Ever thought about what could possibly go wrong in your business?
If you are like most business owners you may very well be thinking that there aren’t enough hours in the day to deal with what actually needs to be addressed already without creating more potential headaches!
Nevertheless, putting some time aside each month to consider potential problems can be of tremendous benefit and may well save you a lot of time and cost in the long run.
The reason for this is that if a problem happens that you had not had not anticipated, chances are that it will occur right when you are already busy.
The temptation then may well be to come up with a short-term fix just to simply get it off your plate as quickly as possible.
The problem is that these interim remedial solutions can often backfire since not considering all the implications may cause unwanted effects elsewhere, whereas a bit of time spent when things are less busy may enable a more rounded and ultimately better solution.
Another reason that risk management may not be undertaken is that it can all seem “too hard” and hence gets placed in that well-known bucket whereas the truth is that this is quite easy to do and simple to maintain. Here is how to do it.
The first thing to do is to create a ‘Risk Register’.
You simply succinctly define each identified risk (somewhere between 4 and 10 risks are usually enough) and associate a numeric ‘ID’ (identifier) with each.
For each risk, you then determine the likelihood that it will occur (where 1=’highly unlikely’ and 10=’extremely likely’), and then if it were to happen, what would be the impact (next column) where 1=’very low impact’ and 10=’catastrophic’. These two values are then multiplied together and the result put in the ‘Risk Result’ column.
Obviously, the higher the Risk Result, the more notice you need to take of it.
Once all risks have been identified, you rank these where 1=’most serious’, 2=’next most serious’ and so on so that an ordered list of risks can be created. In the above example Risk C is clearly the one that will need most watching!
Once all the risks have been identified, create another table for all the risks that contains a column for ‘Mitigation Strategy’ (i.e. the things you will do to prevent the risk from materializing) and another column for ‘Contingency’ which are the actions you would take if the risk did actually occur. You then simply consider these factors for each of the defined risks and as appropriate undertake some preventative measures. In practice, you won’t necessarily need to mitigate every single risk, perhaps just the most important ones which you can assess using your derived risk ranking.
This table can then be reviewed on a regular basis (say monthly or quarterly) so that the risks and their associated ‘Likelihood’ and ‘Impact’ values continue to be reassessed.
This may then shift the ranking in the risk Register. It may well be that some of the risks go away over time and new ones will become apparent and should then be included into both tables. Keeping such a table up to date and accurate will provide many benefits and is part of good business practice.
Ian Ash ACC, AInstIB
Managing Director
OrgMent Business Solutions – www.ombs.com.au