Risk Management in Accounting: A 5 Step Guide

Risk management in accounting? What’s so risky about being an accountant?

On the surface, accounting may seem like a pretty “safe” career path. Just think about how many times it’s been used as the fake job for an undercover spy in the movies. It offers the perfect disguise to that action-packed side of the double life that the character leads on screen. A calculator, desk plant and open tab of spreadsheets sure does seem secure compared to base-jumping out of a helicopter–shaken martini in-hand. 

But this isn’t the movies. We don’t need to dream up potential threatening scenarios. Unfortunately, risk lurks at every corner–even at the edge of your accounting office’s door. 

That’s why it’s essential for any accounting firm–small or large–to have a risk management plan in place. But before we get to the how part of putting one together, we’ll first walk you through the what and whys of risk management in accounting. Let’s get started. 

What’s Risk Management?

Risk management is defined as a process used to identify and assess threats to your accounting business. The risks can vary greatly and can be related to legal or financial uncertainty, security and data threats. They can involve your actual accounting work or extend to HR or people management areas of your business. A risk management plan will outline the approach for how you are going to handle both of these seen and unforeseen risks. 

Risk management plans are essential for any business to have before they start to operate and take on clients. But also a good practice to keep up on a regular basis. Going through the exercise of making these plans will help you identify vulnerabilities and plan for worst case scenarios. In order to best create a plan for risk management in accounting, it’s important to first understand what is considered a real risk in accounting, not to mention business in general. 

So What’s at Risk for Accountants?

The risks that companies face typically fall into three categories. Each category will require a different risk-management approach, so it’s important to understand the differences between them. Plus, each category and it’s solutions are industry specific. We’ll get into the solutions for risk management in accounting later.

The 3 Categories of Risk

1. Preventable risks: These are risks that arise within your accounting business that won’t generate any strategic benefits. You can think of these as situations that could be related to people management. For example, say you want to stop working with a junior accountant because they call out of work too often, but you never established an employee handbook outlining attendance policies. Taking on employees without proper compliance paperwork in place is a risk, the employee could file for wrongful termination or leave a bad review on a jobs site stating unfair business practices. To plan for situations like this, you could create a handbook and outline scenarios that can help protect your business. 
2. Strategy risks: These risks are different from the above in the way that they are anticipated and taken for superior strategic returns. An example of a strategy risk could involve going with a new daring marketing strategy that sets you apart from your competitors. The risk could be that it could set your business too far apart from the others and it won’t attract new customers and it turns off existing clients too. However, the risk could have been taken and worked out in your favor. Strategy risks may be worth taking, but require distinct processes that encourage stakeholders to openly discuss risks and find cost-effective ways to reduce the likelihood of risk events or mitigate their consequences.
3. External risks: This kind of risk is described as uncontrollable and takes place outside of your accounting business. The pandemic can act as an example of an external risk. 46% of accountants surveyed by Accounting Today in May of 2020 reported client attrition as a top concern for their business. External risks like strategy risks also require planning for, including cost-effective ways to mitigate the damage of, in this case, unforeseen circumstances. 

When thinking about risk management in accounting, you should consider these three areas of risks and try to think up relevant scenarios for each area so you can do your best to solve them. 

Potential Risks for Accountants

Now that we’ve covered the idea of general risks to pretty much any business, let’s take a closer look at the risks more related to accounting: 

• Cyber Crime: Anyone can experience a data breach, but it can be especially damning when your accounting clients’ data is breached. Whether you had safeguards in place or not, something like this can lead to a lawsuit against you or your firm. Beyond data breaches, you also have to worry about ransomware attacks, cryptojacking and company-wide cloud attacks. 
• Accounting Board and State Law Requirements: To operate as an accountant you need to obtain specific certifications and abide by state and board regulations. Failure to do so, even if the omission was unintentional, can not only cost you business and make you liable to pay fines and penalties, but also puts you at risk of undergoing a criminal investigation. 
• Bad Reviews: Online reviews can make or break any business in today’s digital-first world. People rely on reviews to help them make decisions. One really bad review can turn off a slew of potential new clients. 

Risk Management in Accounting: 5 Steps

Now that you understand how your accounting business may be at risk, let’s look at how to plan for these dangers. Again, a risk management plan is a strategy that will help prevent risks from happening and can set a plan of action in the event that a potential risk occurs. While these steps are broad, ensuring that you and your team apply these steps to risk management in accounting is crucial for their utility.

Here’s how to get started: 

Step 1: Identify 

The first step in risk management involves you identifying areas of vulnerability within your accounting business. You’ll want to account for preventable, strategy and external risks. 

Step 2: Analyze

Next you’ll want to try to estimate the potential severity of each risk and the likelihood that it might happen. In doing this exercise you can also rank the risks according to their degree of severity. 

Step 3: Minimize

Once you perform a risk assessment and analyze each potential danger you’ll want to think through ways to mitigate the worst case scenario for each risk. This could include purchasing Cyber and Liability Insurance, contracting an IT consultant for digital security help or working with an HR partner to establish a code of conduct. 

Step 4: Communicate

Be sure to loop in your staff if you didn’t consult them throughout the planning process and train them in the risk management procedures you established in the plan. 

Step 5: Monitor 

New risks can arise at any moment, so it’s important to keep your risk management plan agile and be ready to evolve strategies when needed. Be ready to know how to identify potential risks before they escalate and work to create safeguards for the newly identified areas of concern. 

Insurance for Accountants 

While there are so many elements to running a business that you can’t control, it’s important to focus on what you can. While risks are an inevitable part of life, you can do your best in planning and preparing for them. It’s kind of how a good accountant manages their client’s assets. Sure your client’s bank account may be healthy today, but what’s sustaining it and how could that change tomorrow? 

When it comes to risk management in accounting, risk transfer is the real solution. Coverage like professional liability insurance can help your accounting firm withstand the risks of errors and omissions. Find out more and you can also read about all the insurance policies that accountants need in our related blog post.