Turn risk on its head. Good planning can go beyond base line compliance, exposing operational ‘gremlins’ to accelerating positive outcomes – from employee morale to customer loyalty.

Written by Liz Swanton

While that approach might work on a personal basis, it’s not smart when you are running a business. It’s not pessimism – it’s good business sense to be prepared for the worst-case scenario.

Consider the suggestion that ‘failing to prepare is preparing to fail’. Look at your business and where it might be vulnerable, and draw up a risk management plan to protect yourself and all you have worked hard to achieve.

In this context, a ‘risk’ is defined as a situation that could have a negative effect on your business. Risk management, however, is not just about compliance. Done properly, it can help your business flourish – it’s about minimising the negative and accelerating the positive.

Identify the risks

Start by identifying the risks your business might face. Ask yourself ‘what if’ questions such as if you lost energy, or your premises were inaccessible, or your computer system was hacked.

You might also want to ponder issues such as compliance (any laws and codes of practice you must comply with), and anything related to the financial operations. Others include staff health and safety, your equipment, security, technology and service delivery.

Think about the environment (economic, and weather issues), strategy (any decisions relating to your objectives) and the character or goodwill of your business.

Once you have identified each risk, consider what can be done about it. Risk management will fall into one or more of these categories:
  • Avoidance – will proper planning eliminate the risk?
  • Reduction – can you remove some of the risk?
  • Sharing – can someone else manage the risk for you, or can you insure against it?
  • Retention – accept there are things you ‘need’ to risk and set up the appropriate budget and other arrangements.

Make an educated assessment

Only you can decide what can be done in relation to the risks facing your business, and what you can afford to do about it. Drawing up a risk management plan is about making an educated assessment about each potential risk, the chance of it happening, and how bad it might be. That way you can work out the priorities you need to plan for.

For example, could anything be worse than an employee being killed or badly injured? Businesses have suffered from reduced productivity, lower sales, even closure, as a result of such an incident.

So you need to look at ways of reducing that risk, and that will mean assessing internal controls. There might need to be more training, information and readily-available resources, and of course the relevant insurances.

Another example is cyber security. It’s one of the top three business risks worldwide. What practical measures do you have in place to maintain data security?

Delegate responsibilities

‘Who does what’ is the next step to consider, particularly if there is potential for a real disaster. You will recover faster if you already know what has to happen first, second and third, and who takes those actions.

Communications are key to recovery so all the relevant people (staff, suppliers, contractors) need to know about your plan. How will you communicate with them if the time comes, and who will do what? Then it’s a matter of training and practice so everyone knows what to do.

Once you have drawn up a risk management plan, be sure to review it regularly and identify any potential new risks before they escalate. In doing so, processes and insurance cover will be the task.

Next steps

There are a number of online tools you can use to help build your risk management plan. Visit business.gov.au for more information.