Table of Contents Hide
So far in this risk management series, we’ve gone through the processes, benefits, and steps to planning risk management in your business. Of course, the next logical move is to devise a strategy/strategies to help you cope with or eliminate the risks you’ve found, so you can keep track of them on a regular basis. Basically, this article will show you how to do just that with a couple of risk management strategy examples.
We’ll begin by looking at what a risk management strategy could look like and how to create one for your business. Then we’ll go over your options for coping with each risk, as well as how to choose the best strategy for you. Finally, we’ll look at how you can keep track of risk in your business and few examples of how you can update your risk management strategy as needed.
One of the most important things you can do for your business is creating a strong risk management strategy. Companies collapse all of the time, with others citing bad luck, the market, or other unexpected circumstances for their demise. Risk management entails anticipating as many of these negative incidents as possible, allowing you to weather the storms that would otherwise put your rivals out of business.
Of course, most risks can derail even the best-laid strategies, so taking risk management seriously can improve the chances of long-term success.
Well, let’s kick off already…
#A. Develop a Plan
Any company should have a risk management strategy in place. This is a step-by-step guide to putting one together.
Depending on your business’ needs, the format can be somewhat different. A risk management strategy for a big, complicated company could be hundreds of pages long, while a small company may only need a simple spreadsheet to cover the essentials.
However, there are a few things that must be included in every risk management strategy. They are as follows:
- a list of specific Risks
- a score for each risk based on its probability and severity
- an evaluation of current controls
- a strategy for intervention
Let’s take a look at each one of them separately. We may need to use a scorecard that summarizes these risks and their relative value.
It’s really very easy to put this to use. To get an overall risk score, simply multiply the two values together.
|Prominent client ABC Corp is late paying its invoice||5||2||10|
|Loss of power for more than 24 hours.||1||3||3|
|Our COO Vannessa leaves the company.||4||4||16|
|A new competitor undercuts the price of our main product.||2||5||10|
|Scathing product review from an influential magazine/website.||3||2||6|
Of course, the complete risk management strategy would include several more items, but this example at least highlights the an ideal format. In this scenario, I believe my main client will be late paying its invoice (5), but the effect will be minimal (2). It’ll be inconvenient, but I’ll be able to make ends meet thanks to the payments from other customers. As a result, 5 x 2 = 10, which is a medium risk score.
However, losing my Chief Operating Officer is a significant possibility. She has a wealth of advanced knowledge about the industry as well as key client connections. Therefore it would have a major effect if she went to a rival (4). It also gets a “4” for likelihood—perhaps she’s expressed dissatisfaction with her current role and is searching for a new challenge. As a result, 4 x 4 = 16, which is a high risk ranking. This is something we can concentrate on. We just need to add two more columns to our table to complete our risk management strategy.
Consider the first item on our table: “Key client ABC Corp is late paying the invoice.” Maybe you’ve already mitigated this danger by sending out automatic alerts when the invoice is approaching its due date, and assigning one of your employees to manually follow up with phone calls and emails. On the risk management strategy, you’d have those as existing controls.
The next step is to evaluate how successful those acts were. What is the current state of affairs? If, for example, your client almost always pays on time, your controls are accurate. However, if ABC Corp has already been late two or three times this year, the controls are insufficient. Again, a basic five-point scale/grading system may be used:
- extremely poor, or non-existent
- extremely strong
Finally, the step you intend to take to better handle the risk is detailed in the final section of your strategy. What will you do to either eliminate the chances of these incidents occurring or to lessen the effect if it does?
Since the final step is a little more complicated, we’ll go over it in greater depth in the next segment of this guide.
#B. Decide How to Handle Each Risk
So far, we’ve defined all of our company’s major threats, prioritized them based on probability and effects, and evaluated the efficacy of our current controls.
The next step is to determine what to do with each risk in order to better handle it. There are four major risk control techniques to consider:
- Avoid it.
- Accept it.
- Transfer it
- Reduce it.
Each approach has its own set of benefits and drawbacks, and you’ll to a large extent, almost certainly use all four.
You may need to eliminate a risk at times, but you may also want to reduce, move, or accept it at other times. Let’s take a look at what those words mean and how to choose the best classification for each of your company’s risks.
#1. Avoid the Risk
Most times a risk gets so serious that you just want to avoid it entirely. It could be by avoiding the activity or taking a completely different approach.
This technique has been ranked as the most efficient way of dealing with risks over the years. For instance, you minimize the risk of losing money by avoiding the operation responsible for potential problems.
On the other hand, the downside to this is that you’ll lose any benefits you may have received.
Often times risky activities have the capacity of paying off handsomely, providing tons benefits to your business. As a result, this technique should only be used as a last resort after you’ve exhausted all other options and discovered that the risk level remains too high.
#2. Reduce the Risk
If you don’t want to give up the operation entirely, one popular strategy is to reduce the risk involved. Take measures to reduce the likelihood of a negative outcome or to lessen the effect if one does occur.
In the case of our previous example, “key client ABC Corp is late paying its invoice,” we could reduce the likelihood by offering the client an incentive to pay its bills on time. Perhaps a 10% discount for paying early and a penalty for paying late. Dealing with late-paying customers can be difficult.
