Higiene y profilaxis

Risk and risk management are a major concern for all companies, especially small and medium-sized enterprises, which are particularly sensitive to business risk and competition (Blanc Alquier & Lagasse Tignol, 2006:273). A substantial number of larger organisations have developed a risk management culture consisting of complex procedures and executed by teams of experts. In smaller organisations such as SMEs, such integrated risk management processes do not exist (Ntlhane, 1995:106-107; and Dupré, 2009:17). In SMEs the risk management function usually resides with the owner’s assessment of threats and opportunities pertaining to the enterprise (Watt, 2007:33-34). Although risk

181

management principles are common to all types of enterprises, the owner- manager’s risk perception and his attitude towards risk management influence the adequacy of the enterprise’s risk management actions deployed (Ntlhane, 1995:106-107).

Implied in SME risk management is the core principle that entrepreneurial or management focus should be aimed at recognising future uncertainty, deliberating risks, identifying possible manifestations and effects, and formulating plans to address such risks and reduce or eliminate their impact on the enterprise (Ntlhane, 1995:27). One of the skills required of entrepreneurs is the ability to identify and analyse risks to ensure that advantage is taken of calculated risks (Watson, 2004:84-85). This managerial focus is of vital importance for SMEs, where risk identification and control depend on the risk personality of the entrepreneur (Ntlhane, 1995:27). Owner-managers, when considering implementing an ERM programme or evaluating existing risk procedures, should take cognisance of the following (Bradford, 2009:15):

 Are the largest risks facing the enterprise identified?  Are risk measures in place to address these risks?

 If losses do occur despite preventative measures implemented, is the enterprise prepared to handle them?

 Is a structured approach available to create opportunities out of risks?

According to Watt (2007:36-40), SME owner-managers should consider the following steps in their risk management process:

 Establishing an SME’s risk strategy: Threats often dominate risk discussions leading to a negative reaction of SMEs to the risk management process. It is important that a risk approach is proposed that emphasises the upside of risk, i.e. opportunities that drive innovation, instead of a rigid compilation of threats faced by the enterprise. The starting point for owner-managers is to establish enterprise objectives through the formulation of the enterprise’s vision and mission. The process will be cascaded downwards

182

through defining operational aims and targets expressed over a time period and the establishment of a risk governance framework that will address risks threatening the achievement of set goals. The risk governance framework will address the process of identifying, assessing, prioritising and managing risk, as well as risk monitoring and communication aspects.

 Determining the SME’s risk appetite: SME resources are limited, thus every resource spent in mitigating a risk will not be available elsewhere in the enterprise. Owner-managers therefore need to determine what level of risk is acceptable to the SME before action is required by way of controls and risk treatment options to bring the risk exposure level back within the acceptable range. Setting the enterprise’s risk appetite is advantageous in that:

o It forces the enterprise to measure and compare risks and the potential for losses and opportunities.

o It aids in determining the efficiency of resources expended on risks, i.e. resources are allocated to risks that rank above the enterprise’s threshold.

o It focuses attention on important risks above the threshold. o It aids in the establishment of enterprise objectives that are in

line with the risk appetite of the individual SME. o It aids in the allocation of limited time and resources.

 Identification and assessment of risk: Enterprises are often created as a result of an opportunity the entrepreneur has identified. However, there are various areas of risk that may threaten an enterprise’s success. The use of a structured risk identification process may identify specific risk categories, areas and topics to be evaluated, while simultaneously it provides an opportunity to identify a broader range of risks. The result is a list of threats and associated risks that may be categorised into specific categories. In the SME environment, a simplistic risk identification process should be used in answering questions such as ‘What/How/Why can it happen?’. The risk identification process should build on experience, but also incorporate a forward-looking approach in trying to anticipate

183

possible risks that have not yet been experienced. The information can then be extrapolated from the risk identification process into a risk matrix, where risks are assessed based on the risk’s probability of occurrence and the severity of the possible outcome (Watt, 2007:36-40). As the accuracy of information is of vital importance, management should strive to improve the quality of the information used in identifying and assessing risks (Foster, 2009:Online).

 Prioritising and managing risks: The risk assessment information is set out in relation to the risk categories ensuring a focus on high risk areas. The consolidated risks are assessed as well as the individual component parts. This enables the owner to take a measured and objective look at the enterprise to see beyond the limitations of his own area of expertise, avoiding excessive focus on minor risks. There are however limitations to the risk management process and the owner-manager should take cognisance of the following:

o Risk assessment may be helpful in decision-making, however the quality thereof is limited to the depth of the research and the experience and skills of the individuals involved in the risk assessment process.

o Risk management does not eliminate risk, but rather aid in the effective deployment of scarce resources and time.

o Risk assessment is not a guarantee against the realisation of adverse events, but provides significant warning of possible problems and a focused approach to safeguard the enterprise’s reputation and business continuity.

o Although risk assessment will try to identify all significant risks, it is hampered by resource constraints, including the availability of information, staff, time and budgets.

The fact that a risk is beyond the control of the owner-manager, does not absolve him from the need to anticipate the risk, and reducing the impact of the risk occurrence to achieve organisational goals. Owner-managers should furthermore take cognisance of managerial risks that arise as a

184

result of the owner-manager’s own actions when planning and executing business strategies. These risks may arise as a direct or indirect result of management actions (Berkeley, Humphreys & Thomas, 1991:5).

South African SME owner-managers should be educated in risk management principles, risk handling techniques available and risk control programmes that can be used, but care should be taken in the application of risk management principles, as although risk principles are common to all types of enterprises, the application thereof differs substantially between small and larger enterprises. However, many SMEs practise intuitive risk management when they assess the risk involved in decisions (Ntlhane, 1995:106-113; and Dupré, 2009:17).