Many people think that risk management is only for large corporations. This is not correct! Risk management is a NECESSITY FOR EVERY BUSINESS. The hard part is to properly align risk management processes to each unique individual organisation.
The world is undeniably riskier. Change was increasingly ever more rapidly, and this is accelerated by COVID. Increasing digitisation of business processes will inevitably increase cybersecurity risk. The world is still highly connected, and McKinsey estimate that supply chain shocks will reduce profits by 42% of annual EBITDA profits every 10 years. Increasing compliance and legislative requirements, climate change, increased stakeholder scrutiny, geopolitical risk, border closures and business disruptors (new business models, social media etc) etc etc…
SMEs need robust simple processes appropriate for the business.
- RISK MONITORING
Don’t let risk slip off the radar. Be aware of possible issues. Talk to people in your industry. Ensure you are not sucked into day to day operations with no time to think about strategy and risks. When thinking about strategies ensure that related risks are also considered. Monitor and analyse your business and industry trends. Talk to an FD Centre Principal, who with a wealth of experience from his clients and colleagues’ clients, and a fresh pair of eyes, may give you new perspectives and insight!
- RISK APPETITE
Decide how much risk you are willing to accept. This depends on the operational and financial resiliency of the organisation, business strategy and your risk versus return profile. Take away ….risk is part of doing business, but make sure it is within your limits, and you are in control.
- RISK MANAGEMENT
Understand how to mitigate risk, e.g. insurance, experts, financial tools or internal controls. Work on simple scenario modelling to understand implications and remedial plans for critical business interruptions. Simple cyber security audits can be useful. Curtail activities that exceed your risk limits. Restructure staffing so that owners/managers have some time to think about risks and strategy. Ensure risk management is embedded in the organisation. Ensure internal controls are in place so you have confidence that risks are controlled and reported.
Risk management is a must do. To be successful it needs to be correctly sized and use appropriate techniques. Too small / not done and risks can damage or destroy the business. Too complex and it will detract from the real world task of running the business (and probably won’t get done anyway!).
Written by Gary Campbell – Principal (Melbourne) – The CFO Centre