Risk Management. A guide to help you manage events or circumstances that have a negative effect on your business

Similar documents
A Risk Management Standard

Performance Management

Risk assessment. made simple

Risk Management guide

Shepway District Council Risk Management Policy

Insurance management policy and guidelines. for general government sector, September 2007

Guide to Developing Risk Management Plans for Sport & Active Recreation Clubs

Bridgend County Borough Council. Corporate Risk Management Policy

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

Risk Management Policy and Framework

Managing Innovation. A guide to help you adopt a more structured approach to managing innovation in your business

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Managing Customer. Relationships

Dealing with risk. Why is risk management important?

BUSINESS CONTINUITY POLICY

Hazard Identification, Risk Assessment and Control Procedure

Generic risk assessment form. This document forms part of Loughborough University s health and safety policy Version 3 February 2014

Equity Investment Strategy

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Management Framework

Managing Risk Control Environment and Responsibilities

FIDUCIAN AUSTRALIAN SHARES FUND

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

How To Measure Performance In The Accommodation Industry

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Bedford Group of Drainage Boards

Online Accounting Software FUNDING OPTIONS GUIDE

The Lowitja Institute Risk Management Plan

Procurement of Goods, Services and Works Policy

ENTERPRISE RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1

Enterprise Risk Management

Information Paper 10. Debt Management

Bus incident management planning: Guidelines

DMM FX CONTRACTS FOR DIFFERENCE PRODUCT DISCLOSURE STATEMENT

Understanding the Fees Charged Within Fiduciary Management

Managing Key. Business Processes

A GOOD PRACTICE GUIDE FOR EMPLOYERS

OCCUPATIONAL HEALTH AND SAFETY RISK ASSESSMENT PROGRAM FOR AGRICULTURE

Glossary of Insurance Terms

V1.0 - Eurojuris ISO 9001:2008 Certified

FIDUCIAN TECHNOLOGY FUND

Version: 3.0. Effective From: 19/06/2014

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Risk Options. Avoid Assume Mitigate Transfer Prevent?

22Most Common. Mistakes You Must Avoid When Investing in Stocks! FREE e-book

Invoice Finance. Contents. Factoring and Invoicing Discounting 1. The Advantages 2

Managing Cash Flow. A guide to help you broaden your understanding of how to manage cash flow in a small business

SPREAD BETTING DISCIPLINE

Module 5. Attitude to risk. In this module we take a look at risk management and its importance. TradeSense Australia, June 2011, Edition 10

Zurich s approach to Enterprise Risk Management. John Scott Chief Risk Officer Zurich Global Corporate

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

11 Common Disaster Planning Mistakes

Share me. A Guide to Fleet Management

Incorporating Risk Assessment into Project Forecasting

A Guide to Carrying Out a SWOT Analysis Introduction

E commerce Package. anyone can create a web site. shopping carts are free

ATTITUDE TO RISK. In this module we take a look at risk management and its importance. MODULE 5 INTRODUCTION PROGRAMME NOVEMBER 2012, EDITION 18

UNIVERSITY BOARD SKILLS REVIEW MATRIX Page 1 of 5

CONTENT OF BOOKLET. 4 Objective & Scope 5 Safe Management Practices. 6. Training. 8. Emergency Response. 9. Control of Operations. 10.

FOREX ebook PSYCHOLOGY OF TRADING. Blue Capital Markets Limited 2015 All rights reserved.

Business Continuity Planning

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

APRA REVIEW OF UNIT PRICING PRACTICES

Business Continuity Management For Small to Medium-Sized Businesses

Understanding Costs. and Profit

WHY HAVE FLOOD INSURANCE PREMIUMS GONE UP?

RISK MANAGEMENT FOR COMMUNITY GROUPS. ESTABLISH THE CONTEXT The Strategic Context The Organisational Context The Risk Management Context

PostNL Group Policy. on Fraud Prevention. PostNL Group Policy. on Fraud Prevention Page 1 of 15

Charities & Not for Profit Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

Operational Risk Management in a Debt Management Office

1.0 Policy Statement / Intentions (FOIA - Open)

Derbyshire Trading Standards Service Quality Manual

How to gather and evaluate information

Risk Management 100 Success Secrets. Gerard Blokdijk

1 JULY Investment Guide INDUSTRY, CORPORATE AND PERSONAL DIVISIONS

Transcription:

Risk Management A guide to help you manage events or circumstances that have a negative effect on your business This guide describes the risk management process, defines a risk, identifies some common risks to small business, explores the various ways you can protect your business, and discusses the tools you can use to identify and assess risk to your business. State of New South Wales through NSW Trade & Investment

Risk Management This guide looks at dealing with events or circumstances that have a negative effect on your business and covers the following content: 1. What is a Risk?... 3 2. Common Small Business Risks... 4 3. What is Risk Management?... 5 4. Identifying Risks... 6 5. Assessing Risk... 7 6. The Risk Matrix... 9 2

