Risk Management Guide For Businesses

Download as pdf or txt
Download as pdf or txt
You are on page 1of 12

Risk management guide

For small to medium businesses


Risk management is a critical element of operating a successful business. Small to medium businesses are
frequently exposed to risks that can directly affect day-to-day operations and trading results. Their impact
may be serious enough for the business to fail. Most businesses know instinctively that they should have
insurance policies to cover risks to life and property. However, there are many other risks that all businesses
face, some of which are often overlooked or ignored.

Every business is subject to possible losses from unmanaged risks. Sound risk management should either
reduce the chance that a particular event will take place or minimise its impact. Sound risk management
also protects business wealth.

Risk management starts by identifying possible threats and then implementing processes to minimise
or negate them.

Sound risk management can produce the following benefits:

• lower insurance premiums

• reduced the probability that the business may be the target of legal action

• reduced losses of cash or stock etc.

• reduce the risk of a cyberattack causing significant damage to the business

• reduced business down time.

This guide is not an exhaustive publication on risk management. You may therefore need to seek
external advice specific to your business circumstances to implement suitable risk management
strategies for your business.

2 | Risk management guide: For small to medium businesses


Identifying risks and how to respond to them
Undesirable events, the probability of their occurring and their possible impact vary considerably from business
to business and from industry to industry. How does a business identify and manage such risks?

Possible events should be analysed to determine how likely they are to occur and their possible impact on the
business. To identify risks and determine how best to respond to them:

• assess the probability of each event as ‘very likely’, ‘moderately likely’ or ‘very unlikely’.

• prioritise those events by putting a dollar value on each one (e.g. the replacement cost of a critical piece of
machinery; or in the case of potential bad debts, the total value of amounts owed by customers).

• focus on developing responses to risks that are most likely to occur and have the largest financial impact on
the business.

• for each possible event, develop procedures commensurate with the level of risk the business is willing to accept.

• once a procedure is established, it should be monitored to ensure it is properly implemented and is effective.

For further information on developing policies and procedures, see Developing policies and procedures for your
business or seek expert external advice.

This guide identifies some of the risks and areas where risks may emerge, and it provides a variety of strategies
to manage them.

Risks posed by customers


Potential Risk Identify the Risk Risk Mitigation Strategies

The business losses Is the business highly-dependent on a small • L ocking in major customers through long-term
a major customer. number of major customers? For example, service or supply contracts, regularly visiting
you could have a small number customers them, or continually asking their views about your
that account for over 50 per cent revenue. business’s products and services
• S
 preading the risk by developing smaller, existing
customers so they become larger customers or
share a larger percentage of sales.

Low profitability and Do you have customers that take up a • Seek new, profitable customers
productivity due to high lot of your time but are less profitable than • F
 inding lower-cost ways of servicing or supplying
maintenance customers. other customers? the less profitable customers
• Stop servicing or supplying such customers.

3 | Risk management guide: For small to medium businesses


Risks posed by suppliers
Potential Risk Identify the Risk Risk Mitigation Strategies

The business is impacted by Is the business highly dependent on a small • L ocking in major suppliers through long-term
disruption at a key supplier. number of key suppliers? For example, service contracts
do you have one supplier that provides • S
 eek alternative suppliers capable of supplying
30 per cent or more of the total product similar items, even if having them as
requirements, or is there a supplier whose back-up suppliers.
failure to supply could stop the business?

Risks posed by employees


Potential Risk Identify the Risk Risk Mitigation Strategies

The business is disrupted by Do employees see the business as a • Implementing selection procedures that increase
high-employee turnover. short-term employment option? For the probability of finding the right employees
example, would they describe it as ‘a good for the business
place to learn for a while’ or ‘a nursery for • Implementing a robust performance development
the industry’? system for communication of performance
If the business is seen as short-term expectations and goals, monitoring performance
employment option, this will result in high and setting remuneration
staff turnover, disrupting the business and • U
 sing equity interests, profit-sharing or other
adding to recruitment and training costs. incentives to help retain key personnel and
let them share the success they create for the
business. But be careful how such incentives
schemes are designed, as they could encourage
unintended behaviour.

