The most common reason for business failure is related to poor risk management- failing to see and proactively respond to the signals of disruption right in front of them. Blackberry, Blockbuster and Kodak all come to mind. While no one could have predicted the nature, severity and global reach of the coronavirus , it’s clear that organizations should include such risk scenarios in future strategic planning discussions. To be successful in business, it is not enough to do what you do well, but you have to also be on the look out for potentially disruptive changes and put plans in place to mitigate potential negative impact.

Business risk is defined as any threat or hazard which prevents or disrupts an organization’s ability to achieve its strategic objectives. Risks may come from both external and internal vulnerabilities. One of the upsides is that once risk is identified, it can almost always be mitigated. Proactive organizations that are strategic about risk management can limit their organization’s exposure to a variety of risks.

Risk assessment is a process to identify and evaluate threats and hazards that could potentially harm a business. It involves considering the types of threats that exist, the assets at risk from the threats, and the potential negative impacts. Companies that define and evaluate the potential disasters and emergencies that they might encounter will have situational awareness at the most hazardous and critical times..

Once the organization has identified and evaluated its critical risks, a decision will need to be made whether to accept the risk and do nothing, avoid the risk entirely or take steps to mitigate the damage.

Risk assessment and analysis is not a one time event. Once the assessment and analysis has been completed, it should be updated at a minimum, once a year. Monitor your organization, customers, vendors and the external environment for changes that may create a new risk or change the ranking of an existing threat.

To ensure this process gets the full attention it needs, It is a good idea for organizations to designate a Chief Risk Office(CRO) . This responsibility may be assigned to a full time employee or be outsourced to a firm such as W.A. Anderson CPA if the technical resources are not available internally.

Smart organizations will invest into identifying and evaluating risks that could damage or close them down entirely ( from environmental risks to reputational risks) and develop strategies to limit their exposure and protect their hard-earned success.