Video Transcript

Risk Management

Two words that bring calm to some and fear to others. The backbone of a strong company is good risk management, but what if you are just getting started? How do you even begin effectively managing your risks?

Well, let’s walk through an example…

First lets talk about two terms:

  1. QA
  2. QC

In this example you will see examples of both as these quality activities as the apply to one process but in different places.

  1. QA is a risk control assessment done within a process, You can compare it to a Almost like a chef tasting a sauce to make sure the flavor is just right before the sauce is put on a plate and a waitress that checks to make sure that a dish with sauce was ordered by the guest. QA ensures your product is made and delivered according to what you advertised and QC ensures your process controls are working.

  2. QC is a risk control activity done after the fact. It could be reviewing the number of plates sent back or identifying the number of errors made each day.

Let’s get down to business!

We need to be profitable. So…we start a business and put processes in place to produce and product or service. Let’s look at how we can apply risk management to a basic business process:

Taking the order at a fast food restaurant

Risks:

  1. Employee Stealing from Register
  2. Employee Taking Cash from Change back to Client
  3. Employee Slip/Fall
  4. Order is incorrect
  5. Customer Presents Risk (Theft/Robbery)

Each Risk Must Have a Specific Control

Controls can be manual or automated processes or policies. One risk could have multiple controls.

  1. Employee Stealing from Register
    Control: Back ground Checks on Each New Employee

  2. Employee Taking Cash from Change back to Client
    Control: Intermittent Register Audits

  3. Employee Slip/Fall
    Control: Scheduled Cleaning/Cleaning Policy

  4. Order is incorrect
    Control: Customer sees order on screen

  5. Customer Presents Risk (Theft/Robbery)
    Control: Install Security Cameras
    Control: Redirect Traffic to Drive-through only after a certain hour

Each control needs a test of control.

This is a way to prove that your control is working for the purpose it was designed.

  1. Employee Stealing from Register
    Control: Back ground Checks on Each New Employee
    Test of Control: Verifying a background check was completed. (This could be based on a random sample or a population check. Timing could be based on risk level. This could be weekly, monthly or quarterly)

  2. Employee Taking Cash from Change back to Client
    Control: Intermittent Register Audits
    Test of Control: Ensuring Audits are complete (possibly 3rd party completes. Timing is based on risk-random sample or population data)

  3. Employee Slip/Fall
    Control: Scheduled Cleaning/Cleaning Policy
    Test of Control: Review documented falls/slips, Observation order is incorrect

  4. Order is incorrect
    Control: Customer sees order on screen
    Test of Control: Review # of orders remade (this is tricky as you may need to put tracking in place to identify errors or remade items

  5. Customer Presents Risk (Theft/Robbery)
    Control: Install Security Cameras
    Test of Control: Check security Cameras make sure they are functioning- they have recorded material and they are pointed in the correct location (this may be a high risk meaning if the fails are greater than a certain # an escalation is necessary)
    Control: Redirect Traffic to Drive-through only after a certain hour
    Test of Control: # of reported incidents

But what if your process isn’t concrete and your methods to production are not traditional?

These same rules apply.

For example… What if you are an author of children books. Children’s books about yellow unicorns? How do you apply concrete risk management concepts to a nontraditional creative process?

  1. Identify your risks
    a. Failure to complete
    b. Errors/Quality
    c. Failure to meet the VOC
    d. Copyright issues
    e. Sales

  2. Determine how you plan to mitigate those risks.
    a. It is imperative that your creative process have measurable goals. Pages per day.
    b. Having a predictable process that you follow to achieve a sustainable end is key. This is only if your goal is financial.
    c. Ensure that you know how to create repeatability when you can especially if you have any aspects of your business that require 3rd party scrutiny.

  3. Be sure and assess all of your risks and have appropriate verification procedures. a. In every business it is very easy to overlook risks tied to Technology and Intellectual capital.

  4. Keep good records.

Risk can be a scary thing as a business owner. Let Kindly Ops help guide you through the big bad world of risk. Allowing you to focus on growing your business.

Want to get the latest analysis and open source tools we publish?

subscribe to newsletter

...you'll get better at your job!

It's so easy for experts to put their head down and work without ever sharing lessons learned with the rest of the world. We publish all our best ideas, analysis, and latest open source tools and techniques to our mailing list every week.