Enterprise Risk Management for Small Business: Implementation of ISO 31000:2009 International Risk Management Standard (Part One)

Deddy Jacobus
(This paper has been published by the IICIES)


Abstract
Profound in any small business is its limit access to two important resources: fund and qualified management team. For that reason, small business is doom to experience ‘unexpected shutdown’ due to its lack of working capital and or poor managerial decisions. Hence, of high importance is for any small business entrepreneurs to make sure that he or she does not waste any financial resources in their possession or make wrong decisions that could jeopardize their business. The author is confirmed that a solution to this situation is the implementation of enterprise risk management (ERM), ISO 31000:2009. ERM enables any small business to prepare a better strategic and operational planning, to manage its operation in a more efficient and effective way, to avoid any expected and unexpected losses, and to establish a sound culture of high performance organization. A small business entrepreneur can utilize its organizational limit and risks to achieve better return than his or her competitors. How is it possible and affordable for small businesses are the main issues will be discussed in this paper.

Key words: Enterprise risk management, small business, iso 31000

1. Introduction
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organizations that are most effective and efficient in managing these risks will, in the long run, outperform those that are less so (Wagner and Layton, 2007). For that reason, enterprise risk management (ERM) has now become an important consideration in all aspects of business, for big and small and medium enterprises (Olson and Wu, 2008).

Small business naturally faces limit access to fund and qualified management team, the fact that has contributed to its higher risk of ‘unexpected shutdown’ due to lack of working capital and or poor managerial decisions. One corporate collapse specialist describes small to medium enterprises crash as being one in which a company grows rapidly, even spectacularly, before suddenly crashing down to earth. Often fast-growing companies of this sort are led by larger-than-life, flamboyant personalities with a penchant for risk taking (Davidson, 2009). Davidson argues that an early warning sign of trouble ahead is when a shortage of working capital emerges. The company's rapid growth becomes uncontrollable, organization structure problems become more pronounced and the management and information systems become overloaded, leaving the administration of the company in disarray. It is not long before the former fast-growing company crashes spectacularly (2009).

How then a small business entrepreneur can be assured that his or her team does not waste any financial resources in their possession and no wrong decisions are made that could jeopardize their businesses? Many small businesses are now turning to enterprise risk management (ERM) as shown in recent study conducted by AON, a leading risk advisor. The study does not specifically address why small or medium businesses implement ERM but it does show us that 25 percent of the 201 respondents are small to medium businesses with less than US$ 1 billion of revenues (AON, 2010).

This paper aims to elaborate what ERM is all about, how ERM can help small businesses thrive and what does it require for small business managers to implement ERM by adopting ISO 31000:2009, one of risk management international standards available.

2. Risk, Enterprise Risk Management and ISO 31000:2009
An entity achievement of objectives is affected and may be affected by interactions with its internal and external context that trigger risks and uncertainty. What is risk?

In ISO 31000, risk is defined as “the effect of uncertainty on objectives” (Clause 2). This is a new paradigm of risk that accepts risks may have upside/positive or downside/negative consequences. This thinking is a major change from considering only negative consequences of risk.