‘The best-laid schemes o’ mice an’ men, gang aft agley.’ Or, as Robert Burns might have written in more standard English, ‘often go awry’.
The poet neatly summarises the central idea of risk management: we know that things will go wrong, but not precisely what or when. The discipline is to identify in advance the major types of event which could stop you reaching your objectives and to take appropriate action. This may mean acting now or planning for future action should the risk crystallise.
Action now could be as simple as taking out insurance or backing up your data on the cloud. Future planning could be thinking through how to provide alternative facilities if your premises are damaged or inaccessible and distributing a guide for “what we do if” to all staff.
Any small company has plenty of risks, but it also has other calls on its limited resources. It needs to do enough to identify and put some structure about its major risks, but not to overcomplicate things. The goal should be not ‘risk free’ but ‘reasonably risky’, where ‘reasonably’ means as understood and approved by the management and/or board.
7 things you should do to manage risk
In slightly more detail, this becomes:
- Identifying risks (possible events which would stop you achieving your objective)
- Assessing them by likelihood and impact
- Ignoring the trivial to let you concentrate on the vital
- Where appropriate taking mitigating action in advance – eg taking references before extending credit, or using checklists to reduce the chance of things going wrong
- Creating plans to cope with identified risks if they should materialise
- Monitoring risks and taking timely action as appropriate
- Reviewing the process at least twice a year at your board.
The last step is key, because it is what will ensure you do the other steps effectively. As with all processes, this will work only if individuals are assigned clear responsibility. This generally means that there should be one person responsible for each risk and one person responsible for managing the overall process; the latter should maintain a structured list of risks and mitigation and receive and investigate reports of all “risk events” as they happen.
Done properly, risk management is applied common sense: reasonable effort up front to avoid potential crises and disasters. Tectona would be pleased to discuss with you how best to implement an appropriate risk management structure in your company.
This blog has been written by Bernard Manson, Client Finance Director with Tectona.
To find out more about about risk management or if you would like to discuss any of the topics covered above further with Tectona Partnership, please contact Mark Nicholls on 07818 407061.