What is a risk and how do I use a risk register?

Risks are part of everyday life and when identified within a business it can usually go one of two ways, usually the wrong way in my experience. If you’re reading this blog article its probably because you’ve heard about risks and are looking to see how you can identify, plan and recover from a risk related incident.

What is a risk?

Before we go any further, we need to understand what a risk is. According to Wikipedia, a risk “is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value, often focusing on negative, undesirable consequences

Risks and successful business operations do not go hand in hand, if you haven’t identified all your risks that may impact your business you may not survive the fall out.

How do I identify?

Identifying your problematic areas  is probably one of the hardest parts of this process, you need to sit back and think about every possible aspect of your business and see what could happen, no matter how unlikely it may happen.  If there is a small change that something may cause impact to your business, you should highlight it.

You should think about your business, customers, suppliers, partners, utility providers, security and the list goes on.  Have a look around your office, your building and the processes for your day-to-day running.  To put it in perspective, did you think that there may be a possibility of a pandemic ever happening? Did it affect your business? If the answer to this is yes, this is a risk.

What about windows, or doors, are these secure? Do you have filing cabinets? Are they lockable? Are they locked?

Hopefully by reading this article you are starting to understand that you need to look at all areas of your business and write them down. This process is all about identification and asking yourself questions.  Will x impact my business, what about y and so forth. But not only do you have to write them down, you then need to identify how likely it is going to happen to your business, what the cost impact will be to the business, and more importantly, how do you reduce or remove the risk from happening.

Remediation?

Once you have identified all your risks to the business, and there will be more as time goes on, you need to look at how you can remediate the risk.  This stage is about, how do you reduce, or if possible completely remove the risk from every happening. This could be introducing new technology or processes, adding more security or using a different supplier.

For an example, lets say we’ve identified a account supplier who provides an accountancy software package to us. They currently store the data in another country to where we are based and have recently suffered a data breach. This affects you and your customers, partners and employees so you need to make sure this doesn’t happen again.  What do you do?

For this example, we would look at another provider, who stores information in the same country, but also has more security protection.  Maybe they have ISO 27001, more security measures etc.

How do I log them?

Now that you’ve identified and looked at ways to reduce the overall risk by either reducing it or completely remove it, you now need to record the information, but how do you record this? This is where a risk register comes into play. A register can be an excel document, a word document anytype of recording. However, the more efficient way would be recording it in an excel document, for smaller companies.

The risk register records the risk, what the risk is, who owns it, how much it may impact the company, how to reduce the risk and any documents associated to the risk.

A register is a living document, you shouldnt just record the risk and then leave it, you should look at your register all the time and update the findings are they change.

To help you on your way, we have a template one you can use, you can view it here.

We’ve also uploaded a video to our YouTube channel which goes through this process in more detail, this can be found here: https://youtu.be/jxjjy2ZsgNk