Once a year, you go to the doctor. You get an EKG and some other tests; the doc listens to your heart, peers into your throat, and tells you to lose weight, and you go home with a general feeling of well-being.
Why don’t you do the same thing for your company? Public companies have Sarbanes-Oxley anti-fraud law, utilities have SCADA (supervisory control and data acquisition), nonprofits often have requirements to meet to maintain eligibility for positive ratings. While small and medium-sized businesses — and especially startups — do not labor under onerous audit requirements, they should still be building an annual risk assessment into business plans.
Here are some areas all businesses should review annually, either through internal processes or with outside…