Sales are lost due to Are there employees in the business who • A
 llocating several people to fulfill key tasks and
the departure of a key are critical to its success? provide backup in the event of illness or sudden
employee. If yes, their departure could impact sales departure
or customer relationships. • P
 utting in place confidentiality agreements and
A competitor might benefit from your loss / or reasonable restraint of trade agreements
if they can recruit such key personnel. signed by key employees or where appropriate all
employees. Seek legal advice on such agreements.

Fraud risk due to lack of Are some employees largely free to govern • P
 rovide ongoing training for employees consistent
supervision and control over or control dealings with key suppliers or with the needs of the business
employees. customers? For example, some employees • R
 otating employees through various functions or
may control who your business sells its departments to familiarise them with other areas
goods or services, or pricing. of the business
If yes, your business is at increased risk • Implement controls over critical decisions and
of fraud. engage other senior employees to oversight the
implementation of those controls.

Risk of workplace injury Do employees face occupational health • W


 orking with employees and experts to
or death due to an unsafe and safety (OH&S) risks? For example, implement suitable OH&S policies to minimise
work environment. are they working in a dirty or hazardous risks. For example, safe driver training and regular
environment, or do they have to travel maintenance of vehicles and other equipment
extensively by car? • R
 egularly check to ensure employees are following
If yes, the risk of workplace injury or worse such policies.
is higher.

4 | Risk management guide: For small to medium businesses


Risks posed by the business premises and location
Potential Risk Identify the Risk Risk Mitigation Strategies

Sales are disrupted by How dependent is the business on its • Identifying several suitable alternative premises
moving to a new premises current location? That is, would a move which would suit customers, suppliers
or if access to current site to a new premises have a negative impact and employees
is restricted. on sales, employees and supplier access? • R
 eview the business strategy to identify future
space requirements early
• O
 nly businesses that are established, have good
prospects and are growing should consider
purchasing a property and then only if the
property has sufficient capacity to allow for future
expansion, otherwise it is preferable to rent.
Renting also helps to preserve working capital
for business operations.

Current business premises Is the business growing strongly at present, • W


 here the premises suit the business’s long-term
will not cater for future or is it relatively stable? If it is growing needs, consider securing a long-term lease or right
growth of the business. strongly, can your current premises meet of first option when the lease expires
your future needs? • O
 nly businesses that are established, have good
prospects and are growing should consider
purchasing a property and then only if the
property has sufficient capacity to allow for future
expansion, otherwise it is preferable to rent.
Renting also helps to preserve working capital
for business operations.

Threats to goodwill and reputation


Potential Risk Identify the Risk Risk Mitigation Strategies

A large-scale product recall, How exposed is the business to a threat to • Incorporating robust review processes and quality
fraud, bad review or other its reputation or goodwill? For example, assurance systems to avoid a situation that may
similar event causes long- what would happen if there were a product damage the business’s reputation
term reputational damage recall, or if the business received bad • Strong marketing that builds brand and reputation
to the business. reviews or there was a major fraud?
• C
 ompulsory training and development programs
for staff
• P
 rocedures that address customer complaints,
including online in a timely manner.

Risks posed by information technology


Potential Risk Identify the Risk Risk Mitigation Strategies

A critical system goes down To what extent does the business rely on • Protecting laptops and desktops
in a peak time. information technology (IT)? Have you ever • K
 eeping data safe by performing backups and
noticed how little work is done in an office storing those backups offsite
when a system is not working? The level
• Using the internet safely
of risk created by using IT increases as the
business becomes more reliant on it. • Have appropriate cybersecurity processes in place
• Keep systems up to date
• E
 nsuring appropriate IT support is available within
an acceptable timeframe
• Having an uninterrupted power supply unit
• Conducting appropriate IT training for employees
• Have a back-up internet connection.

5 | Risk management guide: For small to medium businesses


Risks posed by financial transactions
Financial transactions create risks for business. They can be classified as liquidity, foreign exchange,
interest rate, commodity price and credit risks. Each will be examined separately below. Skip any which
do not apply to your business.

