All businesses need to take operational risks into account. By operational risks we don’t mean calculated commercial risks; rather risks to the processes and to the key assets that a company needs to be able to operate. Some examples of such key assets are facilities and offices, key staff, machinery, but an exhaustive list should also include IT-systems, supply chains, access to key components, intellectual property, and others. Other more complex areas that need to be viewed from a risk point of view are data safety, covid controls, and political sensitivities.

The urgency of assessing and managing risks is perhaps truer in Hong Kong now than it was a few years ago. This is due to the changing political landscape in Asia, the growing influence of China, and the many uncertainties surrounding covid and covid management. Many risk management specialists will advise companies to build resilience into operations, and into the supply chain, meaning that processes should be set up to include potential threats and failures. This allows a company to build defence lines around key assets. There are many ways of building a resilient system, and one core aspect is having a proper inventory of key assets and having an overview of key risks to these assets.