The purpose of this section of the Business plan is to show that:
- All the risks involved in the delivery of the business plan have been identified.
- There is a plan to address them - should they arise - that is based on an assessment of their impact on the plan.
What is Risk?
Risk is defined as uncertainty of outcome - whether positive opportunity or negative threat, of actions and events. Risk has to be assessed in respect of the combination of the likelihood of something happening, and the impact which arises if it does actually happen.
Risk management includes identifying and assessing risks (the ‘inherent risks’) and then responding to them.
Good risk management allows an organisation to:
- Have increased confidence in achieving its desired outcome
- Effectively constrain threats to acceptable levels
- Take informed decisions about exploiting opportunities
Step 1 : Develop a risk management policy
This section of the business plan should outline the result of the risk assessment which can be developed in four steps: If you are already an established group it is likely that you will have a risk managmenet policy in place. However, it could be a document that is not reviewed or implemented! Given the inherent risks (and opportunities) of taking on the ownership or management of an asset, it will be important to review this, or set one up, at the outset. The risk management policy details the approach to risk management in an organisation. It lays out the principles an organisation will follow for managing risk. The policy also outlines the process for managing risk and informs which key personnel are responsible for each element of risk management within the organisation.
Step 2: Identifying risks
All the risks associated with the project should be identified, ideally using a SWOT Analysis (Strengths, Weaknesses, Opportunities, and Threats) or a PESTLE Analysis (Political, economic, social, technological, legal and environmental) with project stakeholders. The risks identified may include the following:
Step 3: Risk assessment
|
Potential risks and impacts |
|
|
Area of risk |
Potential impact |
|
Management/Governance |
Potential for financial losses |
|
Operational |
Financial losses |
|
Environmental / External |
Financial losses |
|
Financial |
Financial losses |
|
Legal compliance |
Legal action |
Download this table at the end of the page
Once identified the risks to the proposals in the business plan can be assessed against two questions:
- How likely is the risk?
- What will happen if it does occur?
A simple scoring system can be used to decide which risks are the most important to address and agree plans for mitigation. Once this has been done, those which score highest should be addressed first and then all others addressed in turn. Finally you are left with those which are both unlikely and will have limited impact and you can develop a plan to address them should they arise.
Step 4: Risk control - take action
The risk assessment can be developed into a risk control strategy by considering whether each risk to your plans can be addressed by sharing it, avoiding it, managing it or accepting it. Ideally it should be possible to manage all of them.
For example a risk to a project may be reduced rental income due to a high turnover of small business workspace tenants.
This risk can be avoided by either hoping it will not happen or trying to pass it on to the tenants by increasing notice periods for tenancies in letting and leasing arrangements.
This risk can be managed by having excellent credit control and tenant liaison processes so that problems with payments are quickly identified and by developing active waiting lists for tenancies from good publicity and marketing.
This risk can be accepted - on the basis that small businesses have high levels of failure and that the risk is a feature of the business of providing small business workspace.
