DIY small business risk assessment and evaluation is when small business owners evaluate their businesses through the lenses of an auditor. I have come to realise that seeing your business from the perspective of an auditor helps you see things differently and make decisions differently.
Depending on the objective of the audit engagement, auditors’ primary role is to give credibility to any chosen subject matter. And this implies asking a very vital question regarding any process or procedure. What can go wrong under a given scenario? And what can be done to make amends?
An auditor will for example ask; is it possible for revenue to be lost given the types of internal controls that we have? Or is there a chance that we might pay a supplier twice for same supplies? They even ask if it is possible for the available systems to be breached by attackers.
Auditors employ a risk based approach while performing their audit. This risk based approach to seeing things make it possible for audit risk to be reduced to the barest minimum.
Small businesses will benefit greatly by seeing their businesses through the same lenses that the auditors sees it.
How to See Your Business through the Lenses of an Auditor
Identify and clarify your business objectives
At this stage of seeing your business through the auditors’ lenses, the objectives of a business will have to be clearly identified. Based on the identified objective, a mission statement is drawn up. You will know the objective by identifying what it was that the business is set up to achieve.
Care needs to be taken while doing this so that the disadvantages of the mission statement will not outweigh the advantages of the mission statement.
Identify all your business processes
The next logical thing to do is to identify those business processes that the business undertakes or need to undertake in order to achieve the objectives that have been identified above. Marketing function is an example of a business process. A typical profit seeking organization will have hundreds of business processes that must all align to the overall objectives of the company.
Identify all the assets that is controlled by the business
An entity must know those assets that it controls. A good place to start is to prepare an asset register. An asset of a company is those resources that are controlled by an enterprise as a result of past calculated events. Some assets are hard to be identified talk more of being included in the asset register like goodwill and brand name but, not being able to identify these assets would not really be an issue as they will not affect the outcome of the DIY small business risk assessment and evaluation
Rank the identified assets according to their exposure
After identifying the assets controlled by the small business, the next thing to do is to rank them according to their risk profile. The essence of this step is to allow the company pay attention to those areas where the risk profile is high.
Brainstorm to find out what could negatively affect the assets
Here, all involved in the small business risk assessment must come together to ask the most important question; what can possibly go wrong given the nature of our business and the type of processes we have. This can either be done formally or on an informal basis.
Find counter measures
Based on the threats that must have been identified from the brainstorming session, counter measures are developed to ensure that resources are safeguarded. A good practice is to have a secured accounting information system.
This has to be a continuous process as threats that can affect businesses evolve on a daily basis. It won’t hurt if a suggestion board is specifically built for staff members to make their suggestions (give the option of remaining anonymous).
Implement the measures
Talk is cheap but action is expensive. Nothing gets done if nothing is done. All other steps in this DIY small business risk assessment and evaluation article will be a waste of time if no action is taken to implement whatever course of action that is eventually chosen.
The implementation phase is very time and must be taken seriously. Every day is an opportunity for managers and owners of small business to implement something new that will improve things.
Review and monitor progress
Change they say is the only thing that is constant. Anything other than change itself has to be reviewed from time to time for possible refinement and improvement.
A cost saving tip
The good news about DIY small business risk assessment and evaluation is that all the processes can be completed by the staff members of the accounting and finance department of your small business so no extra cost will be incurred doing this.
Leave a Reply