The identification, assessment and prioritization of risk are important aspects of the risk management process. Risk is defined in ISO 31000 as the effect of uncertainty on set objectives of an entity. Risk management also includes proposing and coordinating the application of resources to minimize, monitor and control the probability and/or of unfortunate events or to maximize the realization of opportunities. The goals of risk management certainly does not make it an activity to be undertaken periodically (once in a while), but rather one that must be carried out continuously through the life of a business and in all aspects.
Risk is Everywhere
Risk emanates from different sources like decisions and actions of competitors, technological changes, uncertainty in financial markets, natural disasters, actions and inactions of staff, operational inefficiencies and many more. You may be unaware of certain risks your business is exposed to, but that does not mean they do not exist. Many businesses have been caught unaware because of the absence of or sloppy risk management practices.
Risks Management Must be a Proactive Tool
To be able to better manage the various risks that businesses are exposed to, whether specific or industry-wide, risk management must be viewed as a proactive tool rather than reactive. The goal is to avoid or limit the impact of risk. To do this, risk managers must continuously scan their operating environment while assessing internal factors as well so risks can be identified, analyzed and controls instituted to eliminate it or limit its impact in the event that they occur.
Continuously Manage Risk
Businesses must institute risk management into their procedures, processes, policies and even weave it through the organizational culture, where possible. Risk management must be embed in the day-to-day activities of the business; sales, asset procurement, expenditure approvals, staff hiring, salary payments, product development, competitive strategies, among others are all aspects of businesses where risks management can be instituted. Risk management can be embed in all aspects of the businesss.
One-Size doesn’t Fit All
There are no prescribed risk management practices for all situations but there are certain laid down procedures for certain industries recommended and sometimes enshrined in policies and regulations of the industry regulator which are expected to mitigate general risks inherent in those businesses. But in reality, what works for one business may not necessarily work for another. The essential aspect of risk management is continuous monitoring and appraisal and continuously improving the risk deterrent measures. Risk mitigation measures in themselves have to be continuously assessed for effectiveness and improved regularly.
Risk management cannot be viewed as an activity that is undertaken periodically, like most small businesses do when they start. Risks which are unidentified are the ones that take you by surprise and drag your business down and sometimes cause you to fail.
Internal audit, internal controls assessment and insurance are part of the common ways of managing risk on continuous bases.