Tax & Accounting Blog

Guide to risk management in your accounting practice

Accounting Firms, Blog, Business Practices, Business Strategy & Development, Organisations July 25, 2014

Whether you have a formal or informal risk-management program, effective risk management is essential to operating a successful practice in a volatile and uncertain environment. Here are five tips to implement effective risk management in your practice.

Size doesn’t matter

No matter what size your practice is, reducing risk is critical to your long-term survival. Smaller firms can use risk management thinking as part of the strategic planning process to help them grow, while larger firms can use risk management to capitalise on opportunities and protect existing business.

Start small. Start with a SWOT

Understanding your firm’s strengths, weaknesses, opportunities and threats (SWOT) is the perfect starting place for any firm to think about and manage risks. The weaknesses and threats you identify in your SWOT are effectively risks. But don’t stop there – once you’ve identified the weaknesses and threats, develop formal actions and strategies to address them.

Formalise risk management processes

As your firm grows and you employ more staff, increase the services you offer and take on more clients, the sources and types of risks you’re exposed to will also grow. Your firm’s risk profile will change over time. The SWOT analysis that has served you well in the past won’t be broad enough and it will become limited to strategic risks.

Once this happens, you’ll need to develop more formal risk-management practices that include defining your risk appetite, establishing a formal policy and plan, integrating risk management into business processes and developing formal risk-assessment documents to proactively evaluate, monitor and report risks.

Remember that risk management is not limited to your ‘risk management’ documents. Your policies, procedures and practices from recruitment to marketing and service delivery are all risk-management enablers. These policies and procedures are controls for risks because they define how things are done, so ensure they are working effectively, streamlined, automated and appropriate to your practice.

Maintaining the culture of risk management

Once you’ve formalised risk management, it’s a matter of maintaining the momentum and keeping risk management front of mind. Continue reviewing risk registers and focus on improving processes and controls. Address and learn from small incidents that occur before they grow in size, frequency and impact.

As firms grow, one pitfall is ‘risk blindness’. Risk blindness has nothing to do with simply not seeing the potential risks. Risk blindness occurs when the leaders of the practice become so fixated with various initiatives like adding new services, employing more people and winning new clients that they forget to implement strong risk-management systems to support these initiatives and adequately manage the potential risks.

So what about the soft and fuzzy side? What about the risk culture?

Creating a risk culture

Risk culture is not separate from the organisational culture. It is simply another dimension whereby concerns and opportunities about risk taking and risk-control activities can be raised openly and discussed. For example, in one mid-tier practice, the partners have a systematic risk-assessment process of each prospective new client.

Maintaining good risk-management systems and processes as well as a strong risk culture is critical for firms of all sizes. It prevents ‘risk blindness’, ensures risk taking is within the parameters of your risk appetite, reduces unexpected surprises and keeps you on the path to success.