Mitigation of Risks in Business

SHARE

Mitigation of risks in business
Patrick Mwirigi | Updated on: July 13, 2021

CPA Patrick Mwirigi is a Partner at FEKAN Howell & Associates, Certified Public Accountants where he is the Risk and Advisory Leader.  He can be reached on phone +254 755 443 344 or +254 722 607 105 or email on info@fekanhowell.com. For more information on FEKAN Howell visit www.fekanhowell.com

Introduction

Every busines entity exists to serve a purpose. All entities face negative uncertainty, and the challenge for management is to determine how to navigate the risks that emerge with this kind of uncertainty. Risk management enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value.

Business risk can be defined as the exposure/threat an organization faces from factors that may be internal or external to its operations and have the potential to erode its value.  Risk Management is about controlling the threats as far as possible to enable a business maximize its opportunities and get rid of risks that stifle the source of value creation and upscale potential.

Research indicates the following as the top five risks that organisations faced in the last two years back to 2019:

  • 40% business interruptions (including supply chain disruption);
  • 36% cyber incidents (cybercrimes, data breaches, IT failure);
  • 33% natural catastrophes (storms, floods, earthquakes);
  • 27% market developments (volatility, intensified competition, market stagnation); and
  • 20% change in legislation and regulation (economic sanctions and protectionism).

Management of both upside risks (opportunity) and downside risks (threats) is at the heart of business growth and wealth creation.

The most common risks facing businesses today include

  • Strategic
  • Reputation
  • Financial
  • Business Interruption
  • Liability

We discuss each of the risk and how they can be managed in the table below:

Type of risk

Management of the risk

Strategic Risk

Every stage of a business life cycle comes with its own challenges. For a new organization it can be hard to know what steps to take as there may be no formalized decision-making processes in place. An organization must decide its ideal structure, target market, sales and marketing strategy, production strategy, and more. The changes in external environment presents a risk for all organizations. These changes may be new competitors or existing ones begin offering a similar product or service. Shift in technology can present a new opportunity or render a current process obsolete. New regulations may force a business to change the way it operates. 

To address this risk, business should:

  • scan the business environment and plan accordingly.

  • Conduct a risk assessment, compile risk registers and prioritize management of key risks.

  • Conduct research based on industry trends, competitors, and prior experience.

  •  Constantly work towards improvement by coming back to the risk registers at least annually to ensure you are on track and that the risk registers are current and accurate. 

Reputation risk

Reputation is one of the key assets to a business and a major driver of acceptance of its products and services in the market. How a business deals with its employees, regulators, customers and other stakeholders has a direct impact on its reputation. Failure to for example submit employees’ statutory deductions such as NSSF and NHIF can have a bearing on the company’s reputation from both an employees and the regulator’s perspective. With enhanced technology and increased social media platforms both good and bad reputation can spread widely and fast about an organization and affect its business. Aggrieved parties have a huge audience in which to air their frustrations.

 

  • Regularly monitor feedback from various stakeholders and assess the likely impact on its reputation and address any concerns immediately.

  • Monitor online conversations about the brand and participate.

  • Have in place a social media policy defining who and how its people resource should interact with external players both on the personal and organizational pages. This brings awareness on how social media can impact the company. It also ensures that responses to negative media on the company are addressed promptly.

Financial Risk

The biggest risks facing largely small and medium organizations are actually financial. Founders often have invested their life savings or taken out significant loans in order to get the organization off the ground, so there is a lot of pressure to be successful. Cash flow is one of the biggest concerns at the beginning. You must consider where money will come from to maintain operations, pay employees, and invest in market penetration and growth. Depending on the industry, you may have to make a large upfront investment and it can take a while to begin seeing a return.  Economic conditions are also an important factor to keep in mind. A serious recession can damage even the most cash flow stable of organizations and are more than able to put a small organization out of business.

  • Careful preparation and planning, as well as support from third parties, can help you mitigate this risk.

  • Current and future climate must be considered and prepare the organization. This process is usually best when it takes place during prosperous times: it allows you to save excess cash and negotiate favourable purchasing terms.

Business Interruption Risk

An organization can be disrupted at any time. For example, a natural disaster could impact the area you operate in, making it impossible to go into the office or causing severe damage to inventory or equipment.  Currently most business are reeling under the effects of Covid-19 pandemic ranging from non-physical work attendance, restricted travel thus grounding leisure businesses like tour operators and travel agents. Another risk in this area is supply chain. A business may be relying too heavily on others for inputs to manufacture its product or subcontract part of its service. Companies need to be more concerned about where their inputs are coming from and what their contingencies are if they are delayed or lost.

  • Businesses are encouraged to prepare and practice business continuity plans. These plans, often in response to a crisis, assign roles to all members of the organization so that they can react quickly.

  • With the world now staring at continued occurrences of crisis whether medical or otherwise need to have agile business models is a must.

Liability Risk

While all organizations are subject to liability risk, you are most vulnerable at a small size, in part because of reputation risk. You also may not have the resources to effectively pay for damages without risking cash flow. Employee or customer injuries, property damage, or failure to meet contractual obligations are all examples of liability risks that can lead to costly lawsuits and fines for small organizations. 

  • The best way to mitigate against lawsuits is to invest in good legal advice. Some organizations may believe they don't have the resources to invest in a full-time lawyer, but the average businessperson cannot stay on top of the daily changes in laws and legal precedents.

  • Always consult with your legal team or external counsel when drafting employment contracts or developing safety and HR practices. An upfront investment can save a lot of resources down the road.

  • In addition, every organization needs to have appropriate insurance coverages. It is one of the most important things you can do to protect the business. Source an insurance agent or broker that has experience and a good reputation in representing your industry and work with them to find the right coverages and terms for your risk.

The above is not exhaustive of the risks affecting a business. Also, these risks are not generic to all businesses and environments (sector, industry and regulation differ including geographical spread).

Risk management model

There are four primary ways to handle risk, no matter the industry, which include:

  • Avoid risk
  • Reduce or mitigate risk
  • Transfer risk
  • Accept risk

Risk acceptance or risk retention means accepting the identified risk and not taking any other action in order to reduce the risk because we can accept its impact, the possible consequences - we simply risk it.

Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization's assets. Whereas risk management aims to control the damages and financial consequences of threatening events, risk avoidance seeks to avoid compromising events entirely.

Reducing risk means understanding the activities with a high likelihood of occurring but with a manageable financial impact. Some would argue that risks in these categories have a low impact — and yet, even a little financial impact hurts to some extent.

Risk transfer is a strategy of dealing with risks. The risk is transferred to another person or entity such as insurance company/agency. Unlike other strategies, there is nothing that happens to the risk itself, only its negative impact is redirected to a third party.