Are you Prepared to take the Risk?

"David Balwin

David Balwin
CPA | Accountant | Business Advisor

“A good risk management plan with appropriate risk management strategies can minimise costly and stressful problems, and may also reduce insurance claims and premiums” (The Western Australian Small Business Development Corporation: BIZGuide-Insurance-Risk Management Plan – ).

The Western Australian Small Business Development Corporation discuss five steps to developing a risk management plan, being:

  1. Define the Risk Context- what are the circumstances in which the risk will occur
  2. Risk Identification – identify the risks that are likely to impact upon your business
  3. Risk Assessment – basically looks at the likelihood of the event occurring and what are the consequences if it does
  4. Risk Strategies – how do we manage/eliminate the risk
  5. Monitoring and Review – as risks change over time business’s need to continue to monitor and access risk on an ongoing basis.

So, what are we talking about when we refer to risks that can confront a business?  Here is list of the main types of risks but obviously it will vary between the various types of business.

  • Commercial
  • Legal
  • Financial
  • Health and Safety
  • Environmental
  • Reputation
  • Strategic
  • Operational
  • Service Delivery
  • Security
  • Equipment
  • Technology

OK, we get businesses have risks they have to manage, however how do we go about it?  By quickly developing a risk matrix that matches the business’s profile.

Start with the first column listing the risks down one side.  Next, post against each risk the likelihood of the event occurring and the significance of its consequences.

Describe the risk

What can happen?

How can it happen?

When can it happen?

Rate the likelihood

  • Very Likely
  • Likely
  • Unlikely
  • Very unlikely
Significance of consequence

  • Major
  • Serious
  • Minor
  • Insignificant
 Resulting level of risk

  • Low
  • Medium
  • High
  • Major
Describe how adequate current controls are

  • Over adequate
  • Adequate
  • Inadequate
  • Non-existent
Give it a risk priority

  1. Urgent Treatment required
  2. Treatment required
  3. Controls adequate (no new action)

The next step is then to determine what steps the business needs to take to mitigate the risk (ie. reduce the consequences when the risk actually occurs).  Examples of mitigating risks would include taking out insurances to cover certain risks, arranging a bank overdraft in advance to meet Cashflow shortages, backing up important data regularly and keeping copies offsite, providing ongoing training in service delivery or simply have a strategy in place that would protect vital equipment from flood or power failure.  The goal is to pro-actively manage the risk so that when events occur they are not unexpected but have already been thought of and a plan to deal with them developed and in place.

Even in the worst case scenario where the outcome is catastrophic if you have thought of it and have already made a decision as to what you would do in the circumstances then the stress associated with such an event may well be manageable or at least lessened by the fact you have already been through the thought process of how you would deal with the outcome.

Clearly risks change over time and need to be continually reviewed to ensure that your strategy does not become outdated.  An example of this could be the change in technology which is seeing more and more businesses move to cloud based systems where data is stored outside the organization’s system and the business is relying on the integrity of someone else’s system.

If you follow the basic steps outlined in this blog you are on the way to ensuring that no nasty surprises will be sprung on your business.

If you have any questions or not confident to develop processes yourself talk to us at Balanix Solutions –  we can help develop an appropriate strategy for your business.