Risk management


21st July, 2022

Understanding risk management for the mid-market

Don’t leave your business’s future success down to a roll of the dice. Risk management practices will help you prepare your organisation against unforeseen circumstances.

Risk management comes down to one crucial point: while you can’t control everything, like the market or consumer sentiment, you can prepare for the risks they and other factors pose to your business.

With so much that could happen, leaders are unlikely to be able to identify and manage every possible risk. It’s a matter of making educated guesses on behalf of the business.

What risks are you most exposed to and, if they ever did occur, which would have devastating consequences?

For example, weather event risks are both likely and potentially devastating if your business is in agriculture. For a service-based business, compliance or cybersecurity risks will be top of the list.

Read this next: Business risk assessment: what it is & why you need it

What is risk management?

Risk management is preparing for unwanted and unexpected changes in your business. Done well, it will help you identify, evaluate and prioritise potential threats to help your business stay one step ahead.

But many business leaders put off risk management, whether because of time constraints or a naïve belief that it won’t happen to them.

Whatever your approach, the worst thing you can do is nothing at all – facing and managing risk as part of ‘business as usual’ will be vital to the success of your business. You’ll mitigate the impacts of adverse events and may also be prepared enough to have an advantage over your competitors.

Common types of risks

Here are several types of business risks to be aware of, depending on the stage of your business and what industry you’re in.

Growth is, in itself, a risky time for business. You’ll be pushing your resources to their limits and working without larger companies’ established processes or fallback options. Below are the common types of risk that you should plan for.

Financial risk

Cashflow is always an issue for growth businesses, as expenditure grows while lag time between payments stretches out, representing a financial risk.

Business interruption risk

When you’re using every resource, any disruption – from a team member getting sick to a machine breaking down – can create enormous setbacks.

Digital risk

Many high-growth and mid-market companies have built their business around the efficiency of cloud technologies. This makes them particularly vulnerable to data breaches, phishing attacks and ransomware.

Natural disasters

Growing and mid-sized companies may be more impacted by environmental disasters. They may not have the built-in redundancy of a second manufacturing plant or a diversified offering, which could mean the business shuts down to repair the damage.

Examples of operational risk

Large, enterprise companies face many of the same risks as growing and mid-market businesses but are impacted to a lesser degree. Larger organisations have accumulated resources and contingency plans – essentially, built-in redundancy – to better manage negative events as they crop up.

For example, enterprise companies often have the same reliance on cloud technology as mid-market and growth companies but tend to have in-house expertise to manage attacks.


While not specific to enterprise business, the risk from suppliers can be particularly hard to manage simply because of scale.

Suppliers with poor health and safety practices, for example, risk the safety of staff and the organisation’s compliance.

Vendors with access to sensitive information or systems are weak points in data and cybersecurity.


All businesses face challenges from compliance requirements, but larger enterprises may struggle to manage changes, while different industries all have different regulations to stay on top of.

The end result means investing huge time and resource into retraining, upskilling and changing policy documentation, with a risk that there still could be pockets of the organisation operating outside of these new rules.


While reputation is important to any business, larger companies are often held to a higher standard than their small or mid-market counterparts. Any perceived breach of trust or ethical misstep could become so widely discussed it makes national news.

This risk is especially important for those operating in the B2C space – even a short-lived loss of consumer goodwill can be the gap competitors are looking for.

Common construction industry risks

With heavy machinery and hazardous work areas, construction is particularly vulnerable to health and safety risks, but those aren’t the only risks construction companies must plan for.

Safety risk

Accidents can and do happen. Managing for health and safety risks – and asking suppliers how they manage theirs – will help keep staff safe while protecting the company from legal consequences.

Project risk

Projects that don’t meet deadlines or have cost overruns – from weather, supply chain, financing, personnel or other issues – pose a threat to finances, reputation and the future of the business.

Legal and non-compliance risk

Even if a construction company operates to the letter of its obligations, it is still exposed to legal risk.

Construction projects attract huge investment, so error, accident or mismanaged expectations can have major consequences for stakeholders, who’ll use legal avenues to recoup losses.

Common manufacturing industry risks

The manufacturing industry has unique weak spots, such as facilities and a heavy dependence on the supply chain.

Personnel risk

Even with technological improvements, manufacturing businesses are still incredibly reliant on hands-on labour. With unemployment rates at an all-time low, companies need to plan for the possibility that they may not have enough people to remain fully operational.

Supply chain

Manufacturers are highly exposed to supply-chain issues. Every aspect of their business is affected – supplier relationship, manufacturing process and shipment of finished product.


As we’ve seen throughout the pandemic, entire plants can be closed at a single government restriction. This has highlighted the importance of a contingency plan and taking steps to mitigate any instigating factors.

5 steps to risk management and mitigation

1. Expect the unexpected

Dive deep into operations, personnel, equipment, legal, property and location, and look at functions from every angle to spot potential risks. If the worst doesn’t happen, you’ll be ready for an unexpected opportunity.

2. Build supply-chain backups

The global pandemic and ongoing war in Ukraine have highlighted how vulnerable companies are to supply chain disruptions.

A comprehensive risk analysis should identify backup sources.

3. Involve everyone

Risk management should include all staff, from the board of directors down.

When the entire company understands the strategy and mitigating practices, it will be easier to implement the contingency plan.

4. Get agile

As we saw through the height of the pandemic, the organisations that thrived could quickly diversify or adapt.

Efficiency and visibility are central to that agility. These equip you to identify what is and isn’t working, and then make fast changes.

5. Take control of finances

For many businesses, maintaining a cash cushion isn’t always possible or even strategically wise, but funding contingencies are a good idea.

Do you have lines of credit ready to go? Is there expenditure you can cut at short notice?

Visibility over your finances and a strong hold on your cashflow are crucial to helping you weather any storm.

How using an ERP system helps reduce risk

Through automation and better use of company data, ERP systems work to reduce a company’s risk exposure. Here’s how:

Reduces human error

Good ERP software will automate tasks and centralise data to significantly reduce the risk of human error – a key instigating factor in many common risks, from non-compliance to mismanaged projects.

Data improves decision-making

By aggregating all company information into a single cloud system, companies are better positioned to predict problems and mitigate damage.

Built-in security

Good ERP systems will have built-in, constantly updated security protocols – ask your vendors how they address the risk of cyberattacks with regular updates, backups and contingency planning.

Streamlined operations improve agility

With processes streamlined by an excellent ERP system, companies are better equipped to respond quickly to changing conditions.

Stay proactive and agile

Risk management isn’t set-and-forget. Regardless of industry, it’s an ongoing process of assessing and preparing for the worst.

To ensure your business is fully prepared, you need built-in efficiencies and access to accurate, timely insights. An ERP is a crucial part of that equation for all but the smallest companies – especially those occupying the complex, mid-market space.

With MYOB’s cloud ERP software, you’ll have everything you need in one place to manage your business securely. Find out more today.