In this week’s special edition of Let’s Talk, our panel of experts dives deep into the realm of risk management for Small and Medium-sized Enterprises (SMEs).
These enterprises often face unique challenges and uncertainties, making it crucial to explore strategies that can help them thrive.
Whether you’re a seasoned entrepreneur with years of experience or someone who’s just embarking on the entrepreneurial journey, understanding and implementing effective risk management strategies is essential for sustainable success in today’s dynamic business landscape.
Darren Reid, Senior Director of Security Business Unit at VMware
“Amidst the growing cybersecurity threats, evolving IT landscape, and shifting social and geopolitical dynamics, cyber risk management is essential for modern business operations. And like other business risks, it should receive top-level attention and oversight, particularly as company directors face increasing personal accountability for demonstrating that their organisations are taking the steps to protect the business from disruptions and data breaches.
“To effectively address cyber risk, leadership must frame the conversation in business terms and address key operational questions, such as “Am I appropriately managing risk and how is that process formalised?” and “What do our tech teams need to be able to perform optimally?”.
“With this in mind, we maintain a strong culture of community and support in conjunction with sophisticated, customisable tools across the tech stack, giving our teams 100% visibility and context 100% of the time.”
Selina Gerner, Partner at McGrathNicol Advisory
“To minimise risks in business operations and protect an organisation’s value, it’s critical to first understand the business’ strategic enablers. Executives can then prioritise risk management actions that are both urgent and crucial for everyday operations and long-term survival. In fact, one of the most overlooked core strategic enablers is the critical elements of a business’ supply chain.
“A new survey, conducted by McGrathNicol and YouGov, found that 75 percent of executives say their organisation has faced barriers when trying to address supply chain risks. A lack of awareness, limited data, unstructured planning, apathy, and an assumption that someone else is responsible for managing these risks, are all listed as common challenges. But as Australian businesses face cyber attacks, trade disputes, geopolitical tensions, and regulatory changes, leaders must expand their definition of what a supply chain is and urgently review and assess their own.
“Modern supply chains extend far beyond physical warehouses and shipping lanes. With expert guidance, organisations of all sizes can better understand and effectively plan to mitigate current (and future) supply chain risks to preserve the value of the organisation.”
Seelan Nayagam, President, Asia Pacific, Middle East and Africa at DXC Technology
“Toxic tech debt is one of the biggest threats to business operations. Every click, every byte of data and every investment in technology comes with a hidden cost. These may not be as tangible as a line item, but they can add up and have wide reaching consequences.
“DXC Leading Edge research, Embracing modernisation: From technical debt to growth found that 99% of global executives recognise tech debt as a risk to their business. The real threat is not the tech debt itself, but when it becomes toxic. Legacy systems or technologies that aren’t fit for purpose can be killers of productivity; diverting funds and using up resources. In worst case scenarios it can even hamper an organisation’s ability to function on a day-to-day level.
“Addressing tech debt is key to minimising the risk to your business operations. It takes a whole of business effort and continuous management to ensure that the tech debt within an organisation does not become toxic.
“If you’re unsure where to start, the Tackling Tech Debt: How to start guide has a Tech Debt Audit that you can take immediately to understand the level of tech debt in your organisations and where your barriers lie.”
Michael Fingland, CEO of Vantage Performance
“Businesses are under pressure from interest rates to inflation, from ESG demands to the threats and opportunities of generative AI.
“Minimising risk is crucial to navigating this environment.
“From our work helping business owners and leaders to fast-track growth or to navigate difficult conditions, we have observed four crucial actions businesses can take to minimise risk.
Have the right strategy in place. Review your strategy to ensure you have adequate and appropriate funding and the right people to execute your plan.
Plan for the worst. Undertake detailed financial modelling and “what if” scenario testing to gauge how various market conditions might affect your business, then workshop what initiatives can be implemented to combat these challenges.
Have the right tools in place. Ensure you have the critical financial tools to help you understand and manage your business effectively. This includes financial and operational dashboards, a rolling 13-week cashflow forecast and a three-way financial forecast projecting profit and loss, cash flow, and balance sheet.
Communicate well and often. Keep communicating well – whether it’s with staff, clients or suppliers. Good communication will help you quickly spot any potential problems (an unhappy client, or delays paying your suppliers, for example). Communication builds solid relationships, and this is what will help you through risky business situations.”
Danielle Owen Whitford, CEO at Pioneera
“People risk is critical in a small business, as each employee has a significant impact on your team and business growth.
“Consider these steps to mitigate risk:
Identifying single-person risk – try to avoid one person holding/building all your IP, because if they’re on holidays or move on, your business would be significantly impacted.
