Businesses put a lot of effort into growing their business. As they plan and execute their strategies, they presume that all will go well and hardly think about risk, what can go wrong and negatively affect their plan.
As “anything that can go wrong, will go wrong”, the chances that risk will hinder achieving your business goals are high, managing risk improves the chances of achieving business goals.
What is risk?
There are several definitions of risk. Here are two definitions:
- The possibility that an event will occur and adversely affect the achievement of objectives.
- Refers to the potential for negative events, circumstances or situations to adversely affect your firm’s financial health, reputation, operational efficiency or overall success.
Risk can come from different sources (internal and external) and affect all aspects of your business. Why is risk assessment important? It is because it affects the entity’s ability to succeed, compete within its industry, maintain its financial strength and positive reputation, and
maintain the overall quality of its products, services and people.
You cannot eliminate risk completely from your business, but you can manage it effectively to help your business succeed.
Here is how to go about it:
1. Set your business objectives
2. Identification – Identify risks that could prevent you from achieving your objectives above
3. Analysis – Assess the significance of the risks identified
4. Respond to the risks by implementing controls to mitigate the risks
5. Monitor – Plan for change – Change could make your controls ineffective.
We discuss these factors further.
Set your business objectives
The first step in risk assessment is to set clear objectives for your business. These objectives must align and support the strategic direction of the entity. Classify your objectives into the following broad areas:
- Efficient and effective business operations
- Compliance with laws and regulations
- Reliable financial reporting
Ensure that your business objectives are SMART–specific, measurable, attainable, realistic and time bound
Identify risks
Identify what risks could prevent the business from meeting its objectives. Consider both internal and external factors when defining risks.
External Risks could come from changes in the economy, environmental factors like natural disasters and fire, laws, and regulations including accounting standards, technology and changing customer needs and expectations.
Internal factors could include resources, personnel, process, technology, among others.
Assess the risks identified
Assess the likelihood of the risks you have identified above occurring, and what impact it could have on the business
- Likelihood of Risk–considers the probability of the risk occurring. A common way of gauging likelihood is to classify the probability as high, low or medium.
- Impact of Risk–consider the magnitude of loss and the effect on the entity’s operations, compliance with regulations. If you cannot estimate the financial impact, you can categorize the impact on your business as high or medium or low.
Respond to the Risks identified and assessed
Think about how to respond to the risks you have found and assessed above. You have the following options:
- Accept risk–no action required.
- Avoid risk–exit the activities that will give rise to the risk.
- Reduce risk–take action to reduce the likelihood or impact of the risk or both. Some actions you could take are to implement controls to mitigate the risk.
- Transfer or share risk–take insurance, outsource the activity driving the risk to another party who is more capable of managing, or form joint ventures to manage the activities driving the risk.
How you respond depends on your risk tolerance, the resource you have options outside your organization. For example, if there is no insurance for the sort of risk you face, you can’t take insurance. That option is out.
Your businesses resources always have constraints, so in considering your responses to risk, ensure that your balance cost and benefits of the responses to the risks identified.
Monitor controls
Continue to monitor the arrangements you put in place to see if they are effective in mitigating the impact of the risk. Look out for changes in circumstances that would require that you revise your risk responses.
These changes could come from the external environment (regulation, economy & environment), business model, or management team. Recognize that any of the above changes may cause your controls to become ineffective. Regularly review and identify any changes that could render your risk responses ineffective and implement new responses to address the risks you have identified.
Take Away
Risks, if left to materialize, could hurt your business. Successful businesses incorporate risk management into their strategy and constantly review and assess potential risks that could affect the achievement of their critical business objectives.
The risk assessment process is:
1. Set your business objectives.
2. Identify and analyze risks from external and internal factors, assessing the likelihood and impact of those risks you have found.
3. Respond to each risk identified by either accepting, avoiding, reducing, or transferring the risk.
4. Finally, constantly assess what changes in the environment, business model, and management that could cause ineffective risk responses and revise your internal controls to address the change in circumstance.
Emile Vorgbe