Risk is an inherent part of all business activities and it comes in many different forms. Regardless what industry you have entered or are looking to enter, there is inevitably a multitude of things Read more
Risk is an inherent part of all business activities and it comes in many different forms. Regardless what industry you have entered or are looking to enter, there is inevitably a multitude of things which can (and will) go wrong. While risk can never be eliminated, it can be minimised and managed. Managing risks effectively is essential to any business seeking long-term, stable success. Risk management consists of many practices, which fall broadly under identification, avoidance, mitigation and acceptance.
The first step of any effective risk management strategy is identifying what could go wrong. The more comprehensive a business can be in assessing their risks, the better. There is no ‘one-size fits all’ approach to this process - assessing risks will require critical analysis of every part of the business, the supply chain, the distribution chain, the sales processes, the marketing processes, the accounting and all other business activities. While the process may be time-consuming, the costs associated with rushing it (or neglecting it entirely) are far greater. Common risks include:
This list is by no means exhaustive and most businesses will be able to identify hundreds of potential risks - fortunately the chance of most occurring is low. Certain risks can be amplified by business cultures and values however, for example the risk of improper corporate governance might be increased in a business where executive bonuses are tied to quarterly profits, incentivising short-term gains over long-term, sustainable success.
Most risks can be avoided by putting in place proper business processes. Business processes perform a number of important functions for businesses. They give employees and business associates certainty in how to behave and act in certain situations, they set quantifiable expectations for business activities, they keep parties accountable for their actions and they help to minimise risks. The specific strategy for avoiding any particular risk must be crafted specifically with the business and risk in mind, so once again it is not possible to apply a simple universal principle. By way of example, if a business is looking to avoid improper accounting or accounting fraud, they may subject all accounting practices to monthly or quarterly review and put in place a reward system for accountants who identify errors. In contrast, a strategy to avoid the risk of theft might include installing a safe for cash and valuables, installing security cameras and ensuring low-level employees are always supervised on premises.
Mitigating and accepting risks
Risk mitigation covers the steps taken to limit exposure to a risk should it eventuate. As with risk avoidance, it must be approached with the specific risk in mind and a unique strategy must be put in place to mitigate the damage done by any particular negative event. In the case of theft and the risk avoidance strategy used above, the simultaneous risk mitigation strategy may be to limit the amount of cash on the premises by transferring it to a more secure location on a weekly basis. This ensures that even if the risk avoidance strategy fails, the damage done to the business is limited to only a single week’s cash income.
Accepting risks is the final part of risk management. Inevitably things will go wrong, no matter how well a business prepares. If a business has identified its risks and ensured that it has solid risk avoidance and mitigation strategies, the risk and damages are likely to be minimised as much as possible. These damages should still be factored into budgets and forecasts to ensure that they are accurate portrayals of the business position (for example, Coles allows for shoplifting in its operational budgets).