13 Typical Business Risks

Published by admin on


Every business is different, but we have developed a list of 13 typical business risks that all organisations face and all organisations aiming for ISO certification should think about. In addition to these 13 typical business risks, your organisation will have its own particular business risks. These risks will need to be discussed with staff and other stakeholders to ensure you properly understand them.

ISO Requirement

The ISO standards expect organisation’s to identify and evaluate these risks. We recommend risks be recorded in something a risk register, SWOT analysis or similar. This record should also document the controls, the responsibility for the control and any related legal responsibility.

Mitigation Strategy

This article suggests some examples of typical processes used to manage these risks and help you in developing your own.  These are only example control processes and an organisation can take their own preferred approach.  Importantly, the controls must be reviewed to ensure they are working and are effectively controlling the risks.

Risks Control Processes

Once risks have been evaluated, controls to manage those risks must be actioned via one or more processes. These processes are likely to include some or all of the following:

  • defining responsibilities and accountabilities
  • training and competence assessments
  • supporting documents (policies, procedures, forms, records, job descriptions, etc)
  • review activities (testing, inspections, audits, reviews, meetings, etc)
  • supporting software tools such as:
    • GRC (Governance Risk and Compliance),
    • ERP (Enterprise Resource Planning),
    • CRM (Customer Relationship Management),
    • LMS (Learning Management System),
    • DMS (Document Management System),
    • Other systems.

Risk, Consequence and Control Table

RiskPossible Uncontrolled ConsequencesExamples of control processes to be implemented


 Financial instability, organisation’s future jeopardised, difficulty funding activities Managing sales pipeline, competitor analysis, marketing, efficiency studies, buying strategies, review of assets, etc.
2  Prosecution, reputation damage Identification of the compliance requirements, identification of the methods used to confirm compliance, process for keeping abreast of changes to requirements.

Customer Satisfaction

 Poor sales, non returning customers, reputation damage, rework, disputes and compensation claims Identification of the requirements. Identification of the methods for meeting those requirements, identification of the methods used to provide proof of meeting the requirements, process for managing changing customer needs, processes for obtaining and acting on customer feedback.

Employee Satisfaction

 Poorly motivated and unreliable workforce, limited improvement opportunities, high staff turnover. Processes and routines for consulting and communicating with employees are established. Performance, pay and conditions reviews.

Physical Assets

 Asset failure, reduced productivity Processes for managing inspection, service, maintenance and repair of physical assets. 


 Failure to meet goals / KPIs or commitments.  Wasted resources.  Worker fatigue, worker dissatisfaction, disloyal workforce Management of resourcing, engagement, training and competence and performance management.

Emergency situations

 Injury, illness, death or environmental harm, compensation claims, prosecution, reputation damage, personal liability Planning for emergencies, reviewing and testing plans both before and after an emergency situation occurs.

Defective work

 Failure to meet commitments. Wasted resources.  Poor customer satisfaction, disputes and compensation claims Manage defective work or products. Taking action to correct defective work or products. Managing customer complaints. Managing grievances. Performance management.


 Failure to meet commitments. Wasted resources.  Poor customer satisfaction. Define and document purchasing requirements, approving suppliers, incoming goods checks.

Maintenance of Knowledge

 Poor understanding or varied understanding of requirements.  Loss of knowledge with staff turnover. Ensuring the requirements and knowledge established by the organisation is defined, retained, controlled and appropriately communicated.

Process Conformance

 Failure to meet commitments or Business requirements. Nonconforming or noncompliant work.  Poor customer satisfaction, disputes, claims.  Legal compliance issues. Review processes to ensure compliance and conformance with requirements.  Ensuring that records providing evidence of compliance and conformance are established and retained as required.


 Loss of market share to competitors. Development and improvement of the organisation, its processes and its knowledge


 Failure to consider future changes to requirements, the workplace and the market resulting in failure to manage risks.  Suffer the effects of uncontrolled risks. Identifying new risks or changes to risks and ensuring appropriate action is taken to manage them.  Ensuring persons affected by risks are consulted.  Checking controls are implemented and effective.
13 Typical Business Risks

Although not listed under the 13 typical business risks, some other risk topics you want to consider are detailed below:

  • Operational safety, quality and environmental risks which includes the use of high risk tools and equipment, materials and conducting high risk activities such as construction, mining, work at heights, etc
  • Business Continuity risks follow natural disaster, pandemic, sudden loss of key staff member, etc
  • Indirect risks such as the supply chain, subcontractors, exchange rate fluctuations, etc.

Also consider our article using the Pestle analysis to identify risks which may help you identify further risks.

If you need help identifying and evaluating your business risks and developing appropriate controls to manage them, then contact us. We will be delighted to help you.


A word from the Managing Director: “We aim to establish long term, mutually beneficial working relationships, helping organisations850 grow and avoid the pitfalls that many fall into. Too many organisations feel their certification is a burden. We want to help organisations realise the benefits of effective management systems and certification”


Leave a Reply

Avatar placeholder

Your email address will not be published.