How much risk are you carrying in your business – do you know……and what are you doing about it?
Someone once explained Operational Risk to me as the classic, ‘good times gone bad’ situation, where one or more of the things which have made the business successful, suddenly go wrong – and often….very wrong!
Perhaps a clearer or simpler description of operational risk is; a failure in the people, internal processes or systems of the business, or an external event that could have financial or reputation impacts.
For a typical SME business this could look like –
- Poor password security – enabling a staff fraud which will often not just result in a hard financial, but generally has many personnel and cultural costs as well
- Stock delivery without acknowledgment – allowing stock disputes and the associated stock and reputation losses
- Poor product manufacture controls – permitting stock contamination or defects, resulting in additional cost for correction/recall of the item and can also result in the full remanufacture – thus doubling or trebling your cost for no additional return
- Inadequate IT/firewall controls in place – enabling hacking and potential disbursement of sensitive information or, simply the loss of your critical operating system
- Reliance on unchecked manual processes – resulting in the missing of a vital step or piece of information which contributes to a financial or reputation loss
- Poorly coordinated or completed maintenance on core equipment – culminating in the breakdown of equipment and the loss of income for the breakdown period
- Lack of oversight on critical licenses/patents/insurances/memberships – allowing uncertified or unlicensed work to be completed
The list of potential operation risks is almost endless, but once identified – the key to them is understanding the frequency or probability of an event occurring, along with the estimated cost to the business. This permits a mature discussion around the prioritisation of the risks to the business, which in turn orders the priority of the actions (and $ budget) to mitigate them.
Some risks will not be considered worthy of the cost of mitigating, whereas others – simply cannot be ignored as the potential cost is too great.
As you consider the implications, sit down and critically assess the risk in your business. Take a fresh set of eyes to “how” you are doing business, and if you feel you are too close – then call in an external perspective for a full assessment.
Three steps to get you on your way;
1. Consider – the operations of your business and identify your points of critical reliance – which if they failed, would cost your business (ie. software, computer, supply, equipment, licenses, logistics, people, collections etc). Consider also external impacts (ie. external regulation, economic triggers etc).
2. Calculate – what this failure cost could be to your business and how frequently it could occur (ie. is this a once a month, once year, once a decade sort of occurrence?). These will enable you to prioritise the risks.
3. Review – your current internal controls to check if they are sufficient to guard against a catastrophic event crippling your business. It they aren’t, then it’s time to act.
As with all aspects of business – you get out what you put in – so if you only give 5 minutes to this review, then the quality of your operational risk mitigation will reflect this.
In business – things go wrong, accidents do happen, systems fail and processes break – but……..with prudent operational risk planning in place, these events do not need to be a disaster.
Plan now – before the “good times go bad”.