What is risk management?
Risk management is the process that helps organisations understand and evaluate their risks and take action to help prevent or minimise them. It involves identifying the risk, assessing the likelihood and impact of it occurring and managing the consequences.
What types of companies need to undertake risk management?
The simple answer is that all organisations need to manage their risks. All businesses face risk every day, whether they are large or small, public or private sector. These can range from being too dependent on a single supplier – like Woolworths and Zavvi – to being hit by flooding, being susceptible to exchange rate fluctuations or suffering a data breach.
Managing your risks well can increase the likelihood of success and reduce the probability of failure.
Effective risk management also:
- Reassures shareholders, customers and employees that your organisation is being effectively managed
- Helps you comply with your corporate governance obligations
- Ensures you meet legally binding commitments to customers and others
- Is a major contributory factor in keeping your business running
A successful company risk management process
There are three key stages to managing risk:
The first step is identifying what risks are specific to your business. Methods of identification include brainstorming, questionnaires, workshops with staff, the business planning process or a mixture of these.
The basic premise here is to identify how big the risk is to the business. In other words, what would happen if the risk was to materialise – such as revenue loss, reputational damage, prosecution and fines – combined with the likelihood of the risk materialising.
There are numerous techniques available to assess risk including ‘What if’ analysis, drawing up and evaluating a checklist of known threats, a hazard and operability study (HAZOP), and fault tree analysis. There is no right or wrong way: the method that is most suitable for your organisation will depend on a variety of factors.
Once risks have been identified and assessed, it is for the business to decide what, if any, controls are needed to help prevent the risk occurring or mitigate the outcome of a risk materialising. Controls should be established to deal with each risk and reviewed regularly to ensure they are still relevant and effective. It is also important here to consider how risk is recorded and reviewed.
Risks should be reported on a risk register, ideally categorised into financial, operational or strategic. Strategic risks should be reported to the board and executive team with every department taking ownership of their operational risks – a vital part of embedding the risk management process throughout the organisation.
What can Bridgehouse do to assist?
Bridgehouse Company Secretaries can help improve your company risk management by:
- Reviewing your current risk management framework and organisation-wide approach to risk
- Put a risk management framework in place including drafting of bespoke policies
- Working with the board and executive team to implement an effective risk management process
- Provide appropriate training at board and operational level