Liquidity risk
Potential Risk Identify the Risk Risk Mitigation Strategies

The business does not have Run regular cash flow analysis to identify • M
 anaging cash flow on a daily, weekly and monthly
enough funds to meet when and if your business may have basis by monitoring the flow of cash in and out of
future obligations. difficulty in meeting future obligations. the business
• F
 orecasting cash flow to identify any periods
when there is inadequate cash buffer to cover
unanticipated events. Good forecasting will include
‘what if’ analysis; for example, ‘What if my sales
were to drop by 20 per cent?’
• S
 eek a committed line of credit from a financial
institution. It is beneficial to have two possible
providers in case one does not provide credit
when needed
• M
 aintaining a strong relationship with your banker
or financial institution to ensure they understand
the business and are kept up to date with
potential loan requirements
• M
 onitoring market conditions to anticipate
seasonal fluctuations in cash flows
• P
 reparing aged debtor reports to monitor
debtor collections (and regularly contacting
the slow payers).

For further information read Tips for managing through tough times.

Foreign exchange risk


Potential Risk Identify the Risk Risk Mitigation Strategies

Where the business pays Does the business use foreign currency to • C
 onsulting your bank for assistance in managing
and/ or receives foreign buy raw materials or equipment, or receive foreign exchange exposure
currency, the exposure to it from sales of its products and services to • B
 uying or selling foreign currency in advance
fluctuations in the value overseas customers? (i.e. at the time of the agreement) to lock in the
of foreign currency. If your business does receive or make foreign currency rate
payments in foreign currency then it’s • U
 sing financial market instruments provided by
exposed to a potential risk. financial institutions that either lock in foreign
currency rates or minimise the risk of impact
of foreign currency fluctuations on revenue
and/or expenses.

6 | Risk management guide: For small to medium businesses


Interest rate risk
Potential Risk Identify the Risk Risk Mitigation Strategies

If the business borrows Calculate the impact various interest rate • C


 onsult your bank for assistance in managing
from a lender or generates movements will have on your borrowing interest rate exposure
income from savings, costs or income generation. In a high • B
 orrowing or investing at a fixed rate to provide
interest rate movements inflation environment, interest rates are certainty of interest expenses or income
can impact profitability. likely to go up quickly.
• U
 sing financial market instruments provided by
financial institutions that either fix interest rates
or minimise the risk of impact of interest rate
fluctuations on revenue and/or expenses.

For further information read Tips for managing through tough times.

Commodity price risk


Potential Risk Identify the Risk Risk Mitigation Strategies

If the business buys or Calculate the impact of various price • C


 onsult your bank on how they can assist in
sells commodities, price movements (say 5 per cent, 10 per cent, managing commodity price exposure
movements can have an 20 per cent and 50 per cent) will have on • E
 nter into fixed price contracts with suppliers
impact on profitability. your revenue and expenses. or customers
The risk could be broader than just the • U
 sing financial market instruments provided by
commodity; therefore look at historical financial institutions that either fix commodity price
data to see what happens to the sales or minimise the risk of impact of commodity price
of other products or services at various fluctuations on revenue and/or expenses
price movements.
• S
 ee if there are opportunities to diversify into other
areas less exposed to sudden price movements.

Credit risk
Potential Risk Identify the Risk Risk Mitigation Strategies

If the business sells on Does the business sell its products or • C


 heck the credit status of the customer before
credit, the risk that services on credit? making the sale
debtors will be unable If so, create an aged debtors report to • C
 heck publicly available registers to verify that the
to pay for them. determine which debts are old. What would customer’s business is real and to find out who is
happen to your business if such old debts behind the business
weren’t paid? • Insisting that customers sign a ‘terms and
conditions of trade’ prior to supplying goods or
services to them that includes a ‘retention of title’
clause for the goods you supply
• Impose credit limits to restrict your firm’s
overall exposure, obtaining personal guarantees
where possible
• M
 aintain strong relationships with the customer to
ensure their current liquidity status is always known
• Contact debtors before the due date for payment
• Stop selling to customers with old debts.

