Effective risk management strategies
So far in this risk management series, we’ve covered the main types of risk a business can face and how to measure risk in your business.
The next logical step, of course, is to develop a plan for dealing with each risk you identify so that you can manage risk on an ongoing basis. You will learn how to do it in this tutorial.
We’ll start with what a risk management plan might look like, and how you can put it together for your business. We then look at the options you have when considering each individual risk and how you can decide which strategy to use. And finally, we will see how you can control the risk in your business on a regular basis and update your plan as needed.
Putting together a solid risk management plan is one of the most important things you can do for your business. Companies fail all the time, sometimes blaming failure, “the economy” or other unforeseen circumstances. Risk management is all about being prepared for as many of these adverse events as possible so you can weather the storms that force your competitors to leave.
Disaster can certainly still ruin the best plans, but taking risk management seriously will certainly increase your chances of long-term success. So, let’s begin.
1. Make a plan
Every business should have a clear risk management plan. Here is a guide to creating it.
The format can vary greatly depending on your company’s needs. A risk management plan for a large and complex business can easily fit into hundreds of pages, while a small business can just have a small spreadsheet focused on key metrics.
However, there are a few important items that need to be included in a risk management plan. Here they are:
- List of individual risks
- Rating each risk based on likelihood and impact
- Assessment of current control
- Action plan
Let’s look at each of them in turn. If you’ve been following the series, you’ll notice that we’ve already covered the first two elements in the last tutorial. So, we already have a good start on our plan. Here is an example table that we collected last time:
|Key customer XYZ Corp is late on bill payment.||5||2||ten|
|Loss of power for more than 24 hours.||one||3||3|
|Our CEO Janet is leaving the company.||four||four||16|
|A new competitor undercuts the price of our core product.||2||5||ten|
|A scathing product review from an influential magazine/website.||3||2||6|
Of course, your full plan will have many more elements, but this example at least illustrates the format. You can refer to another tutorial for more information on what each score means.
So to complete our risk management plan, we just need to add two more columns to our spreadsheet.
The first new column is the current control score. For each identified risk, what are you currently doing to manage that risk and how effective is it?
For example, let’s look at the first element of our table: “Customer-customer XYZ is late in paying an invoice.” You may already be controlling this risk by sending automatic reminders, in the form of an invoice closer to its due date, and having one of your employees in charge of handling phone calls and emails individually. You would list these as existing controls in your risk management plan.
Therefore, the next step is to consider the effectiveness of these actions. How well are things working right now? If your client almost always pays on time, for example, then your controls are effective. But if XYZ Corp is late on payments two or three times already this year, control is inadequate. Again, you can use a simple five-point scale:
- Very inadequate or nonexistent
- Very strong
The last element of your plan then describes the actions you plan to take to manage risk more effectively. What could you do to reduce the chance of this event or minimize its impact when it happens?
This last point is a bit trickier, so we’ll cover it in more detail in the next section of this tutorial.