A new report by The Small Business Institute (SBI) claims that small businesses continue to be as economically fragile as they were over two decades ago, with some 70% of South Africa’s emerging small businesses failing within their first two years. While 98.5% of the country’s economy is made up of small and medium-sized enterprises (SMEs), they’re only delivering 28% of all jobs.
These numbers have the potential to improve if more SMEs start to monitor and manage their business risks effectively. With a lack of resources, defined processes, loyal client bases and cash flow, start-ups and SMEs are often in more vulnerable positions than larger businesses as they often do not have the capacity to manage or absorb the impact of a major risk materialising. In the SME space, risk management should be seen as an integrated discipline of decision-making, one that has a symbiotic relationship with performance and strategy.
So, how can small businesses ‘think big’ and approach risk with the rigour of successful large corporates?
Understand your risk exposure
What you don’t know, you can’t manage. SMEs need to have a good understanding of their risk exposure in order to set the appropriate controls in place to manage these risks. Thus, all SMEs should map out comprehensive risk registers, identifying key risks that have a chance of materialising – and have proper controls against those.
Practice proactive rather than reactive risk management
Managing risks and the controls of risks should form part of an organisation’s processes from the start. Just like many large corporates, SMEs should focus on risk prevention and mitigation, not just risk management and damage control. A good place for SMEs to begin mapping out the risks across the different contexts of their organisations, is to start with the consequence, then work out the risk. Which are the consequences that would have the most significant impacts on the organisation and how can these risks be controlled? Taking out appropriate business insurance (including business continuity insurance) against keys risks is an essential component of an SME risk strategy.
Make risk management everyone’s business
Although it is not feasible for most SMEs to employ a dedicated risk manager, it’s still important for business owners to assign risk management roles and responsibilities to members of the team. SME owners need to delegate management of risk throughout their organisations, ensuring that everyone understands the processes and takes accountability for the controls. For example, a teller handing in the cash from the register to the drop safe at regular intervals is taking responsibility for the control against theft at a retail store.
Compliance is a risk that is not always given due attention by small businesses. Examples of compliance obligations include SARS and tax laws, employee policies, BEE obligations, and third-party supplier compliance. From inception, business owners need a thorough understanding of how issues of non-compliance can cripple a small enterprise. Taking scalability into consideration, small businesses need to be structured in such a way that they are able to manage these compliance risks from the start.
As an example, a number of smaller businesses use other SMEs as suppliers. Once their enterprise grows to a point where they are required to be VAT registered, supplier compliance becomes a consideration; if they are not VAT registered, the business will have to absorb the cost of VAT – effectively reducing their income by 15% on all transactions.
Let risk management software make life easier
Using dedicated risk management software makes it easier for SMEs to improve their risk management approach and processes. Specialised Governance, Risk and Compliance (GRC) software is set up to capture and display risk data, thereby enhancing efficiency when it comes to risk management.
With GRC software supporting and informing risk management strategies, it’s easier for SMEs to take a large corporate approach to small business risks. Through GRC software technology, SMEs can increase the efficiency and effectiveness of risk processes and improve risk management capability; enable better focus on strategic functions by easing tasks on risk processes; ensure ongoing monitoring of risk to ensure quick corrective action or identification of deviations from the strategic plan; and the implementation of risk management best practice.
Are you taking proactive steps to manage your SME’s risk? Request a demo of CURA’s Governance, Risk and Compliance software today – Click here