It is hard to prepare when you aren’t ready. Sounds like an odd statement, but it makes sense when you think about it.
I saw an example the other day when I came across a car commercial where the spokesperson tossed what looked like a white ball to the various individuals who entered the room. What they didn’t know was that the balls were actually eggs. When they failed to catch the eggs and they hit with a splat, the intended catchers were completely caught off guard. How many things in business, or in life, do you find are “eggs,” that catch you completely off guard? Are you ready for the unexpected so you can prepare?
Risks are a lot like the eggs. Some of them you just can’t plan for, others should be identified, assessed and a strategy put in place to manage them should they arise — and in business, they always arise.
Plan to be prepared. To prepare for risk, a business owner should look at the business from a higher level and understand how all the pieces fit together. Types of risk vary from business to business, but when assessing a risk, think about the scale of the risk, including such questions as:
- How frequently does it happen in your industry?
- How frequently in your company has it happened?
- What are the potential financial losses (expenses, lost business, litigation, etc.) should it happen?
- Will there be a cost to correct it? Or a larger scale loss in reputation that has future ramifications for your business?
Businesses can’t possibly plan for every potential loss, but they can assess risk and put a plan together to address each risk, once it is known and quantified. A business should evaluate which risks it is willing to accept, which risks need to be mitigated and which can/should be transferred.
An example: We live in the age of information, and as such we have seen newspaper and online headlines riddled with the latest news of cyber breaches. From retail to insurance to government, no one is immune. However, understanding the business, what areas are at risk and taking steps to mitigate or reduce the impact of the risk can make the difference in being viewed as a responsible business if a breach occurs.
Know the cost of not being prepared. Part of managing risks is understanding them and the cost of not addressing them. In the case of cyber breaches, if you don’t put safeguards in place to protect your sensitive information, what will that cost your business? Do you have a legal obligation to put a cyber security program in place? Do you risk lawsuits if not properly secured? How will you put a value on lost customers and a damaged reputation?
Create a plan. Should an interruption in your business occur, it is important to know how to respond. An issue doesn’t wait for you to be ready for it and when it does happen, it brings about a level of stress that is often overwhelming. Having a practiced plan in place helps to lessen the stress during a difficult time, and can help you prevent a bad situation from becoming worse. Your plan should include steps you will take to get the company moving forward again. Make sure it is well documented, communicated and actionable by your team(s). Include how you will communicate the issue to your customers as well. Also list the names and contact details of any suppliers/vendors that you will utilize in the process and include them in the plan.
Test your plan and review. Don’t wait for something to happen to make sure the proper measurements have been put in place. After all, why spend the time, money and effort to put together a plan if you’re not going to see if it works? Make time to test and assess your plan for improvement. Businesses are always changing, so even if it works perfectly when tested, you need to re-evaluate the plan each time you have a critical change, upgrade in your system, business expansion, etc.
Avoid eggs. I heard the following statement from a risk management professional: “There is nothing like the power of understanding your business.” His point was that often you don’t know what you don’t know, but by taking the time to really understand your business, assessing and preparing for risk, and then communicating the priorities, you have the power to make well-thought-out decisions when the time comes that you are forced to make them.