This article is for those entrepreneurs interested in optimising the risk they accept while pursuing rapid growth.
Regardless of whether a small and medium enterprise (SME) is public, private, or other, risk is inherent in any undertaking.
European research has shown that rapid growth entrepreneurs engage in specific risks and avoid others.
The challenge then is to be able to effectively manage these risks. All organisations - even multinational corporations - are ultimately composed of elements that may be viewed as SMEs.
The approaches used by large organisations to manage risk might well apply equally to smaller organisations. This concept is explored and it is suggested that once the specific context of a SME is understood, risk management becomes a matter of applying a common formula.
By understanding the process at the core of the pursuit, context will become apparent, risks easy to define, analyse and quantify, and measures commensurate with those risks will naturally follow to efficiently and effectively manage risk.
Types of risks taken by a rapid growth SME
Avoid uncontrollable pure financial risk
There is a reluctance to take pure financial risks. Rather than purchasing opportunity specific resources as long-term assets, such direct process related requirements are leased as a short-term expense related to the opportunity. Perhaps the fear of losing control of cash flow motivates this behaviour.
Accept controllable strategic risk
It appears that a rapid growth small and medium enterprise (RGSME) entrepreneur prefers risk related to existing or known situations. There is reluctance to go in dramatic new directions with a preference for acquisitions, diversification and geographical expansion.
Establishing joint ventures with those experienced in the area, while ensuring majority-ownership enables the RGSME entrepreneur to explore less certain opportunities. The less certain they are about new directions the less likely they appear to be to invest financially. They prefer alternate arrangements.
Accept controllable operational risk
Rapid growth creates rapid demand for key personnel and key resources. SMEs by nature have limited resources, but a RGSME is faced with an additional risk that their expansion will put pressure on a few individuals. These key players may realise alternate employment opportunities with less stress, equipment may breakdown, or material may become scarce. As such, alternate and short term capacity of people, equipment and materials needs to be sourced.
Avoid social risk
There appears to be a preference for long-term trust-based relationships with customers, suppliers and workforce over acceptance of social risks.
There is an increasing tendency for building flexible alliances at speed, relying on what could be referred to as pre-established long-term and trust-based relationships. However, where necessary, RGSME entrepreneurs will reluctantly venture into new social situations to achieve their goals.
Limit of aggregate risks taken by a RGSME
When undertaking rapid growth, an entrepreneur will endeavour to remain in control of situations and avoid risks that are out of their control. However, if risk management is introduced to provide a greater range of control, the spectrum of risk that the RGSME may take could be expanded.
In fact, informal risk management may be the cause of the reluctance to engage in pursuits that appear beyond what the RGSME is comfortably able to control.
That is, how else would an entrepreneur determine a risk that should be avoided if there was not some sort of risk management taking place?
An entrepreneur may broaden the scope of risks taken if a formal risk management approach is undertaken. Such an approach would need to be robust to the degree that entrepreneurs would achieve confidence in their ability to control the expanded range and quantity of risks.
The case for risk management
There is great variation in how people behave and approach their lives and pursuits, two of which are detailed below:
She'll be right mate
The Australian colloquialism she'll be right mate implies that there is no need to plan, because some capability to resolve problems, an act of altruism, or even luck will neutralise all unforseen disasters effortlessly.
Entering into a pursuit with no concern for, or awareness of, the variation of what will be received is a way of doing business for some people.
Having no concern for variation creates either a sloppy product or an enormous amount of work for clerical and production staff. Often the massive effort that is undertaken by caring individuals is concealed by and costs offset by people being drawn in to help as a repayment of favours (likely the reciprocal to a previous disaster.) This is a hidden cost that is a manifestation of any risk. There must be a better way.
Prior Planning Prevents Pretty Poor Performance
The Australian Army colloquialism pppppp reminds those who need reminding that failure to plan will result in failure to perform. It reinforces the message that superior planning will ensure superior performance, because the act of superior planning foresees risks that might occur and puts in place measures to prevent the occurrence of those risks or adverse manifestation if they do happen to occur. In many ways superior planning is what risk management is about.
