A Practical Guide - Management of Risks in Small and Medium-Size Enterprises

Copyright © 2013 by Dr. Malcolm Freeman.

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the copyright owner.

To order additional copies of this book, contact:

Xlibris Corporation

1-800-618-969

www.Xlibris.au

Orders@Xlibris.au

502807

Contents

CHAPTER 1 Introduction to Risk

1.1 Introduction

1.2 Benefits of Risk Management

1.3 Risk Management and Insurance

1.4 Risk Theory

1.4.1 Introduction

1.4.2 Risk Theory – Probability and Uncertainty

1.4.3 Risk Theory – The Pareto Law

1.5 Internal and External Risks

1.6 Conceptual Framework of Risks

1.7 Australian Standards

1.7.1 Risk identification

1.7.2 Risk estimation

1.7.3 Risk evaluation

1.7.4 Risk Matrix

1.7.5 Risk Assessment Types

1.8 Risk Management – Communications and Culture

1.8.1 Communications

1.8.2 Culture

1.9 Moral Hazard

1.10 Risk Appetite

1.10.1 Introduction

1.10.2 Actual and Perceived Risks

1.10.3 Interdependencies of risks

1.10.4 Compliance

1.11 Case Studies – Introduction

1.11.1 Retail Group

1.11.2 Diversify from Manufacturing to Warehousing

1.11.3 Tourist and Hospitality Industry

1.12 Chapter 1 Summary

CHAPTER 2 Strategic Risk

2.1 Introduction

2.2 Risk Management and the Business Plan

2.2.1 Mission Statement

2.2.2 Business Plan

2.2.3 Strengths, Weakness, Opportunity, and threats (SWOT)

2.3 Long Term Strategy

2.3.1 Introduction

2.3.2 Financial Risks

2.3.3 Operational Risk

2.3.4 External Risk

2.3.5 Other Long Term Risks

2.4 Strategy – Short Term Risks

2.5 Case Studies – Strategy

2.5.1 Retail Group

2.5.2 Diversify from Manufacturing to Warehousing

2.5.3 Tourist and Hospitality Industry

2.6 Chapter 2 Summary

CHAPTER 3 Internal Risks – Financial

3.1 Introduction

3.2 Balance Sheet Risk Management

3.2.1 Cash Flow – Working Capital

3.2.2 Cash Flow – Receivables

3.2.3 Cash Flow — Sales Credit Control

3.2.4 Cash Flow — Accounts Payable

3.2.5 Cash Flow – Other Current Assets

3.2.6 Cash Flow – Non Current Assets

3.3 Banking Risks

3.3.1 Electronic Payments

3.3.2 Electronic Receipts

3.3.3 Cash Handling

3.3.4 Banking Relationships

3.4 Management Accounting

3.4.1 Management Accounting – Costing of Products and Services

3.4.2 Management Accounting — Forecasting and Budgeting

3.4.3 Management Accounting — Asset Purchase and Retention

3.5. Case Studies — Financial Risks

3.5.1 Retail Group

3.5.2 Diversify from Manufacturing to Warehousing

3.5.3 Tourist and Hospitality Industry

3.6 Chapter 3 Summary

CHAPTER 4 Internal Risks – Compliance

4.1 Introduction

4.2 Compliance and Risk Management

4.3 Australian Standards – Compliance

4.4 Taxation and Government Charges

4.4.1 Introduction

4.4.2 Federal Taxation — Business Activity Statements (BAS)

4.4.3 Federal Taxation — Fringe Benefit Taxes

4.4.4 State and Territory Taxes and Charges

4.4.5 Local Government

4.5 General Government Compliance

4.5.1 Federal Government Compliance

4.5.2 State Government Compliance

4.5.3 Local Government Compliance

4.6 Compliance Program

4.6.1 Compliance Matrix

4.7 Case Studies — Compliance

4.7.1 Retail Group

4.7.2 Diversify from Manufacturing to Warehousing

4.7.3 Tourist and Hospitality Industry

4.8 Chapter 4 Summary

CHAPTER 5 Internal Risks – Operations

5.1 Introduction

5.2 Business Continuity Plan (BCP)

5.2.1 BCP — Information updates and testing

5.2.2 BCP — Crisis Management and Communication

5.3 Buildings

5.3.1 Building — Facility Risks

5.3.2 Building — Security

5.3.3 Building — Fire and Evacuation training

5.4 Human Resources

5.4.1   Policies and Procedures

