Last week we introduced the concept of risk, the importance of risk management and types of risks. Today, we will continue with the components of risk management that we commenced last week.
Risk identification: The first thing to do in any risk management exercise is to identify risks. At this point, your concern is just about those events, the occurrence or lack of occurrence of which could cause disruptions or losses to the business.
- NIGERIA DAILY: How Farmers Vanquished Bandits In Taraba
- Police nab mechanic for stealing customer’s car
If, for instance, you are to ship your perishable farm produce from Kano to Lagos by road that will be priced and paid for upon delivery, you have to be aware of the likely events that could cause losses to your business on this transaction. What are the risks that the vehicle you hire to deliver the goods will break down on the road and not be repaired on time to deliver the goods before they perish? What are the risks that the vehicle could have an accident and the goods will be destroyed wholly or partially? What are the risks that the buyers in Lagos will re-price your goods downwards as a result of a temporary supply glut?
Risk identification exercise should also include a good understanding of each risk that is identified.
Risk assessment: Risk identification would only bring out all the risks that could impact on the specific transaction, project or ongoing business. But beyond that, you will need to assess each risk and rank it. Assessment and ranking are about establishing the likelihood of their occurrence and the negative consequences of their occurrence. A simple way is to start by assessing each event as ‘very likely’, ‘moderately likely’ or ‘very unlikely’. Then rank them based on their likely negative impact on the business if they occur.
After identification and assessment, the next important task is to develop specific response(s) to each risk or group of risks.
Response development: Broadly speaking, there are three response options available to you:
Avoidance: You can avoid a risk by eliminating its cause. If there is a risk of theft of stock from your warehouse, you may eliminate that risk by strengthening the physical security (manned, CCTVs, controlled access, etc.) as well as the processes of accessing the warehouse. Risk avoidance is about taking specific measure(s) to forestall the occurrence of the risk.
Mitigation: This is about lowering the likely occurrence of the risk as well as managing the negative consequence of its crystallization. In the earlier example of the delivery of perishables, you could reduce the risks of losses on the road by employing the services of a reliable trucking company with a good fleet of trucks and a track record of safe deliveries, to try to reduce the risks of accidents and vehicle breakdown. In addition, you could cover your goods by a goods-in-transit insurance from a reputable insurance company, which will make good any losses that you may suffer if a breakdown or accident leads to the spoilage of the goods in whole or in part.
Mitigation is sometimes about taking several measures to address just one risk or a group of risks. The example of insurance is called risk transfer. Sometimes you could reduce your risk through hedging, sharing, shifting, etc.
Acceptance: Sometimes a risk is identified as a possibility and there isn’t much that could be done to avoid or mitigate it. In such a situation, you will need to assess if the likely consequences are bearable or not. If the likely consequence is bearable, that is easy to accept. If, on the other hand, the likely consequence may be substantial, it will be to your calling to make a decision one way or the other.
Often, businessmen and decision makers accept risks with likely hefty consequences if they have done everything they could to minimise the likelihood of anything going wrong in a given situation. For instance, when NASA scientists and engineers decided to land man on the moon, they were very clear of the likely consequences of failing to return the astronauts back to earth. But having done everything they needed to do, they accepted the risk that certain things might still go wrong which, thankfully, did not. We can, therefore, take risks IF we have done everything, we can satisfactorily minimise the likelihood of its occurrence. The word satisfactorily is key here and it is about our risk propensities.
What are some things you should do to ensure that your business is alert to the risks it faces, and appropriate measures are always in place or can be put in place?
Legal considerations: Ensure that your business is legally registered to do what it does. Renewals of certifications should be taken seriously and done timely to eliminate any windows in which you may operate outside by law by default. Retain a lawyer to provide such services, as may be required.
Financial records: Keep your accounts properly and ensure that you make statutory payments as and when due. Retain an accountant to help you meet the various obligations.
Employees: Make sure you have proper contracts with your employees. They should also be continuously trained and motivated to keep them interested and committed to their jobs. If your staff are competent, they can sniff risks from a mile away and take care of them!
Insurance: Identify all the areas of your business where insurance covers may be required either by law or just in your own business interests. Appropriate insurance can offer asset protection covers as well as against claims from third parties. Vehicles, office equipment, plants, etc. should all be insured. Goods-in-transit, fire, burglary and special perils should be covered depending on your situation and circumstances.
Premises protection: This is particularly important when the location you operate is critical to your business. You should plan to have the rents, rates and any leases thereon paid on time to avoid disruptions.
We will conclude this series next with more of specific measures to help ensure that your business is alert and responsive to the risks that it faces.