• Decrease text size
  • Increase text size

Categories of risk

There are many examples of risk in small business.

To identify your specific business risks, consider them in categories.

Risk categories should be considered one by one, providing a structured approach to risk identification. This enables greater focus on a particular category, stimulating thought, and increasing the opportunity of identifying a broader range of risks.

Common risk categories are:

  • Financial – includes cash flow, budgetary requirements, tax obligations, creditor and debtor management, remuneration and other general account management concerns.
  • Equipment – extends to equipment used to conduct the business and includes everyday use, maintenance, depreciation, theft, safety and upgrades.
  • Organisational – relates to the internal requirements of a business, extending to the cultural, structural and human resources of the business.
  • Security – includes the business premises, assets and people. Also extends to security of company information, intellectual property, and technology.
  • Legal & regulatory compliance – includes legislation, regulations, standards, codes of practice and contractual requirements. Also extends to compliance with additional ‘rules’ such as policies, procedures or expectations, which may be set by contracts, customers or the social environment.
  • Reputation – entails the threat to the reputation of the business due to the conduct of the entity as a whole, the viability of products/services, or the conduct of employees or others associated with the business.
  • Operational – covers the planning, daily operational activities, resources (including people) and support required within the a business that results in the successful development and delivery of products/services.
  • Contractual – meeting obligations required in a contract including delivery, product/service quality, guarantees/warranties, insurance and other statuatory requirements, non-performance.
  • Service delivery – relates to the delivery of services, including the quality of service provided, or the manner in which a product is delivered. Includes customer interaction and after-sales service.
  • Commercial – includes risks associated with market placement, business growth, product development, diversification and commercial success. Also to the commercial viability of products/services, extending through establishment, retention, growth of a customer base and return.
  • Project – includes the management of equipment, finances, resources, technology, timeframes and people involved in the management of projects. Extends to internal operational projects, business development and external projects such as those undertaken for clients.
  • Safety – including everyone associated with the business: individual, workplace and public safety. Also applies to the safety of products/services delivered by the business.
  • Workplace safety - Every business has a duty of care underpinned by State and Federal legislation. This means that all reasonable steps must be taken to protect the health and safety of everyone at the workplace. Occupational health and safety is integrated with the overall risk management strategy to ensure that risks and hazards are always identified and reported. Measures must also be taken to reduce exposure to the risks as far as possible. See Workplace Safetyfor more information.
  • Stakeholder management – includes identifying, establishing and maintaining the right relationships with both internal and external stakeholders.
  • Client-customer relationship – potential loss of clients due to internal and external factors.
  • Strategic – includes the planning, scoping, resourcing and growth of the business.
  • Technology – includes the implementation, management, maintenance and upgrades associated with technology. Extends to recognising critical IT infrastructure and loss of a particular service/function for an extended period of time. It further takes into account the need and cost benefit associated with technology as part of a business development strategy.

Knowing your risk categories can assist you in risk planning and communicating risk information. They provide a structure for identifying risk and are often initially identified through a brainstorming exercise.

In addition, understanding categories assists business owners to select the best tools and techniques for risk identification and analysis. For example, if a particular risk category is technical in nature, the risk identification methodology used will involve significant research and collection of existing information about risk exposure. A risk category with a more strategic focus, such as commercial risk, may involve a structured workshop or exercise.

Resources

Important

Risk categories should be considered one by one, providing a structured approach to risk identification.