1. What is a Risk? Risk management is a culture, not a cult. It only works if everyone lives it, not if it's practiced by a few high priests Tom Wilson, Allianz Chief Risk Officer Whether you're aware of it or not, risks are all around you. From the moment you get up in the morning until the moment you go to bed, you're constantly being exposed to risks of varying degrees. Some examples of risks you may face in your everyday life include: Slipping in the shower and seriously injuring yourself Getting burnt while cooking breakfast Hitting a car while driving to work Trying to define the exact nature of a risk is not always straight forward; in fact, the term risk may have slightly different definitions depending on the discipline in context. For example, in some disciplines, the definitions of risk place a great deal of emphasis on the probability of an event occurring, while a more comprehensive definition might incorporate both the probability of the event occurring and the consequences of the event. For the purposes of a small business, a risk can be simply defined as an event or circumstance that has a negative effect on your business, for example, the risk of losing money due to bad business decisions. It is also useful to understand the components that make up a risk. Research shows that an existence of a risk requires two elements: There has to be uncertainty about the potential outcomes; and The outcomes have to matter. To illustrate this definition, consider playing a fun game of cards with your friends. There is no risk involved in this activity. However, if you and your friends decide to put bets onto that game of cards i.e. gambling, there are now risks involved. This risk for you would be losing your money. Risk and reward There is also a direct and undebatable relationship between risk and reward. It has always been known that to gain large rewards, you must be willing to expose yourself to considerable amounts of risks. Past leaders and entrepreneurs have proven this. Particularly in a business context, deciding on how much risk to take and what types of risks to take are critical to the success of a business. For example, if you decide to play it safe and not expose yourself to any potential risk, it is unlikely that you will be earning your maximum potential. However, exposing your business to all the wrong types of risk can be just as bad for your business, if not worse. Damodaran, A 2008, Strategic risk taking: a framework for risk management, Wharton School Publishing, Upper Saddle River, N.J. 3

2. Common Small Business Risks Being aware of the most common risks small businesses are faced with enables you to be better prepared and hence deal with them appropriately. Business risks can be broken up into the following: [1] Strategic risks - risks that are associated with operating in a particular industry Compliance risks - risks that are associated with the need to comply with laws and regulations. Financial risks - risks that are associated with the financial structure of your business, the transactions your business makes and the financial systems you already have in place Operational risks - risks that are associated with your business' operational and administrative procedures. Market/Environmental risks - external risks that a company has little control over such as major storms or natural disasters, global financial crisis, changes in government legislation or policies Keep in mind that not all risks will fit perfectly into one of the above categories. There may be incidents where a risk overlaps into two or more categories such as the protection of confidential information. In this example, there are laws that have to be considered, making it a compliance risk. However, the management of confidential information can also be an operational risk as it may be part of a business' daily activities. Some of the more common risks that apply to small businesses include: Breakdown of machinery and equipment High staff turnover or loss of a key staff member with unique skills Security of data and intellectual property Theft Increased competition Failure to comply with legislation, regulation and/or standards Bad debts created customers Negative cash flow Natural disasters such as fires and storms Issues relating to internet connectivity Internet fraud and scams Insurance coverage Consequences arising from lack of innovation [1] Business Link, Managing Risk, 2010. 4

3. What is Risk Management? Risk management is the process whereby organisations identify, assess and treat risks that could potentially affect their business operations. [1] It should be a central part to any organisation's strategic management and its objective is to add maximum sustainable value to all the activities of the organisation. Risk comes from not knowing what you're doing Warren Buffett, American business magnate, investor, and philanthropist Risk management is not something that you just do once and forget about. Rather, it should be a continuous and developing process. Risk management should also be integrated into the culture of your business and you should put in effort to convey this to all your staff, at all levels. This approach to risk management will create an environment of accountability, performance measurement and reward, thus promote operational efficiency throughout your business. The following are some ways in which risk management can protect and add value to your business: [2] Provide a framework for your business that enables future activity to take place in a consistent and controlled manner Improve decision making, planning and prioritisation by comprehensive and structured understanding of business activity, volatility and project opportunity/threat Contribute to more efficient use/allocation of capital and resources Reduce volatility in the non essential areas Protect and enhance assets and the image of your business Optimise operational efficiency [1] AIRMIC, Risk Management Standard, 2002. [2] Ibid. 5

