Businesses should review their risk assessment for advertising given the recent increase in enforcement action by ACCC and ASIC and the consequences in terms of penalties and reputation.

How can you do a risk assessment review?

When assessing risk you look at the probability of an event occurring and the seriousness of its impact if it does occur.

You also look at what you can do to reduce the probability of the event occurring and to mitigate the losses if it does occur.

For advertising, the likelihood of a problem depends on the volume of advertising you do, the complexity of your products and services, the variety of advertising methods you use, your compliance processes and the resources you have to monitor and check ads.

The recent Optus and Apple decisions show that penalties are now millions of dollars.

Would such a penalty be catastrophic for your business?

Your decision is: if a problem is likely do you live with the risk (if it is small) or try to prevent it?

But judges have emphasised that breach penalties should not be regarded as a cost of doing business.

If the consequences of not preventing a breach are serious what can you do to mitigate them?

If the probability of a breach is high and the seriousness is high, can you avoid the risk or can you increase preventative action?

Do you need new processes or more resources?

Do you monitor risks regularly to see whether they have moved from low risk to high risk?