How do you control risk in your business or department? Do you have a risk management strategy? Not just for financial departments, but for operations as well?
Setting up and creating risk and business continuity plans should any problem occur is essential. Research here has shown that assessing and creating risk strategies helps to save businesses and save people their jobs as well as helping to be a predictor of issues for your organisation for the future.
Here is a step-by-step coaching guide to help you. Go through this checklist and start to create your risk management strategy document.
** Below is a guide that may need to be adjusted for different businesses.
People Related Risk
This can cover areas like succession planning and ensuring that your people are equipped for resignations and illness, as well as contractual and other risks. Here are some self-coaching questions to ask yourself:
Do I have coverage if my key staff are sick or leave the organisation? How do I diversify this risk and upskill/cross-skill my people?
Do I have a succession plan for people developing/ being promoted?
Reputational risk. What is our reputation in the marketplace as an employer and company? How do we control and improve this?
Do our contracts cover us for risk from our people? Can we update them to cover this? Eg IP, reputational, social media posting risk etc.
What risk is there of human error for certain processes? How can they be automated/ improved?
IT and System Risk
Most people use a laptop which is taken offsite and sometimes connected to a company server. How secure is this in your organisation? Have you carried out an IT security health check with your company systems and employees? Some more questions to ask yourself.
How secure are all of our IT systems?
How secure are our people’s laptops where they may be taking secure data offsite?
How robust is our onboarding training for IT and data security for new team members?
Have we engaged a cybersecurity champion?
Are we ready for a cybersecurity attack?
How ready are we for internet or IT system failure? What is our contingency protocol?
Environmental & Geopolitical Risk
Are you in a region which might be affected by political shifts, war or environmental disasters? Does your supply chain depend on products/ services from high-risk areas? Here are some more questions to ask yourself?
How might our office be affected by political changes?
How might our supply chain be affected by political changes internally and externally to the locations of our country offices?
What is our protocol for all offices for war/ conflict/ political or geopolitical lockdown?
What are the natural disasters which might affect our offices including virus outbreaks?
What is our emergency plan for natural disasters? Eg can our people work from home? Do we have an emergency protocol covering this? What is our crisis management plan?
Financial Regulatory & Compliance Risk
Defining financial risk for you will be dependent on your organisation. Then create your financial risk strategy depending on this.
What does financial risk mean in our organisation?
For investments how do we measure risk and diversify risk?
Does our finance department strategically understand potential changes from the governing bodies in our country relating to compliance and regulations? Are they ready to implement them?
How are regulatory and compliance changes cascaded in a timely way throughout the organisation?
Who looks after our legal risk?
In Conclusion
Identify and rank risks by their significance. In determining the significance, the risks are evaluated by impact to the company. The impact needs to be well-defined. Setting up a risk matrix document with risk grading is important.
The Process
Identifying risk should be an agile and continuous process. This is listed below:
Identify risk
Grade the risk according to the impact to the company.
Create a risk mitigation strategy for each area. Look at the most impactful first.
Implement the strategy.
Review and update regularly.
Business continuity is primarily affected by a lack of risk strategy. If you have all of these questions answered then you are on your way to creating your future-proof risk mitigation plan to protect your business and your people.
Caroline Langston is the Co-Founder of Successful Consultants Ltd, an Executive, Personal and Career Development Coaching company in Hong Kong and New York. Caroline is dedicated to coaching people for performance success, wellness and happiness in their careers and lives. She is degree qualified with a Certificate in Professional Coaching Mastery. She is also a Professional Certified Accredited Coach (International Coaching Federation), has a Certificate in Team Coaching from the EMCC and further certifications in Neuro Linguistic Programming at Master Practitioner and Coach level. www.successCL.com