Why SME’s shouldn’t ignore Risk Management

Many people think that risk management is only for large corporations. This is not the case! Risk management is a NECESSITY FOR EVERY BUSINESS. The hard part is to properly align risk management processes to each unique organisation.

The world is undeniably riskier. Change is ever more rapid, and this has been accelerated by COVID. Increasing digitisation of business processes will inevitably increase cyber-security risk. The world is still highly connected, and McKinsey estimate that supply chain shocks will reduce profits by 42% of annual EBITDA profits every 10 years. Geopolitical risk, climate change, border closures and business disruptors (new business models, social media etc) will all play a part.


It’s important not to let risk slip off the radar, and for to you be aware of possible issues. Talking to people in your industry can give you insights from other perspectives. Being sucked into day to day operations can leave no time to think about strategy and risks. Moreover, when implementing these strategies, try to consider the related risks by staying close to your business analysis and industry trends.  Talking to a CFO, who with a wealth of experience and a fresh pair of eyes may give you new perspectives and insight!


Decide how much risk you are willing to accept. This depends on the operational and financial strength of the organisation, as well as the business strategy and your risk versus return profile. What’s the takeway? Risk is part of doing business, but make sure it is within your limits, and you are in control.


  • Understand how to mitigate risk, e.g. insurance, experts, financial tools or internal controls.
  • Work on simple scenario modelling to understand implications and solutions. Simple cyber security audits can also be useful.
  • Curtail activities that exceed your risk limits.
  • Restructure staffing so that owners/managers have some time to think about risks and strategy.
  • Ensure risk management is embedded in the organisation.
  • Ensure internal controls are in place so you have confidence that risks are controlled and reported.

Risk management is a must do. To be successful it needs to be correctly sized, using appropriate techniques. If this is not done, risks can damage or destroy the business. Too complex and it will detract from the real world task of running the business (and probably wont get done anyway!).

Gary Campbell is a CFO Centre Principal based in Melbourne, Australia, advising SMEs on finance, strategy and governance. He is a qualified accountant, MBA, and graduate of Australian Institute of Company Directors. He can be contacted on [email protected]

Hire a superstar part-time CFO

To help you increase cash, profit and valuation and free you up from the burden of day-to-day operations.