Food & Bev: A Three-Step Process for Risk Management

Learn how to conduct a simple risk assessment so you can identify, assess, and manage risks based on the likely impact on your food and beverage company.

During the normal course of business, it's no secret that food and beverage companies face multiple risks. Right now, though, we are in extraordinary times in which food and beverage companies are facing fear, uncertainty, and doubt—or worse, shutting down.

Businesswoman knocking over dominoes

Risk management has perhaps never felt more relevant. As we head into a future where businesses will reopen again, now is a great time to conduct a simple risk assessment so that you can identify, assess, and manage risks based on the likelihood and impact on your food and beverage company.

And while the job of risk management can seem overwhelming, here are the only three steps you need to get started:

  1. Understand the risks your company faces.
  2. Assess and address individual risks and how they are being managed today.
  3. Decide how you will manage risk overall by avoiding, retaining, controlling, or transferring it.

Having conducted a risk assessment, you can not just survive during future impactful events, but also thrive.

What Is Risk Management?

Risk management is a process that includes four functions: planning, organizing, leading, and controlling business activities to minimize the adverse effects of business losses.

Some common terms used in risk management include the following:

  • Risk avoidance is the elimination of risk by choosing not to take it on.
  • Loss control is a way to reduce the probability of the risk or minimize the loss.
  • Risk retention is managing unavoidable risks when insurance is not purchased or it is too expensive for the risk.
  • Transferring risk can come in the form of insurance and non-insurance approaches (for example, contracts).

A company's ability to weather storms depends on how seriously it takes risk management when the sun is shining and no clouds are on the horizon. Risk isn't necessarily something we choose to focus on when things are going well, but that's the time that we should be doing it.

Let's now look at the three steps to simplify your risk management.

1. Understand Your Risks

The first step in a risk assessment is to understand the categories of risk your company faces.

Infographic showing categories of risk your business may face

This includes:

  • Natural hazards like fire, earthquakes, wind storms, hurricanes, and so on.
  • Man-made hazards such as war and terrorism.
  • Financial risk including credit risk, liquidity risk, bankruptcy risk, interest rates, etc.
  • Operational risk including production breakdowns, supply chain issues, distribution issues, and more.
  • Strategic risks such as fluctuations in demand, technological advances, economic cycles, and so on.
  • Information risk like data breach risk and confidential corporate information.
  • Compliance risk includes penalties and fines due to non-compliance with organizations like the FDA and other governing bodies, and resulting lawsuits, reputation loss, and more.

Within these categories of risk, there will be risks unique to your own food and beverage company.

Here at Woodruff Sawyer, we've identified a sample of organizational risks to consider, which you can access by contacting me directly (contact details at the end of this article). The goal is to identify those risks applicable to your food and beverage company, then decide if you will self-insure or insure based on your risk tolerance.

2. Assess and Address the Risks

Once you have identified potential risks, you want to assess their magnitude and how they're currently being managed within the organization. You can create a simple spreadsheet with the following columns to assess and address risk:

Table outlining types of risk, how it's currently managed, and the impact it may have on business.

  1. Document the risk. Simply document what the identified risk is, for example, "product recall."
  2. Describe the risk. For product recall, the description might be: "distributing product to retailers that is sold to end consumers and makes someone sick."
  3. Document how the risk is currently managed. Using our example, you might say: "Quality control, compliance with regulations."
  4. List any comments and concerns. Those might include: "Failure of quality control process, reliance on technology, product recall that could harm multiple people and damage brand reputation, negative media."
  5. Weigh the impact of the risk.Here is where you would weigh the risks from "insignificant" to "catastrophic."
  6. Weigh the likelihood of the risk. This is the likelihood the risk would happen, from low to high.
  7. Calculate the total risk. The risk assessment tool will provide your risk score, which will be plotted on a heat map to visualize your risk.
  8. Document how you will address the risks. Document your ideas here. Building on our product recall example, you might say: "Frequent meetings with QA/QC to monitor systems and processes, additional training for employees, tabletop exercise, establish product recall response team." 
  9. Assign the person or people responsible for managing the risks. Here, you can document who within the organization will be managing the identified risks with a target date to complete the actions.

Woodruff Sawyer has a risk assessment tool that makes this process easier (which you can get a copy of by contacting me directly—see contact info at the end of this article). Using the tool provided, you will generate a risk score. This will then be plotted on a heat map to visualize your risk.

Here's an example:

Risk assessment heatmap showing product recall, employee theft and earthquake

For this example, we can see that the likelihood and the impact of a product recall is on the lower side.

3. Manage the Risks

Now is the time to look at the big picture of risk management. Every day, there are decisions made in your company that can impact your operations. Understanding your risk appetite and the different options you have to manage those risks will help you make better decisions.

If you know there are certain risks you will have to retain, the next steps are to think about how to mitigate that risk internally or transfer it.

Remember that once you've decided to retain the risk, it resides in your financials on your balance sheet. So you have to ask: Are we strong enough to take on this risk? Do we feel we can pay for it if it happens?

That's where you might look into transferring some of that risk via insurance. When you buy insurance, you pay a premium for the insurer to take on your risk.

We like to use a quadrant to categorize risks based on the likelihood and the impact. We then use that to decide if the risk should be retained, controlled, transferred, or insured.

Risk quadrant map showing impact level of insignificant events versus catastrophic events

A Note on Leadership's Role in Risk Management

Senior leadership plays a significant role in the success of risk management. Leadership must invest in and be accountable for risk management programs. Leadership's objective should be to proactively prevent risk rather than reactively correct it.

Here are some of leadership's primary responsibilities for a successful risk management program:

  • Walk the walk: Build a proactive, risk-conscious culture throughout all levels of the organization. Show your employees you are involved as the CEO, for example, by going down to the manufacturing plant and getting a better understanding of risk first-hand.
  • Design a risk management program Decide who will sponsor it, how it fits within your organizational structure, and who will govern it so that it remains relevant.
  • Establish a communication plan:Define how and when risks will be communicated, both within the company and to external stakeholders. Ensure risk management deliverables provide information that is easily understood and used for decision making. Remember, you have three generations in the workforce now, and all of them like to learn and communicate in different ways.
  • Talk the talk: Discuss risk during decision making and request risk information when preparing for a company decision.
  • Evaluate risks: Consider business objectives when evaluating risk, some risks are worth the rewards.

Risk management assessment can seem like a daunting process. But if you start by following the steps outlined in this article and use the tools available, you should have a good foundation for establishing a risk management plan.

While risk management does not make your food and beverage company immune to risk or to making mistakes, you will fare better when you have a good understanding of the risks, and have processes and risk transfer products in place to minimize them.

To get access to the risk management tools and resources mentioned in this article, please contact Jeanna Madlener at or 503.416.7914.



Table of Contents