So, by arranging access to a short-term credit facility, we could reduce the impact in the same example. As a result, even if the client pays late, we will not run out of funds.
This is the most popular technique because it can be used to manage a wide variety of risks. It allows you to continue in your current trajectory, but with safeguards in place to make it less risky. You could literally generate revenues exponentially if you do it right. However, the downside is that if your safeguards are inadequate, and you’ll eventually suffer the loss you tried reducing in the first place.
#3. Transfer the Risk
From our daily lives, we’re all familiar with the idea of insurance, and the same is applicable in businesses, investments and companies. An insurance policy, for the most part, is essentially a liability transfer from one party to another in exchange for a premium.
When you buy a house, for example, you run the risk of suffering losses due to fire, robbery, and other incidents. As a result, you can purchase a home insurance policy and pass the liability to the insurer. If something goes wrong, the insurance company is responsible for the loss, and you pay a premium in exchange for that peace of mind.
In the same vein, when you own a business, you can also outsource many of your risks to an insurance provider. You literally protect yourself from lawsuits by insuring your property and vehicles, as well as taking out various types of liability insurance. It’s a good way to deal with risks and avoid what would have created a dent in the finances of your business.
#4. Accept the Risk
As we’ve seen, risk management comes at a price. Avoiding a risk means constricting your company’s activities and missing out on potential benefits. Reducing a risk can involve costly new systems or cumbersome processes and controls. And transferring a risk also has a cost, for example an insurance premium.
So in the case of minor risks, it may be simply best to accept them. There’s hardly any wisdom investing in a whole new suite of expensive software just to mitigate a risk that wouldn’t have had a very big impact anyway.
In other words, for risks that received a low score for impact and likelihood, you’d just need to look for a simple, low-cost solution. However, if you can’t find one, it wouldn’t be a bad idea if you simply accept the risk and move on with business as usual.
The advantage of accepting a risk is pretty clear: there’s no cost, and it frees up resources to focus on more serious risks. The downside is also clear: you get hit badly if you have no controls in place. It totally fine if the the impact and likelihood are minor. But ensure you’ve assessed those things correctly, so that you don’t get a nasty surprise.
#C. Keep an eye on things
It’s not enough to put steps in place; you need to verify if they’re working. This entails tracking your business’ progress on a regular basis to identify and address new risks.
The strategy you’ve been putting together is the starting point. You should now have a list of all the risks in your business, as well as an assessment of their probability and effect. It also includes a review of your current controls, and a strategy for coping with them.
The risk with a document like this is that you spend a lot of time writing it at first, but then never update it. A successful risk management strategy should be a living document that you refer to . Something you can update on a regular basis to represent new circumstances, new risks, and the efficacy of your actions.
Risk Management Strategy Examples
First and foremost, each action you describe should have a completion deadline and a primary point of contact. For example, with our late-paying customer, we could determine that Bridget, our salesperson, will be in charge of renegotiating payment terms with ABC Corp. This will help to establish incentives for prompt payment, and that this will be done by March 1st.
You’d switch it from the “actions” column to the “current controls” column once Bridget’s done. Then you’d evaluate how successful the new payment conditions are at minimizing risk over the next few months. However, if they don’t work, you may want to consider short-term financing. That should lessen the impact of late payments.
Alternative Risk Management Strategy Approach (Example)
If none of those work, you might want to consider other options. This means that if you’ve done anything and the client still doesn’t pay on time, you can either take the risk if the client’s business is extremely valuable to you, or you can go for the nuclear option and stop doing business with that client entirely.
As the threats shift and the responses to them have their own effect, the situation will continue to develop over time. Any of the controls you implement can reduce the chances of the client paying late, making it less of a hassle to deal with. Alternatively, you might take on so many other clients that ABC Corp. becomes a smaller percentage of your income, reducing the effect of late payment. All of this must be taken into account.
When it comes to updating the risk management strategy, there is no hard and fast procedure. Large firms have whole divisions devoted to full-time risk management, while small businesses would likely have less resources to commit to it. The trick is to commit to updating your schedule on a regular basis, whether it’s weekly, quarterly, or even annually.
Therefore, one of the safest options will be to make minor adjustments to individual items when they arise on a daily basis. Then do a more thorough analysis of the document on a less frequent but still regular basis.
Going back to the steps we discussed in earlier sections, brainstorming about all the risks your company faces, adding new things to the list, and rating them by importance are all part of the thorough analysis. Then repeat the process with your current threats, taking note of any improvements.
You’ll be in a better position to protect your company from many of the pitfalls that will come your way if you follow all of the steps outlined in this guide. This also includes those in our other posts.
You now have a detailed risk management strategy that describes all of the threats the company faces. And a strategy that also rates them based on their likelihood of occurrence and severity of effects.
You’ve assessed the efficacy of the controls you already have in place and devised a strategy for preventing, minimizing, shifting, or embracing the risk.
You’ve committed to tracking the progress of your efforts and reviewing the plan as needed. And finally your action plan has a clear timetable and a person in charge of putting it into action.
Congratulations on your achievement! You’re in a better position than a lot of other entrepreneurs. True, unforeseeable events can still occur, posing challenges, but you’ve done your best to prepare for potential dangers and protect yourself as much as possible.