If there is one thing that 2020 has shown business, it is the importance of planning for operational risk. The extent of the COVID-19 pandemic has shocked the world, and many businesses had to rely on operational risk management plans to enable employees to work from home in a matter of days.
What is operational risk for SMEs?
Operational risk for SMEs are the day to day challenges they may face when conducting business. These risks may include harming of physical assets, systems failures, failed products, data theft or fraud.
Although you may have a risk management plan for your own country, moving into new, overseas markets opens your business up to a myriad of additional risk. Taking the time to update your plan with how you manage expected risk, and cope with the unexpected, provides your SME with a better chance of successful expansion.
The operational risk balancing act for SMEs
When it comes to managing operational risk, there are three key stakeholders:
- Customer need
Consumer need is at the heart of any business. To offer your customers the best possible experience with your business it is critical your operations are efficient and trustworthy.
- Regulatory requirements
Regulators set operating rules in the public interest within their jurisdiction. For all businesses, compliance with regulatory rules is essential. This should be a particular area of focus when expanding internationally because requirements can vary from one country to another.
- Business assets
This includes everything your company needs to run on a day to day basis from employees, physical equipment, and technology to supporting vendors. Most operational risk lies in this area. It is key to your SME’s success that you consider all three stakeholders when it comes to operational risk management.
There are so many scenarios in which the day to day operation of your business may be impacted. Some of the most common include:
A data breach is a breakdown in security resulting in the accidental or unlawful disclosure, access to or use of sensitive or personal information belonging to your business. This is particularly relevant to SMEs. Data from the EU Agency for Network and Information Security Report showed 61% of data breaches affected organisations with 1,000 employees or less. Although this includes incidences of cybercrime, many data breaches are as a result of human error. This is also known as insider risk.
In addition to growing cybercrime rates, research is showing SME employees are a significant operational risk. From device loss to phishing scams, there are a variety of ways in which sensitive data is disclosed.
Business Continuity Planning is critical for SMEs. It is a roadmap that enables your company to continue trading, even in challenging times. Although the COVID-19 pandemic may be top of your list when it comes to thinking about business continuity, there are many other times when SMEs need to rely on a backup plan.
Cyber-attack, floods, fire, or storms may mean your SME cannot operate in the way it usually would. Without the financial reserves of large or enterprise level business, even a relatively short pause in trading may be detrimental to your business.
Steps to building an international operational risk management plan
If your business has an operational risk management plan for your home country, it may only be a case of expanding this to include the additional risk you are exposed to as you begin to do business overseas. There are four key steps to adding to your existing operational risk management plan when growing your SME:
- Identify risk
Review your expansion plans and identify any additional potential risk:
- If you are moving manufacturing overseas, does your new location suffer from weather events?
- Review any previous issues that have occurred in your home country.
- Are there additional risks to employee health and safety because of your expansion?
The question ‘what if’ is powerful when it comes to identifying potential issues:
- What if a key expat employee had to return from assignment early?
- What if your premises was flooded?
- What if stock was damaged?
- What if your systems were subject to cyber-attack?
- Assess the risk
Work out the level of risk using the following formula:
Level of risk = likelihood x consequence
Give each potential risk a number that corresponds to both and work out those that are the greatest risk to your business. Do not forget to include potential controls you have in place to mitigate each risk. Controls include:
- Personal protection equipment
- Administrative controls
- Engineering controls
- Manage the risk
Your business must then work out a plan to manage the risk through:
As an SME, you may choose to avoid certain risks by changing your business practice. Reduce the probability of risks that cannot be avoided entirely, like data breaches by:
- Educating employees
- Complying with legislation
- Encrypting sensitive data
It may be possible to transfer some risk, for example SME international health insurance plans protect your business from medical costs should an expat employee become unwell on assignment. Finally, there may be some risk you will have to accept as part of your business.
- Monitor and review
It is important to monitor, review and update your operational risk management plan regularly as your business and the world it operates in changes. Update it with additional challenges that may arise and remove those that may be eliminated by changes in technology.
Protect your employees while they travel on expat assignment or for business with international health insurance tailored to SME’s so they can access medical treatment around the world.
With our modular international healthcare plans for small and medium sized businesses you can build your plan to suit the needs of your employees and your budget. Get an instant view of the cover we offer and a quick estimate for a selection of plans to suit your business.