Introduction 

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities. Risk management’s objective is to assure uncertainty does not deflect the endeavor from the business goals.

Risk management applies to many aspects of a small and medium business (SMB) as they are subject to internal risks (weaknesses) and external risks (threats).

Risks originate from various sources including uncertainty in financial markets, threats from project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause. There are two types of events: (1) negative events can be classified as risks while (2) positive events are classified as opportunities.

Key SMB Risks

The key risk facing the business activities of a small and medium business are outlined below:

  • Business Assets
  • Business Interruption
  • Competition
  • Data Security
  • Financial / Cash Flow
  • Intellectual Property
  • Key Employee Loss
  • Regulatory and Compliance
  • Reputational Risk
  • Succession Planning
  • Supply Chain
  • Weather and Natural Disasters

Risk Identification & Evaluation

One of the most important investments in the business is creating a Business Plan, as a supporting tool for identifying risks. The Business Plan typically includes a section on potential risks and exposures and a risk register for continual future evaluation.

Once risks have been identified, the next step is to consider the impact each individual risk has on business operations and continuity. This assessment should also view risks about potential expansion or future growth of the business.

Risk Management Strategies

Strategies to manage threats, uncertainties with negative consequences, characteristically include:

  • Avoiding the threat.
  • Reducing the negative effect or probability of the threat.
  • Transferring all or part of the threat to another party.
  • Retaining some or all the potential or actual consequences of a threat.