As highlighted by the recent pandemic, running a business comes with the constant possibility of unexpected events that can significantly disrupt operations.

The difficulties many businesses faced as a result of COVID were a good reminder of the importance of identifying, understanding and mitigating risk. And while you can’t be prepared for everything, you do need to spend time identifying what could go wrong and creating a plan to overcome it.

One easy way to do this is with a business risk register. Here are some commonly asked questions about this tool and the best way to use it.

What is a business risk register?

A business risk register, sometimes called a risk log, is a document that is used to identify potential risks facing a project or business.

The risks you list on your register might include:

• Cybersecurity attacks
• Financial loss
• Non-compliance with legislative requirements
• Legal action from or against a client or supplier (or team member)
• Safety issues
• Competition
• Scheduling delays
• Supply chain interruptions
• Price changes
• Global events
• Environmental impacts
• Theft.

Why use a business risk register?

Using a risk register to document potential risks will give you a ‘source of truth’ to refer to and share across the business.

This is an invaluable tool for taking stock of risk, highlighting how likely something is to happen, the impact severity if it did happen, and also documenting how risk will be mitigated.

For example, product theft may be a major risk for your business. Your risk register can highlight this and mention the steps that are in place, or required, to prevent it, e.g. Security guards, cameras etc. The risk of a competitor launching a similar product may be less of a concern because you have a patent, in which case that would be a lower risk.

Which areas of my business need a risk register?

Risk registers are versatile and can be created for the entire business, departments or special projects.

Here are some of the areas to apply a risk register:

• Overall business: This is a good place to start. By covering the whole business, you can then prioritise which risks need to be addressed urgently, then delegate tasks to specific teams and stakeholders. Your accountant can be a good point of contact to let you know which categories of risk to include on your register and how to prepare for a potential financial hit.
• Work health and safety: The health and safety of the clients and team members are a key focus area. Enlist the support of WHS experts to ensure you’re aware of risks caused by falls, incorrect lifting, repetitive strain etc. It’s essential you have a risk register for this area of your business so you can minimise absenteeism and reduce the likelihood of legal action and costly fines in the event of something going wrong.
• Project development: Every project has its risks. While it may also be subject to your risk register for your overall business strategy, it is also a smart move to set up risk registers for each project. Key stakeholders will be able to contribute to discussions about what should be on the risk register.
• Change management: Change always comes with risks so this is another area where your business can apply a risk register.

How to create a business risk register

There are many different ways that you can create a risk register and the strategy you use will depend on you and your team.

However, your risk register should do the following:

• Identify the risks: Any risk register starts with a list of the potential risks. By conducting a risk assessment or analysis and communicating with the relevant stakeholders or consultants, you can figure out as many potential risks as possible.

• Assess the impact of the risks: Some risks will naturally be more impactful than others. A day-late shipment may hamper production, but a delivery that is lost at sea could destroy your profits. Work out what risks will have the most impact and then you can prioritise your risk mitigation activities and expenditure.
• Assess the likelihood of the risks: For a risk to be at the top of the list, it must be both high-impact and more likely. For example, while an earthquake is always a possible risk and it could see your premises demolished, a severe storm that causes a tree to come down on your factory might be more likely.
• Rate the risks: Using the ratings assessed for likelihood and impact, you can apply risk ratings from extreme to low based on a predetermined risk rating matrix.
• Assign solutions: This is where you get to work. Create strategies to combat all the risks from the biggest to the least or delegate team members to handle particular risks or individual strategies. Your strategies could include insurance policies, staff training, cyber incident response plans etc.

Want to get started? You can download a risk register template here, or you can contact your accounting team and arrange a meeting to go over your business risk register.

Need guidance to minimise risk in your business? Get in touch with AFS & Associates today.