“Article as appeared in the September edition of Western Sydney Business Access…..”
SMEs are exposed to risks all the time. Some are risks that are imposed upon them whilst some are risks that they choose take. Such risks can directly affect their day-to-day operations, or their impact may be serious enough for the business to fail.
Do a Google search of the term “risk management for business” and the number and variety of returned results is mind boggling. It is information overload. Maybe this is why it is often overlooked.
Most business owners know that they can take out insurance policies to cover many of their business’ risks. However, there are many other risks that are either ignored or missed due to incomplete and ineffective risk management processes.
Risk management starts by identifying possible threats and events and then implements processes to minimise or negate them.
Effective risk management should reduce the chance that a particular event will take place and, if it does take place, sound risk management should reduce its impact.
As a side note, risk management is also used to assess and exploit opportunities that may present themselves to SMEs, but this is not the focus of this article.
Below are typical risk areas for SMEs. This is not an exhaustive list of all risks a business may face, rather it helps to explain the risk management process with some common examples.
– Customers. Does the majority of your business’ income come from a single major customer or a group of major customers? If so, a loss of one or more of these customers could result in a large drop in profit and cashflow in the short term.
Here, businesses should look to either lock in major customers to long term contracts, or try to spread the risk by finding new customers or develop existing smaller customers.
– Suppliers. Is your business dependent on one major supplier or a small number of suppliers? What would happen if one of these suppliers was unable to supply a crucial product or service to you which in turn forms part of your own product or service mix?
Much like customer risk, businesses should look to lock in suppliers to long term contracts, but also businesses should find alternative suppliers that could be used if needed.
– Staff. Not only can disruption from staff turnover affect profit and cashflow, for some risks there can be legal or regulatory consequences which can impact on your business.
Does your business rely upon key staff in key areas? If so ensure there is a backup person able to perform the each role. Is your industry plagued by high staff turnover? Make sure that you have quality recruitment procedures.
Do any of your staff hold key relationships with large customers? Ensure staff sign confidentiality agreements as well as reasonable restraint of trade agreements.
Do your staff face OH&S issues as part of their daily work routine? Make sure appropriate OH&S policies are implemented and followed.
– Information Technology. Have you undertaken an assessment of what would happen if your IT system went down or if your data was lost? Also what threats does the internet, if used, pose security wise to your business?
Businesses must have a back up of their data but also a ‘back up’ plan for when the IT system goes down to ensure trading can continue. Internet security measures must be in place, like firewalls and Private Networks as well as physical security for its servers and hardware.
– Internal Controls. For many businesses a lack of controls internally can expose businesses and their owners to theft and fraud from within. This risk is one of the most common as well as one of the most damaging.
Controls to protect against employee theft is often as simple as ensuring there is appropriate separation of duties. Unfortunately, employee fraud conducted by two or more individuals is harder to stop, but with effective controls the risk of this occurring can be reduced.
Other obvious risk areas that need attention and prevention/mitigation policies prepared for are; Financial risk, Competitor risk, Economy risk, Location risk, Succession risk, Reputation risk just to name a few.
Risk management is often undertaken on an ad-hoc and reactive basis, but as always, prevention is better than cure. Because business planning centres around the risks faced by businesses it makes sense that risk management forms an integral part of a business’ strategic plan.