Blog Layout
Avoiding risky business
Ron Browne • July 15, 2021
What risks does your business face?
Avoiding risky business
What risks does your business face? Never thought about it? You’re not alone. Most business owners and managers put rose-coloured glasses on every day, that everything will go well and business will boom, we’ll make a fortune and retire early!
Ah the retire early dream…. At 25 years of age, I was planning to retire at 45 years of age, the highly successful CEO of a company (mine or someone else’s – didn’t matter) and spend my time sailing my yacht, skiing locally and overseas and living in the big house with matching luxury cars in the double garage…. but I digress.
Taking risks to advance your business is part of the strategic decisions you take to advance your enterprise. The old adage of “No risk, no reward” is a mantra many use to take calculated risk to grow their business. Good governance entails setting a risk appetite and assessing the risk capacity of the business and then using those parameters to guide your approach and management to risk.
When I facilitate strategic planning sessions with organisations, when the goals/targets have been identified, I advocate for the leadership team to go away to draft the plan, but importantly, do a risk assessment on each of the strategic goals identified.
What are the risks that can impact on the achievement of these goals? How likely are they to occur and what is their likely impact on the business? That sounds like a Work, Health and Safety risk assessment I hear you say. And you are spot on – the process is the same, just the focus is different.
So the process goes like this – Identify, Assess, Evaluate/Prioritise, Control and Monitor
IDENTIFY - What are the potential risks a business can face?
When you identify the challenges, there is a myriad of risks every business faces, ones that are common to all businesses like -
X Financial – what risks can affect cashflow, liquidity and funding?
X Governance – is your business, its staff and the board all complying with the various piece of legislation that govern your industry?
X Strategic – have the risks been identified in your strategic goals?
X Human resource – have you assessed the impact of loss of key personnel or theft and fraud perpetrated by staff?
X Operational – where are the process and equipment risks?
X Cyber – have you identified the weak spots in your digital infrastructure and protections for cybersecurity?
X Work Health & Safety – risks in the areas of WH&S are ever prevalent and need addressing
X Crisis management - in any area, how do you response to an emergency, how do you continue to trade, and then how long till you fully recover?
Then there are the ones that may be business/industry specific like -
X Environmental – surviving fire, flood or earthquake as well as minimising your business’s impact on the environment (pollution, waste etc.)
X Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) - for clubs, pubs, casinos and financial institutions
X Reputational – what things could happen that might impact on the business’s or your personal reputation?
X Legal – what risks do current or proposed legislation present to your organisation’s ability to trade?
So once you have identified or established which risks may impact your business, what is the next step?
ASSESS – Could these risks occur?
You need to assess the likelihood of these risks occurring before assessing the potential impact on your business. Once you do both, then you will be able to effectively evaluate each one and prioritise the importance of each. The likelihood of occurrence scale is –
X Almost Certain – pretty much guaranteed to occur if you carry out your strategy, so you need to watch for them
X Likely – won’t happen every time but will more often than not occur, at least a few times in your business plan period, so best to plan that they will
X Possible – these things might happen, then again, they might not so be alert not alarmed and prepared to react
X Unlikely – low chance of occurring but still could happen, even on a low rotation
X Rare – probably never happen but once identified, a response should be planned (even if shelved)
Now we have estimated the likelihood of occurring, we need to evaluate the impact of an occurrence.
EVALUATE – What would the impact be on the business?
The impact of these risks is ranked in order of severity or consequence –
X Catastrophic – the impact on the business would be devastating and includes destroying the business completely or creating a potentially insurmountable task to recover
X Major – massive impact which will disrupt the business considerably and take a long time or a lot of money to recover
X Moderate – will cause a temporary disruption which will take a short period of time to recover from but not overly damaging to the business
X Minor – little impact on the business but could be inconvenient and cause lost trade for a period, or reputational damage
X Insignificant – no real impact on the business but can be prevented by some appropriate pre-planning
Then you evaluate the potential ‘inherent’
level of risk, using a standard Risk Assessment matrix to discover how good or bad each risk might look –
PRIORITISE – Work out which key risks to focus on
When you cross reference the likelihood of a risk occurring with the impact/ consequence of the risk on the business, you develop an inherent risk rating
that will then guide your actions. The levels of inherent risk rating are –
X Extreme – the combination of higher-than-average likelihood of occurrence with Moderate to Catastrophic impact means you need to address these risks urgently
X High – this combination of Almost Certain to Likely occurrence with Insignificant to Moderate impact, or Unlikely and Rare occurrence with Major or Catastrophic impact, means you need to address these with a healthy sense of urgency as well
X Medium – in this range of Likely to Possible occurrence with Insignificant or Minor impact, or Possible to Rare occurrence with Medium impact means you should review these risks without the high-level sense of urgency
X Low – this is the least concerning combination with Possible to Rare occurrence coupled with Insignificant or Minor impact means these risks are on your radar, but will need only fairly cursory attention
With this assessment done, you can then prioritise the actions required to address the risks to minimise the impact on your business. This priority will be driven by a number of factors, including how important something is to your business, what it might cost in time, money and resources to deal with any particular risk and bring it down to an acceptable level, or if the business can do without the risk altogether.
