If prices for certain materials increased globally, how would that effect the business? By asking ‘what if?’ questions, it will help identify any potential risks and then strategies can be put in place to help minimise these risks should they occur.
Examples of certain types of risks are:
If there is a specific client base that the business relies on to generate a substantial portion of their income. This has the potential to cause cash flow issues for the business if one of the client/s stops yielding revenue. To mitigate this risk a business can lock in the major client/s through long-term service contract, assisting the smaller clients to help them grow and seeking new profitable customers.
The liquidity of the business pairs with how well the business can operate. If a business has poor cash flow, it runs the risk of not being able to repay its debts with the directors potentially being liable. To manage the liquidity of a business and to assist with minimising financial risk the business can implement cash flow reviews, which will be monitored on a weekly, monthly or quarterly basis, to assess the cash in and out of the business. This also helps identify areas in which a business may need to reduce costs and provides areas of focus.
If a business relies heavily on information technology and cannot operate without it, the greater the risk if an event were to occur and the technology could not be used. If a system were to fail during an important period, it has the potential to effect the revenue of a business. For example, if a retail store cannot use EFTPOS due to IT issues, there is the potential they will lose sales. To assist with mitigating information technology risks a business should ensure that all laptops and desktops have the appropriate security software installed, performing back ups daily, protecting certain networks and servers a business relies on and providing appropriate training to all staff.
Once risks have been identified within a business, a decision needs to be made on the likelihood of the situation occurring, and if it does occur the severity. Firstly, asses the likelihood of the risk occurring and separate this into three categories: low, medium and high. Once the likelihood has been rated, the seriousness of the impact of those specific risks also needs to be rated using the categories low, medium and high. An example when assessing certain risks is if machinery or plant that was crucial to the operations of the business needed maintenance, think about the monetary value and how much it would cost to repair. Once all potential risks have been assessed attend to the high risks first and the most expensive.
After the analysis of the risks it is crucial to implement strategies to ensure there are procedures in place if any events do occur. This could include regular cash flow reviews, gaining different perspectives as to how the best way to handle these risks. Whether that be from employees, accountants or financial advisers. If there are many employees involved in the procedures that have been implemented, it is important that each employee knows the role in which they play. This will help reduce human error, as certain threats can be stopped before the jeopardise the business operations.
Once risks have been identified, analysed and procedures have been put in place, it is crucial that they are reviewed regularly. There is the potential that new risks may occur if the business implements new services or products, the ratings of certain risks may change and procedures that have been put in place may fail. For a business to succeed it is imperative that it understands the risks it may face and put procedures in place to help mitigate the potential risks.
For a complete risk assessment and a personalised risk management plan for your organisation, contact your Nexia Edwards Marshall Adviser today.
The material contained in this publication is for general information purposes only and does not constitute professional advice or recommendation from Nexia Edwards Marshall. Regarding any situation or circumstance, specific professional advice should be sought on any particular matter by contacting your Nexia Edwards Marshall Adviser.