How to identify, analyse and manage the risks your business faces

Written by Drew Coles member of the Chartered institute of Management Accountants

Graph showing Risk management cycle

Every business is exposed to risks. Risks can be external and include competitors actions and factors in the global economic market such as inflation or interest rates. Risks are also internal and may include insufficient skills available in the workforce or not enough cash to invest in stock (working capital) to complete customer orders.
Why would you want to manage these risks? The obvious reason is to put plans in action to reduce its effect. To deal with these risks, it is important the business can identify, measure and manage them. It is worth noting that this process should look at the current risks and possible future risks to be of real use to the business.

Board showing SWOT analysis

Risk Identification

Firstly, the risks should be identified by using two management tools of SWOT and PESTEL analysis. These models look at the external and internal issues and risks that your business is exposed to. The SWOT looks at internal strengths and weaknesses as well as external opportunities and threats. An added benefit of a SWOT is to highlight what the business does well which can be used in future marketing to target new business.


Risk Measurement

The risks identified in the models above should be assessed and measured by the impact if they were to occur and the likelihood that they are to occur. This will be represented on a graph and a grading will be used for each risk. Probability of occurrence can range from very likely to extremely unlikely. Impact can range from critical to very low. This will allow management to focus on a section of risks which need urgent attention.



graph showing impact and probability of risks
graph showing Impact and consequence of risks

Risk Strategies

Plans will need to be created to mitigate the risks. Our preferred model to follow is the TARA framework. Using the grading from the risk assessment above the risks will be placed on the TARA grid which will guide the business into four decision areas of transfer, avoid, reduce and accept. For instance, there may be a risk of theft to materials which can be transferred by using insurance. Accept will be used for risks with the least impact and likelihood of occurrence as its worth noting that the business will always face risks and it’s the business risk capacity which will determine how acceptable a risk is.



Review Period

This framework should be updated annually or as frequently as the business believes is appropriate to track the risk level of each threat, ensure controls put in place using the TARA framework above have had the desired effect and to identify possible new threats. The risks faced and how they are being managed would be an appropriate point of discussion in an annual management board meeting. The business can take this framework further by introducing scenario planning for all the risks faced in order to get a better idea of the impact on the business.


Related article

Making the correct capital investment decision

Money increasing with the correct investment choice

This may interest you

Cash-flow improvement

graphs and spreadsheets to track cashflow

This may interest you

Performance measurement

a white board with Performance measurement written in blue