Risk Management Guide For Businesses
Risk Management Guide For Businesses
Risk Management Guide For Businesses
Every business is subject to possible losses from unmanaged risks. Sound risk management should either
reduce the chance that a particular event will take place or minimise its impact. Sound risk management
also protects business wealth.
Risk management starts by identifying possible threats and then implementing processes to minimise
or negate them.
• reduced the probability that the business may be the target of legal action
This guide is not an exhaustive publication on risk management. You may therefore need to seek
external advice specific to your business circumstances to implement suitable risk management
strategies for your business.
Possible events should be analysed to determine how likely they are to occur and their possible impact on the
business. To identify risks and determine how best to respond to them:
• assess the probability of each event as ‘very likely’, ‘moderately likely’ or ‘very unlikely’.
• prioritise those events by putting a dollar value on each one (e.g. the replacement cost of a critical piece of
machinery; or in the case of potential bad debts, the total value of amounts owed by customers).
• focus on developing responses to risks that are most likely to occur and have the largest financial impact on
the business.
• for each possible event, develop procedures commensurate with the level of risk the business is willing to accept.
• once a procedure is established, it should be monitored to ensure it is properly implemented and is effective.
For further information on developing policies and procedures, see Developing policies and procedures for your
business or seek expert external advice.
This guide identifies some of the risks and areas where risks may emerge, and it provides a variety of strategies
to manage them.
The business losses Is the business highly-dependent on a small • L ocking in major customers through long-term
a major customer. number of major customers? For example, service or supply contracts, regularly visiting
you could have a small number customers them, or continually asking their views about your
that account for over 50 per cent revenue. business’s products and services
• S
preading the risk by developing smaller, existing
customers so they become larger customers or
share a larger percentage of sales.
Low profitability and Do you have customers that take up a • Seek new, profitable customers
productivity due to high lot of your time but are less profitable than • F
inding lower-cost ways of servicing or supplying
maintenance customers. other customers? the less profitable customers
• Stop servicing or supplying such customers.
The business is impacted by Is the business highly dependent on a small • L ocking in major suppliers through long-term
disruption at a key supplier. number of key suppliers? For example, service contracts
do you have one supplier that provides • S
eek alternative suppliers capable of supplying
30 per cent or more of the total product similar items, even if having them as
requirements, or is there a supplier whose back-up suppliers.
failure to supply could stop the business?
The business is disrupted by Do employees see the business as a • Implementing selection procedures that increase
high-employee turnover. short-term employment option? For the probability of finding the right employees
example, would they describe it as ‘a good for the business
place to learn for a while’ or ‘a nursery for • Implementing a robust performance development
the industry’? system for communication of performance
If the business is seen as short-term expectations and goals, monitoring performance
employment option, this will result in high and setting remuneration
staff turnover, disrupting the business and • U
sing equity interests, profit-sharing or other
adding to recruitment and training costs. incentives to help retain key personnel and
let them share the success they create for the
business. But be careful how such incentives
schemes are designed, as they could encourage
unintended behaviour.
Sales are lost due to Are there employees in the business who • A
llocating several people to fulfill key tasks and
the departure of a key are critical to its success? provide backup in the event of illness or sudden
employee. If yes, their departure could impact sales departure
or customer relationships. • P
utting in place confidentiality agreements and
A competitor might benefit from your loss / or reasonable restraint of trade agreements
if they can recruit such key personnel. signed by key employees or where appropriate all
employees. Seek legal advice on such agreements.
Fraud risk due to lack of Are some employees largely free to govern • P
rovide ongoing training for employees consistent
supervision and control over or control dealings with key suppliers or with the needs of the business
employees. customers? For example, some employees • R
otating employees through various functions or
may control who your business sells its departments to familiarise them with other areas
goods or services, or pricing. of the business
If yes, your business is at increased risk • Implement controls over critical decisions and
of fraud. engage other senior employees to oversight the
implementation of those controls.
Sales are disrupted by How dependent is the business on its • Identifying several suitable alternative premises
moving to a new premises current location? That is, would a move which would suit customers, suppliers
or if access to current site to a new premises have a negative impact and employees
is restricted. on sales, employees and supplier access? • R
eview the business strategy to identify future
space requirements early
• O
nly businesses that are established, have good
prospects and are growing should consider
purchasing a property and then only if the
property has sufficient capacity to allow for future
expansion, otherwise it is preferable to rent.
Renting also helps to preserve working capital
for business operations.
A large-scale product recall, How exposed is the business to a threat to • Incorporating robust review processes and quality
fraud, bad review or other its reputation or goodwill? For example, assurance systems to avoid a situation that may
similar event causes long- what would happen if there were a product damage the business’s reputation
term reputational damage recall, or if the business received bad • Strong marketing that builds brand and reputation
to the business. reviews or there was a major fraud?
• C
ompulsory training and development programs
for staff
• P
rocedures that address customer complaints,
including online in a timely manner.
A critical system goes down To what extent does the business rely on • Protecting laptops and desktops
in a peak time. information technology (IT)? Have you ever • K
eeping data safe by performing backups and
noticed how little work is done in an office storing those backups offsite
when a system is not working? The level
• Using the internet safely
of risk created by using IT increases as the
business becomes more reliant on it. • Have appropriate cybersecurity processes in place
• Keep systems up to date
• E
nsuring appropriate IT support is available within
an acceptable timeframe
• Having an uninterrupted power supply unit
• Conducting appropriate IT training for employees
• Have a back-up internet connection.
