Risk assessment

The purpose of this section of the Business plan is to show that:

  • All the risks involved in the delivery of the business plan have been identified.
  • There is a plan to address them - should they arise - that is based on an assessment of their impact on the plan.

What is Risk?

Risk is defined as uncertainty of outcome - whether positive opportunity or negative threat, of actions and events. Risk has to be assessed in respect of the combination of the likelihood of something happening, and the impact which arises if it does actually happen.

Risk management includes identifying and assessing risks (the ‘inherent risks’) and then responding to them.

Good risk management allows an organisation to:

  • Have increased confidence in achieving its desired outcome
  • Effectively constrain threats to acceptable levels
  • Take informed decisions about exploiting opportunities

Step 1 : Develop a risk management policy

This section of the business plan should outline the result of the risk assessment which can be developed in four steps: If you are already an established group it is likely that you will have a risk managmenet policy in place. However, it could be a document that is not reviewed or implemented! Given the inherent risks (and opportunities) of taking on the ownership or management of an asset, it will be important to review this, or set one up, at the outset. The risk management policy details the approach to risk management in an organisation. It lays out the principles an organisation will follow for managing risk. The policy also outlines the process for managing risk and informs which key personnel are responsible for each element of risk management within the organisation.

Step 2: Identifying risks

All the risks associated with the project should be identified, ideally using a SWOT Analysis (Strengths, Weaknesses, Opportunities, and Threats) or a PESTLE Analysis (Political, economic, social, technological, legal and environmental) with project stakeholders. The risks identified may include the following: 

Step 3: Risk assessment

Potential risks and impacts

Area of risk

Potential impact

Lack of planning, poor decision making

Potential for financial losses
Staff turnover/effectiveness

Poor flow of information
Risk Control, health and safety, contract risks, competition, relationships with suppliers
Poor marketing

Financial losses
Impact on service/sales
Legal action
Staff turnover/effectiveness
Delays to plans

Environmental / External
Government policy/regulation
Commitments of landowners / funders / other partners
Performance of contractors
Lack of planning, systems for disaster planning
Market changes in demand during project implementation
Technological change

Financial losses
Staff skills

Financial assumptions in budgets and estimates are inaccurate
Timing of income assumptions is inaccurate.
Lack of financial management and control procedures

Financial losses
Cash Flow difficulties
Legal action

Legal compliance
Data protection
Race Relations
Health and Safety
Employment Law
Employee pension provision

Legal action
Fines and penalties
Action by regulator(s)

Download this table at the end of the page

Once identified the risks to the proposals in the business plan can be assessed against two questions:

  • How likely is the risk?
  • What will happen if it does occur?

A simple scoring system can be used to decide which risks are the most important to address and agree plans for mitigation. Once this has been done, those which score highest should be addressed first and then all others addressed in turn. Finally you are left with those which are both unlikely and will have limited impact and you can develop a plan to address them should they arise.

Step 4: Risk control - take action

The risk assessment can be developed into a risk control strategy by considering whether each risk to your plans can be addressed by sharing it, avoiding it, managing it or accepting it. Ideally it should be possible to manage all of them.

For example a risk to a project may be reduced rental income due to a high turnover of small business workspace tenants.

This risk can be avoided by either hoping it will not happen or trying to pass it on to the tenants by increasing notice periods for tenancies in letting and leasing arrangements.

This risk can be managed by having excellent credit control and tenant liaison processes so that problems with payments are quickly identified and by developing active waiting lists for tenancies from good publicity and marketing.

This risk can be accepted - on the basis that small businesses have high levels of failure and that the risk is a feature of the business of providing small business workspace.


Related Resources

Risk Management Template

Risk Management Template and Guidance. 

File Risk Management Template.docx