7 | Risk management guide: For small to medium businesses


Risks posed by competitors
Potential Risk Identify the Risk Risk Mitigation Strategies

Current and potential Do a SWOT analysis of your business. • C


 ontinue to build relationships with clients and the
competitors can pose What would happen to your business local community. Providing great service as a way
a significant threat to if a competitor was to take advantage of of combating competitors.
your business. one of your weaknesses, or is better placed • D
 o a SWOT analysis and identify how your
to exploit an opportunity?? business can address weaknesses and take
advantage of opportunities?
• K
 eep up to date with local developments to get
an early indication of the potential emergence
of a competitor.

Are they likely to be first to market with a • R


 esearch industry trends through reading and
new product or service? Are they likely to travel. Adopt viable new products and services – or
expand their business or to find new ways of ways of delivering those products and services to
getting their products or servicesto market? customers
• Invest money in developing new products
and services
• P
 rotect intellectual property assets by registering
them where possible (trademarks, desigvns,
copyright, patents).

Are they likely to significantly reduce their • C


 ontinually monitoring competitors,
prices? including the prices they charge
• R
 emember, just because a competitor
charges a particular price, doesn’t mean
it’s the right price.

For further information read Tips for managing through tough times.

Risks posed by the market or the economy


Potential Risk Identify the Risk Risk Mitigation Strategies

Changing tastes and Is the business exposed to risks from • R


 esearch consumer trends and tastes so that the
trends, or from an changing tastes and trends or from an business can respond to change
economic downturn. economic downturn? For example, while • C
 ontinually test the market to see what products
the business itself may be relatively immune and services consumers prefer. This provides an
from an economic downturn, a downturn understanding of changing consumer sentiment
may impact on your customer base. during changes to the economic cycle
Are your products or services vulnerable • P
 romote products and services that sell better
to changes in taste and preference? during an economic downturn (these can be
determined by testing the market)
• P
 romote stock or services that sell well and
are profitable.

8 | Risk management guide: For small to medium businesses


Unexpected exit of the business owner
Potential Risk Identify the Risk Risk Mitigation Strategies

Death or incapacity Ask what would happen to the business • C


 onsult advisers who can assist in business
of the business owner/s if the owner or one of the partners died succession, wills and estate planning
or became incapacitated? • P
 repare a business succession plan and a will
that is consistent with the plan
• Implement appropriate insurance that provides
income or a capital sum in the event of the death
or incapacity of the owner or a key employee
• W
 here there are two or more unrelated owners
in a business, consider a buy/sell agreement
and funding agreement for the eventual transfer
of the business
• D
 ocument key processes and critical information
so that other people can continue to run
the business
• T
 rain employees so that more than one person
knows how to perform each task.

Risk posed by natural disaster


Potential Risk Identify the Risk Risk Mitigation Strategies

Natural disaster such What would be the impact to the • P


 repare a business continuity plan that identifies
as flood, fire, pandemic business if it had to stop operating from how to run the business following a disaster
or drought. its premises for an extended period? • E
 nsure that all asset details are kept so
What would be the impact on the replacement can be undertaken if needed
business if its customers suffered a sharp • H
 ave an adequate cash buffer that will assist
fall in income? if business operations are interrupted
• Have adequate insurance in place.

9 | Risk management guide: For small to medium businesses


Other potential risks in business
It’s important to have controls in place to protect the business’s assets. The controls needed will vary depending
on the business’s goods and funds, the type of industry it is in and its potential to suffer from loss or fraud.

The business’s key areas should be reviewed to ensure that policies and procedures are in place to manage risks
such as those listed below.

Key area Identify the risk

Sales • What are the procedures for the delivery of goods or services?
• Are delivery instructions recorded?
• How do you ensure that all sales are recorded?
• What are the procedures for handling cash and credit sales?

