A woman writes down her top three risk management concerns

The three most common gaps in risk management plans and how to address them

If there is one thing that events of the last few years have taught us, it is to expect the unexpected. For many businesses, Brexit has brought unforeseen disruption to supply chains and hampered access to talent.1 As if that wasn’t enough, along came COVID-19, accompanied by enforced closures, stay at home orders and wide-ranging disruption to day-to-day operations for businesses of all shapes and sizes.

In turn, that has brought into sharp focus the importance of effective risk management planning to help businesses identify potential risks and plan ways to avoid or mitigate them.2 Indeed, according to our UK SME Risk Report, which draws on responses from 1,300 SMEs across the UK, a review of risk management plans is very much part of businesses’ efforts to adapt to the ‘new normal’.

Businesses Focused on Risk Management Plans

45% of UK SMEs plan to increase spending on risk management

The survey found that almost half of SMEs (45%) plan to increase spending on risk management, while a further two-fifths plan to maintain spend at previous levels. Tellingly, just one in ten (11%) plan to reduce spending on risk management.

In context with the pandemic’s dramatic financial impact on SMEs3 and ongoing economic turbulence,4 this is a clear indication that SMEs are prioritising risk management as a means to help them navigate real uncertainty as to what the future holds.

SMEs’ Risk Management Priorities

It will be no surprise to learn that COVID-19 related risks feature prominently amongst the priorities for SMEs in 2021, though more familiar risks remained at the fore too.

Across all SMEs, implementing measures aimed at managing COVID-19 fallout was a priority for almost a third (29%). Meanwhile, a fifth of SMEs (22%) are keen to improve their IT systems and security against cyber risks, perhaps with an increase in home and remote working in mind. On a more general level, a further fifth (21%) of SMEs are also focused on using risk management to help them navigate the current economic climate.

The Three Most Common Gaps in Risk Management Plans

While the news that SMEs are taking risk management seriously is heartening, our report also found that businesses are very much aware of gaps in their plans.

According to the report a third of SMEs (31%) believe their plans do not sufficiently address the adoption of new behaviours, technologies and solutions as a means to manage risk, while 30% think educating staff on key risk management practices is an important missing link.

Perhaps not surprising for an SME sector that has traditionally lagged behind larger businesses in risk management,5 moving to formalise risk management or health and safety programmes was cited as a priority for around a quarter of SMEs (28%).

How to address gaps in risk management plans

Ultimately, addressing gaps in risk management planning comes down to taking an organised approach spanning risk assessment, risk elimination and mitigation, creating a detailed risk management plan, and staff education around risks and risk management.

First of all, effective and thorough risk assessment is essential. This is about identifying all the risks that could affect a business – from health and safety in the workplace to external risks like COVID-19, cyber-crime, recession, supply chain risks and so on – and understanding the likely impact if the worst should happen.2

From there, the next step is to look at ways to control those risks, either by eliminating them altogether or where that is impossible, putting in place processes, technologies and solutions to help minimise their impact.2

A risk management plan will essentially document those risks and risk controls, as well as the steps the business needs to take in order to respond if any of those risks impacts on the businesses2 – and is crucial in enabling businesses to formalise risk management planning.

It important however, not to overlook the role of employees in effective risk management – and this is the area that is most applicable to SMEs’ risk management gaps. For instance, assigning clear ownership of key risk areas to named individuals and teams could play a vital role in helping SMEs to identify and adopt new risk management behaviours, technologies and solutions.6

Similarly, effective and targeted staff training can play an important role in making employees more aware of risk - both identifying new risks and avoiding known risks – and in embedding consistent risk management practices into their day-to-day work.6

For more details on managing risk for your industry, visit our Real Help Hubs.



1. theguardian.com/uk-retailers-stock-supply-shortages-covid-pingdemic
2. hse.gov.uk/steps-needed-to-manage-risk.htm
3. bankunderground.co.uk/what-do-two-million-accounts-tell-us-about-the-impact-of-covid-19-on-small-businesses
4. commonslibrary.parliament.uk/economic-update-growth-slows-as-uncertainty-rises
5. Marsh Commercial UK SME Risk Report 2021
6. hse.gov.uk/managing/providing.htm