On 4 December 2016, a man arrived at a Washington DC pizzeria armed with an assault rifle. Police reports tell how Edgar Maddison Welch stormed into Comet Ping Pong and “pointed a firearm at … an employee of the restaurant”. Welch, who was taken into custody and charged with assault with a dangerous weapon, subsequently told police that he was there to self-investigate ‘Pizzagate’, the fake news story that had begun a few weeks earlier and gone viral amid claims that the restaurant was at the centre of a paedophile ring involving Hillary Clinton and her inner circle.
It’s an extreme example of a business being impacted by events that it could not have anticipated, but indicative of the increasingly unpredictable risks at play today. While many business owners take for granted that they’re aware of the risk factors that could threaten their business, organisations need to ensure that risk is regularly assessed at boardroom level, and appropriate strategies formulated.
Paul Hopkin, Technical Director at the Institute for Risk Management, says: “When your business model is fairly well established, you should know your operational risks and become more explicit about risk management. If you’re operating in and sending people to some unstable parts of the world, for example, you may need professional risk management advice on your health and safety and security arrangements. If you’re heavily dependent on cyber capability, you need to be very thoughtful about the risks you’re running. It’s not good enough to think, ‘Our internet service provider doesn’t let us down often, everything will be fine.’”
Top down, bottom up
So how does a business begin to formulate a risk management strategy? The first step, Hopkin believes, is acknowledging the reality of risk and identifying vulnerabilities.
“The analysis of your dependencies is one of the routes into risk management,” he says. “What physical assets and communications do we depend on and who do we depend on in terms of members of staff, suppliers and contractors? How do these dependencies underpin our business model and how we make money? And that then leads you into the next question, which is how vulnerable are those dependencies? And the more vulnerable they are, the higher the level of risk management you need to apply.”
All businesses should ask these questions and formulate appropriate responses, Hopkin says. “If you think you don’t need to consider risk management, you’re probably being a little cavalier in your approach. How would you cope if it all went wrong? In these days of social media, how likely are you to be rubbished as the crisis is developing? Organisations should explicitly ask the question: ‘Who is out to get us?’”
Threats come not just from competitors or malicious online conspiracy theorists, but from parties who are in theory there to support the business. “They can be regulators, or the people who give you finance,” Hopkin says. “They may not be out to get you per se, but stakeholders can cause considerable grief, disruption and cost and be very unforgiving indeed if things go wrong.”
Worldwide political change is top of mind for many business owners as we enter 2017. Depending on the nature of your business, this could affect you in different ways. An oil company could be at risk of having its assets seized or coming under terrorist attack. Any global business faces threats from changing trade barriers, supply chains and laws governing migration of labour. And small businesses need to be just as well prepared as large ones. Hopkin cites the example of a kitchen supply company responding to exchange rate fluctuations following Brexit by changing its T&C structure.
“Quotes that used to be valid for a month are now only valid for two weeks,” he says. “They might not describe that as a risk management strategy, but I do. Political instability translates into changes in circumstance that are relevant to you – not just a vague feeling that ‘We must put Brexit into our risk register.’ That doesn’t get you anywhere.”
One often-overlooked aspect of risk management is that it’s not only a defensive strategy, but one that can actively benefit your business, Hopkin points out. By understanding risk better than your competitors, you can take calculated risks that will benefit your business. Insurance companies can quote rates based on their knowledge of flood risk, for example, that undercut their competitors – and that’s good for business.
“There’s an upside to taking risks – an element of a business thinking, ‘I can take this risk because I can manage it better than my competitors, and I see an opportunity that they’re scared of,’” he says. “It’s about being smarter – not more reckless – because you recognise the risk. Risk is not something to run away from – it’s also something to embrace in circumstances where you understand it.”
The opinions expressed by third parties are their own are not necessarily shared by St. James’s Place Wealth Management.