7 Steps to an Enterprise Risk Management Strategy
For many small businesses, risk management is not a topic of regular conversation. Business owners may feel that they don’t have sufficient resources to create a sustainable strategy or that they won’t encounter major obstacles and challenges. Unfortunately, a business can leave itself exposed to severe damage if it doesn’t consider these issues. Creating an enterprise risk management (ERM) strategy can better prepare your company to deal with unforeseen circumstances.
Some risks, like theft, arise from criminal actors. There are many others, such as fires and floods, that can occur without human intervention. As a small business, you need to have a plan of action for scenarios that could derail your day-to-day operations and threaten the long-term success of the company.
In truth, building a viable ERM doesn’t require a dedicated staff of risk-management professionals. You can develop a basic ERM strategy for your small business in just six steps.
Step 1: Choose Representatives From Each Discipline
Every department in your business needs to be involved in the creation and implementation of your ERM plan, because each department has its own risk concerns. Choose people you trust from human resources, finance, legal, creative, security, IT, and any other divisions your company may house. If you don’t have multiple departments, include managers or employees with a deep understanding of your business processes.
Step 2: Hold Brainstorming Sessions
Schedule time for the ERM team to brainstorm situations and events that may put the company at risk. These can include everything from a data breach to a physical break-in. Think about pertinent items in the news or situations you know have affected other small businesses.
Step 3: Rank the Risks
Depending on the type of business you run, your company may be more likely to encounter certain types of risk. For instance, a pharmacy will need to consider many possibilities that aren’t relevant to a pizzeria. Ranking your brainstormed risks according to how likely they are to affect your business will give you a good idea of the areas that need to be addressed first.
Step 4: Develop Actionable Solutions
Take a look at your current mitigation efforts and identify ways they can be improved. Review each department for any signs of redundancy, and develop actionable solutions for minimizing the risks. Once you have your solutions, rank them according to their cost, implementation challenges, and overall effectiveness. Any solutions that might be effective against multiple scenarios should take precedence, as they are usually the most cost effective to implement.
Step 5: Choose a Point of Contact for Each New Control
When a new risk control is implemented, a member of the ERM team should be assigned to watch over that project. This individual will be the one responsible for implementing the control and overseeing its performance.
Step 6: Measure the Control for Effectiveness
Have a system in place that will allow you to measure the effectiveness of the new risk controls. Don’t just look at whether or not employees accept the new mitigation practice – make sure your control is keeping threats at bay. For example, requiring stronger passwords is often a good policy upgrade, but they won’t be fully effective if employees habitually leave their computers unlocked when they step away. Keep your business objectives in mind at all times, and revisit your risks and countermeasures if weaknesses are uncovered.
Step 7: Monitor the Companies You Work With
Once you have a plan in place, consider managing the risks your business partners can pose to you company with CreditAdvisor™. CreditAdvisor helps you monitor the business credit reports of the companies you work with and of potential partners. Monitoring others’ business credit reports can help protect your business from late payments, bad debt, cash flow problems, supply chain disruptions and more.
Photo Credit: TatianaMara, Twenty20