She’ll be right! But just in case it’s not, do you have the right risk management in place?

Rachael Dean
insight featured image
During conversations we have with businesses about risk, it’s eye-opening to see how many aren’t really making it a priority.

According to our latest research, over a third of Kiwi businesses don’t have a risk register and the majority only specifically plan for risks like health and safety, IT failure, business continuity, and reputation management, while others like environmental risk, fraud, and loss of key income are further down the priority list.

They tend to feel confident bad events probably won’t happen and if they do, there’s insurance, Government help or local council support to sort it out. Certainly those can be invaluable sources of assistance when life takes a turn for the worse, but they won’t necessarily prevent your business from struggling or even failing under the wrong circumstances.

Think about uninsurable events and non-financial costs

After a tumultuous few years, a significant number of businesses in New Zealand have dealt with an insurable event. There have been floods, cyclones, fires and even a volcanic eruption over the past five years – and there’s no forgetting the pandemic that took almost everyone by surprise. That certainly led to a higher number of corporate failures – in 2021, the number of business closures exceeded the number of new companies registered for the first time in a decade.

Insurance and government payouts may cover the financial cost of these types of events. But there are often other problems to contend with that a payout can’t solve. Business owners in Kaikoura, for example, had to wait 13 months for the main arterial road to be repaired after the 2016 earthquake. During that time, their booming tourist industry was almost brought to a standstill. 

Bigger than just health and safety

Despite the genuine likelihood of these types of risks, we still find few Kiwi businesses have effective risk management strategies in place. There always seems to be some more urgent matter senior leadership or owners need to deal with, so risk management keeps getting pushed to the back burner. Nothing happens, and then suddenly a risk occurs and there’s nothing in place to help deal with it.

When it comes to organisations with a risk register, they typically focus on health and safety because it’s regulated - businesses must comply, and they generally do.

Although a comprehensive health and safety risk management plan probably puts your business ahead of others, it’s only one part of a well-managed risk strategy. You should also be thinking about the vast range of risks that could impact on your business, such as:

  • Natural disasters
  • Illness
  • Infrastructure failure
  • Cyber security
  • Reputation damage
  • Loss of key personnel and income
  • Supply chain disruptions
  • Fraud
  • Legislative and regulatory changes

All that, and a host of industry-specific risks as well as those that are unique to your business aren’t always insurable. For example, your sector may be experiencing a skills shortage that’s inhibiting your ability to grow, or trade at your existing level, or worse, continue operating at all.

So how can you take your risk management practices from ok, to great?

Developing a risk strategy can feel daunting, but the first steps don’t need to be expensive and time-consuming. Here’s a few simple tips to help get you started:

1. Assess your risks. Sit down and brainstorm – what could go wrong? There’s probably a long list, but rating a risk for its likelihood and potential harm lets you decide whether it should go onto your risk register.

2. Record them in a risk register. The register keeps track of each risk, its likelihood and potential harm, as well as what is being done to manage it.

3. Put plans in place to TAME each risk. Each risk can be approached in one of four ways:

    1. Transfer: A common way to transfer a risk is to insure against it, so your insurance company carries the risk instead of the business.
    2. Accept: Sometimes, you just simply accept a risk because the cost of treating the risk is greater than the risk’s potential harm.
    3. Mitigate: Mitigation is about reducing a risk. For example, if your product needs to be manufactured using specific materials, they might become unavailable leading to delays and increased costs. This risk can be mitigated by putting strategies in place like contingency planning, and diversifying suppliers.
    4. Eliminate: Elimination gets rid of a risk. Take an old or unsafe piece of equipment for example; you could upgrade it to eliminate the risk of anyone being injured by it.

The best choice will depend on each risk, and a cost-benefit analysis of how best to deal with it – as well as your business’s general appetite for risk.

4. Insure and create policies. Once you have your risk register and a plan to deal with each risk, you’ll need to put your plans in place. That might mean insurance, new risk management policies or changes to existing ones.

5. Review and refresh annually – or anytime when an unexpected threat occurs. The job of  risk management is never over. Your business should review its risk management strategy regularly or at the very least, once a year. You may also need to check that you are complying with the terms of your insurance policies, so you always remain covered.

Making your business as resilient as possible

Once you have risk management behaviours embedded in your business, you may also find your risk management strategy is paying for itself. That might be through greater productivity, fewer supply delays, or more timely project completion.

Resilience was one of the buzzwords of 2021 and most businesses would be ready if another pandemic swept the globe. But how resilient is your business when it comes to other types of risk? A strong risk management strategy could easily make the difference between survival and failure in the face of a major unexpected disruption.