Monday 17 June 2013

Risk Management

All businesses are subject to risk and our business as writers is no exception. These days, risk management has become a huge topic: the subject of whole books; the purpose of entire corporate departments; and the originator of reams of documents and forms. However, that’s not the approach we’re going here.  We’re just going to think for a while about possible risks and how we would deal with them. Once we’ve done that, we can forget all about it. If the risks never materialise, we’ve lost maybe an hour or so of our time. If the worst does happen, we will know what to do and will be less phased by the problems, whatever they may be.
Risk management is actually a three-part process; whatever our business, risks have to be identified, assessed and managed. In our writing business, they might include:

·       risks of under-resourcing

·       health and safety risks

·       credit risks

If we work on our own, and we get sick or we have too many projects to complete (and wouldn’t that be a nice problem to deal with?), we could lose customers through being unable to work.  What about the situation where two important book fairs are scheduled for the same day. We can't split ourselves into two. These are risks of under-resourcing.

There is the risk we might be injured on a customer's property or a customer might be injured on our property.  These are health and safety risks.

There is the risk that our customer might default on payment.  This is a credit risk.
 
As business people, we need a risk management process for two reasons:

·       We think about potential risks in advance and put contingency plans in place, allowing us to get on with business, without worrying about things going wrong.

·       It may be a regulatory requirement, especially health and safety risk assessment and government or local officials may wish to see evidence of our risk assessment process.

Enterprise Risk Management Process

With so many different types of risks to consider, it is not necessary to address each one in a different way.  What is required is an enterprise risk management approach, where risk management becomes part of 'the way things are done around here'.  We have a generic risk assessment process, flexible enough to fit all circumstances and a simple risk assessment form covering the four stages of the process (and when I say simple, I’m thinking of a blank piece of paper on which we write down our thoughts and conclusions; it really is that simple).

Stage 1: Checking for Hazards

A hazard is a reality — something already existing.  Cables stretched across the floor; a dangerous chemical used as part of the job (and yes, I know the most dangerous chemical a writer works with is probably typex, but bear with me; it’s just an example!); or a customer who is having financial difficulties. Each of these is a hazard we might come across.

Stage 2: Identifying Risks Associated with Those Hazards

A risk is something that might happen.  Someone might fall over the cables; chemicals might splash in someone's eye; the customer might go bust before paying our bill.  They are possibilities, not certainties.

Stage 3: Assessing Probability and Severity

Probability deals with how likely something is to happen.  If the cable is at the front of the office and people are continually walking through the area or across the walkway at a busy book fair, the probability of someone falling over them is greater than if they are in a back office or behind a stall where people rarely go.

Severity deals with how bad are the consequences of a risk becoming a reality.  If someone gets a paper cut from one of our books, the severity is low (although paper cuts do sting, don't they?). On the other hand, if a chemical splashes in someone's eyes, it could blind them or at least stop them working for a time, so the severity is much higher.

Probability and severity are considered separately, since they are independent of each other. For example, the severity of chemicals splashing in someone's eyes is high, but the probability is much lower in our writing business than in a chemical factory (and now you see why I needed that example in my list). If we were running the factory, we would need to install eye bath stations, or maybe even showers, against the risk of chemical burns. in our writing business, that's not a measure we're likely to have to take. Having said that, it's important to make sure the top is tight on the typex bottle before giving it a good shake.

Stage 4: Avoiding, Eliminating or Mitigating Risks

Once we know the size of the potential problems, we can decide what to do about them.  We might decide that the cable should be rerouted or a sign be put up to warn people to be careful (avoidance of risk).  We would ensure that anyone working with the chemical wears eye protection (elimination of risk).  We might take out insurance against defaulting customers or insist in payment in advance (mitigation of risk).

Example

As writers, one of the greatest risks we have relates to storage of our files. After all these files contain our work in progress, our finished products, our orders, our financial records; in fact pretty much everything we need to run our business. So let's do a quick risk assessment.
 
A hazard could be that we store all the files relating to our business on one single computer or laptop. That is a fact.
 
A risk would be that the computer suffers a fatal break-down and all our files become corrupted or lost. That is a possibility.
 
The probability will depend on a number of factors such as the age of the computer, the storage method we are using or the nature of the computer problem.
 
The severity of the problem is such that I can feel you all shuddering from here!
 
So how do we manage this very real risk to our business as writers? It's highly unlikely that we can eliminate the risk altogether. Computers do break down, often at the most inconvenient time. I lost my machine some years ago, just a week before I was due to deliver a manuscript to my publisher. It was at the time when we were migrating from Word 2003 to Word 2007; the whole look of the thing changed and I needed to learn how to use the new software while finishing the final edits. It was not a good week! 
 
So if we can eliminate, we must mitigate or avoid the effects of the risk. That might be by using an external drive that can be removed from the machine and stored elsewhere; by making multiple back-ups regularly; or by using a cloud-based storage system like Drop Box. Once we have these systems in place, and we know they are working well, we can forget about them until or unless the worst happens. And if it does, it will be a mere inconvenience, rather than a disaster.
 
Summary

Risk management doesn't have to be daunting.  All it takes is a bit of thought, a generic step-wise process and a simple risk assessment form.  It’s worth spending an hour thinking through the risks in our business and planning what we would do if a risk became a reality. Then we can put it to one side and get on with what we really want to do: our writing.

No comments:

Post a Comment