What can we do to manage our risks and implement strategies for risk avoidance?
Identifying Your Business Risks
Without first identifying the risks to your business or your current projects you will never know what to do to avoid them. After all, you can’t avoid what you don’t even acknowledge exists.
The first step is to brainstorm with your team. Do whatever you can at the beginning of a big project to identify what might happen and what the potential impact to your business may be. And if you don’t have projects, then stop now and perform the task of identifying potential risks overall for your business at this point in time with your staff. It’s not a bad idea to involve some of your largest customers. They’ll be involved, too, if something happens that shuts you down for a while and it’s highly likely that they’ll bring a different perspective than you to the table and think of risks that never crossed your mind.
Prioritize Your Risks
Next, take the list you’ve created and prioritized the risks. It’s usually best to come up with a combined ranking of “likeliness to occur” and “impact to your business.” How you do this and how elaborate your ranking system depends on your industry and your business, but the idea is to come up with a list to be analyzed by you and your staff as to which risks your going to tackle at this point. You want to come to an understanding of which risks are the ones that need to be addressed with a plan to mitigate should they occur or to incorporate a risk avoidance plan, for now, to help ensure they don’t occur at all.
Risk Avoidance and Risk Mitigation
Once you have your ranked list you then need to decide where your risk tolerance threshold is. This is the line you draw that decides where you want to address the risks and where you’re going to deem them not likely enough or critical enough to spend effort on. Consider it like buying car insurance – you make a decision on the size of your deductible based on a certain comfort level you have. You aren’t likely to go with the lowest deductible, but if your cars are fairly new, you’re not likely to go with the highest deductible either…you’ll probably choose something in between.
It’s the same with your risk list. Let’s say you identify 15 risks that you are going to actively address at this point. Now, you work with your staff to come up with a detailed plan on how you will either:
- Mitigate the risk should the risk actually occur. Risk mitigation means that you come up with a plan to lessen the blow to your business operations should the risk event actually happen. For example, you start performing nightly backups so, in the event of a server crash, the most you could lose would be 24 hours of data – back to the last backup.
- Avoid the risk so that it doesn’t occur. Risk avoidance involves coming up with processes that will make it much less likely for the risk to happen and affect your business. An example of this would be implementing fair hiring practices and training your staff on discrimination issues so that your business is much less likely to ever be in a position to be sued by a current, former, or potential employee.