A 10 step guide to effective risk assessment
A ‘risk’ is anything that threatens the ability of your business tooperate or to meet its objectives. Depending on the nature of your business,you are likely to be faced with several different categories of threat, fromhealth and safety through to financial and reputational.
Fundamentally, whatever the risk category, the process of riskassessment involves following the same basic steps: identifying, analysing,evaluating, response planning and monitoring. To help break this down, here areten steps for going through a risk assessment procedure…
1. Get your key people involved
Your aim is a thorough risk assessment process. If you delegate themanagement and running of areas of your business to staff, it’s important toget those individuals involved in the assessment rather than looking ateverything single handedly. Failure to do this could mean that important areasof risk exposure are missed.
2. Define your business objectives
Your first task is to identify the risks your business is faced with.Before you go about pinpointing specific risks, bear in mind that you arefocusing on potential threats to achieving your business objectives - so it’simportant to be clear on what those objectives are. This involves defining whatyou are aiming to achieve and how, specifically you are going to achieve it.This exercise is especially valuable if your business is considering expandingits range of activities.
As an example, one of your objectives might be to increase market sharethrough developing your online presence. In these circumstances, whole newpotential areas of risk such as cyber security may need to be considered.
3. List each of your processes and activities
This is another vital element of ensuring no stone is left unturned whencarrying out a business-wide risk assessment process. A useful method involvesasking each of your staff to list each of the activities they carry out in atypical day: (e.g. answering emails, taking telephone orders, manually carryingreturned stock into the warehouse).
4. List the expectations of clients
This can be a useful exercise in the context of identifying andassessing possible reputational risks, as well as the financial risksassociated with losing existing clients to competitors. Looking at each of theservices you provide, define what your clients expect. What are the qualitystandards expected? How quickly do they expect work to be delivered? Howquickly do they expect a response in the event of a query?
This can be especially valuable if you are carrying out aproject-specific risk assessment.
5. Refer to your regulatory body
Your professional regulatory body may have specific tools available tohelp keep the risk assessment process straightforward. These resources can beespecially valuable for keeping you on top of regulatory and compliance risks.
6. Complex areas: know when to draft in expert help
To assess health and safety risks within your business, refer to the Health andSafety Executive as astarting point. For information and data security risks, use the resourcesavailable through the government’s managinginformation risk portal.
For potentially high-risk workplaces such as warehouses and workshops,liaise with a health and safety consultant before completing the assessment.Similarly, if you handle customer data, consider getting an informationsecurity consultant involved in the process.
7. Identify your risks
Referring to each of your processes and activities, identify specificrisks by asking what events could occur that have the potential to impactoperational performance and your business objectives.
8. Analysis and evaluation: the benefits of a template
A risk assessment template is a useful and convenient way ofcategorising, analysing and evaluating risks in a logical way. In short, it canmake the whole risk assessment process much more efficient.
A typical template consists of the following:
- Risk categories. Examples include health and safety, financial, operational and reputational. The process of categorising risks and listing them according to type can in itself be a good way of teasing out additional risks that you may have missed on first consideration.
- Risk description. This is a concise description of the potential risk.
- Impact. An explanation of how occurrence could impact upon your business.
- Likelihood. You could use a 0-10 ranking to notate the estimated probability of the risk occurring if no preventative measures are in place to prevent it. The template approach where all risks are assessed in a similar manner helps you achieve consistency here.
- Severity. Again, a numerical ranking system can help you to rate the magnitude of the risk in a consistent way.
9. Have a prevention plan for each risk
For each risk, define the concrete steps your business will take toreduce the likelihood of occurrence. An important element linked to this is theresidual risk ranking: i.e. a rating of the likelihood of the risk occurringafter the prevention steps have been implemented.
In the area of financialrisk, for example, your knowledge of your clients may lead you to conclude thatthere’s a high (8 out of 10) likelihood of bills going unpaid, leaving you withcashflow problems. With credit control mechanisms in place, you might assessthat the residual risk would be reduced to 3 out of 10.
10. Define your contingency plan
Rarely can the likelihood of a risk event or loss occurring beeliminated completely. For each risk, this step essentially involves settingout your plan to address the risk in the event that it occurs.
Your aim here is to control it and to minimise the level of damage. Theright insurance can be crucial in this vital area of damage limitation. What’smore, your insurance provider can be a useful source of help as you completeyour entire risk assessment process. For professionalindemnity insurance tailored toyour precise requirements, contact our team of experts today on 0345 894 4684.