EU-Vietnam Business Network (EVBN) > Noindex > Identifying and managing business risk | Business Queensland

Identifying and managing business risk | Business Queensland

Identifying and managing business risk

Risk is a part of doing business. Finding ways to minimise risk, or lessen its impact if realised, ensures business continuity.

On this page

What is business risk?

Business risks are factors that threaten your business’s ability to operate, leading it to lose profits, or fail.

When identifying and managing risks, consider:

  • the possible causes and impacts
  • how these risks affect your business objectives
  • how they could be recorded in a risk management plan
  • steps you could take to minimise the risk or the impact.

By considering potential risks and impacts well in advance, procedures can be developed without the added pressure of trying to manage the risk in the moment.

Understanding business risk

Understanding potential risks and their impact, is achieved through analysis and planning.

Types of risk include:

  • direct risk—a threat to the business that is within your control
  • indirect risk—a threat to the business that is out of your control
  • internal risk—risks you have the power to prevent or mitigate within the business
  • external risk—risks you have no control over.

Risks, potential business impacts and resources

Analysing risk impact

It can be overwhelming to consider all possible risks a business faces. Assessing the impact of each can help prioritise where to invest your time and energy.

Completing this exercise will help you focus on risks with the highest scores and therefore the greatest potential to impact your business.

Risks come in different forms. Some will have a big impact and others a moderate impact. Working out which to focus on can be considered by looking at a ‘level of risk’ scale.

This scale determines the likelihood of the risk occurring and looks at the impact if the event does occur to determine a level of risk score. The higher the score, the higher the priority to reduce the risk or impact.

Likelihood × Impact = Level of risk

Likelihood scale

LevelLikelihoodDescription
4

Very high

Happens more than once a year

3

High

Happens about once a year

2

Medium

Happens every 10 years or more

1

Low

Has only happened once

Impact scale

LevelImpactDescription
4

Very high

Impact likely to cause business to stop trading or experience significant financial losses

3

High

Major impact on your business with large financial loss

2

Moderate

Moderate impact on your business with some financial loss

1

Low

Insignificant impact on your business with minimal financial loss

Level of risk (Likelihood x Impact)

Risk RatingDescriptionAction
12–16

Severe

Needs immediate preventative or corrective action

8–12

High

Needs preventative or corrective action within 1 month

4–8

Moderate

Needs preventative or corrective action within 3 months

1–4

Low

Does not currently require preventative or corrective action

Developing and using risk analysis methods can help to assess the levels of risk within the business and where to focus.

Case study

A business in its 5th year of operation is using a computer to access and record high volumes of sales in a customer database.

Due to rapid growth over the past 2 years, the computer has not been updated in some time, changes to software packages installed have not taken place, and passwords for online accounts have not been changed. Staff are reporting odd phone calls from ‘IT officers’ seeking account information to prevent ’emergency situations’.

There is some risk this business could be the target of hackers who are interested in customer data, information about sales and other information collected by the business.

The impact of getting hacked is losing sensitive customer data, jeopardising the business’s reputation and depending on the nature of the hack, potential compromise of the business’s banking information.

The current situation is sitting on the scale as a:

  • Likelihood: High (level 3)
  • Impact: Very High (level 4)
  • Level of risk: Likelihood 3 x Impact 4 = 12 Severe

This presents as a severe risk.

Reducing this risk level immediately is recommended.

Action item

Use this section to help you complete a risk level assessment.

Record this in your business continuity plan template—risk management plan section and business impact analysis section.

Treating risks to your business

Once you have completed the analysis and identified the areas of concern, the next step is to consider how to reduce the level on the scale.

You can treat risks by assessing the factors attached to the risk and identifying areas for improvement.

In the case study above, the level of risk can be reduced by updating software, changing passwords and reminding staff to be very careful with business information and decline requests to provide information over the phone.

While these actions might not remove the risk, they can reduce a highly likely, very high impact situation to a medium likelihood, moderate impact situation.

Often, high-risk situations can be reduced to medium or low risk with some careful planning and action.

Ask yourself

  • What is one high risk in your business right now?
  • How likely is it?
  • What would you rate the impact of this risk occurring?
  • How could you reduce the likelihood or the impact for this high-level risk?

Creating a risk management plan and business impact analysis

Once you have identified risks to your own business, manage them by developing a risk management plan to assist:

  • avoiding the impact
  • eliminating the impact
  • and/or
  • reducing the impact.

A risk management plan identifies risk. Business impact analysis considers strategies to manage risks.

Your business continuity plan is key to recording risks to the business and coming up with plans to manage them.

Thumbnail of business continuity planning Word template

Download the business continuity plan template

This template includes a:

  • risk management plan section
  • business impact analysis section

Download the business continuity planning template.

Use this page (and other resources provided) to complete the risk management plan and business impact sections of the template.

To prepare:

  • identify significant risks to your business
  • analyse the potential impact of each risk
  • create strategies to treat and reduce the risks
  • create or review and update your risk management plan and business impact analysis.

The business continuity plan is a good point of reference to record this information and to refer to in the event of an emergency.

Find out more about writing a business continuity plan.

Reviewing and updating your risk management plan and business impact analysis

Risk management plans and business impact analysis are part of your business continuity plan.

As time goes by, and as the business changes, updating these sections of your business continuity plan will help you consider new risks, downgrade treated risks and highlight areas for improvement.

Conducting tests or trials to see what would happen if risks eventuated can help with this process. A good example of these is an emergency evacuations drill.

By conducting an evacuation drill, you will be able to determine:

  • how the business performed
  • did the process and systems work effectively
  • what areas need to be reviewed or improved.

Upon review, update your risk management plan with revised procedures and communicate these changes to your staff.

By planning for challenges, your business is better prepared to meet them.

Also consider…

  • Find out about managing risk with business insurance.
  • Read about writing a business continuity plan.
  • Explore managing risks when starting up.
  • Find out about IT risk management.

  • Last reviewed: 24 Nov 2022

  • Last updated: 24 Nov 2022

Bài viết liên quan
Bài viết mới
Thể Thao nổi bật