Why Create a Structured Approach to Addressing Business Risks?
Every business faces risks – from competition, weather, bad products, foreign currency exchange, an aging workforce, a data breach, fraud, workplace safety, system failure, market slowdown – the list is endless. Every business has specific risks that are critical to manage and mitigate, and if these risks are not planned for, it may prove catastrophic.
Business governance is all about mitigating these specific risks. A welding shop better ensure all gas tanks are inspected and stored properly. A bakery must watch for spoilage. A doctor’s office has to stay compliant with the latest health and data regulations. These are all vastly different risks. But what is common is that each company should have a structured approach to reducing or even eliminating these key risks.
What is a Structured Risk Governance Program?
Regardless of the risk, each unique situation can be addressed consistently with the same guidelines. A risk governance program includes:
- Identification: identify risks that have a possibility of impacting your business
- Cost Estimation: estimate the monetary impact if a risk were to occur
- Prioritization: determine the risks your business should focus on first
- Mitigation: plan on how to address and manage each specific risk
- Monitoring: check for warning signs and unexpected activity
- Framework: managing the risk program via planning, ownership, policies, and documentation.
Keep it simple when starting a risk management program. Create a table like this example below to address your biggest risks.
| Risk Program Steps | Example of Results |
|---|---|
| Identification | Websites slow down when super discounts are offered. A sole supplier of the top selling product has shipping problems. The warehouse floor is slippery when wet. |
| Cost Estimation | Medium chance of 2% revenue lost during those few hours. Slight chance of 10% revenue lost for a few weeks. High chance of Lost Time Incident during the rainy season. |
| Prioritization | Focus on making the warehouse floor safer during the rainy season. |
| Mitigation | Inspect for roof leaks and dripping pipes monthly. Require non-slip shoes on the warehouse floor. Apply non-slip safety strips in slippery areas. |
| Monitoring | Require the warehouse manager to sign off every morning that an inspection was completed. |
| Framework | Create a list of risks, with this as your first. Document all requirements and include them in the annual training. Plan to review this and other risks annually. |
Business risks that you identify need not be addressed the same way. The deciding factors are the realistic chance of it happening and the cost estimate if it does occur. If both factors are high, you may decide to minimize or eliminate the risk. You may even try to get out of that part of the business completely. If both factors are low, accept the risk and live with it.
Risk Governance Doesn’t Dictate a Solution, but Ensures Risks are Addressed
Governance doesn’t say how to mitigate the risk. It says, for example, to address your key risks at least annually with a risk plan. The resulting governance plan may be to mitigate food spoilage by using backup power to the freezer; or a hospital may reduce the chance of a data breach by meeting all HIPAA control requirements. Risk governance ensures that every year someone with authority is reviewing the current risks and resulting mitigation plan.
Assess Your Risks and Follow a Risk Governance Plan
Risk assessment is the starting point for good governance. Identify events that could create a material repercussion to your business. These key events are where you need to focus your solid governance program.
Take the Guvrix topic risk assessment and management if you don’t have a risk assessment program in place. Or if you are confident you have already identified your greatest risk, go to the specific topic that addresses that issue.