A risk is something uncertain – it may happen or not, but if it does, it will have an effect on your objectives. Risk management is any activity taken to identify and then control risk.
Good risk management is fundamental to effective business decision making. It maximises the probability of failure from threats and increases the likelihood of success from opportunities.
So, risk and reward are intrinsically linked. The best way to fail is never to take any risks.
Too many organisations mistakenly focus on the risk that’s been in the news this month, instead of being guided by their own key processes and strategic objectives.
Instead, you should take a holistic joined-up approach.
Key types of risk
Every organisation faces a range of risks, depending on its activities, but the following ‘top twelve’ covers the major areas you should consider:
- Business strategy – risks to your key objectives from inside and outside the organisation;
- Core processes – many an organisation has failed when its core processes have failed, so these should be given particular attention, and should also feature highly in your business continuity plan;
- Competition and markets – threats from product substitution and competition, and marketplace trends. We’ve all heard stories of a company failing because they didn’t take competition seriously. Blockbuster Video didn’t see Netflix as a competitor, and they failed because of it;
- Products – understanding your major clients, your supply chain and key relationships;
- Property – and key plant. Ensure you have appropriate ‘asset management’ in place, and that assets are appropriately secured and maintained;
- People – not just occupational health and safety, but ensuring that you have secured the skills of your ‘key workers’. The failure to recruit and retain talented and skilled people is a huge risk, especially in fast-moving industries;
- Financial – what would happen if your biggest client disappeared tomorrow? The key risks are often profitability and cash flow, but you should also ensure you have adequate capital funding, and that financial procedures are sound;
- Regulation and governance – ensuring you understand and meet all your legal obligations, in every territory you operate in;
- Technology, systems and data – protecting not just your systems and hardware, but ensuring you are secured against cyber risk and data theft as well. Also, keeping up with new technology trends, so consumers can access you how and where they want to;
- Change management – ensuring project risk is properly considered and managed from the outset, whether it be for a construction, technology or business change initiative;
- Culture – underpins the success of most organisations, and is arguably the foundation of every organisation’s success or failure. The ability to change direction quickly is increasingly a core skill in every industry;
- Reputation – reputations move at the speed of social media. It takes far less time to destroy a reputation than to build one. How will you manage the risk of losing your good reputation?
Why is Risk Management important to me?
Business has always involved risk, but in recent years, things have reached a whole new level. Never has risk been so unrelenting, immediate, diverse or potentially devastating. Indeed, hardly a day goes by without front-page headlines about an organisation that has failed to manage risk in one area or another.
And this isn’t just for large businesses – according to Bloomberg, 8 out of 10 entrepreneurs who start businesses fail within their first 18 months. Governments, public authorities and charities too have had their fair share of risk scandals too, some never recovering from them.
Risks change, so do consider them systematically and regularly. This doesn’t mean just once a year. For fast moving projects, you might need to review risks on a weekly basis. Also, do check that actions you are taking to mitigate risk are effective – has the risk changed, and do you need to stop what you’re doing and do something else instead?
Risk impacts us all, and not taking any risk is the biggest risk of all. Therefore, every organisation should consider carefully the right amount of risk, or risk appetite, to take.