Support people in where and how they work. In this hybrid working world, we have the flexibility to work from everywhere, which is great. But ensure the environment is secure, their laptops aren’t left open in co-working spaces and they’re not downloading questionable apps on their laptop. Also, extend this to cyber and phishing training for everyone to avoid issues.
Use technology to keep people mentally healthy and safe. We use tech to help ensure we’re addressing stress before it becomes chronic and leads to burnout and performance problems. This helps your mental health as a leader as well as keeping the team high-performing and productive.
“These steps can help to develop an empowering atmosphere where employees feel valued, connected, and motivated, helping your business thrive in a positive and risk-appropriate environment.”
Gordon Marx, Product Marketing Director at Oracle
“In the construction industry, using technology that silos data and information into different buckets can leave businesses open to unnecessary risk. Siloed information leads to multiple data stores, duplicated information, and double entries, which can result in suboptimal decision making and negatively impact cost, scope, and schedule. When disputes occur, and they often do, poorly managed information can lead parties into costly litigation.
“Oracle Aconex is a construction management solution that can mitigate those risks with its single source of truth via an unalterable audit trail. Aconex provides all parties access to their data, which helps drive trust, adoption, and collaboration on the one system. Having one indelible record of all project correspondence, documentation, and decisions means data can’t be doctored in any way.
“Not only does this help minimise risk but it also builds trust, as all parties are operating transparently and fairly. We have seen countless examples of customers avoiding potential litigation because Aconex can help them solve their disputes in minutes.”
Brett Newstead, Director of Sales, ANZ at Zebra Technologies
“Choosing the right software and purpose-built enterprise smart devices is instrumental in mitigating business operational risks and even avoiding potential ones in the future, particularly for front-line workers and supply chain management.
“According to a recent Zebra Warehouse Vision Study, 58% of warehouse decision-makers plan to deploy RFID technology by 2028 to help increase inventory visibility and reduce out-of-stocks, which is a key contributor to meeting omnichannel customer expectations and reducing revenue losses. Implementing modern technology like RFID enables businesses to intelligently connect its assets, data, and people. With real-time visibility, they will be able to make business-critical decisions swiftly and decisively, which is paramount in minimising risks.
“In a broader sense, enterprise software and automated solutions empowers employees and provides real-time visibility to leaders so risks can be spotted early and addressed before they escalate into bigger problems.”
Andrew Ward, Chief Risk Officer at Banjo Loans
“All businesses, regardless of size, need to understand the risks they face as a first step before developing processes or controls to manage them.
“Risk varies from business to business but can include everything from technology risks (e.g cyber security) through to the regulatory and compliance environment. Business risks will also be dynamic, impacted by the external environment and business trends.
“A good place to start is holding a workshop, which could include key staff or a business adviser, where you analyse the specific risks your business faces. These can be rated from ‘low’ to ‘medium’ to ‘high’ and plotted on a matrix with one axis representing the probability of an event happening and the other axis the potential impact from that event.
“The next step is to create a plan with actions to manage each risk or introduce a ‘control’ to mitigate the risk. For example, one risk could be your top salesperson leaving for a rival company. One possible action could be to offer that person equity in your company to manage that risk.
“As ever workplace culture is paramount. Staff need to feel comfortable sharing risk events they have encountered without being penalised for speaking up.”
Pamela Jabbour, CEO at Total Image Group
“At Total Image Group, we employ several strategies to assess and minimise risks in our business operations. While we operate in a relatively low-risk, contract-based market in the branded uniform and merchandise supply industry, we recognise the importance of proactive risk management. One key approach is diversification. Rather than concentrating on a single sector, we actively engage with a myriad of industries. This ensures that if one sector faces challenges, we can pivot and leverage opportunities in other thriving sectors, as we did during the COVID-19 pandemic, focusing on construction, healthcare, and supermarkets/retail.
“Another vital aspect of our risk management is account size review. Learning from past experiences, we have reduced our reliance on a single key account from 80% to 40%. We’ve become more aware of the ideal account size and have diversified our client base accordingly, mitigating the risk associated with overreliance on a single source of revenue.
“In summary, our commitment to diversification and prudent account management allows us to navigate risks effectively, ensuring the stability and longevity of our business operations.”
Simon Laskaj, Regional Director, ANZ at Confluent
“Data streaming, an architecture where data is updated for the end-user in real-time, is one of the most beneficial ways businesses can assess and minimise risks. In fact, according to Confluent’s 2023 Data Streaming Report, security and compliance awareness was the most applicable use case for data streaming in Australian organisations (53%), with 61% saying ‘improving cybersecurity and digital risk management’ presented the highest potential value for their business.
