Tell me what risk management is all about?
What is Risk Management?
Risk Management is attempting to identify and then manage threats that could severly impact or even cripple your business. This involves reviewing your business operations, identify potential threats and then to analyse their likelihood of occurrence. Finally it involves taking the appropriate actions to address the most likely threats.
Conducting a risk assessment
As the business leader you should regularly undertake a comprehensive and focussed assessment of potetial risk to your business. This assessment should occur at least twice a year by staff who are across all functional areas of the business. It should be carefully planned, documented and methodically carried out.
The following are areas you may wish to consider:
Good Management
Any effort to manage your business will contribute to sound risk management. A highly attentive management team with a wide range of skills may be the most important guard against major threats to your business.
Up-to-date personal policies
Every business must have up-to-date policies which guide the relationship between staff and management. I have seen an increase in lawsuits regarding unfair dismissal, harassment, descrimination, salary disagreements to name a few. Having the personel policies reviewed by a third party can highlight areas that need improving to minimise your risk.
Well-designed insurance coverage
Insurance is complex and in my opinion better left to some-one who knows and deals with insurance related matters each day. An insurance broker is the best option so I suggest you call one up now to provide you with an assessment of your business and provide you with the most tailored insurance cover applicable.
Legal Protection
Most small businesses don't have an in-house lawyer. Therefore perhaps once a year spend some time with your external lawyer to review potential legal threats and changes in legislation that may effect you or your business.
Resource Management
This area is often overlooked. Each key role should have a suitable back-up or succession plan in place. For example, some-one in the organisation should have a general understanding of another persons role in case that other person for some reason can't perform their role. This means having adequate back-up while people take holidays, or are sick.
Computers
Basic computer security to protect your assets should also be reviewed. There are two kinds of sucurity - data and break-ins. Data security is addressed by having a good back-up system. Break-in security is often as simple as using passwords to files or systems where possible. Locking computers to desks or within locked offices.
- Ensure software and hardware back-ups are adequately managed. If you have a back-up tape process make sure you rotate them over a weekly basis (i.e. if you have 7 tapes then lable them Monday through to Sunday and change over according to the day of the week.)
- Don't forget to take the back-up tapes off-site!
- Use electrical surge protectors to ensure your computers will not experience sudden surges in electricity.
- Ensure your systems require end-users to enter passwords when logging on and to never share their passwords with anyone else. Update your policy to also request that passwords be changed every 90 days.
- Ensure your staff have updated tools in order for them to do their job. Maintain the PC hardware to ensure that maximum up-time and implement technical support either in-house or outsource it to ensure that downtime is minimised.
- Keep a detailed and up-to-date IT audit of all existing and new hardware and software. By doing this you will be able to plan new computers and manage the cash flow requirements of doing so.
- Be sure to install a reputable virus checker on your system. If you then configure it to run updates at off-peak times then you will always have up-to-date risk management.
- Develop and implement a disaster recovery plan. The plan should address contingencies. It should detail procedures to respond to - disk crashes, hardware failures, network outages and back-up failures.
Return from Risk Management to Home Page
|
