Previously I have written about management and its risks and how best to categorise it through your business to ensure your risk management system is thorough and relevant to requirements of the business. Risk Management is all about what risks the business owner or management will take into the business, which of these will be insured against, and which risks will be managed or eliminated. Underpinning sound risk management systems is the willingness to embrace a positive and open attitude to asking (or being asked) tough and confronting questions. To assist with this process I have put together some ways you can assess or improve your internal systems.

  1. Management risk is a value add
    1. It is not a separate process – Integrate it into your decision making processes
    2. It is a tool to help implement your business strategies
    3. Ask what you need to get right to successfully manage your business and achieve your goals
  2. Establish your business and personal priorities
    1. Set the risk thresholds for your corporate and operational strategies
    2. Clear priorities mould your organisation’s culture and its attitude towards the business stakeholders
    3. Incorporate measurement of the businesses risk profile at regular Director / Senior Management meetings
  3. Decide you your business risk appetite
    1. Establish the type and level of risk your business will carry
    2. Communicate this to the relevant senior management within the business
    3. Reconsider the Company’s risk appetite in conjunction with changes in the business environment
  4. Ask questions constantly
    1. Probe Company management regarding business performance and management in conjunction with each other
    2. Questioning highlights the desire to be proactive towards risk management
    3. Be open minded when asking questions and receiving the responses
  5. Integration of risk management
    1. High business performance and good risk management to have same emphasis
    2. Consider risk management implications to current and new business activities
    3. Management reports to include risk management report as well as all other activity and performance reports
  6. Use all information sources
    1. Get all levels of the workforce to provide information on potential risks
    2. Talk to external stakeholders such as auditors, financiers, key customers and suppliers
    3. Robust risk assessment can also uncover hidden opportunities to improve your business
  7. Allocation priorities to identified risks
    1. Identify major risks and work on these first (e.g. WHSE&T, excess debt)
    2. Accept that you cannot manage all risks facing the business at one time
    3. Understand the risk management processes for each of the major risks and report regularly
  8. Risk benchmarks and indicators
    1. Use the Company audit reports (internal and / or external reports)
    2. Indicator information come from financial data, customer / supplier communication and scanning the business environment
    3. Align the reporting process to the agreed indicators
    4. Use lead and lag indicators
  9. Use software tools to assist in risk identification, management, reporting and review
  10. Risk management structure
    1. Match the structure to business size and complexity
    2. Appoint one person or small group of people to be responsible for structure, operations, effectiveness, reporting and review
    3. Challenge management, management activities and Director activity
    4. Have a clear agenda and policy for risk management.