The first step in risk management is to look closely at your business and identify potential risks. Until you know the scope of all possible risks, you cannot develop a realistic, cost-effective strategy for dealing with them. The aim of this stage of risk management is to create a database of risks relevant to your particular business.
Types of risk
There are many different types of risk. The Australian standard (AS/NZS ISO 31000:2009, Risk management) defines risk as 'the chance of something happening that will have an impact on objectives'. The types of risk you face will therefore be specific to your business and its objectives, but will generally relate to the following areas.
These risks include both external risks, such as changes in interest rates or commodity prices, and internal risks such as cash flow shortages, customers defaulting on payments, depreciation of assets.
Operational and environmental risks
These risks include contractual breaches and non-compliance with regulations such as changes to work health and safety standards.
These risks relate to your business strategies such as changes in customer demand, increased competition, adopting new technology and pursuing new business opportunities.
Privacy and information risks
These risks relate to non-compliance with state and national privacy laws on recording, storing and disposing of customer information.
Ways of identifying risk
These methods will help you identify risks that are relevant to your particular business:
- Thoroughly review your business plan and ask as many 'what if?' questions as you can.
- Brainstorm with your accountant, financial adviser, staff and other interested parties. Get as many different perspectives as you can.
- Analyse a wide range of possible future events and their outcomes (scenario analysis). Analyse economic, political, legislative and operating scenarios.
- Use flow charts, checklists and inspections to break down and analyse your work procedures (systems analysis).
For any method, always ask these questions:
- When, where, why, and how are risks likely to occur in this business?
- Are the risks internal, external or random?
- Who might be involved or affected if this occurs?
Once you've identified risks, you'll need to analyse their likelihood and consequences and then come up with options for managing them.
- Learn more about identifying business risk.
- Find out more about protecting privacy and information.
- Learn how you can use the PPRR risk management model to identify and address risks.
- Read Risk management - procedures and guidelines (Standards Australia AS/NZS ISO 31000:2009) for an excellent resource on risk management.
- Learn more about working with business advisers.