What factors should be considered when identifying risks?

The first step in preparing a risk management plan is to identify potential risks to your business. Understanding the scope of possible risks will help you develop realistic, cost-effective strategies for dealing with them.

It's important that you think broadly when considering types of risks for your business, rather than just looking at obvious concerns (e.g. fire, theft, market competition).

Assessing your business

Before you begin identifying risks, you need to assess your business. Think about your critical business activities, including your key services, resources and staff, and things that could affect them, such as power failures, natural disaster and illness. Assessing your business will help you work out which aspects you couldn't operate without.

Ways of identifying risk

Once you have a clear picture of your business, you can begin to identify the risks. Review your business plan and think about what you couldn't do without, and what type of incidents could impact on these areas. Ask yourself:

• when, where, why and how are risks likely to happen in your business?
• are the risks internal or external?
• who might be involved or affected if an incident happens?
• what threats are outside my control but will still have a major impact on my business?

The following are some useful techniques for identifying risks.

Ask 'what if?' questions

Thoroughly review your business plan and ask as many 'what if?' questions as you can. Ask yourself what if:

• you lost power supply?
• you had no access to the internet?
• key documents were destroyed?
• someone got injured at your business?
• your premises was damaged or you were unable to access it?
• one of your best staff members quit?
• your suppliers went out of business?
• the area your business is in suffered from a natural disaster?
• the services you need, such as roads and communications, were closed?

Brainstorm

Brainstorming with different people, such as your accountant, financial adviser, staff, suppliers and other interested parties, will help you get many different perspectives on risks to your business.

Analyse other events

Think about other events that have, or could have, affected your business. What were the outcomes of those events? Could they happen again? Think about what possible future events could affect your business. Analyse the scenarios that might lead to an event and what the outcome could be. This will help you identify risks that might be external to your business.

Assess your processes

Use flow charts, checklists and inspections to assess your work processes. Identify each step in your processes and think about the associated risks. Ask yourself what could prevent each step from happening and how that would affect the rest of the process.

Consider the worst case scenario

Thinking about the worst things that could happen to your business can help you deal with smaller risks. The worst case scenario could be the result of several risks happening at once. For example, someone running a restaurant could lose power, which could then cause the food to spoil. If the restaurant owner was unaware of the power outage or the chef decided to serve the food anyway, customers could get food poisoning and the restaurant could be liable and suffer from financial losses and negative publicity.

Once you've identified risks relating to your business, you'll need to analyse their likelihood and consequences and then come up with options for managing them.

Also consider...

• Find out more about work health and safety risk management.
• Read about surviving an economic downturn.
• Find out about managing hazardous chemicals in the workplace.
• Consider purchasing Risk management – guidelines (Standards Australia AS ISO 31000:2018).
• Learn how to use the PPRR risk management model.

Running a business comes with many types of risk. Some of these potential hazards can destroy a business, while others can cause serious damage that is costly and time-consuming to repair. Despite the risks implicit in doing business, CEOs and risk management officers can anticipate and prepare, regardless of the size of their business.

Identifying Risks

If and when a risk becomes a reality, a well-prepared business can minimize the impact on earnings, lost time and productivity, and negative impact on customers. For startups and established businesses, the ability to identify risks is a key part of strategic business planning. Risks are identified through a number of ways. Strategies to identify these risks rely on comprehensively analyzing a company's specific business activities. Most organizations face preventable, strategic and external threats that can be managed through acceptance, transfer, reduction, or elimination.

A risk management consultant can help a business determine which risks should be covered by insurance.

Below are the main types of risks that companies face:

Physical Risks

Building risks are the most common type of physical risk. Think fires or explosions. To manage building risk, and the risk to employees, it is important that organizations do the following:

• Make sure all employees know the exact street address of the building to give to a 911 operator in case of emergency.
• Make sure all employees know the location of all exits.
• Install fire alarms and smoke detectors.
• Install a sprinkler system to provide additional protection to the physical plant, equipment, documents and, of course, personnel.
• Inform all employees that in the event of emergency their personal safety takes priority over everything else. Employees should be instructed to leave the building and abandon all work-associated documents, equipment and/or products.

Business Risk

Hazardous material risk is present where spills or accidents are possible. The risk from hazardous materials can include:

• Acid
• Gas
• Toxic fumes
• Toxic dust or filings
• Poisonous liquids or waste

Fire department hazardous material units are prepared to handle these types of disasters. People who work with these materials, however, should be properly equipped and trained to handle them safely.

Organizations should create a plan to handle the immediate effects of these risks. Government agencies and local fire departments provide information to prevent these accidents. Such agencies can also provide advice on how to control them and minimize their damage if they occur.

Key Takeaways

• Some risks have the potential to destroy a business or at least cause serious damage that can be costly to repair.
• Organizations should identify which risks pose a threat to their operations.
• Potential threats include location hazards such as fires and storm damage, alcohol and drug abuse among personnel, technology risks such as power outages, and strategic risks such as investment in research and development.
• A risk management consultant can recommend a strategy including staff training, safety checks, equipment and space maintenance, and necessary insurance policies.

Location Risks

Among the location hazards facing a business are nearby fires, storm damage, floods, hurricanes or tornados, earthquakes, and other natural disasters. Employees should be familiar with the streets leading in and out of the neighborhood on all sides of the place of business. Individuals should keep sufficient fuel in their vehicles to drive out of and away from the area. Liability or property and casualty insurance are often used to transfer the financial burden of location risks to a third-party or a business insurance company.

