When studying modern mass marketing techniques, they tell you to write at a 6the grade level. To that end, here we will attemptto break down a complex process to its simplest forms.
Things can and do go wrong in a business. These are risks. Risks can be internal to the company and external. There are many different classifications of risk but for the purposes of this article, we will mainly focus on just three types of external risk:
A risk assessment asks two questions:
1. How likely is this hazard to happen and cause impact to my business?
2. How prepared am I to deal with this hazard?
Some risk assessments will have you assign numerical values but we are going to keep this simple and go with a High, Medium, or Low ratings to answer both of these questions.
1. Look at each hazard in the list below
2. Rate the likelihood of each hazard to impact your business as High, Medium or Low.
3. Then, rate your level of preparedness or “mitigation” for each hazard.
Example: If you own a restaurant, your risk of structure fire will likely be High. If you have proper fire suppression, sprinklers, smoke detectors, fire extinguishers, and training then your level of preparedness will also be High.
Finally, look for any differences between the risk and mitigation for hazards. If the risk is higher than your level of preparedness, you should do something about it. Write your plans in the Notes column.
Here is an example of a vehicle repair shop in California:
Review the results of your risk assessment with the owner, operations manager, HR staff and insurance agent to help identify additional gaps in preparedness. You should assign someone in your company to take the list of improvements identified, prioritize them and begin putting in place upgrades, changes or changes in policies and procedures to help reduce the damage that disruptions can pose.
If you want to take your risk assessment to the next level, then develop a Business Continuity Plan from Tempest Risk Management. These ISO22301 compliant plans will be your guide to recovery following a business disruption and are tailored to each individual business.
Many clients Tempest Risk Management works with need help with developing policies and procedures that demonstrate compliance within a regulated industry. So how does one go about writing policies and procedures for a company that hasn’t even opened it’s doors? While this can be a tricky process to navigate, often requiring several revisions of the policies and procedures, here are some best demonstrated practices that we have found can help produce the documents that regulators are looking for.