Risk Management, Business Continuity and Making Informed Choices

Regardless of your company’s size, services or location, every business needs to recognise the importance of risk management, even just the basics to ensure the business survives, can maintain it’s products and services (i.e., ensure ‘Business Continuity’). Understanding what your business provides, the impact of loss and how it could potentially be disrupted is the starting point for truly understanding what risks you may face.

Sometimes we must go back to basics to think more laterally about risk, as demonstrated below:

In reality, everyone does some kind of risk assessment on a daily basis, often you’re unaware you’re doing it. For example, your brain makes a number of assessments just crossing the street: How close is the bus? How fast is it going? Do I have time to make it? It the pedestrian light green? How fast can I walk?

With all this information you can make an ‘informed decision’ on what to do. Is that extra minute you save in crossing the road before the pedestrian light goes green, worth the risk of being run over by that bus?

Every action has a reaction. Risk management simply provides the right tools for you to go ahead and invest/make changes, or to sit tight and wait until the risk is within your risk appetite. i.e., “I’ve broken my leg, so will wait for the green pedestrian light!”

The same concept should be used in business, of all types. Every decision you make should be an informed choice of:

  1. What would happen if I do this?
  2. What would happen if I don’t do this?

Making an informed choice – Getting Started

Imagine, you are buying into a business, the property is a leased property and requires some work to get it up to scratch potentially costing in excess of $100k. It is a beautiful property in a popular area. Foot traffic high for the majority of the year and the property lends itself to other uses too. 

All looking very positive so far. However, this property is within a known flood zone, in fact it is metres away from a beautiful waterfall. You investigate and the insurance will not cover flooding or landslides as a result of ‘mother nature’.

Do you take the risk and buy in to the business anyway as the prospects are fruitful and seem to outweigh the flood risk?

What is the likelihood in a flood occurring again in the next 5+ years? You know the last one was 2 years ago. Probably likely given your surroundings and the fact the insurance company will not cover that particular issue.

Consider the impact:

  • What is the impact if you are flooded?
    • Venue would be closed
    • Staff would not be able to work
    • Customers will not attend.

Think about the overall consequence to the business. 

Based on previous incidents of flooding, the last flood lasted say 5 days:

  • Can you cope with no income whatsoever for 5 days? 
  • What happens to the cash flow?
  • What are staff expectations?
  • Do you have to pay them too?
  • What about casual staff? 
  • Compensation to customers/returned deposits?

Based on this, how much money do you need to cover you for the potential eventuality you will be closed up to 5 days?

What do you need to consider if you could not access the venue for 5 days?

  • How do you contact your landlord?
  • What do you need from them? 
  • What is their response time/liability etc…?
  • How do you contact all staff?
  • How do you contact your customers?
  • What about those who have planned special events?
  • Do you have a pre-agreed alternative location for those with special events?
  • What are your legal requirements?
  • Who do you need to contact after a flood to get approval you can trade again?
  • What are you insured for?
  • How long will it take to get an assessment and eventual payout? 
  • What happens if a flood/landslide damages assets you can claim for but the payout takes several weeks resulting in a reduced service. 
  • What can you not afford to lose?
  • Can you afford to replace at your own expense and wait for payout? 
  • Where can you source the asset(s)?
  • As the building is not insured for flood, can you afford the potential rebuild costs?

Worst case scenario

Extend that beyond 5 days. Imagine a one in 10-year occurrence or even one in 20 years (worst case scenario). 

What if a landslide occurs and you are closed for health and safety reasons? You may not have an immediate understanding of how long, or if you will ever reopen.

What is the impact then? What can you do? How long can your cash flow last? Are you entitled to compensation/grant? At what point do you close the business?

Now reconsider whether you want to accept the risk based on the location.

Does it fit within your risk appetite? Can you cover 1-2 weeks with no income? Are you happy to accept the risk you may have to close due to no fault of your own?

The decision

Now reconsider: Will you buy into the business given this information?

No? Great okay, apply the same assessment to the next property you see.
Yes? You decide the benefits outweigh the risk. Great okay.  Now:

  1. Ensure that you save up your cash flow ‘buffer’ to cover the chance of 1-2 week outage. Include all of the above: Bills, building repair costs, staff wages, compensation/ returned deposits etc…
  2. Create a plan that includes who you contact and when, create a plan to divert customers to other venues if yours is not available (this may include research on your part and/or get to know your peers). 
  3. Identify the assets you cannot afford to lose. Where can they be purchased/repaired? Are they covered by this type of incident? If not include the cost to repair/replace in your buffer.
  4. Outline and agree your expectations with your landlord/third parties (suppliers and service providers).
  5. Determine the circumstances in which you will make an informed decision to close the business.

Good luck!

ISD Cyber is a Cyber Resilience Consultancy offering services that cut across Business Continuity, IT Continuity, Operational Risk Management, Cyber Security and Privacy.

Contact us today to find out more.