How to manage risks in a small business?

Size doesn’t matter

Small businesses are not exempt from risks, their size doesn't stop them from having to manage the probability of an impact which could have devastating consequences on their operations. And in the current climate the endangerment of such risks is even higher than under normal circumstances. This means that whilst the economical repercussions of the pandemic are still very much a reality any potential risks should therefore be closely investigated and managed in accordance with their perceived severity.

But planning and forecasting for such events is difficult especially when the outcome is so unclear. Not even a crystal ball could have foreseen a medical emergency of the likes of COVID, nor could it seem realistic that this would remain a threat two years on.

Good risk management practices are a lifeline for large, scaled corporates who set aside sizeable portions of their resource budget hiring specialist staff to perform the function. They invest in technology designed to automate the process making it quicker and easier to scientifically predict areas of weakness, eradicating threats with costly solutions.

But how can small business owners attempt to manage such risks without any experience or the necessary capital?

3 easy steps

Entrepreneurs are no strangers to performing functions for which they have no experience. Most learn on the job whilst managing and juggling different areas of complexities such as IT, accountancy, and bookkeeping. Some quickly wise up to the fact that doing it all becomes a hindrance realising it takes too much time and therefore choose to offset the cost outsourcing to specialists. However, risk management is one of those misunderstood areas that gets overlooked and detrimentally ignored.

But by applying 3 simple steps even small business owners can set up a risk process one capable of identifying, analysing, evaluating, and treating possible dangers.

Step 1: Risk register identification

A starting point is to log and record any risks in a register. Whilst there are many apps and platforms to assist with this process a simple excel spreadsheet will also do the job. In the first tranche write down all potential risks you know to be affecting your business.

You will need to include the following headings:

1. Identification number
2. Date the risk was raised
3. Name of the risk
4. A short description
5. Name of the person responsible
6. Open or closed status

Risks at this stage could relate to resources, supply chains, clients, technology, cyber security, money, time, and operations. Once this is complete begin to envisage any other 'unknowns'. This unfortunately is the difficult part requiring a lot of thought trying to foresee and account for events which haven’t yet happened. Areas may relate to the economy, social, geographical, or even force majeure. Ones which may be virtually impossible to envisage and instead feel more like a finger in the air. However, as time goes by you will become more confident and this will get easier. Even the hardened and skilled risk veterans wouldn’t have included the pandemic.

Step 2: Likelihood and Impact

The next step is vital in determining the likelihood and assessing the impact against operations. A simple technique is to use a traffic light system giving each risk a visual representation by colour:-

Green = low
Amber = medium
Red = high

By assigning this commonly used method it becomes instantly recognisable which risks will require your immediate attention. If you want to delve further into the classification process you can use an in-depth numerical system ensuring you have a ledger which explains their relevance.

Step 3: Mitigation and contingency

Most small businesses are willing and able to do steps 1 & 2 but then fail to complete this crucial step. Without this the risk register is nothing more than a catalogue of issues. To proceed you need to understand the differences between mitigation and contingency.

Mitigation - is a plan of action that will stop the risk from occurring.
Contingency – an implemented plan of action which endeavours to reduce the impact after the risk has occurred.

Mitigation is obviously the first level of protection, a preventative measure that can be executed in advance to stop the risk from happening. Whereas contingency plans are viewed as emergency measures implemented after the risk has occurred and is governed to reduce the effects.

Conclusion

The practice of risk management is a necessity for any business of any size. It doesn't need to be a costly exercise, but it must be organised and maintained. Failure to comply to even the most basic system is a risk to the company and might be the first item on your register.

One thing we can takeaway from the last two years is that nothing is too minor or too foolish to be included. In fact, it's often the seemingly absurd that trips us up and turns into an operational nightmare. Safeguard your company by applying these simple steps the cost of ignoring the principle of risk management could create an even bigger problem one which could have been easily prevented.