• Helping Businesses
    Grow Profitably

  • Call 1-844-647-6984

  • Tactical risk management

  • In last month’s article “Risk Management“, I wrote about the framework of risk management and some of the strategic issues when considering it. From my experience there are a numerous specific tactics that are often ignored, which are easy and inexpensive to implement. I hope you find some of these relevant for you to implement into your business.

    The most important strategy is to pause and consider risk and the ways that you can manage it. It often amazes me to see very successful and capable entrepreneurs and executives enter into a program which they recognize to have considerable risk, and not pause to contemplate how they plan to manage those potential consequences. If you take the time to “pause and consider” you may be surprised by the responses given by your key team members, and the worthwhile tactics that evolve from this brainstorming.

    One of the easiest steps is often to merely ensure that you remember to perform a task that will limit your risk. Simply use your diary system to ensure that you do not forget key dates. Do you effectively use Microsoft Outlook’s “Task” module that provides a user with a To-Do-List flagged with due dates that can be divided into categories? I use this extensively to ensure that I do not forget my clients’ needs, track deadlines, renewal dates, etc. I have items in there that are scheduled to do two and three years from now.

    It is challenging to keep a project on track, even where you are using a formal project management program. Where you are not using such a program, it is imperative that one prepare a schedule of the key steps, and responsibilities and due dates. This simple exercise, with appropriate follow-up, helps to ensure that a project can be completed in a timely way.

    If risks are realized, they might cause a credit crunch for the business, which is the worst time to look for additional financing. It is imperative that you secure sources of emergency financing before you need it, and to recognize any associated cost as equal to paying an insurance premium e.g. standby lines of credit. Increase borrowing facilities to the maximum available before you need them. See the article “Sources of Financing

    Usually the biggest risk (which is a combination of occurrence and severity) faced by a business is losing a key customer. This often has a devastating effect and has lead to the closing of many businesses. So, focus on what it takes to secure those few customers, and to ensure that your service level is so good that your risk of losing them is significantly diminished. This can range from giving them preferential pricing, to better service, to special features, to golf or a meal with key decision makers, etc.

    A large risk many businesses manage is the risk of significant quality control issues, as this can lead to loss of one’s customer base. So enhancing quality control is a key risk management strategy – both for products and services. See article “Investing in quality control” in the Mastermind newsletter June 2009

    Ascertain industry standards and what competitors are doing. Annual reports can be a great source of competitive information and with enhanced standards for MD&A’s, disclosure on risk management by public company competitors, will become more readily available.

    Of course you may not lose the customer due to them purchasing from another business but to the interruption of their continuity and inability to pay their debts. For this reason credit risk management is one of the most fundamental risk management requirements for many businesses. Credit management is a relatively simple process in most businesses, that can be implemented by less experienced, but properly trained junior staff or outsourced and/or insured. All of these are sound options if you consider that a typical product-related business will require $300 to $500 of additional sales to maintain the status quo, if a bad debt of $100 is incurred.

    The place that many businesses start with the preparation of a risk management plan, is with the risks in an IT department, even where there is no separate department. Every business in 2010 should have a written document setting out the risk management for its IT environment. In my opinion, it is only a question of when (not if) this will pay for itself. Computer systems fail and often cause huge problems for the business that could have been mitigated with a simple plan, which addresses the obvious risks.

    Medium-sized businesses are exceptionally dependant on a few key staff, as there often is no requirement for several layers of management. Invest in your staff, especially those that are most important to your success, which will enhance the likelihood of retention. A lot of common employee benefits and staff retention programs go beyond the scope of this article but should be considered and compared to the cost of losing a key executive, especially to the competition.

    More important, but severely neglected in many businesses, is the issue of succession for the owner or CEO. Most businesses can attribute the most significant factor in their success to the unique blend of talents of the CEO. Neglecting to plan for the possibility (and eventual probability) of the interruption of that relationship is hugely irresponsible to the many stakeholders who will likely be severely affected by a change in the ability of the CEO to continue in that role.

    Consider whether you can secure your sources of supply for key inputs that are not easily sourced. It may be appropriate to give the supplier something in return for a guarantee or preferential treatment, e.g. offer guaranteed minimum annual orders in return for preferential order fulfillment in times of shortage. Where possible, for key supplies where you are a large purchaser, ensure that you have more than one supply relationship so that you do not inadvertently share the risks of your key supplier. Consider transportation risks for goods sourced (by you or your supplier), where distances are great and consider the need to maintain stockpiles to ensure continuity of supply. As many industries strive for a “just in time” philosophy for sourcing, the need for risk management increases, as the significance and likelihood of an interruption in supply increases.

    Of course, when discussing the sourcing of goods from far away, one must consider the political and financial risks. Particularly where your source is in a politically volatile country or region, one should assess the merits of an alternative, back-up source of supply. Volumes have been written on the need to manage foreign exchange risk, including “Understanding Foreign Exchange Risk” by Mike Smith, GFX Partners in the Mastermind Solutions, September 2009 newsletter. Although exchange risk should be managed at all times, it is especially critical considering the volatile foreign exchange markets that have prevailed over the last two years.

    Price fluctuations of raw materials can be a significant business risk and opportunity, especially where you are sourcing commodities. When this is a significant factor in the costs of your product, it is critical that you have an effective management program that includes an expert advisor regarding appropriate hedging strategies.

