In the last two blogs we’ve been looking at compliance and risk issues in growing businesses and how to manage it. In this last blog I’ll show you a three-step process for creating a risk management plan in your business.
Step 1: Identify the Potential Risks
The first step is to identify all the risks your business faces. Some types of risks are common to all businesses. All businesses have health and safety risks, for example. But the health and safety risks your business faces will be different to those that any other business faces.
Other risks may come in the form of fraudulent invoices being sent to your business, or not having a digital audit trail and therefore having missing information when HMRC audit your business.
As well as these common risks, think about the specific risks your business faces. If one person holds all the knowledge about a particular process, how would you cope if they left? If all your records are paper-based, what would you do in the event of a fire?
Think externally too. What would happen if one of your key suppliers went out of business? How would you cope if you lost a key customer?
Involve the whole team in this exercise. They will have a different perspective to you and may be able to see risks that you don’t.
Step 2: Conduct a Risk Analysis
Once you have identified all the risks in your business, the next step is to look at the impact each one would have. Once you’ve assessed each risk, you can prioritise it. This will help you see which risks need attention most urgently.
Factors you might consider include:
- How frequently are we exposed to this risk?
- How serious would it be if it were to happen?
- Why does this happen and what can we do about it?
It’s the last point – the reason for the risk – that you take forward to the next step.
Step 3: Identify the Fix
Once you know why something does or could happen, you’re in a position to fix it.
For each risk, you can assess the best course of action by considering factors such as:
- How can we fix this?
- Who would be responsible for fixing it?
- How much would it cost?
- How likely is the risk to occur?
- What would successful management of the risk look like?
Once you have this information, you can decide the best course of action. There are four routes you can consider.
- You can transfer the risk elsewhere; for example, you might take out insurance against an event or identify an alternative supplier you could turn to if your usual one failed.
- You can accept the risk if it’s too expensive to resolve or is highly unlikely to occur.
- You can avoid the activity that causes the risk by changing the way you do something.
- You can take steps to reduce the risk; for example, you could implement a new process or train staff to handle something differently.
Let’s take a paper-based expense process as an example. If you think it might not stand up to HMRC scrutiny, would moving to a digital solution be a good idea? In this instance, the solution would add more benefits than simple management of the initial risk, so successful management could prevent risks arising.
Why Your Business Needs a Risk Management Plan
When you have a risk management plan, you have a clear perspective on what could impact the operations of your business. If it’s possible to eliminate a risk, you can do so. If it’s a risk that can’t be eliminated, you can at least have a plan in place to manage it efficiently and effectively.