6 Business Threats in 2020 and How to Face Them Using Risk Management

2020 is a turning point in terms of risk management. With the outbreak of the coronavirus crisis and the definitive end of the long economic growth period, most companies are shifting from maximizing profits and achieving growth KPIs to stabilizing and securing their business and preparing for the significant changes that await us in the coming weeks, months and years.

What are the most common risks?

So let's take a look at the most common risks we face today or will face soon.

1) Financial problems, cash flow, and budget cuts

The combination of government regulations, quarantine, the closure of a large number of companies, the suspension or reduction of many services either for economic or human resources reasons, budget cuts at most companies, and uncertainty about the future have caused that all our financial plans and forecasts we had at the beginning of 2020 are now absolutely out of reality. Therefore, it can be expected that many companies will have to deal with cash flow problems, crisis management, and look for significant financial savings instead of planned growth and expansion into new markets.

2) Supply chain disruption

According to a survey by the Institute for Supply Chain Management in March, almost 75% of companies have experienced supply chain disruptions due to the Covid-19 pandemic and the restrictions imposed. Manufacturing, retail and many other companies are therefore now in considerable uncertainty about the supply of goods from China, which is often their main or even the sole supplier.

3) People, work productivity and resource management

Rapid and unexpected changes, such as reduced demand for most goods and services, quarantine measures, increased remote work from home, but also the new business opportunities that arise from each crisis, have caused that companies have to address human resources issues more than ever before, and have to flexibly plan their work capacity. Thus, topics such as control and management of remote work from a home office using specialized project software such as Easy Project, monitoring of employee productivity, but also reduction of working hours, a decrease of wages, or redundancies became relevant.

4) Cybersecurity

With the outbreak of the coronavirus pandemic and the announcement of quarantine, companies moved millions of their employees to a home office. Many of these people work remotely for the first time in their lives, and many on insecure networks and devices that are easy targets for hackers. That is why we have witnessed an ever-increasing number of cyberattacks in recent months.

5) Legal issues

In light of the events described above, it is very likely that many smaller entrepreneurs, as well as medium and large companies, will no longer be able to meet their contractual and other legal obligations. This will be reflected in increased uncertainty between business partners, other cost-saving measures, and even an increased number of litigation and damages disputes.

6) Unpreparedness for the "new normal" world

Although much of the current change is rather negative, the whole situation can be seen as a transformation of the system. Many people and companies are still looking for a return to the "normal" state before the crisis broke out, in which their business operated and generated profit. However, I think that you never enter the same river twice, and the new "normal" world that emerges from this crisis may forever be very different from the old one for many industries. This will inevitably lead to the end or weakening of many businesses. Conversely, it will also open up new opportunities that will ultimately lead to the redistribution of capital at the local as well as global levels. Many changes might be also accelerated by a political shift caused by a  significant mood change in society associated with the effects of the economic crisis and uncertainty. We can already observe many new trends today, such as accelerating the digital transformation of countries and companies, changing consumer shopping behaviour, even faster e-commerce growth, or the rise of telemedicine.

It doesn't matter if you are affected by several of the threats described above, or if you have identified completely different challenges in your business. Effective risk management and its principles can be easily applied to any problem that is not entirely certain to occur.

Although there are countless tips on "how to manage risk", my goal is not to overwhelm you with ideas and lessons, whose usability and functionality are often quite individual for a given type of project and type of risk. On the contrary, I want to introduce three universal principles that form the fundamentals of successful risk management, no matter whether you are an IT corporation, a medium-sized manufacturing company, or a small startup.

How to use risk management?

In the second part of the article, I present the fundamental principles of risk management that will help you address these threats.

1. Comprehensive approach from identification to action steps management

Risk management has a clear methodology and several phases, the correct implementation of which is crucial for the successful management of any potential threat. In theory, the individual phases might be called differently, but in principle, these are Identification - Evaluation - Reaction - Solution - Control.

Risk identification is seemingly the simplest phase, whose purpose is to reveal all possible threats. I recommend using brainstorming, where group members throw one possible risk after another, discuss each one and the organizer writes the risks on the board so that everyone can see them. In the second round, the organizer distributes a piece of paper for each member and what follows is a 10-15 minute block, where everyone has space to think for himself and write down additional risks that have not yet been identified. At the end of the risk identification, the members of the group will step forward one after another in front of the board, briefly present their risks and write them on the board among the other threats.

This is followed by a risk assessment, the purpose of which is to assess, prioritize, and exclude individual points that are not risks. Especially because their possible impact or probability rate is negligible, or, conversely, because their fulfilment seems almost certain. Then, these are not risks, but real problems. However, we can usually use a risk management methodology to address them anyway.

