Risk Management 101: What Your Risk Mitigation Plans Should Cover
If your organization doesn’t have a risk mitigation plan in place, you’re not just running a risk – you’re setting yourself up for trouble. If you don’t identify possible risks, problems will simply blindside you.
At the start of your analysis, you want to identify three pieces of information:
- Each risk at every point in your organization’s operation;
- The likeliness of that risk happening; and
- The seriousness of the risk.
For example, your business may face physical risks, like the risk of fire or physical theft. You also face tech risks, like data loss or being hacked. So, the first step is to spend some time combing through your business operations to identify every possible risk. Yes, it’s a lot of work up front, but an exhaustive approach to identifying risks can save you migraines down the road. Remember to consider:
-
Employee risks: workplace safety issues, illness, death, low morale, theft/fraud
-
Vendor risks: unmet promises, poor service, vendor-based delays
-
Customer risks: safety issues, reliance on too few customers, privacy issues
-
Geophysical risks: severe weather and natural disasters
-
Financial risks: market changes, revenue slowdowns, rising costs (rent, equipment, etc.), excessive debt
-
Legal risks: employee litigation, customer litigation, regulatory changes or penalties for non-compliance
-
Other risks: each business will face unique risks; restaurants, for example, will have food-related risks
It may help to ask, “What if?” For example, in line with the above examples, what if an employee stole proprietary information and then formed their own competing business? What if your top performing sales person just quit? What if you lost your email or other records?
If you’re thorough, you’ll likely end up with a long list of possible risks. How do you know where to start in addressing those risks? You need to prioritize them.
Start by evaluating the likelihood of each risk, perhaps on a scale of 1 (not likely) to 5 (almost certain). Then consider the severity of the threat, on the same scale (from no-problem up to business failure). Multiply the two scores together, and you have a risk score that helps you prioritize.
For example, worker misclassification issues could shutter your business, especially if your organization is small or new. That makes it very serious (4 or 5). And if you hire people in a “gray zone” where there’s some ambiguity about whether they’re employees or contractors, you’re also at higher than average risk from lawsuits or IRS penalties (again, 4 or 5). Multiply them together, and that’s a critical risk you need to address up front.
CoAdvantage, one of the nation’s largest Professional Employer Organizations (PEOs), helps small to mid-sized companies with HR administration, benefits, payroll, and compliance. To learn more about our ability to create a strategic HR function in your business that drives business growth potential, contact us today.