“Data streaming can connect various systems and apps at all levels to provide businesses with a centralised view of past and present events. These streaming aggregations can be used to feed models that calculate risk metrics at scale and create reports to meet current and future regulations requirements. Stream lineage provides a full audit trail of every stream, mapping the relationships between data points, thereby improving data governance and visibility. Data streaming can also assist with real-time fraud detection, helping businesses identify and stop malevolent actors.”
Rolf Howard, Managing Partner at Owen Hodge Lawyers
“When it comes to assessing and mitigating risk in your business, legal risks often carry greater weight. The penalties and outcomes of legal risks can have huge operational and financial implications which can stop your business in its tracks.
“Legal risks include any risks which have a legal consequence such as litigation, prosecution or regulatory action.
“Some of the key vulnerabilities we see in businesses when it comes to legal risks include:
Vague or non-compliant employment contracts which can lead to employment law claims
Contractors not being treated as employees when it comes to tax or super
Personal injury claim risks in regard to employees getting sick or injured at work
Lack of protections around intellectual property, copyright or patents
Gaps in policies around data protection, privacy, cyber security
“Getting legal advice to ensure you have the right frameworks in place and are compliant with ever changing laws and regulation is essential. By identifying all legal risks and putting in place the right procedures to mitigate and/or prevent these risks, you will be in a strong position to avoid these risks.”
Mollie Eckersley, Operations Manager, ANZ at BrightHR
“Proactivity should underpin every strategy you take with your business operations. Especially when it comes to assessing and minimising risks.
“This applies to everything from your day-to-day operations to managing health & safety, you need to stay ahead consistently. Like most things in business, this is much easier said than done.
“That’s why you need a centralised, digital toolkit that gives you a transparent overview of every aspect of your operations. So, whether you’re creating compliant documentation to stay on top of legal risks or logging near misses to stop safety risks you can manage it all within tools that speak to each other and make the process more intuitive and end-to-end.
“We’ve been able to see how much this is needed among our clients at BrightHR in the last year. Our data shows us that the businesses our software supports have saved over 5,000 hours with our easy-to-use document templates, have clocked over 2 million minutes of awareness-building e-learning, and have saved over $12 million in training costs.
“It’s clear that businesses are taking a multi-pronged approach to risk management, and are using proactive, modern tools to do so strategically.”
Geoff Coley, Regional CTO, Asia Pacific at Veritas Technologies
“Australia’s risk landscape has shifted significantly in the last 12 months. While we’re seeing IT leaders more conscious of cybersecurity than before, our new research has revealed that nearly two-in-five (39%) of Australian organisations may be underestimating the severity of threats to their business.
“Our approach to assessing and minimising risk is founded on a comprehensive assessment of our customers’ security infrastructure. Using Veritas 360 Defense – a holistic approach that unites data security, protection and governance, with the security ecosystem to defend the entire data estate, our overall strategy is to build resiliency so customers are protected in the first instance, with a robust back-up for data and service recovery. Some key strategies we’ve successfully used include developing and regularly testing contingency plans to ensure business continuity even during cyber-attacks, and investing in resilient IT systems to minimise disruptions and improve businesses’ ability to recovery.
“It is equally important to train employees and rehearse your operational resilience processes in the form of ‘fire drills’, and identify areas for improvement. It’s about working closely with regulators to stay up to date on best practices and emerging threats.
“By switching from rose-coloured binoculars to a telescope, businesses can navigate and anticipate threats further away from home – minimising risk and shielding day-to-day operations.”
Andrew Reszka, Director of Sales Australiasia at FLEETCOR
“Floating cost of fuel, unexpected maintenance, urgent repairs. These are some of the frequent risks that create unpredictable costs faced by Australian companies with two or more cars. Additionally, a lack of centralised control of invoices can create backlogs – not to mention an increased exposure to fraud.
“Over the last 40 years operating in Australia with FleetCard, we have learned much about what fleet managers look for when minimising risks. They want transparency, simplicity, and control. A step as simple as implementing a single fuel card with consolidated functions can go a long way.
“And that’s valid for times of prosperity but also when things are tough. Combining our market experience with global resources allows us to support our customers through instability and find solutions that best fit within their business context and adapt to market conditions.
“If you are a business looking for simple, cost-effective ways to manage your fleet, look for a partner that offers scalable solutions for businesses of all sizes. Our streamlined product will consolidate all the information in one place, with one physical card, guaranteeing a simple process empowered with data insights, allowing companies to identify opportunities for greater efficiency in their operations.”
