All businesses face risk. It's important to understand the risks to your business and find ways to minimise them. A risk management plan helps you to do this by detailing how you deal with risks to your business. By spending time and resources developing your strategy for managing risk, you’ll provide a safe workplace and reduce the chances of negative impacts on your business.

Consider these steps to help identify, analyse and evaluate risks in your business.

1. Decide what matters most


Before you create a risk management plan, think about which areas of your business it will refer to. For example, you might only be interested in hazard-based risks. Some of the internal and external things to think about when creating your plan are:

  • social, cultural, political and regional issues
  • economic, technology and competitive trends
  • government policies and law
  • your business aims, policies and strategies.

Find out more about types of risk to your business.

2. Consult with stakeholders


Your risk management plan will be more specific and useful if you ask for feedback from the people, businesses or organisations you deal with.

Stakeholders can include:

  • employees, contractors and sub-contractors
  • clients, customers and suppliers
  • business financiers, investors and insurers
  • your local communities and local media
  • government agencies.

Consulting with stakeholders will help you to:

  • work out what your business considers as high and low risk
  • get support for your risk management plan
  • bring together different views and areas of expertise
  • keep your risk framework up to date
  • respond to unexpected risks.

3. Identify the risks


Working out the risks to your business could be as easy as thinking about what could go wrong, and how and why it could happen. You might also need to do some research into:

  • past events and risks
  • possible future changes to your business environment, such as changes in economic trends
  • social and community issues that could affect your business
  • find out how to conduct market research.

To identify risks, you can also:

  • look at hazard logs, incident reports, customer feedback and complaints, and survey reports
  • review audit reports such as financial audit reports or workplace safety reports
  • do a strength, weaknesses, opportunities and threats (SWOT) check for your business
  • discuss business issues with your staff, customers, suppliers and advisers.

Download our risk analysis template

Use our risk analysis template to identify the potential risks your business might face and how you can control or minimise these risks.

4. Analyse the risks


After identifying the risks to your business, it’s time to work out which ones are urgent. Our risk analysis template helps you to do this.

To analyse the risks of an event, you should first look at the:

  • likelihood of the risk happening
  • consequence/damage if the risk happened.

Work out a rating system for likelihood and consequence. For example, you could have ratings of:

  • 1 to 4 for likelihood (1 for highly unlikely and 4 for highly likely)
  • 1 to 4 for consequence (1 for low and 4 for severe).

Use these ratings to work out the risk level.

Calculate risk level

To work out the level of risk for an event, use this formula:

Risk level = likelihood x consequence

Based on our example above, the lowest risk level you could get is 1 (1 x 1), and the highest risk level you could get is 16 (4 x 4). You can use the risk levels to rank your risks from least urgent to most urgent.

5. Evaluate the risk


Risk criteria set a standard to assess risks to your business. To set your risk criteria, state the level and nature of risks that are acceptable or unacceptable in your workplace. Our risk assessment template provides an example of a risk level guide to help you evaluate risks.

To evaluate risk, compare the level of risk for various events against your risk criteria. You should also check if your existing risk management methods are enough to accept the risk.

When to accept risk

Your strategy for managing risk may be more than just deciding whether to accept the risk or not. If your business is part of a bigger supply chain that involves retailers, distributors or primary producers, you can spread the risk across a number of areas.

Sometimes businesses choose to accept risks and not spend any resources on avoiding them. You might decide to accept a level of risk for the following reasons:

  • The cost of treatment is much higher than the potential results of the risk.
  • The risk level works out to be very low.
  • The benefits of taking the risk greatly outweighs the possible damage.

6. Treat risks to your business


Your evaluation will have helped you to identify any risks that need to be treated. Develop a plan to treat risks, so you can:

  •  identify each risk type and the level of risk to your business
  •  suggest strategies to treat each risk
  •  create timeframes for each strategy
  •  decide who's responsible for specific parts of the plan
  •  work out resources required such as money, staff and external help
  •  schedule future action such as regular checking and updating of risks, if needed.

7. Commit to reducing risk


Committing to quality risk management can help you create a stable business that prepares for unexpected events.

As a business owner, it's a good idea to:

  • make sure your business aims link to your risk management plan
  • clearly describe your risk management plan to everyone in your business
  • show support for risk management
  • set up a way of measuring the success of your risk management plan
  • regularly check that your way of measuring is giving you useful information
  • make it clear who's responsible for what
  • provide enough resources at all levels of your business
  • ask for feedback from everyone in your business, including customers and suppliers
  • use feedback to update your plan
  • explain risk management to new employees and in training programs.

Read next

Find out about the different types of business risk and risks you must manage.

Learn how to prepare an emergency management plan.