5.4.2 Recruitment Policies

5.4.3 Employment Contracts

5.4.4 Position Descriptions

5.4.5 Termination Polices

5.4.6 Performance Reviews

5.4.7 Paid Parental Leave

5.4.8 Superannuation (Pensions)

5.5 Information Technology

5.5.1 Security of data

5.5.2 Threat of Computer Viruses

5.5.3 Websites

5.5.4 Emails

5.5.5 Social Media

5.5.6 Cloud Computing

5.6 Insurance

5.6.1 General Insurance

5.6.2 Public Liability Insurance

5.6.3 Motor Vehicle Insurance

5.7 Legal Risks

5.7.1 Legal Opinion

5.8 Marketing and Sales

5.8.1 Marketing – Internet and Social Media

5.8.2 Marketing – Radio and Television

5.8.3 Marketing – Other Print Media

5.9 Plant Risks

5.9.1 Occupational Health and Safety

5.9.2 Maintenance Programs

5.10 Supply Chain Management

5.10.1 Purchase of Other Goods and Services

5.11 Outsourcing of Services

5.12 Case Studies — Operations

5.12.1 Retail Group

5.12.2 Diversify from Manufacturing to Warehousing

5.12.3 Tourist and Hospitality Industry

5.13 Chapter 5 Summary

CHAPTER 6 External Risks

6.1 Introduction

6.2 Reputational Risks

6.3 Political Risks

6.3.1 Politcal Risks

6.3.2 International Political Risks

6.4 External Operational Risks

6.4.1 Natural Disasters

6.5 External Financial Risks

6.5.1 Change in Exchange Rates

6.5.2 Hedging of Currencies and interest rates

6.6 Case Studies — External Risks

6.6.1 Retail Group

6.6.2 Diversify from Manufacturing to Warehousing

6.6.3 Tourist and Hospitality Industry

6.7 Chapter 6 Summary

CHAPTER 7 Risk Controls

7.1 Introduction

7.1.2 Control Culture – Types and Costs

7.2 Policies and Procedures — Controls

7.3 Financial Controls

7.3.1 Introduction

7.3.2 Delegated Authorities

7.3.3 Electronic Banking

7.3.4 Controls — Accounts Payable and Receivable

7.3.5 Controls — Management and Statutory Accounting

7.4 General Operational Controls

7.4.1 Introduction

7.4.2 Delegated Authorities

7.4.3 Human Resources

7.4.4 Information Technology

7.4.5 Property and Plant Controls

7.4.6 Purchase Systems and Supply Chain Management Controls

7.4.7 Sales and Marketing

7.4.8 Stocks of Goods and Materials

7.5 Case Studies — Controls

7.5.1 Retail Group

7.5.2 Diversify from Manufacturing to Warehousing

7.5.3 Tourist and Hospitality Industry

7.6 Chapter 7 Summary

CHAPTER 8 Managing Your Risks

8.1 Introduction

8.2 Risk Management and Culture

8.3 Risk Management Process

8.4 Risk Transfer

8.4.1 Financial Risks

8.4.2 Operation Risks

8.4.3 External Risks

8.5 Eliminate Risk

8.6 Mitigate Risk

8.7 Accept Risk

8.8 Policies and Procedures

8.9 Workshops

8.10 Questionnaires

8.10.1 Questionnaire Process

8.10.2 Likert Scale

8.10.3 Attitude Statement

8.11 Cause and Effect Analysis

8.12 Risk Matrix

8.12.1 Review of the Risk Matrix

8.12.2 Risk Register

8.12.3 Risk Management and Compliance software

8.13 Independent Risk Review

8.13.1 Other risk management support

8.14 Emerging Risks for SME’s

8.14.1 Introduction

8.14.2 Energy Costs and Climate Change

8.14.3 Social Responsibility

8.14.4 Harmonisation of Occupational Health and Safety Laws

8.14.5 Aging Population and Demographic changes

8.14.6 Summary of Emerging SME’ Risks

8.15 Chapter 8 Summary

Illustrations

Figures

1.1   Probability Chart and Equation

1.2   Risk Theory – The Pareto Law

1.3   Risk Conceptual Framework

1.4   Australian Standard : ASNZS 4360 : 2004 Risk Management

2.1   Attachment of Risks

4.1    Governance Risk and Compliance Model

4.2    Australian Standard : ASNZS 3806 : Compliance Framework

5.1   Business Continuity Planning Lifecycle

7.1   Risk Treatment with controls

