Risk Management Strategy
November is heralding the home stretch for 2021. All throughout this year, we’ve been sharing our best tips and tricks for improving each area in your business, with the goal of helping you recover from a crisis, a downturn, or some other fiasco that tried to trip you up.
Whether you’re improving your leadership skills, finances, communication structures, staffing strategy, business relationships, internal documentation, marketing strategy, technology, or pivoting entirely - we’ve got you covered.
Now that we’ve dealt with the fundamental pieces of your business, we invite you to step back and take a look at all the ways things might fall apart (again). Recovering from a crisis is hard work, and we’d like it to be easier for you the next time something tries to throw you off course. A big part of crisis recovery is laying the groundwork so that when something out of your control happens, you know exactly what to do.
That takes planning - constant, relentless planning - and a little bit of foresight, which we like to call “risk management.”
We’d love you to make risk management a part of your quarterly review so that you can take a minor misstep and keep it from turning into an all-out five-alarm fire.
What Is a Risk Management Plan
You can’t tell the future. No one can. How then can you plan for something you don’t know will happen - especially something you hope would never happen?
Besides, focusing on the negative is the antithesis of the entrepreneurial mindset... isn’t it?
Not really. Not when you know you can absolutely slay that negativity by putting a solid plan in place. Thinking about the negative, and planning for it is exactly how you can ensure that YOU and YOUR business are not going to be upended by the negativity that impacts everyone else.
Plans can be off, even if only by a little bit. But planning is one of the best risk management tools in existence.
Your powerful risk management plan is the one that you can slam into place - right at the moment of rising panic. It’s the answer to “Ohmygoodness what do I do? WHAT do I do?”
We’re not at our best when we’re in this place. Our executive function shuts down, and we can’t think. Your plan is what creates calm. You already have some simple steps to take immediately, which helps you get out of panic mode and move directly into action.
Step One: Ideate (Before It Happens)
You’re a creative, thoughtful person. You can absolutely imagine the potential “worst” case scenario. You probably already have while laying awake in bed.
Start with making a list of risks that would really unseat you. Things like
When the money runs out … or gets weird
When your staff member gets sick… or quits…
When your data is attacked, ransomed, or stolen
When your reputation is damaged
When quality starts to dip
When productivity reduces
All kinds of things can go wrong. Thinking about them doesn’t make you morose. It helps you prepare for, and prevent, disaster.
Divide your list of potential disasters into two: Things Within My Control and Things Outside of My Control. It’s sort of like your standard SWOT Analysis - the strengths and weaknesses are the internal pieces, while the opportunities and threats are the external pieces. We’re just looking at the weaknesses and threats right now.
Take each item on each list and ask yourself
What is the potential impact of each?
Which ones are the most important and urgent risks?
What areas of your business would be impacted by this risk?
Which people on your team would be impacted the most?
Start moving things around on each list in order of priority. Starting with the highest priority risk, think about
Is this a risk I’m willing to accept as is?
Are there steps that we can take to reduce this risk?
Are there steps that we can take to avoid this risk?
Could we transfer this risk to someone else entirely?
Step Two: Strategize
What kind of actions should you be taking on which kinds of risks? Try dividing your risks into four types of strategies that you might use to mitigate them:
Strategy: Avoid
Sometimes you can avoid a risk simply by… never getting involved. Choosing what you do and do not want to do with your business is an important part of your overall business planning.
You might choose to avoid risks by
Not hiring that person who seems kind of sketchy, has a horrific reputation, or refuses a criminal record check
Partnering with businesses and providers with a long and reliable history
Reading that contract all the way through, and getting a lawyer to help you define whether or not it’s something you really want to sign
Deciding not to go into that line of business with that potential partner, because the liability is just too great
Strategy: Reduce
If you’ve decided to accept a known risk, there are many things you can do to reduce its potential harm:
Limit access to certain kinds of information only to the people who need to use it - and make sure you’re purging data when you no longer require it.
Educate your team members on risks, and give them the tools they need to do their jobs well (and safely).
Have thoughtful, written procedures for all the activities each team member completes - so someone else can pick it up in a pinch.
Create a dashboard of key metrics that you review regularly so you can get a sense of where your business is at any point in time - and make changes quickly.
Ask your team members what risks they see and how they might make it easier.
Put great policies in place for people to follow and ensure they’re clearly understood.
Implement rewards for great risk minimization activities - and amazing work that leads to team improvements
Gather feedback from your clients and customers regularly to ensure quality control is maintained.
Implement cybersecurity policies, protocols, and software.
Have a post-project review for every single project, outlining what worked, what didn’t, and what you’ll change in the future - and have a clear way to ensure those changes happen.
Strategy: Transfer
Yes, you can transfer your risk to someone else - or somewhere else. That’s essentially what insurance is, and we all have put some kind in place - for our cars, our homes, our ability to work, and our lives.
You might have flood insurance on your place of business, or liability insurance in case of errors and omissions. You may have life, disability, or other kinds of insurance. You might take a flyer on a new hire… and use a grant to pay for some or all of their wages. All of these actions are taking known risks and making them someone else’s problem to pay for.
What kinds of risks can you transfer to someone else?
Strategy: Accept
This may be the worst one. There are some risks you just… accept. But that doesn’t mean you’re going in blind.
A risk you accept should always have boundaries so you know just when that risk is moving over to the unacceptable side, and you need to start taking some action.
Maybe you’ve decided to try a new line of business, or take a chance on a new way of doing things. We fully support that - and we think you should always try the Hudson’s Bay Start when you do.
Step Three: Implement
Entrepreneurs often get through the planning stage and lose interest. The actual execution can be excruciatingly boring and difficult for people who are most active in the idea stage.
We get it. That’s why you have us.