Close this search box.

Identifying and managing business risks: the benefits of good planning

Success of a business is ultimately measured by its profit and its ability to generate a return for its owners or shareholders.


Failure to manage risk can have major consequences for a business, whereas appropriately identifying and managing business risks allows a business to avoid or moderate risks that will negatively impact the business and more importantly, understand which risks are worth taking in order to achieve or exceed business objectives, create opportunities and out-perform competitors.


In this article we discuss the benefits of implementing appropriate risk management strategies, what managing risk in business means, the areas of risk your business should consider addressing, some key risks in the current business environment, and look at some simple but important things that businesses fail to do.  


What are the benefits of implementing risk management strategies in your business?

Risk management contributes to improved business performance and achievement of objectives by:

  • Enabling informed decision making;
  • Helping a business plan for the future by anticipating potential threats and opportunities;
  • Improving operational outcomes by minimising losses, maximising gains and optimising resources;
  • Providing a business with a competitive edge through understanding the market and avoiding the pitfalls within it;
  • Creating a safe and desirable workplace that attracts and retains the people that the business needs to perform at its best; and
  • Supporting good governance to avoid legal issues and disputes.


What does identifying and managing business risks mean?

Risk is the chance of something happening that will have an impact upon objectives. Risk arises out of uncertainty and is the exposure to the possibility of such occurrences as economic or financial loss or gain, physical damage, injury, or delay, as a consequence of pursuing or not pursuing a particular course of action.


Managing risk in business is a process that should be integrated into the planning and operational activities of a business. It begins with identifying risks and thinking about what could go wrong, why or how it might happen, and what the consequences might be.


Risks are then evaluated by considering the likelihood and impact of all risks and based on severity ranking them for treatment, then finally, deciding what action needs to be taken to reduce or prevent the risks. For example, if a business identifies it does not have sufficient cyber security, then a project to address this deficiency will be included in the operational plan.


A business should then monitor the effectiveness of the risk treatments, make any necessary adjustments, and regularly repeat the process by identifying any new or changed risks.


What areas of risk should be addressed in a business and why?

Where do you start when it comes to identifying risk in business? There are some critical areas of a business that should get some attention when it comes to analysing what may impact objectives.



Not having an effective strategy or not executing it properly can result in loss of market share, competitive advantage and profitability.



Ineffective resourcing and management of processes, systems, people, and their interaction with the external environment can result in costly inefficiencies, inferior products or services, errors, accidents, cyber incidents, damage to assets, and poor staff retention.



Not enough capital, liquidity or cashflow to meet financial obligations or goals can result in loss of investment, debt, insolvency, and bankruptcy.



Events that create a negative view of the business can result in loss of loyalty, trust and market value.



Not meeting internal standards or not complying with relevant legislation can result in loss of customers, lengthy disputes, fines, revocation of licences and legal action.


What are some of the key risks in our global business environment?


In an annual survey conducted by Allianz, cyber incidents and business interruption have ranked the highest as global risks for the sixth year in a row ( with the release of the 2023 report in January.


Regardless of the size of your business or your place in the market these risks should be top of the list when it comes to identifying where your business may be vulnerable. Cyber Incidents themselves are one of the leading causes of business interruption and are therefore a serious business risk, not just an IT issue. Something as simple as lost data can have significant impact on day-to-day business, and major cybercrime can impact long-term viability.


In addition to financial losses, there are serious legal implications for businesses where they fail to adequately protect personal data and it is accidently or deliberately compromised. Business can be heavily fined, or face legal action where the loss of data has undermined the right to privacy or affected someone else’s livelihood. 



Cyber incidents and business interruption still sit in the top four concerns for Australians; however, the risk of natural disasters ranked the highest in the 2023 Allianz survey responses from Australian businesses. Not surprising given what the weather has thrown at us over the last few years, and the massive impact it has on lives and businesses.


The risk of natural disasters should also be high on the list to consider how your business would be affected by the fallout from these “surprise” events, such as supply chain disruption, loss of access to physical premises, loss of premises or people, or decreased spending in the marketplace – depending on your business structure.  


The Small Business Natural Disaster Preparedness and Resilience Inquiry (2022) | ASBFEO found that only 1 in 4 small businesses have a business continuity plan. Obtaining sound legal and financial advice as part of risk planning for natural disaster can mitigate the risk of it becoming a business disaster, particularly post event, where the legal risks intensify due to the unknown.


