Now that I have your attention; Business risk is not the sexiest subject in property management, but it is an essential one. Of all the businesses I work with, risk management is by far the least engaging topic to talk about. I used to think it was my super soothing voice that sent people to sleep, but it turns out that word RISK is like a sleeping pill to property managers. As a business owner or business manager, you must protect the business from incident or accident. We aren't just talking safety, but also safeguard business assets such as the trust account and office server.
Business risk comes in three components. The ‘Risk Register’; Identifying the area of the business that is exposed to risk. This may include the team, the premises or your clients. The second component is what we call the ‘Risk Rating’; Rating the likelihood that the risk may happen and the impact it would have on the business if it does. The third component is called the ‘Risk Mitigation Strategy’; Implementing processes that help to reduce the business's exposure to risk. Are you still with me? Let's walk through these three in more detail to gain a better understanding.
A Risk Register is merely a list of everything in or out of the office, that may expose the business to risk. They may be specific items, or they may be more generic. For example; a particular issue may be; What would happen if an aggressive tenant that was being evicted walked into the office? How do you protect your staff and prevent anyone, including the tenant, from being hurt? A more generic risk may be; What would happen if a tenant reported maintenance and someone at the property was injured before the item could be repaired? The best way to create a risk register is to crowdsource it from the team, by conducting a whiteboarding session.
Once you have created the risk register, you need to attach a risk rating to it. The risk rating works on a simple 3 x 3 matrix. The likelihood of the risk happening is on the vertical of the matrix and the impact on the business, should the risk occur, is on the horizontal. Where the two meet on the matrix is called the risk rating. Let's look at an example: let's say the office flooded and the server was damaged. The likelihood of this happening is low, but the impact on the business, should it occur, would be high. This would give us a risk rating of medium. You would need to apply a risk rating to each item in the risk register.
Any item that has a risk rating of medium, high or critical must have a mitigation strategy in place. The mitigation strategy could be one of two things; How can we prevent the risk from happening or; how can we reduce the impact on the business. In the event of the office being flooded, there is not much we can do to stop it, so we need to build a process to reduce the impact if it did, like backup the server and take it home each night. The risk of a team member getting lost during inspections can be reduced by giving them a GPS device to show them where they are going, hence reducing the likelihood of the event happening.
It has most likely been on most your to-do-list for many years, and you just haven’t gotten to it yet. One great thing that you will get out of creating a risk register is the conversations that will surface from the team. These conversations are invaluable. Get started on your risk register today.