WhatsUpp

WhatsUpp: How should I carry out risk management in my company?

Sarah De Ridder
By:
Sarah De Ridder
insight featured image

Entrepreneurship is not only about seizing growth opportunities, but also about limiting your business risks. This is done by practising risk management and regularly carrying out a risk assessment. But what exactly does this involve? And how should you organise risk management in your company?

 

What is risk management?

Various internal risks (e.g. staff shortages or fire hazards) and external risks (e.g. cyber crime or inflation) represent a danger to your business operations. Risk management is the name we give to anything you do as an organisation to limit the possible consequences of such risks.

In a risk assessment you identify both your internal and external risk factors and lay the foundation for risk management.

How does a risk assessment work?

When carrying out a risk assessment, you should always use the following three steps.

  • Identify risks

Make an overview of all strategic, operational, financial and legal risks for your company. Use your business goals as a guide as you carry out this exercise. Anything that can hinder you from achieving your goals is a risk factor.

Describe your risks, their causes and their possible impact as clearly as possible.

Example: cybercrime

Because we store a lot of confidential company and personal data digitally (= cause), we are a possible target for cyber attacks (= risk). This could lead to financial and reputational damage (= impact).

  • Assess risks

Some risks are more serious than others and therefore deserve more attention. You should therefore go through your list of risks and rank them according to importance. Again, look at your business objectives and put the risks that have the greatest impact on your most important objectives higher on the list.

  • Control risks

Start at the top of your list and decide for each risk how you want to control it. This can be done in four ways:

  1. Avoid the risk: end the activity or change the process that creates the risk. This tackles the cause.
  2. Reduce the risk: limit the financial consequences of the risk, for example by allocating less budget to the risky activity.
  3. Transfer the risk: transfer all or part of the risk to another party, for example by taking out insurance or outsourcing an activity to a partner with greater expertise.
  4. Accept the risk: you can also simply accept a risk. Do this if the impact is limited (and the risk is therefore lower in your ranking) or if you simply cannot avoid the risk.

Example: earthquake hazard

Suppose you have a business division in an earthquake hazard zone. That is of course a significant risk. You can deal with it in four ways:

  1. Avoid the risk: move your division out of the hazard zone.
  2. Reduce the risk: remove business-critical activities from the division.
  3. Transfer the risk: take out good insurance against natural disasters.
  4. Accept the risk: do nothing, since the division is not the most crucial one in your company.

 

How often should I carry out a risk assessment?

It is best to conduct a thorough risk assessment annually. This is because both your internal organisation and the context in which you work are constantly changing.

If a major change occurs which has a significant impact on your business operations, it is best to carry out a new risk assessment sooner.

Who is responsible for risk management in my company?

Risk management can only be successful if you involve all your employees. Establish a risk awareness culture to keep everyone alert: this will mean that risks are spotted more quickly and you can respond faster.

4 tips for improving your risk awareness culture

  1. Appoint a person or team to run the risk management system and in this way maintain an overview.
  2. Give your teams and employees responsibility for identifying the risks they directly face.
  3. Invest in training to increase the knowledge of all your employees about risk management.
  4. Talk about risk management during meetings and performance reviews.