Human Risks

Alcohol and drug abuse are major risks to personnel in the workforce. Employees suffering from alcohol or drug abuse should be urged to seek treatment, counseling, and rehabilitation if necessary. Some insurance policies may provide partial coverage for the cost of treatment.

Protection against embezzlement, theft and fraud may be difficult, but these are common crimes in the workplace. A system of double-signature requirements for checks, invoices, and payables verification can help prevent embezzlement and fraud. Stringent accounting procedures may discover embezzlement or fraud. A thorough background check before hiring personnel can uncover previous offenses in an applicant's past. While this may not be grounds for refusing to hire an applicant, it would help HR to avoid placing a new hire in a critical position where the employee is open to temptation.

Illness or injury among the workforce is a potential problem. To prevent loss of productivity, assign and train backup personnel to handle the work of critical employees when they are absent due to a health-related concern.

Technology Risks

A power outage is perhaps the most common technology risk. Auxiliary gas-driven power generators are a reliable back-up system to provide electricity for lighting and other functions. Manufacturing plants use several large auxiliary generators to keep a factory operational until utility power is restored.

Computers may be kept up and running with high-performance back-up batteries. Power surges may occur during a lightning storm (or randomly), so organizations should furnish critical business systems with surge-protection devices to avoid loss of documents and destruction of equipment. Establish offline and online data back-up systems to protect critical documents.

Although telephone and communications failure are relatively uncommon, risk managers may consider providing emergency-use company cell phones to personnel whose use of the phone or internet is critical to their business.

Strategic Risks

Strategy risks are not altogether undesirable. Financial institutions such as banks or credit unions take on strategy risk when lending to consumers, while pharmaceutical companies are exposed to strategy risk through research and development for a new drug. Each of these strategy-related risks is inherent in an organization's business objectives. When structured efficiently, the acceptance of strategy risks can create highly profitable operations.

Companies exposed to substantial strategy risk can mitigate the potential for negative consequences by creating and maintaining infrastructures that support high-risk projects. A system established to control the financial hardship that occurs when a risky venture fails often includes diversification of current projects, healthy cash flow, or the ability to finance new projects in an affordable way, and a comprehensive process to review and analyze potential ventures based on future return on investment.

Making a Risk Assessment

After the risks have been identified, they must be prioritized in accordance with an assessment of their probability.

Establish a probability scale for the purposes of risk assessment.

For example, risks may:

1. Be very likely to occur
2. Have some chance of occurring
3. Have a small chance of occurring
4. Have very little chance of occurring

Other risks must be prioritized and managed in accordance with their likelihood of occurring. Actuarial tables—statistical analysis of the probability of any risk occurring and the potential financial damage ensuing from the occurrence of those risks—may be accessed online and can provide guidance in prioritizing risk.

Insuring Against Risks

Insurance is a principle safeguard in managing risk, and many risks are insurable. Fire insurance is a necessity for any business that occupies a physical space, whether owned outright or rented, and should be a top priority. Product liability insurance, as an obvious example, is not necessary for a service business.

Some risks are an inarguably high priority, for example, the risk of fraud or embezzlement where employees handle money or perform accounting duties in accounts payable and receivable. Specialized insurance companies will underwrite a cash bond to provide financial coverage in the event of embezzlement, theft or fraud.

When insuring against potential risks, never assume a best-case scenario. Even if employees have worked for years with no problems and their service has been exemplary, insurance against employee error may be a necessity. The extent of insurance coverage against injury will depend on the nature of your business. A heavy manufacturing plant will, of course, require more extensive coverage for employees. Product liability insurance is also a necessity in this context.

If a business relies heavily on computerized data—customer lists and accounting data, for example—exterior backup and insurance coverage is necessary. Finally, hiring a risk management consultant may be a prudent step in the prevention and management of risks.

Risk Prevention

The best risk insurance is prevention. Preventing the many risks from occurring in your business is best achieved through employee training, background checks, safety checks, equipment maintenance and maintenance of the physical premises. A single, accountable staff member with managerial authority should be appointed to handle risk management responsibilities. A risk management committee may also be formed with members assigned specific tasks with a requirement to report to the risk manager.

The risk manager, in conjunction with a committee, should formulate plans for emergency situations such as:

• Fire
• Explosion
• Hazardous materials accidents or the occurrence of other emergencies

Employees must know what to do and where to exit the building or office space in an emergency. A plan for the safety inspection of the physical premises and equipment should be developed and implemented regularly including the training and education of personnel when necessary. A periodic, stringent review of all potential risks should be conducted. Any problems should be immediately addressed. Insurance coverage should also be periodically reviewed and upgraded or downgraded as needed.

Prevention is the best insurance against risk. Employee training, background checks, safety checks, equipment maintenance, and maintenance of physical premises are all crucial risk management strategies for any business.

The Bottom Line

While business risks abound and their consequences can be destructive, there are ways and means to ensure against them, to prevent them, and to minimize their damage, if and when they occur. Finally, hiring a risk management consultant may be a worthwhile step in the prevention and management of risks.

What are the factors of identifying risk?

What are the 3 factors that need to be considered in a risk analysis?

What are 5 main activities of risk identification?