Method of risk analysis in a company
Often misunderstood, the term “risk analysis” conjures up an arduous process that only academics use. Let’s face it, when something seems long and complicated or we don’t know how to do it, we ignore it or postpone it. In this article, you will see that ultimately, you don’t need to be an expert to understand what a risk analysis is and the method of risk analysis in a company is simple to understand.
The objective of a risk analysis is to eliminate or reduce the level of risk by implementing adequate preventive measures. It is an integral part of a good health and safety management system, and helps ensure a healthy and safe workplace for everyone.
Risk analysis, a methodical approach
Analysis of the risks for the entrepreneur “The road to travel” from the launch of the company, or its freelance activity, until finally reaching the planned cruising speed will not be a long calm river. Even the most optimistic are perfectly aware of this.
Many unforeseen events are likely to occur, for better or for worse. These are the ones that deserve our attention.
A good risk analysis approach for any freelance entrepreneur and business creator must respect the following five phases: identification of risks, evaluation of the seriousness, the probability of occurrence, identification of critical points and finally prevention.
We baptized them somewhat improperly with unforeseen events. It’s not quite fair. Many risks are in fact perfectly predictable, if we take the trouble to think a little and anticipate. It will then be easier to prevent them, and to be better equipped to react if necessary, without jeopardizing our project.
A risk does not necessarily arise. But if it surprises us, it can be the cause of a more or less serious crisis, which, even if it does not call into question our project, will cause us to increase our stress level and spend sleepless nights. It’s a bit of a shame if it was precisely a perfectly foreseeable risk!
The method of analysis
A risk is a more or less foreseeable possible danger.
Starting point: Not all risks are foreseeable.
It is indeed impossible to lock oneself in a sealed bubble, especially if one wishes to undertake, find customers, resist competitors, and exchange with partners…
On the other hand, we can establish a precise list of all the possible risks before starting, then, then, at the time of the launch of the project and, finally, throughout the duration of our activity.
This list will be updated regularly, the risks change, some disappear without causing damage, others appear and threaten our activity.
Not all risks are equal. Some are fairly harmless and only cause very light damage, others are almost improbable.
Some can be prevented and avoided, others will require planning to avoid encountering them.
Types of risks and examples
To do this, you will first need to draw up a complete list of risks to represent in your matrix. The risks you may face will mostly fall into the following categories:
1. Strategic risk
Strategic risks are performance issues and poor decisions, such as which vendor to trust or which software to use for a project.
2. Operational risk
Operational risks are process or procedural errors, such as poor planning or a lack of communication between teams.
3. Financial risk
These risks relate to all events leading to loss of profits for the company, in particular market developments, legal actions or competition.
4. Technical risk
Technical risks are related to the company’s technology. These may include, for example, security breaches, power and internet connection failures or material damage.
5. External risk
External risks are totally beyond your control: floods, fires, natural disasters or even pandemics.
Other categories of risk will have to be taken into account depending on your sector of activity. For example, if you have government customers, you will need to think specifically about legal risks, and if your business is selling a physical good, about manufacturing risks.
| Type of risk
|Description of risks
|Risk treatment strategy
|Risks related to the general environment
|Risks related to operational tools (equipment, IT)
|Risks related to people or human
|Third Party Risks
The 5 steps of the process
1. Identify the risks
It is a quantitative approach. The principle is very simple. This is to list all possible risks regardless of severity or likelihood.
To establish this list, it is useful to take an interest in the main causes of failures, to ask around a little, and to carefully study all the possible cases without being misled by an excess of confidence in your project.
If our reaction to a potential risk is expressed something like this: “That? It’s really impossible!”, we must not eliminate it, but immediately ask ourselves the obvious question: “Why would that be impossible?” The answer will allow us to judge whether this risk has its place in the list or not.
2. Assess severity
Second exercise: for each risk identified, we try to weigh the damage potentially caused. A scale of 1 to 4 is precise enough to meet our needs. See the example risk matrix (heat map) below.
3. Assess the likelihood of occurrence
Although lightning strikes 8.6 million times a day on the earth, there is very little “chance” that it chooses my head as the electric pole.
Not all risks have the same probability of occurrence. Again, the risks are classified according to a subjective scale with 4 levels.
4. Identify critical points
We are mainly interested in the risks of the “hot” zones of the matrix, the colors “yellow” and “red”. What aspects of the project are likely to be impacted by the effects of the hazard if it occurs, and when is the disaster likely to occur?
It is now time to identify the means of action: how, with whom, with what and how much? These are the questions that need to be answered if it is possible to prevent the listed risks.
Prepare action plans as needed
Always the same questions: how, with whom, with what and how much?
To get rid of
It is not always possible to find a parry. For these cases, the best solution is still to change the plan to avoid falling under the risk. We will then have to test another scenario. For some very specific cases, it is also possible to take out specific professional insurance to cover the risk. Be careful to read the restrictive causes carefully.
Tips for carrying out the study
Beware of overconfidence, we are not satisfied either with received ideas of the style “it’s impossible!”…
…”They will not come to this field”, about the competitors
…”He won’t give us a little in the back”, about a partner
…”He will trust us, no doubt about it!”, about a client
We get plenty of information, and once the study is done, we don’t let our guard down. There are also “black swans”, these risks so improbable (beyond box (1,1) of the heat map) that they leave us totally unprepared when they occur.
The crisis is already at its height, long before any means of action in response can be found. They exist at the macro level on a global scale (Financial crisis, Fukushima, oil spills…), they also exist at the micro level for entrepreneurs.
Method of risk analysis in a company is A CHAPTER in the Business Plan
This study is a chapter of the Business Plan. If partners are solicited, they will legitimately want to make sure of your foresight to guarantee their investment. If you operate on self-financing, this study is also essential to guarantee your own investment, in personal funds, time and energy.
Please note that this risk anticipation approach is only feasible if you have a sufficiently well-marked out implementation and deployment plan, with sufficiently mature alternatives (scenarios) to play the role of plan B, if necessary and if applicable.
Ready to get started?
Are you a consultant? How we can help you with Solutions? Please hit the let’s get in touch button to contact us.