Minimizing Your Risk Exposure

We go about our days in life and business expecting things to go as planned. And, often times, they do…with some variations, of course. But, for the most part, if we plan well and have the right rituals and processes in place, things usually go along fairly close to plan.
What throws us off course in life and business is when things just don’t go as planned. In life, it’s usually something very joyous like finding out you’re going to have a baby, or tragic like finding out your father just died of a heart attack. Those events can bring us to our knees, literally.

In business, it’s different. Tragic events like that happen to you and your employees, but they don’t stop ‘business’ from happening. In business, it’s events like your largest customer pulling the plug on a major project or your server crashing and you just realized you have no recent backup of your critical data or you’re the main floor of your store front just flooded during a major storm. Ouch!

Those types of events can bring our business to its knees…figuratively speaking. What can we do about these situations? What can we do to manage our risks and implement strategies for risk avoidance?

Identifying Your Risks

Without first identifying the risks to your business or your current projects you will never know what to do to avoid them. After all, you can’t avoid what you don’t even acknowledge exists.

The first step is to brainstorm with your team, your staff, your employees - whatever you call those that make your business run. Do whatever you can at the beginning of a big project to identify what might happen and what the potential impact to your business may be. And if you don’t have projects, then stop now and perform the task of identifying potential risks overall for your business at this point in time with your staff. It’s not a bad idea to involve some of your largest customers. They’ll be involved, too, if something happens that shuts you down for awhile and it’s highly likely that they’ll bring a different perspective than you to the table and think of risks that never crossed your mind.

Prioritize Your Risks

Next, take the list you’ve created and prioritize the risks. It’s usually best to come up with a combined ranking of “likeliness to occur” and “impact to your business.” How you do this and how elaborate your ranking system is depends on your industry and your business, but the idea is to come up with a list to be analyzed by you and your staff as to which risks your going to tackle at this point. You want to come to an understanding of which risks are the ones that need addressed with a plan to mitigate should they occur or to incorporate a risk avoidance plan for now to help ensure they don’t occur at all.

Risk Avoidance and Risk Mitigation

Once you have your ranked list – let’s say you have identified 50 risks – your then need to decide where your risk tolerance threshold is. This is the line you draw that decides where you want to address the risks and where you’re going to deem them not likely enough or critical enough to spend effort on. Consider it like buying car insurance – you make a decision on the size of your deductible based on a certain comfort level you have. You aren’t likely to go with the lowest deductible, but if your cars are fairly new, you’re not likely to go with the highest deductible either…you’ll probably choose something in between.

It’s the same with your risk list. Let’s say you identify 15 risks that you are going to actively address at this point. Now, you work with your staff to come up with a detailed plan on how you will either:
Mitigate the risk should the risk actually occur. Risk mitigation means that you come up with a plan to lessen the blow to your business operations should the risk event actually happen. For example, you start performing nightly backups so in the event of a server crash, the most you could lose would be 24 hours of data – back to the last backup.

Or…
Avoid the risk so that it doesn’t occur. Risk avoidance involves coming up with processes that will make it much less likely for the risk to happen and affect your business. An example of this would be implementing fair hiring practices and training your staff on discrimination issues so that your business is much less likely to ever be in a position to be sued by a current, former, or potential employee.

Summary

I’m of the strong opinion that risk avoidance is the best approach. Why even realize the risk if there are processes and practices that you can put in place now to completely avoid any potential impact? But that’s not always an option. The key here is to be aware of the major risks your business or project can face, document them, develop action plans, and be ready to act should they occur. You’ll be helping to ensure the long-term viability of your business when you take these actions.