Engaging in superior planning is the first part of the process, which is followed by superior execution. However, superior execution is facilitated by superior planning, because resources will have been identified and allocated at appropriate steps in the process. With these resources in place, plans are followed and outcomes emerge from the process in the form planned for. Of course, nonconformities do occur from time to time, but these can be reliably contained, resolved and their repetition prevented by the quality system of the SME.
Being convinced that variation must be controlled to avoid manifestation of risks, it is necessary to determine what risks need to be controlled and the specific parameters (those varying factors that require control) relating to those risks identified. The following section presents a risk management approach.
Risk management approach to dealing with RGSME risks
Before dealing with risks, first understand the context of the RGSME. This requires consideration of various issues and how they manifest themselves in the individual organisation. From that, individual risks can be identified, analysed and evaluated so that a treatment plan can be established, implemented and monitored.
The full spectrum of risk management is beyond the scope of this article, but the overview provided here will contribute to a better business management process. Entrepreneurs can then better select which risks to take and determine appropriate measures that will provide them with control over those risks taken.
Risk management is conducted following a process similar to that in Figure 1. There are three phases involving preparation, understanding and treating risks. This process is most effective with consultation and communication.
Figure 1. Risk Management Process as a Linear Activity
modified rom AS/NZS4360:2004
Phase 1 - Prepare
It is necessary to determine the context in which risks will be managed, that is what activities go on in the RGSME in which risk is being managed. As shown in Figure 1, you do risk assessment in the context of your goals.
Identification and validation of your goals is done first. Then understand your context (to which the risk management process is to be applied) in which your organisation operates through a structured analysis of the process your organisation undertakes.
From this define the parameters within which the risks to your outputs are to be managed. Context needs to be understood in terms of these considerations:
- strategic
- organisation
- risk management
The relationship between the organisation and its environment needs to be understood. Using a structure such as strength, weakness, opportunities, threat (SWOT) analysis or strengths, opportunities, aspirations, results (SOAR) analysis that need to be understood include:
- financial
- operational
- competitive
- political (public perceptions / image)
- social
- client
- cultural
- legal
From the context determine the scope for risk management, which needs to provide understanding of:
- the organisation
- its capability and goals
- objectives
- strategies
Phase 2 - Understand
Understanding risks involves three distinct steps - identification, analysis and evaluation.
Identify risks
Rigorously identify the risks most likely to impact your outputs and the sources and impacts of those outputs. Risk treatment strategies will be determined based on these sources and impacts.
Analyse risks
Identify those controls currently being used to deal with the risks identified in the previous step and assess effectiveness. With this assessment, use a risk analysis tool to analyse the risks in terms of likelihood and consequence. From this analysis determine the risk intensity.
Evaluate risks
As the entrepreneur (being the person who has responsiblity for outcomes being achieved and the authority to install preventive measures), ask yourself whether or not current risks are acceptable or unacceptable. Document the record of how this decision was made and by who it was made. Acceptable risks are to be monitored and periodically reviewed to ensure it remains acceptable.
Unacceptable risks are to be treated as determined in Phase 3.
Phase 3 - Treat
Determining an appropriate treatment involves preventing situations from occurring or correcting (or reacting to) situations that have occurred. Sources identified indicate the need for preventive treatments to take place, while impacts indicate reactive treatments. The following categories of treatments can be applied:
- Discontinue the activity that generates the risk
- Reduce the likelihood of occurrence
- Reduce the consequence of occurrence
- Transfer the risk
- Retain the risk
With consideration of cost and effectiveness develop potential options according to the treatment strategy selected. Document the responsibilities, implementation timetable and monitoring for each strategy. Repeat the understanding phase for each option. As demonstrated in Figure 2, this is an iterative process that is repeated perhaps annually and whenever a new strategy is being considered.
Figure 2. Risk Management Process as an Iterative Activity
There is a continuum between superior planning and poor planning along which any enterprise will find itself. However, this article shows that the complexities inherent in managing the operation of a RGSME require superior planning.
Control is required on various fronts, and it should become clear that consideration about risk involving all people in a RGSME is most important if superior outcomes are to be produced.
With a clear risk management framework, communication about risk becomes more natural and the true nature of risks becomes clearer. Furthermore, with a clear understanding of risk, appropriate treatments become more apparent as does the ability of a RGSME to control these. With that, boosted confidence enables entrepreneurs engaging in RGSME to be more likely to entertain a broader range and quantity of risks.