Risk is an inherent component of any business venture. Without risk there would be no potential for profit. However, it is necessary to minimize business risk in order to avoid loss, and investors and business owners should seek to avoid all unnecessary risks without interfering with the proper operations of the business. Identifying your risk potential and how to mitigate each risk is the basis of a sound risk minimization process.
Risk Analysis and Mitigation
Identify your risk categories. These may fall broadly into competitor threats, industry changes, financial or currency risk, disastrous events, environmental or systemic risk, changes in your customers, and so on. Under each broad category, list specific events and sources of risk that affect your unique business and market position. Then list the probable consequences or business impact, as stated in dollar terms when possible.
Calculate the unmitigated (not reduced by any protections) risk value for each item on a 1 to 5 point scale. Risk equals probability times consequences. If the likelihood of a tornado destroying your data center is a 2, but the consequences to you are a 5, the risk is a 10. In this step, assume that you have taken no action to mitigate that risk and are calculating the consequences of remaining completely vulnerable to the risk.
List the mitigation factors you have or can put into place, and to what level they shield you from the absolute value of the risk. For example, if your network is unprotected, the likelihood of it being compromised is a 4, but a firewall shields you at a level of 2. This reduces your risk probability to 2. You may have the option of several different mitigation strategies for each potential risk, and can implement one or more simultaneously.
Calculate the costs of each of your mitigation factors, both those you already use and those you have not yet put into place. Compare the costs of mitigation versus the cost of consequences for not mitigating, including employee time and opportunity costs. This step may take the most time and research.
Prioritize your risks and mitigations. Most risk minimization does carry some cost, so you'll need to schedule time and resources in order to implement each. The highest risk of values with the lowest cost mitigation strategies should be prioritized first. Implement your mitigation strategies only after doing a swift but thorough cost benefit analysis on each.