Upload
sms-rasal
View
223
Download
0
Embed Size (px)
Citation preview
8/3/2019 How to Develop an Effective Business Risk Management Plan
1/4
How to develop an effective business riskmanagement planCA
I am"CA" Atreya(PMP, MBA), the author of this blog. I help businesses in Atlantic Canada achieve
theirBHAGsuccessfully. You may subscribe to this blog using afeed reader (RSS).
Lets get this straight. If a risk has already occurred in your business and you are looking
at solutions (i.e.; reacting to the risk), then it is an issue - a problem. It is no longer a risk. Lets go back to the
definition of risk. Risk is the possibility that something good or bad is likely to happen in the future. So when a risk has
occurred, there is no such thing as probability then the risk has turned into an event. The underlying premise of
developing any risk management plan is that the risk has not yet occurred.
Risk management is a continuous and iterative process in which you are constantly evaluating your good and bad
risks, its probability of occurring and plan what you would do if the risk occurs. If you have not thought about a
particular risk and it occurs, then you will immediately switch into a reactive mode and take decisions that you have
not thought through. Risk management is all about being proactive.
Developing an appropriate risk management strategy takes considerable effort and planning. One approach might be
a good idea to look at each functional area of your business and plan your risk management strategy at a strategic,
tactical operational and execution level. However, before you get all excited and jump into the exercise of identifying
risks, you need to define your business goals.
Risk - Business Strategy Fit
Your business strategy and goals should already be in place. Once you have identified your goals into measurable
units, it becomes easier to do the risk assessment exercise. Risk assessment and its management must always roll
back to your goals. Be careful on what you decide are going to be your corporate goals. I find the putting things down
into a matrix format helps me. If I cannot fit things into a box, then I have to give the strategy and goals more thought.
Row headings outline each functional area and column headings outline the time-lines.
http://www.atlanticcanadabusinessblog.com/index.php/author/admin/http://www.atlanticcanadabusinessblog.com/index.php/about-atlantic-canada-small-business-blog/http://www.atlanticcanadabusinessblog.com/index.php/about-atlantic-canada-small-business-blog/http://www.atlanticcanadabusinessblog.com/index.php/about-atlantic-canada-small-business-blog/http://www.atlanticcanadabusinessblog.com/index.php/about-atlantic-canada-small-business-blog/whats-bhag/http://www.atlanticcanadabusinessblog.com/index.php/about-atlantic-canada-small-business-blog/whats-bhag/http://www.atlanticcanadabusinessblog.com/index.php/about-atlantic-canada-small-business-blog/whats-bhag/http://www.atlanticcanadabusinessblog.com/index.php/feed/http://www.atlanticcanadabusinessblog.com/index.php/feed/http://www.atlanticcanadabusinessblog.com/index.php/feed/http://www.atlanticcanadabusinessblog.com/index.php/feed/http://www.atlanticcanadabusinessblog.com/index.php/about-atlantic-canada-small-business-blog/whats-bhag/http://www.atlanticcanadabusinessblog.com/index.php/about-atlantic-canada-small-business-blog/http://www.atlanticcanadabusinessblog.com/index.php/author/admin/8/3/2019 How to Develop an Effective Business Risk Management Plan
2/4
Tactical plan
Tactical plan is where you define how you are going to achieve your strategic objectives. For example if your
marketing and sales objective is to increase customer base to 300% in five years, then your tactical plan defines the
accomplishments that need to happen in years four, three, two and one. If you think of a ladder, the topmost step is
strategic objective while the rungs that lead to the top rung is your tactical plans.
Operational plan
Your operational plan is where you define the accomplishments you need to do in the first year to meet your tactical
objectives.
Execution plan
Your execution plan is weekly, monthly and quarterly plans to meet your operational goals.
Does everything fit
When you do your planning, make sure your financial, marketing and sales, HR and operations plan are all in sync,
i.e.; if you need to increase revenues by 300%, you need to hire more people, you need to increase production
capacity accordingly. Usually your corporate goals would either be financial or marketing &sales in nature and your
HR and operations goals will be a function of these two. You cant have a financial goal of increase revenues by
300% and cutting staff at all.
The risk management process
Undertaking a risk management exercise without having a clear idea of your objectives is an
exercise in futility.
Once you have your goals defined, you need to figure out what risks will impact your goals. By this I mean what
events could occur that will hamper you desire to meet stated objectives. Undertaking a risk management exercise
without having a clear idea of your objectives is an exercise in futility.