Josh Read, Global COO at IDVerse
“According to the ACCC, Australians lost $3.1bn to scams in 2022. High-profile companies are not the only target. As technology evolves, so do the threats. From deepfake to synthetic digital IDs, IDVerse has seen the number of detected frauds reach 76,500 in 2023 – 27% more than in 2022, and the year is not over. IDVerse has stopped over $1 billion worth of fraud.
“Businesses of all sizes are exposed. It is commonly known to affect the telecommunications and financial services industries but we’re seeing the fraudsters active in other industries, for example, car rental, equipment hire, and alcohol delivery, online gaming and dating websites to name a few.
“There are strategies you can use to minimise fraud risks. Implementing digital identity verification is crucial in verifying customers in highly regulated industries or where the impact of identity fraud is significant. It also helps reduce the impact of a breach by eliminating the need to store customers’ ID documentation.
“By optimising identity verification, you can focus on scaling your business by reducing compliance and operational overheads.
“Whether you’re a vendor or supplier, I recommend learning about this technology. IDVerse is an Australian fintech company providing products to protect businesses from identity fraud. Our systems leverage generative AI, and we were the first private company to be accredited as an identity provider under the Australian Government’s Trusted Digital Identity Framework at the highest level.”
Dhanush Ganglani, Managing Director at Eden Exchange
“At Eden Exchange, we take a comprehensive and strategic approach to assess and minimise risks in our business operations. Our commitment to ensuring the success and stability of our clients’ businesses is unwavering, and we employ the following strategies:
Due Diligence: We conduct thorough due diligence when assisting clients with business acquisitions or sales. This involves a rigorous analysis of financial records, market conditions and potential risks associated with the transaction.
Market Research: We keep a pulse on market trends and conditions to provide our clients with up-to-date information, enabling them to make informed decisions.
Risk-Mitigation Planning: Our experts work closely with clients to develop customised risk mitigation strategies tailored to their specific needs and circumstances.
Regulatory Compliance: We stay abreast of industry regulations and compliance standards, ensuring that our clients’ operations adhere to legal requirements.
Financial Assessment: We assist clients in maintaining financial stability through sound financial management practices, including budgeting, forecasting and capital allocation.
Exit Strategies: We help clients plan for the long term, including exit strategies and succession planning to minimise disruptions in the event of unforeseen events.
Technology Security: We prioritise robust cybersecurity measures to protect sensitive data and maintain the confidentiality and integrity of our clients’ information.
“By offering a holistic suite of services that encompass risk assessment and mitigation, we enable our clients to navigate challenges and capitalise on opportunities while achieving their business goals with confidence.”
Jacqueline Smith, CEO and Head Coach at Absolute Best
“The biggest risk I see in any business comes from making mistakes with your biggest asset – the people. They’re not only the biggest expense, but more importantly, they hold the future of your business in their hands. Too many businesses make the mistake of thinking ‘orientation’ and ‘onboarding’ are the same. Orientation is about the first week, ensuring a new recruit is prepared. At Absolute Best, we help clients map out this crucial week, sending emails on logistics and planning meetings with key stakeholders. Little things count, and they add up over time.
“Great onboarding spans 3-6 months. It takes this time for a new employee to truly feel comfortable, even if they’ve held a similar role elsewhere. In today’s lean economic times, having a structured 12-week plan is crucial. This includes goal setting, skills-based training, and most importantly, regular check-ins. These meetings, best conducted by a third party, serve as coaching sessions.
“The most important thing is to ensure that the employee feels embedded in the company culture and they feel valued. You cannot underestimate how this will come back to you when the person is speaking to a client or in those times when you need them to go the extra mile on a project or in a hectic period.”
Natasha Rock, Solutions Lead – IT Management and Support APAC at GoTo
“GoTo’s 2023 IT Priorities Report found that when it comes to deciding on new digital tools, 39 per cent of Australian business leaders took their IT team’s recommendation. When devising strategies to minimise risks to the business, it is important to lean into the expertise of these IT teams.
“Organisations are focusing on future proofing their business operations to reduce the risk of potential future instability. IT leaders can provide insights into which technological investments will not only be risk adverse, such as a consolidated solution that reduces the risk of tech bloat and over expenditure, but also which solutions will provide a strong ROI for the business.
“Furthermore, with the rate and impact of cyber-attacks continuing to grow each year, it is important to consider IT teams’ preference on what security tools will deliver the maximum impact, such as mobile device management if remote and mobile working is prevalent, zero trust security, and endpoint Security. This will only save costs while increasing efficiency and minimising risk.”