4. Identifying Risks One of the more recognised and structured approach to identifying risks is to consider the key processes and assets that are responsible for your business' success. You can use techniques such as brainstorming and the SWOT analysis. Keep in mind that this activity should be done by someone that understands the business inside out. If you wish to use the services of an external consultant, it is best that you spend time with them to ensure that they understand how the business operates in practice. Any 'standard solution' should be approached with caution as each business is unique, thus often requiring a customised approach. When identifying risks, you should not only focus on the strategic or corporate level (i.e. top-down approach), but also at the level where the risk arises or has its most direct impact (bottom-up) [1].The latter is often neglected but you should be aware that almost every person within your business plays some role in the management of risks. It is therefore always important to involve all staff in order to capture information about risks and allow better decision making. overcome challenges You should also factor in all the potential risks that are applicable to your industry. However, industry-wide risks are not always a negative thing. With the correct approach and resources in place, these risks are usually opportunities for individual businesses that can successfully overcome the challenges. [1] Sadgrove, K, The Complete Guide To Business Risk Management, 2005. 6

5. Assessing Risk The process of assessing risk involves four steps: 1) Risk awareness Before risk management can occur, you need to recognise that risks exist within your business and that they can and should be managed. Further, it is good practice if you embed risk within the culture of your business. 2) Assess the risks Every type of risk should be approached differently and should have its own assessment format. For example, environmental risks such as fire involve physical audits, while strategic risks are more likely to involve research and analysis. It is recommended that you develop a standard methodology for assessing each type of risk. A thorough risk assessment usually includes measurement. This allows you to analyse trends, and to make decisions based on fact, not opinion. The next part of the process is to determine the priorities of each risk. This will allow you to allocate appropriate resources depending on the rankings of the risks. For example, if your business has had a history of high staff turnover, you may rank the risk of staff leaving unexpectedly high as opposed to the risk of a forest fire, which would be relatively low (depending on your location). higher risk exposure A common practice for many businesses is to limit their risk assessment to those risks which they know they can resolve or ones that they can afford to resolve. This is a dangerous strategy and almost defeats the purpose of risk management. When undertaking this task, you should not have any preconceptions about risk. No risks should be excluded simply because of a lack of resources or because you may feel that they cannot be solved. If you are unable to acknowledge that a risk exists when you clearly know it's there, you won't be doing yourself and your business any favours. In fact, you will be holding your business back from finding solutions to overcome the risk which consequently will result in higher risk exposure for your business. 7

3) Treat the risks Once all the risks have been identified and assessed, you should develop strategies to prevent them from occurring. Strategies include: Avoid: choosing not to accept the risk. Minimise, reduce or control: through means such as improved monitoring, or changing the process. Spread (also known as transferring or sharing risk): by diversifying, subcontracting, outsourcing, joint venture, hedging, or insurance. Accept: deciding that the risk is within agreed risk tolerances. 4) Monitor The final stage is to monitor risks. This includes regularly measuring the risk (to ensure that it remains within stated tolerances), and auditing (to ensure that the procedure is being followed). As part of the monitoring process, you should be looking at things such as: Trends that indicate a growing danger Data that shows variances from the norm, or is outside pre-set limits Key performance indicators One-off reports on new areas of risk Information from a range of sources Key findings from audits 8

6. The Risk Matrix Probability and severity are two important factors in measuring risk (these are also known as 'likelihood' and 'impact'). For example, businesses often suffer small problems frequently, and major problems rarely. As a general rule, the more severe the event, the less likely it is. Below is a diagram illustrating a typical 3x3 risk matrix. High severity Medium severity A comprehendsive Risk Analysis Matrix can be downloaded from the Government of Western Australia s website Low severity Low probability Medium probability High probability Utilising such a grid can assist you in prioritising your risk management programme. Risks should be prioritised in order from the top right of the grid to the bottom left. For example, if you have a highly probable risk that may potentially also have a high impact, it should be urgently addressed. If your business has only a few risks that lay in the bottom right-hand corner of the matrix, it may be more beneficial to spend resources on other things. However, if you have many of these bottom right-hand corner risks (low severity/high probability) it may all add up to a rather serious problem. impact of a risk Putting numbers to the matrix It is also useful to quantify the impact of a risk. By multiplying the probability by the severity, you can quantify the importance of the risk. To do this you need to make the analysis more sensitive, by using a 4 x 4 or a 10 x 10 grid. For example, in a 10x10 grid, a terrorist bombing might rate as 10 (probability 1 x severity 10), whereas the risk of flooding could be 54 (probability 6 x severity 9). When trying to quantify the impact of a risk, many people opt for the 10x10 matrix as it automatically produces a percentage, which many people are familiar with. 9

This guide has been provided to you as part of Fáilte Ireland s suite of guides and templates in the Business Tools resource. Please note that these resources are designed to provide guidance only. No responsibility for loss occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by Fáilte Ireland. State of New South Wales through NSW Trade & Investment The user shall not market, resell, distribute, retransmit, publish or otherwise commercially exploit in any form any of the content of this guide. Fáilte Ireland 88-95 Amiens Street Dublin 1 www.failteireland.ie BT-RM-C9-0913-4 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information