Going Back to Basics – Where do businesses fail to manage risk?  

At the other end of the scale there are a myriad of risks related to common business management practices, that if mismanaged, can still have significant consequences.


As risk and dispute resolution lawyers, we touch on some key practices that are often managed badly or not considered at all. As the saying goes, “you don’t know what you don’t know”, so good risk management should start with good advice.   



Competitors who already have their employment strategy worked out are offering extraordinary incentives, and with the cost-of-living rising, employees are demanding higher wages. COVID instilled a sense of freedom in employees when they were unleashed from their desk in lockdown. Flexibility is the new buzzword on the block replacing work/life balance. Side hustles have become so mainstream they supplement household income. Residential housing crisis add to the pressure and everywhere you turn people are asking “Where have all the good employees gone?”.


It is time to think outside the box on this one – every day we hear stories of good businesses being unable to open or delivering inferior service because of an inability to attract or retain the right staff.



Sometimes people commence Court proceedings to recover a debt, and do not want to cut a deal because they believe, and often they are, legally entitled to the full amount of what they are seeking.


As admirable as that cause might be, Court proceedings bring with them a whole host of risks not least of all being distracted from your business, publicity and legal costs which are rarely entirely recoverable.


Before you act or dismiss a proposal you might have received in a dispute, ask yourself – what will be the real cost to my business if I pursue the balance of this debt for the next 2 months or 2 years? Will this person have money to pay me even if I do win? What other dispute resolution options are available to me?



Deciding whether you should operate as a sole trader, partnership, company etc. and otherwise how to structure your business will have significant benefits (or consequences), depending on what your objectives are. If you could only consult a lawyer or accountant once in your life, this would be the time to do it.



The ATO imposes severe penalties for businesses who do not pay their employees’ superannuation contribution, so watch out. This is usually unintentional, but not an oversight you would want to be making. You need to know your systems have this covered without fail.



Take the time to understand your insurance policies and ensure you have the right coverage. Don’t be part of the large number of people who either know they are underinsured or think they may have the wrong insurance. Take professional advice and be that person who read their insurance policy and asked questions of their broker.



If you’re “adulting” properly, you tend to pay your bills on time and have a balanced budget. Why not do the same for your business? If your business relies on a healthy credit record for tenders etc. make sure your systems are paying your creditors on time, avoiding a bad credit history and debt collectors. On the flipside, if you ever provide anything on credit to customers, ensure you have adequate security or a guarantee to mitigate your loss in the event you aren’t paid.  



Take the time to read any document that may have a legal impact on you or your business. If you’re having trouble understanding it, get a professional to help. If you transact without understanding the terms, things can get ugly and expensive when things go wrong.



A business should review its customer list and consider the proportion of its customers that purchase on credit and those that are difficult to deal with. This is the list you should be actively managing. Don’t be afraid to identify and appropriately manage that customer list and if issues arise, act early.



Consider the diversification of your income streams, customers, products etc. This is a risk that was prominent during COVID where businesses such as hospitality and tourism were halted overnight. It is an extreme example but an important consideration for any business.



No one expects you to know it all. You should take the time to understand your revenue and expenses, and don’t be afraid to ask questions and take advice.



Often people think because their business is operated through another structure such as company that they have no (or very limited) personal exposure. This is not true. Exposure will vary and can range from monetary exposure to criminal prosecution. Director’s Guarantees, ATO penalty notices, insolvent trading and WHS obligations are a few of the more common examples.



Compliance costs are a critical cost of business, and non-compliance is a serious risk you need to address to stay in business. It is also usually much cheaper to avoid an issue then try to rectify it later. In our experience, prevention is better than the cure.


Next Steps – Where to from here?

At MacDonnells Law our experienced risk and dispute resolution team can advise on risk and threat analysis, as well as risk and threat mitigation in areas of business, regulatory and reputation. Specific instances of how we can help include:

  1. Reviewing documents such as deeds and contracts, and assessing them for risk;
  2. Advising on ‘pre – termination’ risk, if a client is looking to terminate a contract;
  3. Reviewing company and/or government policies relevant to compliance and risk;
  4. Providing advice on employment matters and/or workplace related incidents; and
  5. Providing advice on business structure(s) and/or restructuring.