Nina Thomas, Founder of Continuity Council
“Business risks are ever-present and there are traps for the unprepared. Lack of accountability, oversimplification of issues and inadequate stress testing open vulnerabilities.
“Once you identify and prioritise risks like cyber, reputation, supply chain disruptions, etc., you can establish a response.
“Simulating risks and stress testing is essential to uncover hidden risks. Failure here is a win.
“Like athletes training for the Olympics, testing allows safe failure, capability building and a faster response, ultimately saving money. For managers, stress testing creates visibility without crying wolf.
“Define a team of first responders – communications, IT, insurance, legal – and have agreements in place beforehand.
“Oversimplifying risk diminishes impact and relegates it to secondary status. Risks need to be clearly and succinctly articulated to ensure proper attention.
“Risk management must be holistic, not siloed, with business leaders owning the plan or delegating to an empowered decision-maker.
“Reward those who speak up about risks, don’t punish or isolate them. Foster a culture of risk awareness so people think proactively. It’s better to find inadequate plans beforehand through testing.
“Finally, trust but verify, and always challenge consensus thinking.”
Abid Ali, Founder and CEO at SpendConsole
“In our risk management approach at SpendConsole, we acknowledge the significant problem of payment fraud, which has caused over AU$2 billion in losses for Australian businesses, as per the ACCC.
“It’s clear that businesses of all sizes must take proactive steps to secure their financial transactions. Payment fraud threatens both finances and a company’s reputation, customer trust and operational stability.
“By implementing the following strategies, we help build a more secure and resilient business environment:
Staff awareness: Ensure that your employees are aware of the various payment fraud techniques and stay updated on the latest fraud trends. Cyber.gov.au is an excellent source for up-to-date information and training resources.
Procurement, expense and accounts payable procedures: Implementing robust controls, such as delegation approvals, segregation of duties and master data management protocols are essential to protect your business from internal and external fraud.
AI-powered tools and systems: Well-designed, AI-powered systems and tools can help validate and monitor all transactions, promptly detecting unusual patterns and fraudulent transactions.
Multi-Factor Authentication: Enable multi-factor authentication for all your financial accounts and payment processes. This extra layer of security makes it much harder for fraudsters to gain unauthorised access.
Audits: Periodically conduct internal and external audits to identify potential vulnerabilities and assess your business’s overall security posture. Remember, it’s not just about protecting your bottom line but also ensuring the trust of your customers and partners.”
Paul Trotter, Security and Intelligence Lead at World Travel Protection
“As a travel assistance and risk management company, World Travel Protection’s main job is to identify, assess and mitigate risks in today’s complex and dynamic landscape.
“We take a holistic approach to help organisations – and our own team members – tackle their business travel challenges, and preparation always leads the way.
“We assess evolving global risks, from petty crime to geopolitical events, equipping organisations to make informed decisions for their employees’ business travel. We also recommend establishing clear travel policies, educating employees about potential risks, and incorporating sustainable travel practices. This includes LGBTQ+ and female-specific travel safety.
“In the face of ever-changing risks, real-time intelligence is indispensable. Selecting a travel assistance provider with global Command Centres and a travel assistance app means employees and organisations can access around-the-clock support, locate their travellers, and stay in communication throughout the journey when something goes wrong.
“Don’t compromise your employees’ safety for the sake of a cheaper flight with more stopovers or a hotel in a higher crime area. Consult the experts when unsure to fulfill your company’s duty of care and to ensure your team’s comfort and safety.”
Simon Cohen, Founder and CIO at Cohesis
“Creating a comprehensive business strategy demands meticulous assessment and meticulous minimisation of risks, especially within the realm of cybersecurity. It extends beyond identification of cyber threats; it’s about creating an impregnable shield encompassing physical, network, application, and data domains. This complexity amplifies for enterprises spanning multiple sites and utilising diverse on-premise and cloud applications.
“While technology forms the bedrock, the human facet is equally pivotal. Organisational leaders make pivotal choices, influencing technology integration, as well as policy formulation and adherence. Therefore, the strategy must coalesce both technological and human dimensions. It’s acknowledged that human-centric cyber attacks exploit psychological vulnerabilities, leveraging emotions like greed and fear. Being aware of these tactics is critical, and necessitates the fortification of both human and technical barriers.
“Embracing a holistic methodology to address both dimensions not only safeguards invaluable assets and data but also fosters trust among stakeholders and clients – pivotal aspects of an infallible cybersecurity strategy. In the digital landscape riddled with evolving threats, a blend of human insight and technological expertise is pivotal for an organisation’s cybersecurity defence.”