Risks are the probabilities of bad things happening. In short, the uncertainty surrounding your objectives.
When managing risks, you need to set out Control Statements i.e. what you are going to do to minimise the likelihood of an adverse incident occurring and – if it does – minimising its impact. A clear understanding of your risks and achievable Control Statements is often a major competitive advantage for any company. To do this you need to understand the different types of risk management options you have available. There are really only 4 types – the 4 Ts.
This little blog sets out these 4 different types of control statements.
Think drugs, think staying healthy. To avoid getting ill you try to stay fit and healthy. 5 Fruit and Vegetables per day, no smoking, low alcohol consumption, regular exercise.
When you’re ill you take drugs like paracetamol and anti-biotics.
We’ve just described different types of treatment, some that are pre-emptive and reduce the likelihood of a threat materialising or reduce its impact before the risk materialises, and some that minimise its impact if or when it does materialise.
For businesses we believe treatment is always a great place to start managing risks. When assessing a risk like a product defect that causes injury, often identifying and addressing training gaps or the need for investing in some new quality assurance tools can knock a hammer blow to the probability of this risk ever happening in the first place. If the risk does occur, having a slick investigation process can do wonders for reducing the negative impact of that product defect in your market. There is often a large number of treatment options available to a company that can cost very little in many cases.
For making your workplace Coronavirus secure and to reduce the likelihood of an infection breaking out, these are some of the many common treatment options:
- 2m distancing
- Perspex checkout counters and workstations
- Personal protective equipment
- Infrared thermometers
- A different office rota system
- Occupational infection control training
The clue is in the name. When we transfer risk, we pass on the risk management responsibility, relying on other parties to assist with managing the impact of that risk. Companies have multiple options. A major one is insurance; some are mandatory like Employers Liability, but you may want to take out a Cybersecurity policy. Here, you are transferring the risk of a particular loss from you as the policyholder onto the insurer.
You can also implement risk transfers in your contracts. Run a gym and don’t want to be held responsible if your member gets an injury by dropping a weight on their foot? Limit your liability in your contract.
Are you a construction company that hasn’t built an electricity connection to your new housing development? You could bring in an expert cable installation company. Subcontracting here is a no brainer; if things go wrong, you have another party to claim from if your new homebuyers make a claim against you.
As an overview, Transferring Risks include the following activities:
- Taking out insurance policies
- Having good contracts and limiting your liability
Removing the risk. This is often underrated but can often be the most effective when you really go into the detail of a particular risk. This decision can often be made after assessing the costs of treatment (buying protective kit, investing in software and new machinery) or insurance policies and solicitors fees when transferring, and actually the costs don’t outweigh the risk management benefits. In this case, it’s often better to replace or remove a process or procedure to stop that risk from ever occurring in the first place.
Say you’re a lending company and you make manual loan payments to borrowers. The risk is money being lost from the loan drawdown process due to human error. The cost of training your staff, along with extra fraud prevention software and expensive insurance policies, outweighs the cost of implementing an automated lending system where the payment details are automatically populated by the borrower, thus removing the risk of human error by your staff. This is a form of termination.
Another termination example: an architect being approached to design a shopping centre when they only have expertise in residential homes. The costs of a claim on future insurance policies or fixing errors for free as expected by the angry client may outweigh the short term cost of not taking up the contract!
Tolerating Risk is where no action is taken to mitigate or reduce it. This could be because the costs involved in managing the risk are not worth it, or because the probability and impact of a particular risk is so low that it is deemed an acceptable risk for the business.
Even when these risks are tolerated, they should still be monitored because future changes may make them no longer tolerable.
Risk Management is becoming an increasingly important theme for businesses amid the Coronavirus pandemic and getting employees back to the workplace. Different businesses and workplaces carry different risks and risk management is going to get more crucial to any business development decisions your company may take as we deal with changing trade arrangements with the European Union, cyber attacks increase in sophistication and the recession looms.
This is obvious, right?
Well yes, but we believe lots of companies aren’t approaching risk in the right way.
Our view is that SMEs are often sold the dream of good risk management; buying an expensive cyber security insurance policy, or outsourcing certain pieces of work or production to a counterparty, without a detailed understanding of the weaknesses of their models and the threats they face in their markets.
So take your business risks seriously. Make sure you spend time thinking carefully about the risks you face, define your control statements properly and ensure you therefore have a clear plan of how you’ll protect your company and its people, both now and in the future.