All businesses have risk, and with many start-ups failing within their first four years, somebody needs to take responsibility for managing risk, even in a small company.
When a start-up makes that all-important decision to grow, there are huge risks to deal with and there are even more on-going risks associated with being a large company. What was a basic risk management solution is now no longer enough – you need an enterprise risk management framework.
As our article on enterprise risk management (ERM) explains, ERM is the planning and controlling of business activities to minimize the likelihood of an event, and reduce any impact on the company.
Different risks could cover financial, operational, reporting, compliance, governance, strategic, reputational or others like special projects or IT.
Not surprisingly, as a company grows the types of risks that need to be monitored will change. As a small business, your main concerns might be for cash flow and protecting intangible assets, which may account for 80% or more of a company’s net worth.
While a start-up business might, for example, not have to worry about IT infrastructure, as they are less likely to be a target to cyber risk, once it grows financially, technically and operationally to become a medium or large company, these areas will become a bigger concern.
It might also be the case that a small company is not heavily regulated and growth or diversification could increase compliance requirements. If unnoticed or unmonitored, this sort of change in the risk portfolio could have huge financial and reputational (among other) consequences.
Other changes in risk could include additional insurance premiums, changes in internal culture and the scope and direction of strategic business decisions.
Managing risk becomes more complicated as a company grows. Corporations employ whole teams of risk managers to protect the business and identify positive or acceptable risk. Risk data needs to be collated, monitored and analysed and then a reporting pattern must be put in place.
As quantity of data increases, a risk management framework becomes vital. Getting a risk management technology solution early on in business growth means the processes are in place and risk management can be embedded across the organisation effectively. It also means you can choose a system that grows with you.
Once the company has reached a certain size, it will likely require a dedicated risk manager. Some experts will say that all businesses should have a risk consultant or manager, whatever its size. Every business is different, so at what stage a risk manager is required depends on the types of risks, regulations and quantity of data the company has.
How to manage growth
- Identify acceptable risk – this is the positive risk that businesses take in order to grow.
- Prioritize risks – categorize which risks are most likely to occur or will have the biggest impact.
- Establish contingency plans – mitigate risks where possible and evaluate possible scenarios.
- Look for insurable risks – for example: customer or employee accidents. Where it is economically attractive to transfer risks to other parties through insurance programs, these shuld be considered as financial protection mitigation practices.
- Embed risk management across the organisation – get all employees on board with the company’s risk management processes and familiar with the risk management framework.
- Implement a risk management technology solution choose a risk management system that is adaptable and will continue to support the business as it changes. How long will that spreadsheet and manual reporting continue to be practical?
- Monitor, review and analyse all risk data – keep reviewing which risks should be the focus and identify new and obsolete risks. A good risk management system will help you do this.