Risk and Governance


Welcome to the third part of my four step programme which is aimed at helping you build a stronger, more reputable and sustainable business.

Our first theme explored ‘gaining the competitive edge’, looking at the value of a client centric approach and the importance of strong product or service knowledge.

Our second installment focused on developing purposeful communication and effective networks within your business.

Within this piece, our third chapter, we look at ‘risk and governance’; understanding what this really means for organisations of all sizes and why taking very simple steps towards compliance and risk aversion is a solid investment for your business.

Each of our four themes are interdependent, so this is a crucial step in helping you move towards excellence and build a stronger, more reputable and sustainable business.

Although there are two clear subsections within this topic (risk and governance), they are tightly interwoven, as you will see in the definition, and differentiations, outlined below.

As such, we will explore these two elements together.

Risk and Governance

Starting or running a business, particularly a small business, can be a big enough challenge without the added difficulties of becoming aware of, and implementing, all the necessary rules, regulations and risks that it might face. 

Rules, regulations, policies, procedures all sound so dull, restrictive and distracting from the day to day of getting the job done but understanding and applying the relevant regulations is an essential part of creating a secure and sustainable business.

My advice to you is this; ignore these at your peril!

Corporate governance does not discriminate against company size, so adhering to corporate governance principles is just as important for a multinational company as it is for the owner of a local restaurant, florist shop or service provider.

Governance is the combination of processes established and executed by a business that are reflected in the organisation's structure and how it is managed and led toward achieving its goals. 

Risk management is predicting and managing risks that could hinder the organisation from reliably achieving its objectives, and compliance means conforming with stated requirements.

Risk controls are the activities implemented to mitigate risks; controls may attempt to reduce the impact of risk to your business, or completely prevent risk from occurring in its entirety.

The Warning Lights

All too often when we are hit with a crisis within our business it has been a case that the signs were there, and we chose not to act on them. 

Take the analogy of the red light flashing on the dashboard of a car. How many of us will take a chance and continue driving despite the glaringly obvious (or even dangerous) signal that something is wrong? When this happens, it is only a matter of time before the car breaks down or falters, leaving us high and dry, angry and frustrated, but we only have ourselves to blame!

This analogy is not lost in business. Not paying attention to the warning signs and putting plans in place to mitigate against these has been the downfall of many small businesses. 

What is Corporate Governance

Corporate governance is a control mechanism put in place to promote transparency, accountability, and ethical behaviour in businesses, forms an integral part of a corporate governance framework. Ultimately, a corporate governance framework helps a business to be sustainable, establishes closer relationships with its stakeholders, and importantly prevents investment scandals and minimises the risk of fraud.

At its’s most basic, making sure your business is properly insured is essential to protect yourself, your staff and customers. It is also important to take into account a health, safety and environmental regulatory regime, however, there are a whole host of laws governing areas including data protection, paying taxes and national insurance as well as rules governing employment of staff.

A little bit like the laws of the land they govern how we should behave in business and we then have a responsibility to interpret and apply these to our specific business context.

Why would you invest in a company which is out of synch with the needs of society, that does not take its social compliance in its supply chain seriously, that does not think about the costs of externalities or of its negative impacts on society
— Paul Polman, former Procter & Gamble president for Western Europe

Take the example of the General Data Protection Regulations (GDPR), a strict set of guidelines about what we can do with customer information. The implementation of this within all businesses who hold or process information on customers resulted in a huge awareness raising campaign to help enable business owners and managers to ensure they were compliant.

For many, this may have felt like a painful exercise but was a necessary part of building a sustainable business who could continue to operate in a legal way.

How to manage Risk and Governance in my Business

So how do we adopt a ‘risk mindset’ and factor governance and regulation into our everyday practices in business?The honest answer is that this will depend on your business.

To illustrate further, let’s take the example of the humble tomato and explore risk & control in two very different supply chains. If I grow a tomato in my own back garden I want to be sure it is safe before I eat it, so I look at the risks.

It may not be clean, (risk) so I pick it off the vine, bring it indoors and rinse it below the tap (control) before I eat it. As this is a simple supply chain, there is limited risk, therefore it is reasonable to conclude that minimal risk means minimal requirement for controls.

Now let’s look at the tomato on the supermarket shelf, and the number of additional steps involved in the journey from planting to plate. At first the tomato seed is planted, then fertilised, harvested and transported to a factory where it is packaged and refrigerated before transport.  Once it reaches its destination it is stored before the consumer makes the purchase. The tomato is then further transported to the home, refrigerated and finally, eaten.

In this instance there are considerably more steps in the process, all of which will carry a number of risks that need to be mitigated.  Examples of this include the use of legal pesticides and fertilisers; meeting transportation and storage regulations; packaging conventions and storage conditions and finally, where and how long it is displayed on the supermarket shelf. 

Here the supply chain is much more complicated with significantly more processes. In this case there are therefore more risks to consider, which results in an increased number of control requirements. So, what does this tell us? 

Assessing and implementing risk management in any business is as simple or as complicated as the processes involved within the business itself. 

Fear Not

Luckily this doesn’t have to be the mammoth challenge that you may have first feared. 

The key to any good corporate governance framework is to have a well-documented system of your company's policies, procedures and processes, and to ensure you keep a good record of your insurance policies and documents.

These are simple to write and implement and add structure to your business.

There are many free templates available online to download and a good starting point for these include the NI Business Info website.

A documented system helps ensure that your business runs smoothly, it helps to train new staff and gives employees a clear sense of how to operate within the business.

This process will help you identify and address risks associated with your business operations and activities, will help your business adapt to sudden changes and help mitigate against threats.


So, to sum it up, adhering to corporate governance principles, whilst it may seem painfully dull, is absolutely essential to safeguarding you and your business.

The upside is that investing the time to create a strong set of policies and regulations that meet the financial, legal and corporate requirements of your business will ensure that you are putting in place a series of useful checks and balances for the growth of your business.

A strong and transparent set of policies and regulations will also help:

  • Secure contracts (think about the tendering process and the legal documentation requirements)

  • Act as a tool against fraud and corruption

  • Allow for quality control

  • Reduce the risk of losing money

  • Improve efficiency

  • Promote sustainability in business operations as the company size increases.

Developing a corporate governance framework is a very straightforward process which can be undertaken by the business owner, or a group of advisers/consultants (paid or volunteers).

Finally, don’t forget to ensure that one you have created your policies and procedures that you communicate these to your stakeholders!

Gavin Friel