Thursday, September 29, 2011

Risk analysis for SMEs



Analyze financial statements

risk management helps with your schedule and budget. statistics show the the projects with right risk management in place can be 80% more efficient. It is apparent that our goals to meet the cost baseline we identified in the beginning of our project is never met. Can you realize the benefits of setting up your business within the time, scope, and most importantly for most of us budget? Enormous.

One of the ways we can reach result on scope, time, and quality is to exercise risk management. I am not concerned about some series of applying quantitative methods, testing confidence levels, confidence intervals, etc. I am talking about simple but proper risk identification, analysis, and monitor & control. If we are setting up a business with capital expenditures less than $100,000 exclusive of our own sweat equity, we certainly do not need to spend enormous amount of time and resources conducting detailed risk analysis.

The organizational and conventional way of conducting proper risk analysis includes below steps;

  1. Plan risk management
  2. Risk identification
  3. Risk Analysis; Qualitative and Quantitative
  4. Risk response planning
  5. Risk Monitor and control
  6. Risk Governance

But I will go out of conventional ways and present a simple 3 step risk analysis method, knowing that most PMI-RMP certified risk management professionals will object to my opinions. I believe in lean, simple, and neat companies. I am positive most start-ups can easily cut through many steps of long and tiring risk management processes and tools.

So, what do we do? Let's first enumerate our steps;

  1. Identify Risks
  2. Qualitative Risk Analysis
  3. Risk Response Planning
  4. Risk Monitor & Control

During identify risk process, you ought to apply certain methods that start from asking around, using templates, sending out forms to experts to fill in and reach a consensus of expert opinion (Delphi technique), grouping of risks, and reading articles of people who had similar experience. This is the major step of all risk management activities as the more legitimate risks you identify the more accurate your risk responses will be and subsequently your project overall risk will reduce. Assuming that you have a project worth $100,000, you are launching the business with one partner, currently working out of a small office or even possibly at home. Based on these assumptions, you have to be able to compile a list with at least 100 legitimate risks,

Brilliant. Now, you have 100 risks gathered from experts, articles, past experiences, forms and templates, then, you have written it down on an excel sheet. Let's call this excel sheet "Risk register".

Next thing for us to do is to measure the probability and impact of each risk and list them down. For example, probability of my business not being able to procure item C that is critical to the success of my launch is 20%. If it happens, the monetary loss I will incur is $7,000 as I have to procure item D instead and item D costs more. Once you write down the impact and probability for each risk item in the risk register, then you start calculating the Expected Monetary Value for each risk. This is a simple formula of Expected Monetary Value= Probability * Impact. So, in our example the expected monetary value of the threat is $1,400. Looks simple so far isn't it? But, how do we actually estimate the probability of that risk to occur? If you are not sure of the probability, you can "guesstimate", talk to gurus with similar experience, look at the past data to estimate future trends (regression analysis). Similar situation applies to financial statement analysisof the project as well. It is very important to analyze financial statements and be able to make future assumptions based on that. You may want to have some sort of a training to better your education. I recommend a PMP training UAE for a proper project management training.

Now we have a list of 100 items on our risk register along with their expected monetary value. We then should pick the top twenty items that have highest expected monetary value. One simple note before I move any further. There are also positive risks that we call "opportunities". Unexpected opportunities are realized in the way and they also have positive EMV which helps us greatly. But I would rather not mention that in this article. Anyway, going back to our top 20 risks or we can call them "threats", you need to put them in some sort of a visual qualitative chart that helps you understand who you stand in terms of general risks associated with your project. I prefer to use the below template and highly recommend it to you. The risks mentioned below are only general topics. Your risks need to be more detailed. Spend some time to really identify where specific threats can occur for your own business model, operations, products, people, and finances.

We move on the next level of "Risk responses". We can see in the above example that we have identified 15 major risks for business that have the highest expected monetary value for our project. So, let's start writing down the risk responses for these. As this is a small start-up, I assume the risk owner and the risk action owner will both be the entrepreneur himself. You need to write down precisely what you will do when that particular risk occurs so the impact can be lower. what if; in our case, we realized a 20% probability that we will not be able to procure item C. Why not start searching for other items that are as good quality as item C with same price, can we go for bid wars? Import? Increase the quantity to get at lower price? Further negotiate? Borrow? Barter? You will realize in advance that you have many options to get out of this threat with only minimum impact if you only know that in advance. If you didn't conduct this study and that risk occurred, you wouldn't have time to go over any negotiations, barter deals, or import option at all as you would be running out of time to meet your project deadline. Thus, begin listing down all your risk responses and in fact act on some of them in case the risk occurs. For instance, why dont you already start negotiating with other suppliers even if you can still buy item C.

Alright. Our risk register is now complete for our small start-up business. Now all you have to do is to monitor and control the risks. You don't have to worry about contingency or management reserves. None of them really apply to your project. Just create a check list and tick each item once the risk occurred or eliminated.



No comments:

Post a Comment