Purchasing • What procedures are in place to ensure purchases are in line with what is required?
• A
 re suppliers’ details checked on a regular basis to ensure the details (i.e. addresses or bank
account numbers) are correct and not an employee’s or their associate?
• What procedures are in place for checking goods received against good ordered

Accounts payable • Are payments checked to ensure they are not duplicated or identical?
• What procedures are in place to ensure that payment is made on agreed terms?
• Can rapidly increasing purchases from one supplier be identified?

Accounts receivable • Are outstanding payments from customers reviewed on a regular basis?
• What procedures are in place to follow up on late payments?
• Are procedures in place to check who is receiving early-payment discounts?

Payments • D
 oes the business have controls in place to ensure that all invoices are appropriately approved
before payment?
• Who is authorised to make payments?
• Are the duties for banking and bank reconciliation separated?

For further information read Internal controls for small business.

10 | Risk management guide: For small to medium businesses


Insurance
One of the most important ways to protect the business against risks is to carry sufficient insurance. With insurance
you can decide which risks you must insure, and which can be covered by the business or its owners. Seeking advice
from a business insurance broker can be helpful to determine which insurance are relevant to your business.

Type of Insurance Insurance cover provided

Building and This insurance should cover the business’s buildings as well as contents and stock against loss.
contents insurance

Cybersecurity insurance Cyber insurance is designed to protect businesses against the costs incurred as a result of a
cyber-attack, internal employee threats and a business' liability for a data breach in which personal
information is exposed or stolen.

Business interruption The business should be covered for interruption due to damage to property by fire or other insured
or loss of profit insurance perils. The cover should ensure that ongoing expenses are met and that anticipated net profit is
maintained through a provision of cash flow.

Public liability insurance Public liability insurance should cover the owner and business against the financial risk of being
found liable to a third party for death or injury, loss or damage of property or economic loss resulting
from the business’s or the owner’s negligence.

Directors and officers Directors and officers (D&O) liability insurance is intended to protect individuals from personal losses
liability insurance if they are sued as a result of serving as a director or an officer of a business.

Key person This type of insurance should help cover the loss of a key member of staff.
insurance cover

Workers’ compensation In Australia, it is compulsory to maintain appropriate accident and sickness insurance for all
insurance employees and certain contractors you engage in your business.

Personal accident This insurance is important for self-employed business operators who are not covered by workers’
and illness insurance compensation insurance.

Motor vehicle insurance It is compulsory to insure all company or business vehicles for third party injury liability in Australia.

Burglary cover Business assets should be protected against burglary by this type of insurance.

Professional indemnity This type of insurance is important for businesses giving professional advice.
insurance

Fidelity guarantee Insurance covering losses resulting from misappropriation by employees who embezzle or steal.

Machinery breakdown Insurance covering the business for any losses incurred if plant and machinery break down.
insurance

Product liability insurance This insurance provides cover for injury or damage caused by goods the business sells,
supplies or delivers — even in the form of repairs or services.
As the type and level of insurance cover needed requires an assessment of the particular needs
of the business, it is necessary to speak to an insurance specialist to ensure your business is
adequately protected.

11 | Risk management guide: For small to medium businesses


November 2022

COPYRIGHT NOTICE © CPA Australia Ltd 2022


The reproduction, adaptation, communication, other than for personal purpose, or sale of these materials (‘the Materials’) is strictly prohibited unless expressly
permitted under Division 3 of the Copyright Act 1968 (Cth). For permission to reproduce any part of these materials, please contact the CPA Australia Legal
Business Unit - [email protected].

DISCLAIMER
CPA Australia does not warrant or make representations as to the accuracy, completeness, suitability or fitness for purpose of the Materials and accept no responsibility
for any acts or omissions made in reliance of the Materials. These Materials have been produced for reference purposes only and are not intended, in part or full, to constitute
legal or professional advice. To the extent permitted by the applicable laws in your jurisdiction, CPA Australia their employees, agents and consultants exclude all liability for
any loss, damage, claim, proceeding and or expense including but not limited to legal costs, indirect special or consequential loss or damage, arising from acts or omissions
made in reliance of the Materials. Where any law prohibits the exclusion of such liability, CPA Australia limit their liability to the resupply of the information.

You might also like