No Risky Business: How To Mitigate Risk Strategic Planning Series #2 When we make a decision, we usually choose the thing that’s the safest and most comfortable, and will yield the best results. This kind of thinking emerges when buying a car, a house, or even food. We weigh all the options, and go with what we think is the better choice and the least risky. This thinking also happens in the business world with strategic planning, since a big part of strategic planning is minimizing risks to your organization. Most organizations just look at market and financial risks. However, there’s another type of risk that can also disrupt an organization’s day-to-day functions: operational risk. Eight Risks to Consider Below are some operational risk categories to evaluate and consider when you are developing your strategic plan. Physical building structure: age, material, and maintenance. Building upkeep gets more expensive as time goes on. Delaying repairs because of cost creates new vulnerabilities and exposures down the road. Physical security: both exterior and interior. How are people entering and exiting your building, and what is your guest policy? Do your employees feel safe in their workspace, and know where to go if there is a threat to themselves or the organization? Building safety systems and occupant safety training. Do you have plans in place for a fire, tornado, blizzard, earthquake, or a live shooter? Have your employees practiced the plan procedures? IT data and system security. Is your data secure and your system able to recover quickly from a breach? Consider conducting a data security assessment, or practice the recovery procedure for when a breach occurs. Personnel screening, onboarding, off-boarding, and security training. Review these processes to mitigate human risk, because the better informed and trained your employees are, the less likely they are to make critical mistakes. Natural and environmental risks. Disasters, even though they’re rare, do happen, and it’s best to plan for the worst. Risk from neighbors and clients. Neighbors and clients may not have the same security standards as you do, and they may also conduct hazardous operations that could impact you. Spend time researching your neighbors and clients, and brainstorm some potential risks. Regulatory risk. Take the necessary steps to ensure that your organization is consistently compliant with all the applicable industry, state, and national regulations. Three Steps to Take Along with identifying these risk categories, organizations can also take the following steps: Look for controls that would mitigate several exposures if they were put in place, as long as they are cost effective and not too disruptive to normal processes. Plan around your most likely disruption events. Planning for the worst case scenario is always a good place to start. Test your plans to train your employees and inoculate them to the stress of potential events. The fact of the matter is that you can’t mitigate everything, because it’s too expensive and impractical. Business continuity and disaster recovery is very important because it’s the catch-all for anything that could disrupt your business operations. The more prepared your organization is, the better off it will be in the long-term. What’s your next step? Vicky McKim Vicky McKim holds a Master Business Continuity Professional Certification and is a Member of the Business Continuity Institute. She has nearly 30 years of experience in the field of risk management, business continuity, and disaster recovery, with more than 9 years as a full-time BCP Program Director for two global organizations. Vicky has spoken and taught at national, regional, and local conferences for more than 15 years. Her experience provides her audience with a proven perspective on how to improve risk controls and continuity for their business operations, along with many practical examples of what the next steps may look like. Whether Vicky is addressing small groups or large audiences, her stories and practical guidance empower those listening to take action to create more resilient environments for their workplace.