What is a risk register and why should your business have one?

What is a risk register and why should your business have one?

What is a risk register and why should your business have one?

‘Risk is like fire: if controlled it may help you; it uncontrolled it may rise up and destroy you.’

In the present economy with so much uncertainty, having an effective and up-to-date Risk Register could be the difference between staying afloat or going under, says Tony Lawlor FCCA, a business coach with BGCN.

Cash flow remains very much the primary driver for business growth and success but understanding the risks that will stop your business from reaching your targets is an important second goal.

Good risk management can empower your business allowing it to grasp opportunities, meet urgent needs and add value.

What is a Risk Register?

A Risk Register is a document that is used as a risk management tool to identify potential setbacks/obstacles/challenges to a business.

The Risk Register formalises the consideration of risk in a way that enables wider consultation and discussion within management and at Board level. This in turn helps to ensure all significant risks have been suitably identified, assessed, and managed.

Risk Myths

Below are 5 common myths about Risk:

  • All risk is bad
  • Risk management is a waste of time
  • What you don’t know won’t hurt you
  • The risk manager manages the risk
  • All risks can and should be avoided

The first challenge with managing risk is to dispel these myths and be clear within your organisation’s culture that the right attitude to risk management is in place.

More than a compliance exercise

The Risk Register is often viewed as a compliance and reporting activity. This can lead to a negative attitude to the process. The reality is, if managed and communicated correctly, it will be a positive tool to aid planning, forecasting and confidence in achieving targets.

You cannot run a business without taking a few risks (to generate revenue) but likewise to succeed you need to understand the operational risks that may stop or hinder you. These can be financial, cultural, political, geographical, system, resource or other.

Make it manageable

Whilst some businesses fail to have a Register, some are too enthusiastic about it and have too many risks! The Risk Register needs to be manageable. Good practice would be to have less than 8 risks included.

A risk is only a risk if you can do something to mitigate the risk.

For example, Brexit was not a risk to a business. Having to complete more custom declarations to get your product to market and not having the relevant knowledge because of Brexit is the real risk.

Why is it so important to have a Risk Register?

  • If you know something is likely to be harmful to your business, wouldn’t it better to plan for it?
  • Can be very costly if you do nothing
  • Can impact culture and morale by not addressing
  • A problem (risk) identified is a risk managed

What are the steps involved in an effective Risk Register?

Keeping it simple, there are only really 4 steps. 

Risk Register Illustration           

Everything we do in our personal life is about managing risks. When we go on holiday we want to make sure we don’t miss the flight so we consider roadworks, weather, advertised delays, the check-in process and so on when we decide what time to leave home. We need to do the same in our businesses but in a more formal manner.

What information to include on a Risk Register?

Once you have been through the four steps, you can create a register (normally on Excel) showing a table of:

  • Risk – with a detailed description
  • Department / Area – to highlight whether IT, finance, production, people, property and so on
  • Likelihood of it occurring – this could be a scale such as ranging from 1 to show very likely, and 5 to show extremely unlikely
  • Impact if it does happen – again a similar number scale could be used ranging from 1 to show very significant to 5 to show minor impact
  • How to mitigate/manage/avoid the risk – describe the action needed to manage the risk
  • Priority – often a red/amber/green system is used, considering the likelihood and impact factors
  • Owner – each risk needs to have a named owner. And remember this is not the Risk Manager!
  • Status – to show whether open, closed or work in progress

Tony loves a Risk Register! If you need help creating or reviewing your current register, give Tony a call. With his background in accountancy, project management and risk compliance, he is the ideal person to help.

Tony Lawler

Tony Lawlor is all about solutions. With 25 years of experience in finance and operations, his passion is finding the solutions that your business needs to thrive. Working as part of the BCGN Team, Tony works with a variety of clients, in both the private and public sectors.

Specialising in risk, assurance and governance, Tony holds Non-Executive Director positions across different sectors, bringing his wealth of experience and skills to SMEs. Tony is a consultant and coach, an Agile expert, and an accountant. With a strong reputation for enhancing the performance of organisations he works with, Tony loves challenges, finding creative ways to adapt and support people.

With a strong focus on excellent service, Tony uses his skills to connect, understand and work with people at all levels in an organisation, to understand their needs and provide the best solution. Working with SMEs, Tony gets to know the culture, the business ethos and the people to be able to create and help implement a bespoke solution to suit the business’s strategy.

No introduction can be complete without a mention of his grandchildren, a young grandfather, Tony loves to spend as much time as possible with to keep him grounded.