Five steps to assess and mitigate business risks
By Staff Writer, howwemadeitinafrica.com
This year will regularly
expose African businesses to a vast array of risks, both internally and
externally. And should the correct risk management policies not be in
place, these risks could seriously impact a company’s cash flow,
operations, reputation and ultimately the success of the business.
This is according to Annelie Smith, corporate executive at
independent insurance and risk specialists
, Risk Benefit Solutions
(RBS). She says risks range across all components of a business, and
don’t just include the obvious threats such as fire and perils, but also
issues such as white collar crime, fraud, health and safety risks to
name a few. She explains that these risks could change from year to
year, and even month to month. Therefore businesses should regularly
review how they choose to deal with and manage these risks.
“Risks can range from potential weather impacts, to aspects impacting
business operations, such as fraud. For example, while the rain and
hail in Johannesburg has always been a risk to some businesses, this is
becoming more frequent and repair costs are increasing based on
inflation and other factors. And this will have a direct impact on their
insurance premiums and deductible levels,” notes Smith.
“More recently, the issue of the electricity and possible water
shortages are also hindering business productivity and will have an
impact on the availability of insurance covers for these risks.”
She adds that as part of risk management assessments, business need
to calculate, evaluate and update their risk management plan regularly
as this is essential for identifying new risks, as well as monitoring
the effectiveness of risk treatment strategies.
“Risk and insurance policies provide cover for sudden and unforeseen
losses, therefore as soon as something becomes foreseen, such as the
expected increase in regular power outages, loss as a result of these
risks may not be covered by the policy. This can have detrimental
consequences for businesses and highlights the need for regular
reviews.”
Smith provides advice around reviewing risk management policies in 2015:
1. Identify the risks
Uncover, recognise and assess the risks that might affect your business or its outcomes.
2. Analyse consequences
Once the risks are identified, businesses need to determine the
likelihood and consequence of each risk. Businesses need to develop an
understanding of the nature of the risk and its potential to affect
project goals and objectives.
3. Evaluate/rank potential impact
Businesses then need to evaluate and rank the risk according to its
potential impact, which should be determined by combining the
possibility of likelihood and the consequence or effect it will have on
the business. A decision then needs to be made about whether the risk is
acceptable (meaning the business doesn’t view the risk to be high
impact or detrimental to business), or whether it is serious enough to
warrant treatment.
4. Risk treatment
When treating a specific risk, businesses should assess the highest
ranked risks and create a plan to treat these risks to achieve
acceptable risk levels. This can be done by creating risk mitigation
strategies, preventive or contingency plans with the following risk
treatments:
- Avoidance – eliminate the risk or withdraw from the risk.
- Reduction – optimise and mitigate the risk. For example, there are two types of risks: high and low. In the case of the manufacturing industry, a high risk would be if the critical part of the plant breaks down and it takes six months to repair, and a low risk would be if the non-critical plant is down for maintenance. Identifying the high risk potential scenario allows a business to manage this risk by implementing a plan to reduce this risk through keeping spare parts for the critical plant. This will reduce the potential downtime of the business as well as optimising the turn-around time to enable the business to continue production levels.
- Sharing – transfer the threat by outsourcing the risk to a third party such as an insurance company to assist in the incident of loss as a result of the risk.
- Retention – accept the risk and budget accordingly. For Example, the company should be able to afford to keep the risk on board as there are enough risk control measures in place to manage it and therefore an insurance policy isn’t required.
5. Monitor and review
All identified risks should be regularly monitored, tracked and
reviewed by a team of employees, and implementation should be driven
from executive and board level, to team leaders, managers and staff.
“A risk management policy protects a business as it ensures that a
business knows how to deal with a specific risk promptly and correctly,
protecting both the business operations, as well as the business’s
reputation,” concludes Smith.
Commentaires
Enregistrer un commentaire