7.2   Cost of Controls – Affective and Non effective

7.3   Flow Chart of Dispatch of Goods

8.1    Flow Chart of Risk Management Process

8.2   Questionnaire Process

8.3   Cause and Effect

Tables

1.1   Qualitative risk assessment using a graphical matrix

3.1   Table of cash flows

4.1    What is your enterprise’s approach to compliance?

4.2   Example Compliance Matrix

7.1   Delegated Authority Schedule

8.1    What is your enterprise’s approach to Risk Management?

8.2    Risk Matrix

8.3    Format for Basic Risk Register

ABOUT THE AUTHOR

Dr Malcolm Freeman DBA, MBA, Mbus (Accgt & Fin), Grad Dip Accgt & Fin, Grad Dip Bus Admin, FCIS, CIMA, IIAA

D r Malcolm Freeman has a passion for adding value by improving systems and processes in enterprises. He is known for his professional approach to problems and issues confronting enterprises. His major passion is risk management and has completed a risk management thesis for his Doctor of Business Administration degree at Victoria University. For the past 10 years he has been involved with risk management. Firstly, seven years at a major property company and the last three years as a consultant. He has also held other positions including Financial Controller, Company Secretary, and Management Accountant during the past 20 years.

He holds the following post graduate qualifications DBA, MBA, Master of Business majoring in Accounting and Finance, Graduate Diploma in Accounting and Finance from Victoria University. He also holds a Graduate Diploma of Business Administration from Swinburne University. Other undergraduate qualifications include Diploma of Accounting from Swinburne University. Malcolm became a Chartered Secretary in 1981 and progressed to fellowship in June 1996. Other professional associations include Certified Management Accountant, Institute of Internal Auditors. He is also a registered tax agent since 1982.

PREFACE AND OBJECTIVES OF THE PRACTICAL GUIDE

T he purpose of this practice guide is to give straight forward ideas and concepts in risk management. There are many publications dealing with risk, however there are few publications dealing specifically with small and medium size enterprises. They are the backbone of the economy.

Corporate governance is becoming more important for all enterprises, not just for public corporations listed on the stock exchange. There are many stakeholders in small to medium size enterprises that need to be considered. They include customers, employees, suppliers, government agencies, and owners. Each has an important interest in the enterprise having good corporate governance systems.

Effective risk management processes and systems can apply to any size enterprise. From the smaller enterprise through to the largest, there are many basic processes and systems that can be implemented. With uncertainty in the economy it is imperative that all enterprises implement some form of risk management. The larger enterprises and those listed on the stock exchange have risk management processes in place. This guide is for the smaller to middle size organisation requiring a practice guide that they can use as a general reference.

All chapters have detailed risk advice. However further investigation may be required for specific issues. The objective is to give a broad understand of the risk in each area.

The practical guide is broken down into easy to read chapters and starts with basic risk theory and following on

•   Breakdowns the areas of risk theory risks and into strategic, financial, compliance, operational. The final three chapters deal with controls, the management of