By Riaan Bekker, Force Solutions Manager at thryve
Small to medium businesses don’t focus on risk as much as their enterprise peers. Many enterprises are public companies and therefore must follow many more compliances and regulations. Such mandated functions are often draining on time, people hours and money, so enterprises want efficient GRC (governance, regulation and compliance) systems that streamline risk management.
Large GRC systems are not inexpensive, and their value derives more from the efficiencies they offer, as well as by supporting the emerging practice of strategic integrated risk management.
But for smaller organisations and even large private enterprises, these reasons aren’t enough. So, many end up convincing themselves that they don’t need risk management. That’s not true – even if you strip away requirements for listings, there are still regulations and standards to adhere to – ones often gained at great expense.
Cost is also not as significant a barrier as it was before. The GRC systems that serve listed companies are often complicated, customised and highly integrated – this pushes up the price tag. But if a company uses a more turnkey risk management platform, such as Xactium Risk, it can get a grip on risk and start developing a risk management culture.
Such a culture is invaluable if you plan to attract investors for growth or aim to become a listed company. If that is your trajectory, the adoption of risk management is inevitable, and turnkey platforms make it easy to start adopting the right habits and processes.
But what about companies not eyeing a listing or massive investment round? Should they adopt risk management? Absolutely – according to the paper, Risk management in SMEs by Eva Maria Falkner and Martin R.W. Hiebl, small and medium enterprises have several risks they want to deal with:
Interest rate risks: Medium and small businesses are more likely to rely on external loans to fund their growth. Fluctuations on loan interest can create big problems for the company, a risk that manifests less often in large enterprises. A weak financial position can undermine growth plans, so this is quite a consequential problem for many companies.
Raw material prices: The high levels of competition for resources has led to companies not easily passing the extra costs to customers. Larger companies get around this by investing in technology to ease switching between resources. Smaller companies are much more exposed to price fluctuations, and if unmanaged, can end up absorbing more costs that are profitable.
Technology risks: These risks need little qualification. Cybercrime, adopting new technologies and securing customer data are big risks that can bring a company down either through damage to its brands or operations, or through competitive stagnation of its systems.
Larger supply chains: To compete in globalised markets or to serve the long tail of different customer needs, requires broader access to different components. Medium and smaller businesses are not immune to this effect, but they often have to take on more trade debt or are more exposed to supply chain disruptions. Larger companies tend to develop agility and alternatives, but that usually requires significant scale and resources.
Growth risks: Growing too fast, at least too fast for capital or processes to keep up, has sunk more than one business. Some interviewees in the paper even voiced a distaste for growth as it can lead to many problems for a medium enterprise. If growth risks aren’t managed, they can quickly get out of hand or go unseen until it’s too late.
Employee knowledge: The larger an organisation is, the more its knowledge spread across several employees. Or simply put, more than one person knows how to do something. But if an employee, especially a long-term employee, decides to leave, that can represent an enormous amount of institutional knowledge that goes with them. It’s pretty clear why this is an important risk.
The lack of affordable and accessible risk management systems has perpetuated a myth that non-listed companies, medium enterprises and smaller businesses don’t need to formally manage their risks. But the above reasons clearly show that isn’t the case.
Fortunately, neither is cost. Cloud-based platforms such as Xactium Risk are making turnkey risk management solutions very accessible and affordable. Xactium Risk has been so good at this that Riskonnect, a leader in the GRC space, recently acquired the platform. As a Riskonnect partner, thryve also now offers Xactium Risk to our customers who need a leaner solution to build a risk culture.
Don’t be lulled into thinking risk management is just for listed companies seeking compliance validation. Managing risk can push growth. Not managing risk creates fault lines that could tear a business apart – especially if they don’t have enterprise resources.