This week, ClearRisk presents a guest post by Thomas M. Bragg. Tom, who has specialized in business planning, strategy and business risk management for 20 years, writes a blog about practical risk management for small business.

More and more is being written about risk management for small and medium sized businesses (SMBs). In fact, if you do a little bit of research, you’ll probably find yourself soon overwhelmed with advice, methods, terminology and tools.

Getting started with any new process is tough. It’s hard to get out of the blocks. It’s scary. It seems overwhelming.

Don’t be overwhelmed. I’m here to tell you that establishing an effective risk management process for your business doesn’t have to be difficult.

Craig Rowe, CEO of ClearRisk recently wrote:

Risks faced by SMBs are manageable and the benefits are worthwhile. Even though traditional risk management may not suit the needs of SMBs, scaled solutions that can help SMBs identify, evaluate and manage their risks are available.

So what does a scaled risk management process look like for a small or medium sized business? How do we get out of the blocks? There are ten basic steps.

10 Steps to the Risk Management Process for Small/Medium Businesses

1. Establish management support and buy-in

Before you can do anything, there has to be buy-in from the top. The company’s ownership and/or management have to be on board with creating the risk management process and providing resources necessary to execute that process.

They will need to have a basic understanding of what risk management is, why it’s important and (especially!) why it’s in their best interest to implement a formalized risk management program. If top management doesn’t see the value in the exercise, stop here. Any work on additional steps will be a waste of time.

2. Learn about the process

Now that you have the necessary sponsorship and resources, you need to do some research into the specifics. Although there are only three basic steps in risk management, there are many different techniques for accomplishing those steps.

Investigate what methods are in use in your industry. Identify the best practices. Think about how your company’s specific culture will come into play for your process.

3. Identify helpful resources

As you are doing the research in Step 2, start compiling a list of potential resources you can tap into. There are many websites and blogs that focus on risk management.

You will also find professional advisors who can help you – consultants, bankers, investors, insurance brokers, directors, etc. This resource pool doesn’t necessarily need to be expensive. Many of the stakeholders in your business will be happy to help you if you ask.

4. Create a plan

A plan will be critical to successful implementation. Plans provide a means for communication and accountability. They also help pull a team together if the plan is generated with input and agreement from the team members.

Your plan should include details on schedule, budget, approach and resources to be used. The plan should also identify your company’s risk management ‘champion’. 

5. Identify your risks and opportunities

It’s time to take the first step in the risk management process itself – identify your risks and opportunities.

Don’t worry about creating an exhaustive list. It’s more important to just get started.

Hold a brainstorming meeting or a series of meetings. It will be helpful to focus your brainstorming sessions on specific categories – e.g. risks/opportunities to facilities, risks/opportunities to revenue, risks/opportunities to expenses, etc. Remember that identification is an ongoing process.

6. Evaluate your risks

Risk evaluation can get complex. Start simple.

Estimate a probability of occurrence to each risk and opportunity using three levels – high probability, medium probability and low probability.

Next, estimate a potential impact of each risk using three levels – high impact, medium impact and low impact.

When you are done, sort the list so the ‘high probability/high impact’ items are at the top, followed by the ‘high probability/medium impact’ items and so on. You can always incorporate more complex risk evaluation techniques later.

7. Plan for your risks

Now that you have a ranked list of risks and opportunities, start putting plans together for the heavy hitters – the high probability/high impact items. Don’t worry about any others at this point.

Get your risk mitigation and opportunity exploitation plans created for the first group. A ‘rifle’ approach – focusing on a few key items – will be much more effective than a ‘shotgun’ approach. You can come back to the risks and opportunities farther down the list later.

8. Take action on your plans

The hard part is done. You’ve got the plans. Now all you have to do is execute them. Go forth and have some fun!

9. Check your progress against your plan

Don’t forget to monitor your progress against your original plan from step 4. Check on how you did against schedule and budget. Evaluate if your actions were effective. Communicate your progress throughout the company. Leverage your early successes to build support for your continuing effort.

10. Repeat steps 5 through 10

Risk management is an ongoing process. Review your risks on a regular basis to account for new risks and opportunities, changes in probabilities or impacts and adjustments to mitigation plans. Remember to communicate, communicate, communicate.

That’s it. Ten simple steps. Not too bad, right? Take that first step. Once you are started you will feel the momentum build and the once overwhelming project won’t seem so bad after all. You can do it.

What do you see as the biggest obstacles facing you in implementing a risk management process at your business? Leave a comment and let’s talk about it.

For more from Tom, check out his blog; Thomas M. Bragg on Business Risk Management.

ClearRisk's Claims, Incident, and Risk Management Information System can help organizations of any size manage and mitigate risk. Our platform is built on the #1 cloud-computing platform in the world, making it extremely secure, and our risk industry experts are happy to provide guidance on any risk-related issues. Want more information? Learn more below. 

If you found this article helpful, you may be interested in: