The following highlights the obvious risk areas, but other areas of risk may exist depending on the type of business and market place.
Finance
Risk Opportunities
Not enough start-up funding, negative cash flow, theft, improper accounting, taxes, investments, weak market
Risk Sources
Accounting, management, customers, employees, the economy, poor corporate structure
Technology
Risk Opportunities
Unsecured corporate data, unsecured customer data, theft, knowledge loss, hardware theft, software theft, viruses/malware/spyware, data loss, hardware productivity loss
Risk Sources
Accounting, management, customers, employees, the economy, poor corporate structure
Marketing
Risk Opportunities
Lack of viable market research to support sales projections, lack of a market for product/service, economic conditions, sales capabilities, poor market strategies
Risk Sources
Lack of a marketing plan, lack of market research, the economy, poor sales strategy or sales execution, poor product/service positioning, lack of planning
Management
Risk Opportunities
Poor leadership, no clear direction, employee discord, lackluster sales, theft, business failure, business growth
Risk Sources
CEO, board of directors, advisory board, employees, market, economy
Employees
Risk Opportunities
Theft, “brain drain,” missed deadlines, product flaws, vendor relationships, information leaks, lost productivity
Risk Sources
Employees, employee buy-in, employee representation
Disasters (natural or economic)
Risk Opportunities
Inventory loss, facility loss, data loss, man power loss, market decline, economic recession/depression
Risk Sources
Natural disaster (flood, tornado, hurricane, fire), Economic recession/depression, manmade disaster
Business risk can also be categorized in the following manner
FINANCIAL
Monetary Funds
STRATEGIC
Goals of the Organizations
OPERATIONAL
Processes that Operationalize Goals
COMPLIANCE
Laws and Regulations
REPUTATIONAL
Public Image
Risk Mitigation
Risks in business can be eliminated, accepted, transferred or mitigated. Every business must address risk management at some point early in the planning and start-up phase of the business. Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Generally, most methods of risk mitigation consist of the following elements, performed, more or less, in the following order.
- Identify, characterize, and assess threats
- Assess the vulnerability of critical assets to specific threats
- Determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
- Identify ways to reduce those risks
- Prioritize risk reduction measures based on a strategy
Risk management should:
- Create value
- Be an integral part of organizational processes
- Be part of decision making
- Explicitly address uncertainty
- Be systematic and structured
- Be based on the best available information
- Be tailored
- Take into account human factors
- Be transparent and inclusive
- Be dynamic, iterative and responsive to change
- Be capable of continual improvement and enhancement