Managing risk in SME’s enables them to improve performance, accelerate growth and create sustainable long-term value. In addition, SME’s can also minimise losses and avoid catastrophic disruptions if they manage risk effectively and efficiently.
All businesses and organisations implement strategies to achieve its goals and objectives. The achievement of such goals and objectives produces many benefits such as inter alia:
- Growth in revenues and market share
- Increased cash flows and easy access to funding and capital in the markets
- Streamlined and productive operations
- Good reputation and brand equity
- Motivated and competent staff
- Satisfied and happy customers
- Strong and healthy relationships with stakeholders
- Sustainable competitive advantage
- Agility that enables it to respond effectively to change.
However, the pursuit of objectives and goals are accompanied by many risks. The success of businesses and organisations, including SME’s, in achieving their strategic goals and objectives is dependent on how effectively and efficiently they manage risk. Moreover, in order to accelerate growth and create sustainable long-term value, SME’s must proactively and optimally take on more risks, subject to their risk appetite. In other words, SME’s must determine whether the pursuit of goals, opportunities and objectives are worth the risk, whether the benefits will exceed the cost of the risks and whether the business has the competencies, resources and capabilities to mitigate the risks.
Example of how SME’s can manage risk
The current business environment requires that businesses must embrace digital transformation, i.e. to digitalise its operations in order to satisfy new customer demands, offer new products and services, automate processes, systems and operations to boost the quality of products and services, reduce cost, increase efficiencies, build agility and improve communication with customers, staff and other stakeholders, etc. However, the pursuit of such a digital strategy comes with a high likelihood of cyber-attack risks in the form of data breaches, ransomware, viruses, locking of systems, etc. The consequences and impact of such risk, if not adequately mitigated, are disruption of operations – like the widely publicised disruption of IT systems of Transnet due to cyber-attacks -, poor customer services, payment of ransom money, theft of data and intellectual property – Standard Bank recently had a data breach where customer records were exposed – and other assets, damage to reputation and brand, etc. Therefore, it is in the SME’s best interest to identify risk and mitigate the impact of such risk. The benefits of managing this risk will far outweigh the cost of the risk.
Strategies to mitigate risk
SME’s must develop comprehensive strategies to mitigate identified risks. For cyber-attack risks, this includes developing and updating security policies, acquiring resources to identify, prevent, and control cyber-attacks, training staff on cyber risk awareness, and implementing password controls. To mitigate financial risks, SME’s should maintain robust financial controls, conduct regular audits, and ensure adequate cash flow management. For operational risks, strategies include streamlining processes, ensuring equipment maintenance, and having contingency plans. Addressing market risks involves staying informed about market trends, diversifying products and services, and maintaining strong customer relationships. Effective risk management requires a holistic approach, integrating these strategies into the overall risk management plan to ensure resilience and sustainable growth.
Responsibility of management
The management of SME’s is ultimately responsible for the identification and management of risk. Therefore, SME’s must develop and nurture a risk consciousness culture. Risk management must be infused in strategic planning, decision-making, problem-solving and the day-to-day management of operations. SME’s must at all times be aware and sensitive to all risks in the business. However, risk cannot be efficiently mitigated without knowing and understanding it adequately, with devastating consequences when failing to know and understand risks that the SME’s are exposed to.
In addition, SME’s must develop and implement a structured and robust process and methodology that enables it to identify strategic, operational, financial, compliance and other risks. The outcome of such a risk management methodology is a risk register that sets out major identified and measured risks, action plans and the timing to mitigate such risks as well as the persons responsible for the implementation and outcome of the action plans. The risk register must be regularly updated as risk constantly arises and changes in organisations. Such a risk register should become a top agenda item in executive committee and management meetings.
Structured risk management methodology
A structured risk management methodology is a documented serious of steps, processes, systems, procedures, techniques, team roles and responsibilities and policy to enable management to identify, measure and assess risk, and develop robust actions plans to mitigate and manage enterprise risk. Senior-, middle-, and lower management must fully participate in the risk management process as risks exist on all levels and has an effect on the business as a whole. A typical risk management methodology consists of the following summary steps:
- Management must formulate organisational goals and strategic objectives,
- Risks that will hinder the achievement of these goals and objectives must be identified and prioritised,
- Assessment /evaluation of the identified major risks in terms of impact/potential loss and likelihood/probability of occurrence,
- Identification of key, high-level management initiatives and controls to rely upon to effectively manage the identified major risks,
- High-level assessment of the perceived control effectiveness of the key, high-level management initiatives and controls currently in place,
- Development and implementation of potential high-level actions / initiatives to improve the control and management of the identified risks, and
- Assigning a risk owner to the implementation of the risk mitigation action plans.
This methodology will give rise to a risk register that must be communicated, implemented and monitored on a regular basis.
Examples of areas where risk must be managed
The following are key risk areas in SME’s that must be monitored, assessed and managed on a regular basis:
- Customer services
- Marketing and sales
- Reputation and brand
- Competition
- Market
- Financial stability
- Credit, cash flow, interest rates and foreign exchange
- Assets
- Financial structure
- Reporting
- Business and financial controls, systems and processes
- Regulatory / Statutory / Legal
- Fraud and theft
- Human resources
- Operational
- Technical and technological
- Intellectual properties
- Information technology
- Information integrity and reliability
- Cyber attacks and security
- Business continuity
- Change management
- Health and safety
- Buying or selling a business or business interest
- Stakeholders
- Political
- Social
- Economy
- Environmental
Poor risk management in SME’s is linked to high failure rates
Small- and medium-sized enterprises (SME’s) are seen as a panacea to South Africa’s growing unemployment. The National Development Plan forecasts that 90% of the 11m new jobs will come from the SME sector by 2030. However, research data shows that this may not be the case as the SME sector’s share of this new jobs growth in the private sector is disappointingly low.
SME’s are also expected to contribute significantly to the country’s GDP as approximately 95% of businesses consist of SME’s, like in other countries. The National Development Plan also forecast that by 2030, SMEs will contribute 60% to 80% of the GDP. In contrast, SME’s actual contribution to GDP in SA is disproportionately low, according to the research data. This situation is as a result of the exceptionally high failure rate of SME’s. Between 70% – 80% of SME’s do not survive passed the first 5 years. Amongst the key reasons cited for this high failure rate is the lack of appropriate business skills and knowledge, according to a survey report of The SA Institute of Chartered Accountants.
Poor risk management is invariably linked to the high failure rate amongst SME’s. However, the effective and efficient management of enterprise risk management may enable SME’s to overcome this high failure rate. Unfortunately, effective risk management is among the key competencies that SME’s lack. Therefore, the development of risk management skills and using such skills may go a long way in enabling SME’s to improve performances, accelerate growth and create sustainable long-term value for its stakeholders, as well as minimise losses and preventing small problems to escalate into crises.
About our company
Our company, Bethanie Management Consulting CC, has the expertise, experience, resources and capabilities to enable SME’s and large businesses to facilitate the management of enterprise risk, thereby accelerating growth and creating sustainable long-term value.
Benefits: Clients achieve a comprehensive understanding of their risk landscape, enabling proactive management and mitigation strategies that support strategic objectives.
Why Choose Us: Our expertise extends beyond financial risks to include operational, strategic, and reputational risks, providing a 360-degree view of your risk profile.
You may download our business profile by clicking here.
Contact us
Please call us at 011 042 9768 or 072 296 1281 (Virgil). Or chat to us on WhatsApp. You can also email us at virgil@bethanieconsulting.co.za. Or you may contact us by completing our online form for a call back.