Visual representation of small business financial literacy - decorative

Module 8: Risk Management

Mitigating risk

One of the best tools a business can have to identify and manage risk is the business plan. As noted elsewhere, you want your business plan to be a living document that is updated regularly as the market and your business change.

Here are some things you can do to mitigate risk:


Equipment needs to be in good repair. Any breakdowns can seriously disrupt your ability to fill customer orders. For example, if your business is dependent on a high-speed printer, you probably want to consider purchasing a service plan so that the printer is checked out regularly, serviced, and when it does break, is repaired quickly by the company that sold or leased the equipment to you.


Relying on a single vendor is risky. Ideally, you will have multiple suppliers for your supplies, materials or inventory. Review your vendor relationships annually to ensure that you are receiving the best price and service and build relationships with multiple vendors by buying from new suppliers occasionally. Having a multi-vendor strategy may push your existing vendor(s) to be more competitive on their pricing or terms. Yes, loyalty is important in business, but your vendors are businesses too, and you are their customer. They need to earn your business as much as you need to earn your customers’ business.

Business continuity

Your business and operations plans should include business continuity. This plan identifies the steps you need to take to ensure that your business can continue to operate, no matter what. This may include steps for temporarily closing your business, re-establishing operations at another site, backing up systems so they can be accessed remotely and notifying employees to let them know the status of the business and whether they should show up to work or not. Your managers should help you develop this plan and know how to put it into action, especially if you’re not able to because of the situation at hand.

We cover this in greater detail in our Disaster Planner. The planner even includes a sample plan from a business so that you can use it as a template for your own continuity plan.

Computer systems

There are special risks connected to your information technology (IT) systems. You can take the following steps to reduce the chance that your computers will be compromised or lose critical data and reports.

  • Safeguard login information such as personal user names and passwords. Login information should never be shared with other employees or people outside your company. You’ll also want to require staff to change their passwords periodically to increase security.
  • Protect systems with firewalls that can stop intrusions from the outside. Make sure these are updated regularly to ensure that they can stop the latest hacks, phishing efforts or scams. These systems may seem costly, but ask yourself how expensive a computer virus can be, or ransomware, where your computers are held hostage by someone who wants payment to undo the damage they have done.
  • Create levels of access for your employees. Only a few people should have Administrator privileges for your systems. Don’t give anyone more access or control over files than they need to do their job effectively.
  • Analyze system reports to identify attempted security breaches, unusual requests for access and any changes in traffic patterns.
  • Run sample transactions to uncover any changes in processing or tampering. Make sure that everything runs as predicted. Any variations may signal that someone has tampered with you’re the way you process and handle payments.


You can’t control your competition, of course, or the risk they pose to your company. But that doesn’t mean you can’t do your research and find out what they are up to so you can adjust your own business model. Consider these questions as you study the competition, their offerings and pricing.

  • Are your prices higher or within the market?
  • Are you losing sales to them or do you have a competitive edge?
  • If you think you have an edge, how can you maintain it?
  • If their prices are much lower, is it time to revisit pricing with your vendors or search for new ones?
  • Is their quality the same as yours?

Note how your competitor’s staff interacts with your competitor’s customers. Consider these questions:

  • Does your business need training in any area?
  • How are your competitor’s employees interacting?
  • Do your competitor’s employees seem happy?
  • Do you know what types of benefits your competitor’s employees receive?
  • Are your insurance and compensation packages competitive for the market?
  • Are you attracting and keeping valuable employees?

The cost to retain employees may be less than to train new employees.

Accounting and cash control

Without proper controls, theft and fraud can occur in your business. If an employee who accepts cash or payments also deposits and reconciles the accounts, they may be tempted to commit theft. An excellent way to prevent this is to separate the duties, so more than one employee handles the cash, deposits and reconciling duties. You’ll want to conduct periodic spot audits to ensure that the money coming in matches your bank statements and balance sheets.

You’ll want to make sure your bank is an FDIC-insured institution. If you have more than $250,000 on deposit in the bank, you’ll want to use the FDIC’s online Electronic Deposit Insurance Estimator (EDIE) to calculate your FDIC insurance coverage. The FDIC insures deposits up to the maximum amount allowed by law. The standard deposit insurance amount is $250,000 per depositor, per insured bank, for each ownership category. The National Credit Union Administration (NCUA) provides similar insurance coverage for deposits in insured credit unions.

