Is your business safe without a risk management plan?
“The management of risk is often seen as a compliance issue by business owners (do what the law requires) whereas, in reality, it is a fundamental business management issue (do what best practice requires)”, says Rajes Selvanathan from Protecht. A well prepared risk management plan is important to identify potential risks to your business, to quantify their individual importance and their likely impact on your business, and to develop a strategy to deal with specific risks to your business in an appropriate manner.

There are a few essential steps every business needs to undertake in order to develop a risk management plan. 
The first step is to identify the main risks your business faces in achieving its objectives. These will be legal obligations such as providing the correct safeguards to ensure your business meets all the health and safety standards required by law; or maintaining appropriate operating licences. Financial risks relating to embezzlement, fraud or credit default should also be considered.

They will also include operational risks affecting people, processes and systems such as supply chain disruption, loss of, or damage to, equipment or documents, loss of power supply or key staff, and even natural disasters.

They may include reputation risks which can be caused by illegal acts committed by your management or staff, false advertising claims, or any activity that could affect your good name.

All these areas of risk and more need to be carefully considered and itemised as the first step in your risk management plan. It is often helpful when developing a “risk register” to canvass the input of other people who will have valuable insights on your potential risks such as your directors, senior management and /or your legal advisor/accountant.

The next step in your plan development is to analyse the probability of each risk you have identified. Obviously, some risks have a very high level of probability of occurring and others have very little chance of occurring. You should classify each risk identified on a scale that is meaningful and relevant to your business. For example using terms such as “very unlikely” or “very likely” may have different interpretations to different people or business units within an organisation. Being more specific by using descriptors such as “once a day” or “once every 10 years” can convey better meaning when doing the probability analysis.

Equally important is to assess the actual impact each risk may have on your business objectives should they occur. The impact of each risk on your business should be classified again using terms that are meaningful and relevant to your business and the type of risk being evaluated. For example, using a statement relating to financial impact may not be relevant when assessing health and safety risks where the impact could be as severe as loss of life.. Armed with this information, you then need to assess which risks are outside of your comfort zone (also known as your risk appetite) and therefore demand immediate attention and which risks can be regarded as minor or tolerable and therefore not in need of current corrective action.

The next step in your risk management plan development is to consider and act upon the treatment of those risks which are outside of your risk appetite and could severely affect achievement of your business objectives. Some questions which need to be addressed in this process are: Which method of treatment is most appropriate for each risk? Which risks are to be covered by insurance, which risks can be mitigated by implementing control procedures to reduce the likelihood of occurring and/or the impact if it does occur? What costs will be incurred by each treatment? Who will be ultimately responsible for each treatment? What are the projected benefits for each treatment? How can the anticipated success of each treatment be assessed and how can it be measured? 
Find out about Risk Management training opportunities here.

For further information, please contact: Rajes Selvanathan
ASIC Report Whitepaper: A Regulatory Spotlight on Non-Financial Risk

A Regulatory Spotlight on Non-Financial Risk

Download Now

Related Articles

feature image
Risk Management Operational Risk Risk Professionals

Non-Financial Risk – Why the big focus?

The latest focus in risk management seems to be "Non-Financial Risk". Search for "Non-Financial Risk" on Google and you will be returned everything...
Read more
feature image
Compliance Management Protecht News & Events Risk Management Risk Reporting Videos Compliance Professionals

Modern Slavery - Being Prepared

Do you know what the Modern Slavery Act is and how it will impact your business? We had the opportunity to have Associate Professor Justine Nolan...
Read more
feature image
Risk Culture Risk Management Videos

Difficulties in Engaging Staff in Risk Management: Making Risk Management Real

This is part 2 of our video series on "Difficulties in Engaging Staff in Risk Management". David Tattam provides an example of how you can make risk...
Read more