Risk management helps organizations avoid or reduce threats and develop opportunities into valuable initiatives. To create a successful risk management plan, you need to know what you face – both positive and negative. Risk managers call this a risk inventory, and such inventories are key parts of a large organization’s risk management process. But what if your full-time workforce is small or your operations are in the early stages – do you still need to conduct a risk inventory?
Yes. In fact, for smaller organizations, a risk inventory may be even more valuable. In an environment where every threat and opportunity may affect revenue and reputation, knowing the full risk potential you face could mean the difference between failure, survival, and success.
This article describes the benefits of taking a risk inventory and explains how even a small organization can take advantage of this important tool.
Taking risks is part of a healthy business growth strategy. If you know which risks to take, you can position your organization to achieve more success by focusing energy in the right direction. Moreover, if you know what risks you face, you can make more informed choices. A risk inventory can benefit by helping you:
- Identify potential threats and opportunities faced by your organization
- Understand your core processes more thoroughly
- Inform your company’s risk tolerance and risk appetite
- Determine what actions are needed to reduce threats and develop opportunities
- Create a safer and more productive working environment
- Comply with laws, regulations, and internal codes of conduct
Obviously, if you’re a smaller operation, your risk inventory is going to be different than that of a multinational organization. Like risks themselves, risk inventories are not one-size-fits-all exercises. Your risk inventory must relate to the size of your organization and must take into account your internal structure, operations, and plans.
Beginning the Process
Most organizations have a good start on a risk inventory. Everyone has to-do lists, notes about contingencies, perhaps even peer data describing what similar organizations have faced. The idea behind an inventory is to capture that information in a centralized assessment. Here’s how to do it:
- Identify functional areas to survey. Include all of your important functions – operations, sales, marketing, compliance, talent management/HR, finance, and risk management.
- Identify people on your team who know these areas. In smaller organizations, one person may wear many hats, but make sure to include enough people to cover all of these functions.
- Include at least some non-leadership/non-management “line” personnel, to gain additional awareness.
- Ask each person to identify the top three threats and opportunities faced by the organization in each functional area. Don’t limit your questions to the person’s domain, and don’t limit your question to things that could go wrong. Your team may be hesitant to respond, but ask them to provide three or more regardless of whether they feel substantively competent to do so. They may surprise themselves — and you — with great ideas about initiatives that could have substantial payoffs or small ways that operations could be modified to increase effectiveness. Furthermore, the mere process of asking helps your team members feel more engaged in the organization.
- Ask each respondent to rank the risks identified in each functional area according to a 1-5 scale, with 1 being the highest risk (most significant in terms of likelihood, impact, and speed of onset) and 5 the least risk.
- As part of this exercise, consider declaring an “amnesty” for any errors that people have not reported in the past. Of course, the amnesty should not include willful misconduct, but you want the inventory to uncover vulnerabilities, and people will be more likely to provide candid responses if they know they will not be punished for errors.
This exercise will give you a solid list of threats and opportunities to work with. In our next post, we will talk about what to do with this information.
One Small Step
Each small change you make to address risk adds up. Even with limited resources, your organization can reduce loss exposure and take on the right risks in order to gain value in the marketplace. Gathering information about threats and opportunities is a low-cost way to begin applying risk management to increase clarity, peace of mind, and value.
Please share this post if you found it useful.