Every move counts. When running a company, every decision made by corporate management, no matter how big or small, can boost or deter business growth. This rule of thumb is more apparent in today’s ever-evolving business landscape marked by disruptions brought by the COVID-19 pandemic. The need to evaluate business decisions, risks, and strategies is essential now more than ever.

In the Philippines, strides have been made by the government to boost the economy. These include infrastructure spending and boosting public confidence through the rollout of mass inoculation programs. Such efforts did not go to waste. As early as 2020, the Asian Development Bank (ADB) maintained an optimistic economic forecast for 2021. The outlook for 2022 is also rosy, with the ADB stating in a separate report that it is seeing steady economic growth for the country. But while many companies have started to bounce back from the effects of the pandemic to their operations, the road to overall recovery for business is still a long and winding one.

Incident management as part of business recovery

Business risks come in many forms. The term covers any and all incidents that can put a dent on profits or slow down business operations. When companies are exposed to such incidents and fail to adequately address these business shocks, they may also see a decrease in investor confidence.

There are critical events that stem within the organization, from personnel management down to tech problems like cyber threats. These internal risks are harmful and can hinder a business from achieving its corporate objectives.

Companies also face various external risks, and in a sense, we can say that they are inevitable. Disaster risks and force majeure incidents, as well as infrastructure and economic risks, are just some of them. The onslaught of the COVID-19 pandemic took businesses by surprise. When dealing with such external events like natural disasters, or in our current case, a global health contagion, most companies rely on a handy tool like an incidence management framework to repair disrupted operations or one or more functions in the workplace. Simply put, an incidence management plan restores business functions affected by spontaneous critical events by plotting steps to identify the cause of the occurrence should one happen and actions to take in fixing its damaging effects.

But what about future risks? Although an incidence management or a business continuity plan is a good corporate management tool, it is not comprehensive enough to cover potential disruptions and unforeseen circumstances that may arise due to future transactions.

Enterprise risk assessment defined

An added layer of protection for businesses comes in the form of another corporate tool – risk assessment and management. An enterprise risk management (ERM) is a company-wide blueprint put in place to identify potential business hazards and use this assessment to make a more accurate business decision.

While there is a fine line of distinction between incidence management on one hand and risk assessment on the other, the former is subsumed under the umbrella of the latter. Management of critical incidents is just one of the facets of risk assessment and control. Another thing to consider is that ERM is not a policy or decision-making strategy best left to top company leaders alone. It is a top-down strategy that involves all units of a firm, each one a safeguard against the effects of critical business events.

One of the ways businesses can prepare and soften the blow of external and internal risks is to ensure that there is an adequate flow of capital to buffer and answer for costs associated with the effects of risks. However, a more foolproof move is to improve existing business continuity measures by embarking on risk assessment methods. The quintessential inquiry now arises – how can we effectively guard against the effects of business risks?

Narrow down causes of risks

Getting a good grasp of the type of risks most closely associated with your business is the starting point of good risk management. Some of the most common threats to successful business operations are strategic risks and compliance risks. The latter is connected with issues on business compliance with statutory and legal requirements. Laws are not stagnant and compliance requirements almost always change. Unnecessary costs due to noncompliance with the law can be avoided by keeping abreast of developments and changes in business requirements.

Operational risks, or those which are dealt with on a daily basis, must not be overlooked. Such threats include problems in tech systems and cybercrime prevention or even issues that directly concern employees.

Evaluate risks associated with your business

Each risk should be treated differently. Thus, it is good practice to outline the severity of each type of risk that a company has identified. This way, corporate management can come up with a list of risks arranged based on their effects to the business. When evaluating risks, companies should plot a risk score for each threat based on its perceived effect to operations then proceed to adding a matrix of the impact of each risk.

By plotting risk scores, it will be easier to get a good look at the nature of the risks involved as basis of deciding the next course of action to take in order to effectively manage them. Management could be avoidance, reduction of risks, and in the case of minor daily issues that do little harm, acceptance that these minor risks are part of the business.

Monitor and check

Lastly, make a report and monitor the effectiveness of your risk management plan. Note that risk assessment and management is not a one-time process to be undertaken; it is a continuous one. Always check to see if the actions taken to identify, manage, and eliminate risks are effective. It will also help you to see if certain risks have evolved over time. If this is the case, a periodic check will allow you to shift gears and choose a new strategy to manage these problems.

Nothing is certain in operating a business. Therefore, it is always best to be prepared for sudden incidents and threats that can bog down operations. Doing so means investing in tools that can help prevent or minimize effects of unanticipated business incidents. In the process, these tools can help you steer clear of unnecessary amounts that risks can cost your business.


As published in The Manila Times, dated 16 February 2022