<img height="1" width="1" src="https://www.facebook.com/tr?id=260954267578739&amp;ev=PageView &amp;noscript=1">

How to Create a Risk Management Plan and Business Impact Analysis

By Jacob Haney - March 15, 2018


Image rights owned by Research Optimus, author of this article. 

Small business owners cannot possibly eliminate all of the risks to their business. It’s a fact that highly successful entrepreneurs learn to accept. What we can do is minimise it through proper planning. Having a risk management plan in place will help you steer clear of potential risks before they become a big issue. The best risk management plans include the right tools, proper analytical strategies, and a business impact analysis to keep a keen eye on risks. Start 2018 on the right track by creating a sound risk management plan.

DOWNLOAD PDF: Benefits of Strategic Planning Meeting1. List All Potential Risks

Make sure to include every risk, including small ones. Be sure to write them all down. You can use tools to help you find every possible risk. Ask as many “What If” questions as you can think of. Some examples would be:

  • What if you lost power for several hours/days?
  • What if the internet went down for a week?
  • What if a fire burned down your main office?
  • What if your server crashes?
  • What if a natural disaster hit your city?

There are a countless number of “What If” questions.

2. Categorise the Risks

Once you have created a list of potential risks, it’s time to analyse the likelihood that those scenarios will actually happen. This needs to be combined with the impact of a risk to identify overall risk level. The common formula is as follows:

Overall Level of Risk = Likelihood x Impact

Use a scale of 1 to 4 to label each risk, with 4 being the highest. Overall Level of Risk would be set on a scale ranging from 1 to 16.

  • 1-4: Very Low Risk.
  • 4-8: Fix within 3 months.
  • 8-12: Fix within 1 month.
  • 12-16: Fix immediately.

Let’s use a server crash as an example. We will assume that the company does not have a data backup plan in place.

Server CrashHow to Create a Risk Management Plan and Business Impact Analysis

Likelihood = 3 (happens once per year on average)

Impact = 4 (losing your data would be catastrophic)

Overall Level of Risk = 12 (4 x 3) Fix immediately!

This example is a high priority risk that should be corrected immediately.

3. Evaluate and Treat Risks

Now that you have an overall level of risk for each item, you will need to evaluate and treat them. As you might imagine, a business running the risk in our example above would be well-advised to fix the problem immediately. A data backup plan would reduce the impact of the risk from 4 to 1, leading to an overall risk level of 3 as opposed to 12. A huge difference!

My point is that you want to start treating high priority risks first. Create a schedule and plan of action for treating these risks. Consider the following:

  • Treatment Method
  • People Responsible
  • Costs
  • Benefits
  • Ways to Measure Treatments

When dealing with risks, you have one of five choices:

  • Avoid the risk
  • Reduce the risk
  • Transfer the risk
  • Insure the risk
  • Accept the risk

4. Measure and Analyse Risks

There are a lot of tools out there that can be used to help monitor risks, but most entrepreneurs will want to create their own spreadsheet. Include all of the information collected up to this point, along with the risk control methods that are being implemented to track each corrective action. Using our example above, you would probably want to include a section with information being used to back up your data.

Risk cannot be avoided so all you can do is change its potential impact. Every time you update your risk management plan, you will also need to create a new business impact analysis.  


About to move through the strategic planning process?
Learn about assessing risks, scenario planning and more with our starter kit:

Take our course on creating a clear strategic plan

Our readers' favourite posts