When evaluating individual risks, we apply the methods of qualitative and subsequently quantitative analysis. We determine in particular its severity, the probability of fulfilment, the possible consequences, the temporal proximity of the fulfilment, and the amount of the possible financial impact. Taking the probability and possible financial impact into account, we can easily calculate the required contingency reserve. For proper evaluation, I recommend using specialized software that will save you time and ensure that you have not forgotten anything. Besides, it will visualize the assessed risks in graphs and indicators such as the Risk Matrix, which displays individual risks according to severity and probability rate and thus allows you to clearly determine your priorities.

The risk assessment is followed by the Response phase, in which the most appropriate way to address the risk needs to be selected. Note, however, that the choice is not limited to only means of aversion. In principle, we have several possible reactions - risk aversion, mitigation, acceptance, or transfer to a third party. It is usually likely that you have identified more risks than you can avert, or that averting them all would not be effective considering the opportunity costs. Therefore, it is crucial not to underestimate the evaluation phase, as it will allow you to effectively prioritize and correctly decide which risks you will address and which you will simply accept.

The penultimate stage for the risks you have chosen to address is the solution. Now comes the project management, tasks, deadlines, and teamwork coordination into play. You can usually manage the action steps to address risks in ordinary project management software. I use Easy Project, in which I can easily manage the necessary action steps as a project manager, as well as evaluate, assess, and visualize individual risks. This way, I can control the entire risk management process in the same software that I use for project management.

Once the risks are identified, evaluated and action steps are being managed, all that remains is control. As part of the risk control, I regularly monitor individual risks (ideally visualized in graphs and indicators) and respond to the changing circumstances, which are usually manifested by a change in possible consequences or a change in the probability of fulfillment. Ideally, in the form of significant mitigation of the potential impact or even aversion of the risk itself.

2. Application to everyday operations

As I outlined in the introduction, the biggest weakness of risk management is that it is likely to be forgotten until something really happens. Without advanced prevention, teams often find themselves in the middle of crisis management with the only task to minimize damage, which may not have occurred at all. The later the reaction comes, the more difficult it is to solve the problem. Therefore, prevention in the form of risk management is usually cheaper and more effective in terms of damage and capacity claims than solving an issue that has already arisen.

Incorporating risk management into day-to-day processes is an effective way to finally start prevention on time. But how to do it? In my experience, the following three steps will prove helpful:

• 1) Set up the risk management process to suit the size and operations of your company and involve all employees in it. Each team member should be responsible for identifying risks in his work and should be motivated to address them, either alone or in collaboration with the manager. Conversely, repeated disregard for risks and non-participation in the process of identification and solution should not be tolerated.
• 2) Appoint an attorney of risk in your team or department. The ideal person for this role is, for example, a project manager who is in sync with all project specialists and has an overview of everything that is happening. An attorney of risk is usually unable to perform his function in projects or departments where, due to the nature of his main job, he is not fully engaged daily. Therefore, if you are a larger company, I recommend appointing more attorneys of risk to cover all your projects. The task of the attorney is not to prevent all risks by one's power, but to lead individual team members to come up with possible risks themselves and set up an effective process that will help solve them. So the attorney of risk is a person who will often ask this question in meetings: "What are the risks of this decision?" and will be responsible for ensuring that the individual phases, ie. Identification - Evaluation - Response - Solution - The inspection will actually take place.
• 3) Do not address risk management in an Excel spreadsheet, which everyone can access, but no one really goes there. Instead, incorporate risk management into a project system that team members use every day.

3. Involvement of the whole team, flexibility, and remote cooperation

As you probably already understand, risk management is not a separate activity of one specialist. It is often necessary to involve more team members and sometimes external specialists, such as a lawyer, accountant, or data analyst. This is especially true in the identification and evaluation phase when you need expertise in different areas to be able to find and correctly assess different risks. It is hardly possible for one person to correctly identify and assess all product, financial, legal, personnel as well as technical risks. Involving more people, assigning tasks, and ensuring effective communication will also be needed in the solution phase when you try to avert the risk or at least mitigate its impact.

The events of 2020 teach us how important flexibility and the possibility of working remotely are in project and people management. This is especially true in risk management. For example, it may easily happen that at, the last minute, you discover a risk that would have a devastating impact, and whose probability is not low. In this case, you need to respond as quickly as possible, engage the team, plan action, allocate resources, create tasks, assign deadlines, and effectively coordinate the entire process. Often in cooperation with people who, for some reason, cannot be in the office or work remotely by default.

The speed and effectiveness of your response will be greatly affected by the tools you use. Therefore, I recommend using comprehensive risk management software such as the already mentioned Easy Project. It offers special functions for all individual phases of risk management as well as all necessary project management features such as checklists with deadlines, Gantt charts, WBS mind maps, integrated calendar, team chat, and video conferencing via Zoom integration or resource and financial management tools. On a few clicks, you can try it for free and decide for yourself.

I wish you good luck in identifying and managing your risks.