For most small business owners, handling day-to-day operations and strategizing for the near future is enough to keep them busy. For that reason, not very many of them take the time to game out what might happen to their business if an unexpected emergency arose. And the results of that neglect have been on full display throughout the COVID-19 pandemic.
But it isn’t just once-in-a-generation pandemics that threaten small businesses. If that were true, small businesses wouldn’t have a 50% five-year survival rate. That number reflects the fact that there are countless threats small businesses face that might lead to failure. But there is a way to improve those odds dramatically.
Doing so requires small businesses to take the time to create comprehensive risk management strategies. And doing that isn’t as hard as it might seem. To help, here’s a four-step process small businesses can use to develop risk management strategies that can save them in an emergency.
Step one: Identify potential risks
A conventional risk management strategy is intended to provide protection from foreseeable risks. That means the first step in creating a plan is to imagine what risks could come to threaten your business. The risks themselves will vary from business to business, but tend to fit into one of five categories, which are:
- Property loss or damage – the risk that business offices, production facilities, or equipment might be lost, stolen, or otherwise put out of commission.
- Business continuity risks – events that could prevent the business from carrying out its’ essential moneymaking functions. This is where a pandemic like COVID-19 would fit.
- Legal liability – the risk of financial penalties arising from faulty products, business actions, or accidents.
- Skills and talent losses – the risk that critical employees will leave and take necessary skills and knowledge with them, harming the business’s ability to keep working.
- Employee liability – risk stemming from injuries to employees resulting in medical costs and lost productivity.
At this stage, the idea is to think of as many potential risks as possible. Cast as wide of a net as you can and try to imagine every potential scenario that could harm the business. Even if some of the risks seem remote at first glance, they should be included anyway.
Step two: Assess the likelihood and impact of each risk
The next step is to go through all of the identified risks to figure out two things: how likely they are to happen, and how much harm they would cause. This will allow you to focus your planning on the risks that would have a major impact on your business. And although you can come up with plans to handle every possible contingency, it’s critical to begin with risks that are both likely and harmful to the business.
The most straightforward way to conduct this type of assessment is to use what’s known as a risk assessment matrix. There are countless templates available online that you can adapt to your specific business’s needs. But it’s just as easy to build a risk assessment matrix from scratch.
The goal of this planning stage is to start figuring out which potential risks are worth guarding against. This doesn’t always mean that very likely risks are always going to be worth doing something about. Consider, for example, a high-probability risk that would cost your business $25,000 in losses were it to occur. If purchasing additional equipment or insurance to protect the business would cost $24,000 – it may be a better business decision to simply live with the risk.
Step three: Create specific plans to deal with critical risks
At this point, the process should have yielded a handful of high-priority risks that are worth trying to mitigate. The problem is, there’s never a one-size-fits-all approach to deal with every type of risk. In some cases, the most effective option is to purchase insurance as a default protection measure. But sometimes that’s not the right course of action.
Often, making changes to your company culture is an effective way to deal with certain risks. If you can take steps to lower the likelihood of a risk occurring, that’s even better than having a cleanup plan in place. Approaching risk mitigation in this way should always be the first option. It’s almost always the cheapest solution because as they say, an ounce of prevention is worth a pound of cure. Some common risk prevention approaches include:
- Increasing employee safety training and rewarding safety policy adherence
- Instituting rigorous know-your-customer steps to protect against failure-to-pay events
- Improving employee retention measures to guard against talent and skill losses
- Investing in facility upgrades to protect critical business assets from damage, loss, or misuse
Finding the right approach to each type of risk calls for some creative thinking, though. If you can institute workforce or policy changes that lower the likelihood of a risk, you may find that the potential insurance costs of that risk go way down. Then it could be more palatable to pay the insurance costs as a last line of defense.
Step four: Monitor and revise as needed
Once there’s a plan in place to deal with each critical risk, it’s necessary to create a management process to make sure that the plans are being followed as they should be. Risk management plans aren’t worth much if they’re not executed to the letter. So, the final step in developing your risk management strategy is to get every employee on board with the plans so they’ll be carried out reliably.
And once you’ve had your risk management plans in effect for a while, you’ll also want to conduct periodic reviews to make sure they’re performing up to expectations. Sometimes you’ll be able to identify areas where improvements are possible. Whenever that happens, take advantage of the opportunity because anything that leads to reduced risk or lower costs is always worth pursuing.
But it’s also critical to go beyond reviewing existing plans. Since every growing business is always in a state of constant flux, the kinds of risk it faces will always change as well. That means you should set aside management-level time at least twice a year to go through this process from the beginning. That will help to identify new risks that have evolved since the last planning sessions and identify continuing risks. In some cases, you may even identify risks that are no longer a problem. And that will allow you to redirect attention and resources to more pressing matters.
The risk management bottom line
At the end of the day, any attempt at risk management is worth it for small businesses. And, the more complete the planning, the less likely it is that the business will be blindsided by issues that can bring operations to a screeching halt. And this extends even to major incidents like the COVID-19 pandemic.
Consider for a moment, that the businesses that kept on working through 2020 were the ones that could either quickly adapt to remote working or that already had contingency plans in place to handle such a problem. You wouldn’t have had to foresee a global pandemic to have been ready beforehand. A continuity plan built to deal with an earthquake, fire, or flood at the business’s primary location would have worked just as well.
So, the takeaway here for small business owners and operators is that setting aside some time to create a risk management strategy is a small price to pay to build a business that’s ready for anything. And given the fact that there are countless threats to small businesses’ bottom lines even in the best of times, a little bit of forethought can improve things considerably. With no downside to engaging in the risk management process and so much to gain, this is as close to a no-brainer as any small business owner is likely to ever encounter.