Liquidity risk
Potential Risk Identify the Risk Risk Mitigation Strategies
The business does not have Run regular cash flow analysis to identify • M
anaging cash flow on a daily, weekly and monthly
enough funds to meet when and if your business may have basis by monitoring the flow of cash in and out of
future obligations. difficulty in meeting future obligations. the business
• F
orecasting cash flow to identify any periods
when there is inadequate cash buffer to cover
unanticipated events. Good forecasting will include
‘what if’ analysis; for example, ‘What if my sales
were to drop by 20 per cent?’
• S
eek a committed line of credit from a financial
institution. It is beneficial to have two possible
providers in case one does not provide credit
when needed
• M
aintaining a strong relationship with your banker
or financial institution to ensure they understand
the business and are kept up to date with
potential loan requirements
• M
onitoring market conditions to anticipate
seasonal fluctuations in cash flows
• P
reparing aged debtor reports to monitor
debtor collections (and regularly contacting
the slow payers).
For further information read Tips for managing through tough times.
Where the business pays Does the business use foreign currency to • C
onsulting your bank for assistance in managing
and/ or receives foreign buy raw materials or equipment, or receive foreign exchange exposure
currency, the exposure to it from sales of its products and services to • B
uying or selling foreign currency in advance
fluctuations in the value overseas customers? (i.e. at the time of the agreement) to lock in the
of foreign currency. If your business does receive or make foreign currency rate
payments in foreign currency then it’s • U
sing financial market instruments provided by
exposed to a potential risk. financial institutions that either lock in foreign
currency rates or minimise the risk of impact
of foreign currency fluctuations on revenue
and/or expenses.
For further information read Tips for managing through tough times.
Credit risk
Potential Risk Identify the Risk Risk Mitigation Strategies
For further information read Tips for managing through tough times.
The business’s key areas should be reviewed to ensure that policies and procedures are in place to manage risks
such as those listed below.
Sales • What are the procedures for the delivery of goods or services?
• Are delivery instructions recorded?
• How do you ensure that all sales are recorded?
• What are the procedures for handling cash and credit sales?
Purchasing • What procedures are in place to ensure purchases are in line with what is required?
• A
re suppliers’ details checked on a regular basis to ensure the details (i.e. addresses or bank
account numbers) are correct and not an employee’s or their associate?
• What procedures are in place for checking goods received against good ordered
Accounts payable • Are payments checked to ensure they are not duplicated or identical?
• What procedures are in place to ensure that payment is made on agreed terms?
• Can rapidly increasing purchases from one supplier be identified?
Accounts receivable • Are outstanding payments from customers reviewed on a regular basis?
• What procedures are in place to follow up on late payments?
• Are procedures in place to check who is receiving early-payment discounts?
Payments • D
oes the business have controls in place to ensure that all invoices are appropriately approved
before payment?
• Who is authorised to make payments?
• Are the duties for banking and bank reconciliation separated?
Building and This insurance should cover the business’s buildings as well as contents and stock against loss.
contents insurance
Cybersecurity insurance Cyber insurance is designed to protect businesses against the costs incurred as a result of a
cyber-attack, internal employee threats and a business' liability for a data breach in which personal
information is exposed or stolen.
Business interruption The business should be covered for interruption due to damage to property by fire or other insured
or loss of profit insurance perils. The cover should ensure that ongoing expenses are met and that anticipated net profit is
maintained through a provision of cash flow.
Public liability insurance Public liability insurance should cover the owner and business against the financial risk of being
found liable to a third party for death or injury, loss or damage of property or economic loss resulting
from the business’s or the owner’s negligence.
Directors and officers Directors and officers (D&O) liability insurance is intended to protect individuals from personal losses
liability insurance if they are sued as a result of serving as a director or an officer of a business.
Key person This type of insurance should help cover the loss of a key member of staff.
insurance cover
Workers’ compensation In Australia, it is compulsory to maintain appropriate accident and sickness insurance for all
insurance employees and certain contractors you engage in your business.
Personal accident This insurance is important for self-employed business operators who are not covered by workers’
and illness insurance compensation insurance.
Motor vehicle insurance It is compulsory to insure all company or business vehicles for third party injury liability in Australia.
Burglary cover Business assets should be protected against burglary by this type of insurance.
Professional indemnity This type of insurance is important for businesses giving professional advice.
insurance
Fidelity guarantee Insurance covering losses resulting from misappropriation by employees who embezzle or steal.
Machinery breakdown Insurance covering the business for any losses incurred if plant and machinery break down.
insurance
Product liability insurance This insurance provides cover for injury or damage caused by goods the business sells,
supplies or delivers — even in the form of repairs or services.
As the type and level of insurance cover needed requires an assessment of the particular needs
of the business, it is necessary to speak to an insurance specialist to ensure your business is
adequately protected.
DISCLAIMER
CPA Australia does not warrant or make representations as to the accuracy, completeness, suitability or fitness for purpose of the Materials and accept no responsibility
for any acts or omissions made in reliance of the Materials. These Materials have been produced for reference purposes only and are not intended, in part or full, to constitute
legal or professional advice. To the extent permitted by the applicable laws in your jurisdiction, CPA Australia their employees, agents and consultants exclude all liability for
any loss, damage, claim, proceeding and or expense including but not limited to legal costs, indirect special or consequential loss or damage, arising from acts or omissions
made in reliance of the Materials. Where any law prohibits the exclusion of such liability, CPA Australia limit their liability to the resupply of the information.