8/3/2019 How to Develop an Effective Business Risk Management Plan
3/4
In one of my earlier posts, I have mentioned a fewrisk managementtools to help you with this exercise. Developing a
risk management strategy is a 3-step process:
Identify your risks
Quantify your risks, and
Develop a risk response plan
Say you decide your business strategy is going to be to just one: and that is to increase revenue to 10 million in 5
years. Its usually hard to look out into the future for more than one year. The rapid descent into recession in the latter
half of 2008 bears testimony to that. How many people would have access to the necessary data to make that call? In
fact how many would even know how to read the economic data to arrive at the right conclusions? Not many. Even
the vast majority of those who had access to detailed economic indicates and data failed to see the speed of descent.
So I would focus my risk management efforts starting from Execution to Operational to Tactical to Strategic.
Remember: set goals by moving from strategic to execution and assess risks in the reverse order.
For each of the above risks, your risk management strategy needs to process the following steps.
1. Identify the risk that could impact your goal
Remember that the impact could be positive or negative. A great place to start would be a SWOT Strengths,
Weaknesses, Opportunities and Threats. Events that could increase your Weakness and Threats are good
candidates for negative risks and events that decrease them are good candidates for positive risks. Similarly, events
that could increase your Strengths and Opportunities are good candidates for positive risks and events that decrease
them are good candidates for negative risks.
Other tools you can use are PEST analysis (Political, Economical, Social and Technological factors). Use the goals
framework to identify and associate each risk into their respective buckets.
You cannot do this exercise alone. You need to brainstorm with your colleagues, mentors, employees and if you
have never done this before a risk management consultant. Within each functional area of your organization, you
can even look at each process and identify risks along each process.
For example; the objective of marketing and sales process is to make a sale product development, pricing,
promotions, lead generation, lead contact, moving the lead to sale, offering the product as a demo, gain prospects
trust and establish relationship, close the sale. Of course, not all of the above may apply to your business and I may
not have included all the tasks. But you understand what I am getting at. Once you have identified each step along
http://www.atlanticcanadabusinessblog.com/index.php/2007/06/17/strategy/small-business-risk-management-strategy/http://www.atlanticcanadabusinessblog.com/index.php/2007/06/17/strategy/small-business-risk-management-strategy/http://www.atlanticcanadabusinessblog.com/index.php/2007/06/17/strategy/small-business-risk-management-strategy/http://www.atlanticcanadabusinessblog.com/index.php/2007/06/17/strategy/small-business-risk-management-strategy/8/3/2019 How to Develop an Effective Business Risk Management Plan
4/4
the process, then it become s bit easier to think, What could go wrong in this step? or If I am flooded with orders,
can my production team handle the volume?
The questions you ask are the risks. Document them. This document is your risk register.
2. Quantify the risks you have identifiedHere is where we leave the realm of science and precision and enter into the world or art. For each of the identified
risk, figure out its probability of occurring. You could define the occurrence of each risk as percentage or just as
High, Medium and Low. It all boils down to your judgment and experience; and more importantly, your perception
of the future.
Against each risk in the risk register, determine the impact if each risk were to occur. If you two of your key
employees quit, will it positively or negatively impact your goals? Write down details on how the risk will impact your
business.
Arrive at a risk rating by combining the impact and the probability of occurrence. I prefer numbers so that I can rankthem, but its your choice on what you use for a risk rating.
Example on how to arrive at a risk rating: Suppose you determine that the impact of a certain key employee leaving
your organization will cost you $40,000. You also determine that the probability of this risk occurring is 40%. The risk
rating in this case would be 16000. Go through this exercise with each of your risks. I am guessing by the end of this,
the risk with the highest rating will have the highest priority and the others will follow in decreasing order of ratings.
3. Plan a response to each identified risk
Now that you have rated each of your risk, you can then decide what to do if the risk were to occur. You can:
Mitigate the risk: This implies that you find ways to reduce the probability of the risk occurring or try to reduce its
impact. Usually, its the latter we can control.
Accept the risk: Sometimes we just have to accept the fact that there is nothing you can do i f the risk occurs.
Transfer the risk: Think insurance. You are transferring your risk of something bad happening to another party
for which you typically pay a premium.
Avoid the risk: This typically would mean changing your goals and objectives entirely. The most radical form of
risk avoidance would be to shut down your business.
Exploit the risk: If a positive risk were to occur how would you exploit this opportunity to further your goals and
objectives?
One final point. Do not let your initial plan gather dust. Frequently, considerable effort is expended to develop the
initial plan and is documented. No one ever looks at it for the next year. Do yourself a favor: review and update your
risks at least every quarter. Youll be surprised on how the risk priorities change in as little as three months.
Ignore risk management planning at your own peril!