Monthly budget projections should include a reserve amount for each month. This should provide a cushion to cover payments. An accountant may assist you in determining the amount to hold for additional cash flow, based on your financial statements.

Employee management

Your employees are important to the success of your business. To mitigate risk as much as possible, consider these steps:

  • Use pre-employment screening. Many business credit reporting agencies and human resource service providers will help you with pre-employment screening and background checks. Pre-employment screening is important for legal and insurance purposes. For example, you need to know if an employee is driving your company car has a valid license and can be insured under your policy.
  • Provide job descriptions and lists of duties. Communicate job expectations and any job expectation changes to your employees. While it is crucial to separate duties, cross-training your staff helps you create positions in your company that isn’t built around a single person and their unique skills and talents. If someone leaves, another can fill the role until a new person is hired.
  • Provide performance evaluations. Employees should expect evaluations to enhance their performance. Provide feedback and allow them to comment about their jobs.
  • Be involved. A business cannot run on its own. Owners who are not present often find their business runs into problems. Let people know you are present. Get to know everyone by walking around your business. Talk with customers.
  • Audit payroll. Audits should be conducted periodically on payroll systems. Check project timecards against job sheets for appropriate time submission. Compare timecards to payroll ledgers and payroll ledgers to the payroll account.
  • Reward safe performance. Injuries and damages can happen. Monthly departmental rewards for avoiding accidents may be less costly than premiums and damages resulting from carelessness. Safety procedure incentives may raise employee involvement in the process.
  • Set work hours. Provide your employees with a tentative work schedule and keep them updated in advance of changes. Use a planner to map out your anticipated monthly, weekly and daily work.
  • Plan work with a balance. Avoid filling every minute. Allow extra time for unexpected events. Make sure you balance work with time off.
  • Set realistic goals. Setting goals requires time to meet them. Make goals realistic for your business to avoid overextending yourself, burning out and putting added stress on employees and your family.
  • Plan for a worst-case scenario. A written business plan should include how to deal with the possibility of your disability or death. Train your support staff or assistant to handle short-term needs. Can a family member or someone else run the business in your place? Have you named someone to liquidate the company? Disability insurance may provide for your care and that of the business. Life insurance can also be purchased in amounts large enough to cover the company’s liabilities.
  • Develop a support system. Support systems are vital to businesses and families. Do you have friends or services that can help your family when you are unavailable due to work? Think about activities your family does on a weekly basis. You may need someone to help with these activities and those that are unexpected. For example, waiting for a plumber or heating repair technician can take an entire day. Plan your support systems.

Additional steps you can take…

  • Discuss risks. Schedule regular meetings with managers to discuss risks. For example, add discussions of risk to meeting agendas.
  • Provide a safe workplace. Employers have the responsibility to provide a safe workplace. Employers MUST provide their employees with a workplace that does not have serious hazards and follow all relevant federal, state and local safety and health standards. You must post OSHA citations, injury and illness data, and the OSHA poster in your workplace where workers will see them.
  • Monitor the premises. Create a checklist of the physical building that includes areas of upkeep, needs and repairs. Complete a monthly walk-around to note areas that require attention. Have managers complete a weekly review of the facility for less significant items.
  • Be alert to community changes. Be involved in the community or have someone who can update you on changes in the community that affect your business. Stay informed of federal, state, county and local laws that could impact your business.
  • Use lines of credit wisely. Lines of credit are important, but you want to use them wisely, so you maintain a margin of safety to deal with an emergency.
  • Speak with an insurance agent about risks. Check to see if your business is in a flood zone requiring flood insurance. Whether you own or rent, protecting your business from fire, water, and other damage risks is important.
  • Consider a generator and secondary phone. Consider the feasibility cost of a generator, what size generator would be needed, and how to implement the use of a generator safely. A backup landline phone may sound old-fashioned, but it can become a lifeline if cell towers are jammed or inoperable in a crisis.