CONTROL – What can we do to minimise the risks?
Minimising the risks should aim to achieve an ALARP
(As Low as Reasonably Practical) status, as some risks are straight out unacceptable, others need modification through a couple of possible strategies but may incur cost or require resources you do not have. The four (4) key controls you can use to treat/manage risks are –
X AVOID – Some risks are too great for the organisation to accept and may be far too costly to control/manage to an acceptable level. Therefore, eliminating them from the business is a sensible solution to avoid any potential damage to the organisation
X REDUCE – Some risks can be reduced by changing procedures, changing equipment or perhaps even providing additional training to staff to increase their awareness and management of a particular risk. Again, this needs to be within the bounds of the organisation’s resources – human, physical or financial
X TRANSFER – Businesses often share risk by transferring all or a portion of the risk to another party e.g. insurance to over any impacts of a risk or even the use of contractors who have greater expertise in a risky operation like contracting out a catering operation or repairs and maintenance to a roofing company
X RETAIN – the business can accept the risk as it is one that would not be too detrimental to the organisation, should it actually occur, as the expertise, equipment or financial resources are available within the business
Once the decisions are made about each identified and assessed risk, the controls should be implemented in order of priority to ensure minimising the risk of any detrimental impacts to the business. Then you need to monitor and measure the outcomes.
MONITOR – Are our controls effective in reducing our risks?
It is important to measure the results of the controls implemented to see if they have been effective in reducing the ‘inherent’
risk level to an acceptable ‘managed’
risk level.
Key areas you will monitor are obviously the REDUCE
control risks and the RETAIN
risks, as the TRANSFER
risks may only become apparent if a contactor has difficulties or an event occurs requiring an insurance claim or similar.
Do not hesitate to review and adjust your controls should you need to, as getting to an ALARP
status may require some tweaking if the training, changed process or altered equipment doesn’t achieve the required level of risk minimisation.
Remember, it is a governance responsibility of your directors (sole director companies through to boards of seven or nine directors) to decide the risk profile of the company. They need to ensure the policies and procedures are in place to provide an adequate risk management system for your organisation to minimise the negative risks (that threaten success) and maximise the positive risks (that facilitate success).
Should your organisation require more information on risk management, or require assistance in developing a suitable risk management system to adopt, contact Ron Browne, Managing Consultant on 0414 633 423
or ron@extraprenuerservices.com.au.
Many clubs are suffering challenges with their membership
How to build a great team
Act in Good Faith, Best Interests and for Proper Purpose
Support for the community by clubs and pubs is truly a great example of a symbiotic relationship.
Four years after COVID hit, are we seeing the same aftermath as four years post GFC? Alan Kohler, the ABC’s Finance guru raised the question in the first year post the 2020 COVID pandemic, somewhat predicting that the most post COVID insolvencies might come four years later. The bulk of post 2008 GFC insolvencies occurred in 2012 and here we are in 2024 with insolvencies on the rise. Australian Securities and Investment Commission (ASIC) data supports this projected outcome with a 36.2% increase in External administrations (7,742 companies) for the period 1 July 2023 – 31 March 2024, compared to the previous corresponding period. Of these, accommodation and food service industries accounted for 15.2% (1,174 businesses). Some of these have been clubs and many clubs have waved the White Flag, looking to amalgamate with other club to save their local failing operation, thereby avoiding being counted in these stats. In NSW, under the Registered Clubs Act 1976, amalgamations can occur between clubs with similar objects and initially preferring clubs within a 50 km radius of the amalgamating child club. Not all amalgamations are for a white flag club to survive. Many amalgamations have occurred between a really strong, large club and a smaller less powerful club, looking to grow business for both the amalgamating parent club and the child club. Amalgamation options – Growth or Survival As indicated above, the first thought that most people have when they hear the word amalgamation is – another one bites the dust . Another small struggling club has raised the white flag to have a large, stronger club step in and under-gird their operations, yet in the past few years, due to ongoing industry consolidation, many amalgamations have been initiated by a large, financially viable club, looking for growth opportunities outside it’s immediate area of operation.
In today's digital age, social media has become an indispensable tool
Never let a good crisis go to waste...
Does your board have a well balanced mix of directors and governance skills?
Annual General Meetings (AGM) for calendar year clubs has prompted me to think about Director elections.
You must hold an AGM every year