    Often overlooked areas of risk, in an expanding business, are those undertaken when entering a new business or market. Often the plan to enter this new area requires an optimistic perspective and a willingness to engage risk in order to justify it. As a result, the plan is often done without any real risk planning and the many small and large opportunities, that exist to mitigate the many risks, are not even considered. There are many steps that can be included in a plan that can change the risk dramatically. Many of these may have no real cost associated with them until viability is established e.g. inserting “go/no go” points to re-evaluate along the path, negotiating short-term contracts (e.g. leases) rather than long-term, renting rather than purchasing, using contract staff, etc.

    Similar to the new business or new market, are the risks associated with large projects. A section of every project plan should deal with the risks associated with the project and the steps to be taken to mitigate those risks.

    One of the largest risks that a business can encounter is the risk that comes with purchasing a business. In “Why mergers and acquisitions fail” by Edward Kazemek he says “Studies have documented that anywhere from 50 percent to 80 percent of all mergers and acquisitions fail. In spite of these sobering statistics, businesses… search hungrily for the opportunity to take a chance at this risky game.” In my experience there are many reasons for this but the paramount one is that many businesses do not manage their risks and the critical one is a proper due diligence review by a competent professional. Often business owners expect a seller to divulge everything and forget that the seller is “selling his baby” and like any good salesman (which he likely is as a successful entrepreneur) will focus mainly on the positive attributes of the business. In many cases there may not be a willful cover up, but merely neglect to disclose. As a friend of mine shared with me when the business he was selling was subject to a very thorough due diligence review “Some of the issues that were raised in the review were issues that I had long ago dealt with and were not considered current issues.” However, from the purchaser’s point of view these could be very critical issues if they resurrected. As a result, a good due diligence review is a critical risk management tool in the acquisition of any business.

    Modern software development methodologies reduce risk by developing and delivering software incrementally. Early methodologies suffered from the fact that they only delivered software in the final phase of development; any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in iterations, software projects can limit effort wasted to a single phase. This illustrates an opportunity for risk management in many businesses where staff or teams are given a project and required to report to management only when the project is complete. Often management then rejects the project, or sends it back for significant revision. In many cases the risk of this could have been avoided, or at least significantly reduced, by management reviewing interim stages of the project.

    Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability at managing or reducing risks. Often the key to success is in the management of the entire outsourcing relationship and the risks associated with that process. A large risk reduction benefit available from outsourcing can be the conversion of some fixed costs into variable costs.

    Risk sharing can be defined as “sharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce a risk.” This can often be achieved by getting a partner into the specific project so that they share both the upside and the downside. A very common example of this is in the real estate industry where acquisition and construction of a project is initiated by a large real estate business, who is often large enough to manage and finance the project on their own, but takes in financial partners to spread the risk, thereby also enabling them to participate in more projects than if they retained all the risk themselves. Of course, one significant cost and requirement in risk sharing is ensuring that you have a suitable legal framework.

    In last month’s article on risk management I referred to the poor risk management by BP in managing the oil spill in the Gulf of Mexico. It appears as if one of their strategies was to blame others, primarily Tansocean the rig operator and Haliburton, the cementing team on this well. Fortunately it appears that President Obama and the US Congress are not buying into this. What it does illustrate for us is that even where you share the risk with suppliers or others, you must take great care to ensure that the steps that you take will be successful in mitigating your risk. One cannot, using this situation as an example, assume that a supplier will become the bearer of the risk on the part of the project outsourced to them, or from the consequences of a risk caused by them.

    The following large risks affect selected businesses and are beyond the scope of this article but you should take steps to ensure that your practices are sufficient, that your risk is reasonably minimized:

      • Reputational risk
      • Brand risk
      • Intellectual Property risk
      • Environmental risks

    Finally, I want to mention some very basic steps that are essential to mitigate risk in any business. That is to plan for the possibility that you will not be able to access your premises for a few days to a few weeks (or longer). This is a very real likelihood in the life of a business and can be caused by many risks. Ensure that your plan provides for:

      • Your IT risk management plan must ensure that you can access all your programs and data remotely;
      • Have a designated off-site location where your senior management team will congregate in the event of your offices not being accessible e.g. the CEO’s house, or another company location, if you have more than one, so they can manage the implementation of the plan;
      • Have easy access to every staff member’s home and cell phone numbers, as well as personal email addresses, so you can communicate alternative work arrangements with them;
      • Consider possible alternative short-term locations (e.g. community centres, banquet halls, etc.) and have the information stored where it can be found easily – you may not be the only business needing this;
      • Have all key documents scanned & accessible online.

    The statistics on businesses failures are truly alarming with only 70% of small businesses surviving for five years (Key Small Business Statistics – January 2009, Industry Canada). Limit the risks that you take to those that cannot be managed, so as to enhance the likelihood that your business will survive in the long term, and also improve your profitability by limiting the impact of the many risks that result in lower profits.

    About the Author
    James Phillipson is a Chartered Accountant and a Principal of Mastermind Solutions Inc. with over twenty years experience in large and small businesses. He has provided financial counselling to his clients since 1996, often in the role of a Controller or Chief Financial Officer. James has experience in financial roles in a wide variety of businesses and industries.

    Click here for more Finance Information

    View James Phillipson