Identifying risks

The first step in risk management is to look closely at your business and identify potential risks. Until you know the scope of all possible risks, you cannot develop a realistic, cost-effective strategy for dealing with them. The aim of this stage of risk management is to create a database of risks relevant to your particular business.

Types of risk

There are many different types of risk. The Australian standard (AS ISO 31000:2018, Risk management) defines risk as 'effect of uncertainty on objectives'. The types of risk you face will therefore be specific to your business and its objectives, but will generally relate to the following areas.

Financial risks

These risks include both external risks, such as changes in interest rates or commodity prices, and internal risks such as cash flow shortages, customers defaulting on payments, depreciation of assets, retail lease and contract disputes.

Operational and environmental risks

These risks cover a range of environmental, human, systems and procedural impacts such as illness or retirement of key staff, equipment breakdown, pandemic, natural disasters, and software failures.

Legal risks

These risks include contractual breaches and non-compliance with regulations such as changes to work health and safety standards.

Strategic risks

These risks relate to your business strategies such as changes in customer demand, increased competition, adopting new technology and pursuing new business opportunities.

Privacy and information risks

These risks relate to non-compliance with state and national privacy laws on recording, storing and disposing of customer information.

Ways of identifying risk

These methods will help you identify risks that are relevant to your particular business:

  • Thoroughly review your business plan and ask as many 'what if?' questions as you can.
  • Brainstorm with your accountant, financial adviser, staff and other interested parties. Get as many different perspectives as you can.
  • Analyse a wide range of possible future events and their outcomes (scenario analysis). Analyse economic, political, legislative and operating scenarios.
  • Use flow charts, checklists and inspections to break down and analyse your work procedures (systems analysis).

For any method, always ask these questions:

  • When, where, why, and how are risks likely to occur in this business?
  • Are the risks internal, external or random?
  • Who might be involved or affected if this occurs?

Once you've identified risks, you'll need to analyse their likelihood and consequences and then come up with options for managing them.

Also consider...