The three most common gaps in risk management plans and how to address them

If there is one thing that events of the last few years have taught us, it is to expect the unexpected. For many businesses, Brexit has brought unforeseen disruption to supply chains and hampered access to talent.¹

As if that wasn’t enough, along came COVID-19, accompanied by enforced closures and stay-at-home orders. This led to wide-ranging disruption to day-to-day operations for businesses of all shapes and sizes.

In turn, that has brought into sharp focus the importance of effective risk management . This can help businesses identify potential risks and plan ways to avoid or mitigate them.²

According to our UK SME Risk Report, which draws on responses from 1,300 SMEs across the UK, a review of risk management plans is very much part of businesses’ efforts to adapt to the ‘new normal’.

Businesses Focused on Risk Management Plans

The survey found that:

• Almost half of SMEs (45%) plan to increase spending on risk management.
• A further two-fifths plan to maintain spend at previous levels.
• Just one in ten (11%) plan to reduce spending on risk management.

In the context of the pandemic’s dramatic financial impact on SMEs³ and ongoing economic turbulence,⁴ this is a clear sign that SMEs are prioritising risk management. They are doing so as a means to help them navigate the real uncertainty regarding what the future holds.

SMEs’ Risk Management Priorities

It will be no surprise to learn that COVID-19 related risks feature prominently amongst the priorities for SMEs in 2021. Although more familiar risks remained at the fore too.

Across all SMEs, implementing measures aimed at managing COVID-19 fallout was a priority for almost a third (29%). Meanwhile, a fifth of SMEs (22%) are keen to improve their IT systems and security against cyber risks. Perhaps with an increase in home and remote working in mind. On a more general level, a further fifth (21%) of SMEs are also focused on using risk management to help them navigate the current economic climate. 

The three most common gaps in risk management plans

The news that SMEs are taking risk management seriously is heartening. But our report also found that businesses are very much aware of gaps in their plans. According to the report:

1. A third of SMEs (31%) believe their plans do not sufficiently address the adoption of new behaviours, technologies, and solutions to manage risk.
2. 30% think educating staff on key risk management practices is an important missing link.
3. Moving to formalise risk management or health and safety programmes was cited as a priority for around a quarter of SMEs (28%).

How to address gaps in risk management plans

Addressing gaps in risk management planning comes down to taking an organised approach. This approach spans:

• risk assessment;
• risk elimination and mitigation;
• creating a detailed risk management plan;
• and staff education around risks and risk management.

Risk assessment

First of all, effective and thorough risk assessment is essential. This is about identifying all the risks that could affect a business and understanding the likely impact if the worst should happen. From health and safety in the workplace to external risks like COVID-19, cyber-crime, recession, and supply chain risks and so on.²

Risk elimination and mitigation

From there, the next step is to look at ways to control those risks. Either by eliminating them altogether or where that is impossible, putting in place processes, technologies and solutions to help minimise their impact.²

Risk management plan

A risk management plan will essentially document those risks and risk controls. As well as the steps the business needs to take to respond if any of those risks impacts on the businesses.² It is crucial in enabling businesses to formalise risk management planning.

Staff education

It important however, not to overlook the role of employees in effective risk management. This is the area that is most applicable to SMEs’ risk management gaps. Assigning clear ownership of key risk areas to named individuals and teams could play a vital role in helping SMEs to identify and adopt new risk management behaviours, technologies and solutions.⁶

Similarly, effective and targeted staff training can play an important role in making employees more aware of risk. Both identifying new risks and avoiding known risks. Also, in embedding consistent risk management practices into their day-to-day work.⁶

Sources

1. theguardian.com/uk-retailers-stock-supply-shortages-covid-pingdemic
2. hse.gov.uk/steps-needed-to-manage-risk.htm
3. bankunderground.co.uk/what-do-two-million-accounts-tell-us-about-the-impact-of-covid-19-on-small-businesses
4. commonslibrary.parliament.uk/economic-update-growth-slows-as-uncertainty-rises
5. Marsh Commercial UK SME Risk Report 2021
6. hse.gov.uk/managing/providing.htm