Skip to Content

CALL US TODAY 478-746-6277

Captain Kirk

As a kid, Captain Kirk was my hero. Who wouldn’t want to boldly go where no man has been before?  Kirk was always in control. Why? Well, for one thing, he had a great view. He could always see what was coming.  

And that’s the goal of enterprise risk management and the use of a risk register. To give you clarity regarding the risks you face.


Have you ever been blindsided in your business?

Maybe a key employee leaves with a week’s notice, a vital supplier can’t deliver your most important materials, or a large client is late paying you.

When we know pain is coming, we can prepare for it. But it can knock us down when it appears out of the blue.

So, let me ask you a question. What’s the worst thing that could happen in your business? And then a second question. If that occurred, could you weather it?

If you’re like most business owners, you’re so busy that you may not have time to consider your global risks. Even so, it would help if you did.

Therefore, please let me challenge you to a short game.


Five Most Significant Risks Game

List the five most significant risks in your business. Don’t overthink it. Just write down the five that come to mind.

Now, in an adjacent column, write down the probability of that event occurring. 10%? 70%? 90%? Again, do this quickly. You can always amend your first estimate in a day or two after you’ve had time to think it over.

In a third column, write the potential dollar damages from the occurrence. If you can’t pinpoint a number, add a range. Maybe $300,000 to $350,000, for example.

Fourthly, multiply the percent times the potential dollar damage. Use the midpoint of your range, if applicable. The resulting number gives you a weighted score of the risk. How does this help? It allows you to compare each listed risk.

Finally, in the last column, summarize one or two things you can do to reduce the risk or how you would respond if the event occurred.


Risk Register

Congratulations! You’ve created a risk register. And it took less than ten minutes.

Why do this? Here are three reasons.

First, peace of mind. There’s something psychologically helpful in doing a mind dump, in getting those thoughts out on paper. You are freeing yourself from those haunting thoughts flittering between your ears.

Second, you’ve made the risk tangible. There it is in black and white. So, you’re more inclined to do something about it. Start with the more manageable actions and consider what additional steps you will take later. Pick the low-hanging fruit and plan to take action. The key here is to get in motion and let inertia take over once you start.

Third, you have the beginning of an enterprise risk management plan, sometimes called an ERM plan. And since you have a skeletal framework (the columns mentioned above), you can add to your risk register as needed.

As you think of potential risks in the future, add them. Why? Again, this practice allows you to get those pesky thoughts out of your mind and onto paper (or your digital register)–where you can do something about them.

Next, you want to develop a habit of reviewing and updating your risk register.


Scheduled Reviews of Your Risk Register

May I challenge you to add a tickler notice to your calendar, so you’ll remember to review your risk register? Say every first Monday of the quarter at 10:00 a.m. Block off an hour or two, depending on your business size. Specificity is essential in developing the habit. In other words, you don’t want to think, “I’ll revisit my risk register as needed.”

After updating your risk register, communicate with relevant staff.


Communicating Your Risks to Company Members

Depending on your company size, you may want key company members in the risk meeting to get their input and buy-in. The larger your company, the more critical it is to include others in considering your company’s risks.

But if your business is small, you may want to have a private time of reflection–and then tweak your summary of risks. If you do this alone, communicate your thoughts to others inside or outside the company, if needed.

So, take ten minutes, create your first risk register, and then continue. You’ll be glad you did.