New Risk Standard – How Can SMEs Seize the Opportunity?
There are opportunities for smart SMEs to use the new Risk Management Standard to engage staff, satisfy stakeholders and identify ways to generate new business.
The existing Risk Management Standard AS/NZS 4360:2004 is replaced from 1 July 2012 by a new, and improved, Standard AS/NZS ISO 31 000:2009 (adopted from an International Standard).
For entities that operate in heavily regulated environments (such as Super Fund Trustees, Fund Managers and holders of an Australian Financial Services Licence) the changes are significant because the licensing regime operated by ASIC and APRA links the operating environment to the outgoing Risk Standard AS/NZS 4360:2004.
The changes are also significant for organisations required to maintain a focus on workplace safety (e.g. manufacturers, mining and mining services) – the upside being that application of the Standard should deliver a more robust awareness of the risks associated with operating the business.
The changes to the new Risk Standard deal with the manner in which risk management is addressed. In summary, risk management is:
- integral to organisational processes – it creates and protects value
- part of decision making but must be based on the best available information
- transparent, dynamic and responsive to change, but most importantly, is part of a business’s process of continual improvement
- not an exact science and there will be aspects that are overlooked.
What does the new Risk Standard mean for SMEs?
Risk management is not about hampering business initiatives or avoiding risk. Indeed, in the post GFC environment, awareness and management of risk is paramount to a deeper understanding of your business drivers.
Risk management should be about understanding your operating environment and finding business opportunities by leveraging parts of your business that can withstand a higher risk exposure.
This means plugging risk management into the governance framework that you use to ‘steer’ your company.
Smart SME operators have the opportunity to address the process of managing risk by focusing on governance and identifying ways to generate new business. Indeed, a recent study by Ernst & Young, Turning risks into results – Managing risk for better performance, identified that companies with mature risk management processes generated three times the EBITDA (earnings before interest, taxes, depreciation and amortisation) than companies at the bottom end of the maturity scale.
At the very least, identifying and managing risk will facilitate a more positive response from your key stakeholders.
How to implement the new Risk Standard
Generating a risk framework starts with achieving engagement from staff at all levels of the enterprise.
You could say that it requires a cultural change – in that a culture of awareness of what risks exist within the enterprise will quickly lead to employees taking ownership of the management of those risks.
Too many SMEs adopt an approach that risk management is the problem of the decision maker (i.e. the founder, the executive management team or the Board).
Management of risk starts with your staff. After all they are the ones at the coal face of daily operations and the ones who manage the risks in a business, albeit intuitively and without realising they are actively managing the risks within the enterprise.
The simplest (and most efficient) way to generate a risk profile is to workshop the concept of what risks exist within your business.
You will be staggered not only by what risks staff can identify but more importantly the ideas they will already have for how to reduce these existing risks.
Providing an opportunity to voice their ideas and take ownership of the risk management process is a positive step towards implementing the new regime and starting on the road to cultural engagement.
Once you have staff engagement, the next step is embedding a risk framework into your organisation’s governance. This will help focus decision making on a positive search for opportunities that may have been previously hidden.
The positive in all this is that understanding your risk profile and managing risk (in line with the new Risk Standard) will lead to higher staff engagement, risk mitigation, positive favour from key stakeholders and the potential to identify new business opportunities.
Our guest blogger, governance specialist Philip Anthon, is Principal of Governance Worx Pty Ltd, a leading consultant on governance, risk and compliance issues. Philip is Chairman of a number of Compliance Committees for Fund Management organisations.