COVID-19 - who knew?
Such a catastrophic global event has shut many businesses. Who knows how many will be able to re-open?
One thing is for sure, if your business had a plan on what to do in case something catastrophic happened, it would be standing on much better ground today.
So, as you look to rebuilding, make sure that one of the most important management tools in any business - Risk Management Planning - is something that you put in your toolbox.
It only takes six steps to create your Risk Management Plan and be ready for a catastrophic event.
But first, what is a Risk Management Plan?
Risk Management Planning is the process of:
- Identifying the risks that your business faces,
- Analysing and assessing those risks,
- And then developing strategies to manage those risks.
A Risk Management Plan helps to support operational continuity when events threaten part of your operations, or even the whole organisation itself.
By understanding what these risks are, and what the risk-events mean to your business, you can find ways to reduce their impact before they happen.
It is important to put aside time and resources to identify and develop strategies to manage risks in advance of them happening.
The recent Covid-19 pandemic is a good example of how a well-prepared business with disaster-management strategies may have been better prepared to deal with it than another organisation that did not prepare and had to make up actions as it developed.
It is true that you cannot predict and be completely prepared for every eventuality.
But such a business may have prepared a Risk Management Plan with strategies to deal with a major disaster such as a fire, leading to shutting the business for a number of weeks. They would have been able to adapt their strategies to deal with a Covid-19 enforced shut down and may have already prepared strategies to stand down workers, work from home, and so on.
While the risks – or even the types of risks – can vary from business to business, the process of preparing a Risk Management Plan is a common, logical step-by-step process that anyone can follow.
There are six steps in the Risk Management Planning Process.
Step 1 Identify the risks
It is important to think widely about the types of risks that might affect your business, rather than identify the more obvious or pressing concerns like fire, theft or staff health and safety.
A process to follow when you identify risk might be to first review your business activities:
- What are your key business systems?
- What are your core services and “back-room” activities?
- How is your staff organised?
- What are some critical resources?
- What could negatively affect your systems, services and activities, staff or resources?
Next, you might want to review trends in your industry and the economics affecting your business:
- What is happening to competitors?
- What is happening to demand?
- What is happening in the national economy?
Assessing both your operational model and the world around your business will help you think about the critical aspects of your business and what would happen if they are affected.
Step 2 Assess the risks
You need to assess your identified risks to see how critical they are (the “level of risk”).
The level of risk is a function of the likelihood of that risk happening and the consequence of that risk happening.
A risk that will almost certainly occur, and if it occurs will have a catastrophic effect on your organisation has a high level of risk.
On the other hand, a risk-event that is totally unlikely to happen and will only have a marginal effect on your organisation has a low level of risk.
Identifying the level of risk allows you to prioritise and allocate your resources accordingly.
The process to assess the risks you have identified is therefore two-fold: -
- First, you assess the likelihood of it happening; then
- You assess what the impact of it on your organisation could be.
There are a number of different ways you can rank your assessment of likelihood and consequence but a simple ranking system is to ask yourself if the likelihood of something is:
- Rare,
- Unlikely,
- Possible,
- Likely or
- Certain.
To rank the consequences of it happening, ask yourself if it would be:
- Negligible,
- Marginal,
- Critical or
- Catastrophic.
Step 3 Map the risks on a Risk Matrix
Next, map out the risks on a Risk Matrix, which looks like this:
On the left are the rankings for "likelihood" and across the bottom are the rankings for "consequences."
So, if you decided that one of the risks you foresee is "Likely" to happen and the effect would be "Catastrophic" you would write it into the square marked by the red cross.
Once you have mapped out all the risks you have identified and analysed, the Risk Matrix gives you a one-page picture of all your risks, and where they are placed on the matrix shows you which ones are critical.
Step 4 Create strategies to manage the risks
Not every risk has to be managed immediately. Some risks, you may even decide to accept and just monitor, for example, those showing on the Risk Matrix in the bottom square of "Rare" and "Negligible".
In step 4, you take the most critical risks - those at the top right-hand squares of the Risk Matrix to deal with urgently, and move to the bottom left with less urgent strategies.
Management of risk relies on two principles. First, you want to try to reduce the likelihood of it happening, and if it does, you want to reduce the consequences of it happening.
The types of strategy will be implemented by specific actions to manage and monitor the risk, depending on the nature of the specific risk. The following are the different ways in which you might implement the strategy:
- You can take action to reduce the likelihood of the risk;
- You can take action to reduce the consequences of the risk;
- You can remove or avoid the risk – for example by stopping the activity where the risk might occur;
- You can transfer the risk – for example by insuring the risk;
- You can accept the risk – but probably only for low-level risks, and even then, it would be good practice to develop an incident response plan.
Step 5 Manage the Risk Management Plan
Once you have completed your Risk Management Plan, you need to schedule the actions and assign people to be responsible.
If necessary, you may have to prepare contingency plans for the more critical risks and look at how you would operate if the worst happened.
Step 6 Monitor, Test and Evaluate
Finally, it is important to monitor the effects of your strategies - are they reducing the risk? From time to time, test the circumstances to see if you are prepared, and evaluate how you might need to change your plan.
Doing it Step-By-Step
OTS Management has released an online program called Risk Management Planning for Indigenous Organisations aimed at Indigenous corporations.
The program is an online system that teaches you what a Risk Management Plan does and how to prepare one for your business.
It will take you through a combination of video-training and exercises that you can follow on a step-by-step basis to complete each of the six steps.
While this program can be used for non0Indigenous small businesses, we are currently developing a version of the program for small businesses.
The next time something like COVID-19 happens, be prepared!
