Seven Steps to Successful Risk Management Planning
Every organization and company has risks. In fact, no profits would ever be made without certain manageable risks. But the unexpected, unimaginable, and unwanted risks are the ones that can cripple a business if it has not done effective risk management planning long before such unwanted events occur. Buildings burn, key personnel resign, and databases crash and lose valuable records.
It isn’t possible to avoid every such eventuality. But, proper risk management planning can ensure you are best prepared to survive and even thrive during such occurrences. No matter how small, every business needs a risk management committee that can formulate a sound plan. When forming such a group, make sure everyone understands the importance of its task and why every employee will benefit from such a plan.
The steps to successful risk management planning are:
1. Define What Constitutes a Risk for your Business
If your business involves manufacturing, then risk related to injury is obvious. If your business relies on large amounts of data then focus should be placed on what could possibly go wrong with your computer systems and infrastructure.
The best way to define these risks is to ask and answer questions related to every aspect of your business. What might cause loss of revenue? How could unethical behavior impact daily operations? What would happen if your city or county suddenly changed property taxes or codes? Create a comprehensive definition of risk that means something to your business.
2. Categorize the Risks
Determine category names for risks identified by the risk assessment committee. Examples might be Board of Directors, CEO, Physical Property, Employees, Data, Products or Services, Technology, and customers. In the next step, as specific risks are named, place them in the appropriate category.
3. Identify Specific Risks
In this phase of risk management planning, the committee moves from general to specific. Move from general questions about employee liability to specific what ifs. What if the vice president was accused of sexual harassment? What if a competitor undercut prices and you suddenly lost your best customer? What if a flood occurred and production was stopped for an extended amount of time. The idea is to write down every possible eventuality and then brainstorm for ideas about how to meet that risk.
4. Rank Each Risk
Rankings should be assigned such as catastrophic, severe, moderate, and minimal. A good idea is to color code the risks. Whatever method you choose, make sure it works for your organization.
5. Develop Strategies for Risk Reduction
Start with worst-case scenarios first. Catastrophic and severe risks should be addressed first. If possible, formulate multiple strategies for each risk. At this point, determine who in your organization is best suited to be responsible for handling each category or level of risk. What emergency resources have been allocated for such risks? If there are none, you have just identified the most severe risk already facing your business.
6. Put it on Paper
Risk management planning must be practical and workable. A plan that is too cumbersome and looks like the phone book is probably not going to work. The plan is worthless if people cannot interpret it, follow it, and rely on it during an actual crisis. Check for evidence of common sense in the plan and then hold yourself accountable to a high standard to that common sense. Once the risk management plan is on paper, distribute it to every key employee in the business and then ask for feedback.
7. Test your Strategies to make sure they Will Work when Needed
Are there any pitfalls in the plan? Did you discover any steps that are missing? Is it possible an outside consultant is needed to finish the plan? Once completed, keep you plan current! On a day when you least expect it, that plan may be the difference in disaster and continued success in your business.