What is Risk?
A risk is an event that could lead to a loss for your business. Good examples are a customer cancelling their contract with you, a deterioration in your business’s reputation or a disruption to your service – all leading to a reduction in profit.
Some risks may be more important to your business than others, either because they are more likely to occur, or they would have a bigger impact on your ability to service your customers. It is recommended therefore, that you make a more detailed plan for these types of risk.
What Could Go Wrong?
Some risks that may disrupt your services:
Buildings:
- Denial of access to premises / site (short term)
- Destruction (all or part)
Staff:
- Loss of key staff with specialist abilities, due to unexpected illness or resignations
- Large-scale staff absence, whether temporary or long-term, due to illness or transport disruption
- Threats to staff safety
Production process:
- Failure of major suppliers (or purchasers)
- Key equipment failure
- Product defects
Utility loss:
- Mains electricity, water or sewerage
- Telephones – landline / mobile
- Computer systems, internet or network access, e-mail, website failure
- Disruption to road / rail / air transport system affecting staff and supplies / products
- Oil and fuel shortages
Natural and man-made disasters:
- Flooding / storms
- Severe weather
- Fire
Legal and criminal:
- Crime, vandalism, theft, identity theft / cyber crime
- Changes to regulations, breach of regulations
- Criminal acts internal to your business
- Bomb / terrorism threat
Information:
- Loss of financial records, contractual documents, other data
- Loss of diary and contact lists
- Loss of undocumented knowledge held by staff
- Electronic data and / or hard copy documents
The identification, classification and management of business risk is covered by the ISO 31000 Risk Management Standard.
Keeping Trading after a Disruption
Your priorities during and after a serious disruption depend a lot on the type of business you have and your local circumstances. These general questions are intended to help you and your staff to start thinking about what you would do.
Immediate actions – do your staff know:
- How to evacuate from their workplace?
- What to do in case of fire?
- How to give basic first aid?
- How to operate equipment and machines safely?
- How to report potential hazards?
Back up data – do you have up to date, off-site backups of:
- Accounts and financial data, bank and insurance policy details?
- Contracts?
- Correspondence / e-mail / diary?
- Contacts, phone numbers?
- Procedures – “how to” instructions about specific tasks so that others can deputise effectively?
- Have you actually tested restoring data to see whether it works?
Communications – are there arrangements for emergency communications with:
- Staff?
- Public?
- Suppliers / purchasers?
- Emergency services?
- Would these arrangements work if you had lost access to your premises or if your IT systems had failed?
Managing the response:
- Do you know who would lead your emergency/recover response (and who would deputise if they were unavailable)?
- Have they discussed and planned this with others who would be asked to help?
- Have they practised this with those who would be asked to help?
Recovery priorities:
- Have you thought through what must be restarted first after a disruption?
- What other work would you be willing to sacrifice for this?
- What do you need to keep your most important processes going or get them restarted? – Staff, premises, equipment, information, emergency funding, special authority, replacement stock, raw materials, specialist “repair” skills etc.
Recovering from business disruptions is covered by the ISO 22301 Business Continuity Standard.
Want to Learn More?
If you want to know more about risk, this article on identifying risks and turning them into opportunities goes into more detail on the subject.
Also, if you’re looking for more detailed help on risk management, and maintaining continuity in your service offering, you may find our tutorial video on business continuity to be helpful.
To find out more about managing risk in your business, ISO 31001 or ISO 22301, please speak to one of our Certification Development Consultants by calling 0333 344 3646 or emailing [email protected].