Leaders of small to medium-sized businesses usually have two things on their mind: What are my sales? And, do I have enough cash to make payroll? Don’t settle on a reactionary position in dealing with the risks that can have long-lasting effects.
Many businesses suffer, and fail because their leaders do not see the inherent risks that can negate the years of hard work it took to build the business.Here are some tips to managing the risks:
- Look at your company from the 20,000 foot level: The first step to managing risks is to identify, on a broad level, your company environment. What is the established company culture that increases your risks? Why is the culture like this? What is the company philosophy? If you need a blueprint, use the COSO ERM (Enterprise Risk Management) framework as a guide.
- Take your business apart: Look at your company by business unit or profit center. Use techniques like questionnaires, interviews, or my favorite, scenarios.
- Access the Risks: Access the risks visually. I have found that flowcharts show the snags in operations that lead to inefficiency, misappropriation, and possible fraud.
- Develop a plan and assign responsibilities: An ERM plan should tie into the company’s strategic plan. All cylinders should be firing sending the machine in the same direction.
- Be proactive in your thinking: Don’t react to crises, but implement controls that can prevent, or at least detect a breach of company policies and procedures.
- Communicate the plan: All department heads and executives should own the responsibility of implementing the plan and controls.
- Use metrics to monitor: We create executive dashboards that monitor certain benchmarks, critical success factors, and accounting ratios that indicate the plan is in operation. This is essential, because an unmonitored plan is a dead plan.
- Be flexible and alter the plan: Nothing is in stone. Businesses are not stagnant, so change the aspects of the plan that are not working.