Knowledge and Insights

5 Tips for Managing Risk at Your Organization

Person toeing the line of managing risk

You have heard the phrase “risk management” over and over again, but have you taken the time recently to step back and really think about what that means to your organization?  Speaking as a board member of an organization for a moment, it’s my job to understand how my organization thinks about and manages risk.  Who is responsible for monitoring and managing risk at an organization?  Is it the CEO or is it the Chief Compliance Officer, or is it the Board?  Quite frankly it’s everyone.


What exactly is risk?  And how do you know what you should be looking for? Risk comes in all shapes and sizes including business risk (cash flow, deferred maintenance costs, staffing challenges and the like,) to economic (banking crisis, inflation, recession) to health and safety (gun violence, work/life balance, healthy workplace), to technology advances and security (phishing, spoofing, cybercrime), to business reputation.  Just typing this out makes me overwhelmed! But, fear not, I’m here to help – below are some helpful tips for managing risk at your organization.


Tip #1 – Develop a formal risk management process.

At Mercadien we encourage our clients to take a formal approach to risk management.  This means that periodically, you gather together the team of people at your organization (which can include board members) who represent every aspect of your organization (sales/business development, client relations, finance, HR, operations, marketing/public relations, etc.), and you discuss the current state and environment in which you operate.

Based on this discussion, you can develop your risk profile and inventory and then rate your risks as high, medium and low in both impact on your organization and likelihood of occurrence.  Once you have gone through this rating process you can list out your risks highest to lowest and assign out the appropriate team member to manage that risk.   In the assignment process:

  • Assign the risk management process at the board level. It can be part of your audit committee charter, or finance committee in its absence.
  • Assign the risk management process at the Senior Leadership level. This can be a compliance officer, operations or finance officer.
  • Address the matter at least once a year, even if it’s to say you don’t need to do a full risk update at this time.
  • Don’t dismiss crazy ideas…. No one put a pandemic at the top of their risk inventory, but it surely disrupted the entire world and how many businesses were really ready for it?  If you had listed it on your inventory 4 years ago it would probably have rated “high” on impact, and “low” on likelihood.  How would you rank this today?

Tip #2 – Review your insurance coverage on a regular basis and make updates if needed.

You should meet with your insurance agent at least once a year.  It’s their job to know your organization and its risk exposure, so they can talk to you about events they have seen impact organizations like yours in recent months.  They can help guide you in updating your coverages and determining the right amount of insurance for the cost (cost/benefit).

Tip #3 – Educate employees at all levels on risk management.

Be sure that you talk to your employees (and Board) about risk management.  They play a part in the process too!  While you don’t have to deploy scare tactics to get the message across, everyone in your organization needs to understand its potential risks, what is being done to handle them and how everyone plays a part in the process.

Tip #4 – Provide regular risk management trainings for your staff.

One of the best ways to mitigate risk in your company is to train people about what to do in certain situations.  Everything from shelter in place, to emergency calls, heart attacks, and phishing scams.  We may all have that defibrillator hanging in our hallway, but have we revisited who is in the office post pandemic and do they have training necessary to use it? You should review your risk management training process on a regular basis and make updates if needed. Your trainings should evolve with the times.

Tip #5 – Consider engaging a third-party to perform a formal risk assessment.

The general rule of thumb is that you should conduct a formal risk assessment once a year. A third-party risk management expert, like our team at Mercadien, can do the heavy-lifting for you and provide a comprehensive assessment of your risks and provide recommendations to mitigate those risks. We can also take a look at your internal controls and offer solutions for improvements.


Risk management is a critical aspect of your operations, but it can be overwhelming to keep up with. That’s why organizations of all sizes have called upon Mercadien’s team of experts to assist them in effectively identifying and managing risk. If you would like to discuss your path forward to better risk management and find out more about how our team can help your organization,  contact us today.

DISCLAIMER: This advisory resource is for general information purposes only. It does not constitute business or tax advice and may not be used and relied upon as a substitute for business or tax advice regarding a specific issue or problem. Advice should be obtained from a qualified accountant, tax practitioner or attorney licensed to practice in the jurisdiction where that advice is sought.