Risk management isn’t a risky business. Managing risks is a staple diet of any business, regardless of their size or complexity. But some businesses have teams of highly skilled, highly educated and qualified professionals to manage the organizational risk assurance process. Risks are project managed.
Some businesses on the other hand, have just one person in charge of everything. Billy no mates.
In ‘big businesses’, risk management is, big business. Without it there runs the risk of adverse impacts in addition to not adhering to relevant legislation and regulation. Reputational risk is incredibly essential of course.
There is always a trusty risk matrix at the core centre of the program with a risk assurance process that hopefully runs from the top to the bottom (and the other way around of course). And woohoo… a risk management meeting!
A beautiful combination of red, amber and green; perhaps the occasional black or blue.
Red light, spells danger
As Billy Ocean once sang, ‘red light, spells danger, can’t hold on, much longer’.. But so too, can some of the greens and ambers if they are not truly ‘managed’.
Big businesses and organizations have a wealth of knowledge and skilled people to tackle the risks. Identify, assess, eliminate, reduce and remove. Brilliant work team. But in the smaller to medium sized enterprises (SME), often the person in charge of managing the risks, is in a team of one!
Of course, risks vary in size and degree. But SME’s may only have the same person in charge of everything; the selling, the buying, the marketing, the ‘team development’, the putting out of the bins. The IT department, the ‘staff’ canteen; the business continuity management (BCM). The risk management.
Risk management in such cases remains a key critical component of the business survival, but it will compete with all of the other pressing factors.
Risk management on a day to day basis may well take second or third place behind an actual need to get the income in. This doesn’t mean risk management is ignored; it is just reality that it is less important to some degree to the ultimate need to bring money into the business.
This isn’t in anyway a case of ‘risk it for a biscuit’, a saying that was widely used as I grew up, when we were given a challenge for a reward. A dare so to speak. But risks are taken. They are taken in life for a gain or a chance of reward. Some you win and some you lose. That’s life.
In these hefty days of organizational resilience, business continuity, risk management, resilience et al, the needs of the SME are not entirely overlooked. It is simply misunderstood to a degree because, there is little money to be gained from the resilience providers in ‘mining at the SME coalface’.
So, the easy option is to ignore the SME plight completely. Keep resilience and risk management at a corporate level and bugger the rest! Blame the SME or add them in the endless survey results of ‘failed businesses’ or those without resilience, rather than doing something amazing to make it more attractive to the SME in the first place.
Most resilience providers wont risk it for a biscuit in the SME market. Show me the money is the cry. Business is business. ‘I’ll go, where the music takes me’.
The money isn’t in the SME market if they want to gain a bigger buck.
But I believe this is wrong in 2017. I believe the risk is worth taking to make a difference. To take resilience to a wider and more needier audience. To help the SME’s of the world, to have access to better risk and resilience capabilities.
Surely, that is worth the risk?
ABOUT THE AUTHOR – A truly down to earth, grounded individual who is a resilience professional. Helping people and organizations to build and maintain their capabilities to respond to and recover from, crisis, emergencies or disasters. Paul is the ‘resilience maverick’ because he is not like the average resilience professional. He uses his great people skills to break down a complicated and often scary subject to make it easier to understand, want and need. Paul wants to help everyone be a bit more resilient because they can. firstname.lastname@example.org.