Business Risk Management: ‘Protect Against Unthinkables’–Loss Due to Damages, Legal Liabilities, Fines, Crime, Strategic Relationships, Disasters…

“The first step in the business risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning.” ~Charles Tremper

Business Risk Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

An ‘Inc. Magazine’ article writes: Every business encounters risks, some of which are predictable and under management’s control; others are unpredictable and uncontrollable. Risk management is particularly vital for businesses, since some common types of losses—such as theft, fire, flood, legal liability, injury, or disability—can destroy in a few minutes what may have taken years to build. In the early 2000s, the role of risk management expanded to protect entire companies during periods of change and growth.

As businesses grow, they experienced rapid changes in nearly every aspect of their operations, including production, marketing, distribution, and human resources. Such rapid change also exposes the business to increased risk. In response, risk management professionals created the concept of ‘enterprise risk management’ (ERM), which was intended to implement risk awareness and prevention programs on a company-wide basis. The main focus of ‘enterprise risk management’ (ERM) is to establish a culture of risk management throughout a company to handle the risks associated with growth and a rapidly changing business environment.

Writing in ‘Best’s Review’, Tim Tongson recommended that businesses take the following steps in implementing an ‘enterprise-wide risk management program: 1) incorporate risk management into the core values of the company; 2) support those values with actions; 3) conduct a risk analysis; 4) implement specific strategies to reduce risk; 5) develop monitoring systems to provide early warnings about potential risks; and 6) perform periodic reviews of the program.

In the articleWhat is Business Risk Management? by Business risk writes: The goal of business risk management is to detail what kinds of risks exist in your specific business and figure out how to prevent them entirely, or minimize their impact on the business as a whole.

To do this, most risk managers take a five step approach. First, identify the risks involved in all aspects of the business. Second, review the probability of the negative events occurring. Third, come up with a plan, a way to decrease the risk. Fourth, put plan into action. Last, monitor the situation to see if the plan is effective or if it needs to be altered. Risk management includes risks that are a part of the industry the business serves, and the way in which it does business.

Because of this, business risk management is a way of codifying the way decisions are made and guiding those decisions in the future.  Relationships with customers also can be risky, especially if a company comes to rely on one customer too much. A business risk management process or plan should cover these kinds of risks, as well as how decisions should be made. In other words, it should say how much risk is too much in a financial relationship. While these may include physical risks, business risk management should also take into account how to prevent theft, fraud, and other crimes.

Another risk to a business caused by employees is simple human error, where even a tiny mistake in entering data or in the manufacturing process can have huge and sometimes devastating consequences. Having a ‘risk management plan’ in place not only can help in the event of an emergency, it can also help guide the way the company does business. It will help to organize allocation of resources and capital by helping to regularize the way that priorities are set.

This will help with decision-making and planning, as well. Since risk management requires the anticipation of potential problems, it can help the business prevent a disaster or at least mitigate the impact of the disaster on finances and other assets…

“The global financial crisis in 2008 demonstrated the importance of adequate risk management. Since that time, new risk management standards have been published, including the international standard ‘ISO 31000 Risk management – Principles and Guidelines’. This guide provides a structured approach to implementing ‘enterprise risk management’ (ERM).

Organizations need to understand the overall level of risk embedded within their processes and activities. It is important for organizations to recognize and prioritize significant risks and identify the weakest critical controls. A successful enterprise risk management (ERM) initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency.”

In the article Risk Management Principles and Concepts” by David Campbell writes: Risk management is an integral part of business governance. Risk may have positive or negative outcomes, resulting in either an opportunity or a loss for a business. Risk management is the way in which adverse effects from risk are managed and potential opportunities are realized.

Therefore, risk management involves: Minimizing those things that may negatively impact upon a business, and identifying and harnessing those things that will help to achieve the goals and objectives of a business. Every risk has its own distinct characteristic that requires particular management or analysis. An emerging concept in risk management is that there are three types of risk:

  • Opportunity-based risk.
  • Uncertainty-based risk.
  • Hazard-based risk.

Risk analysis assists in determining which risks have a greater consequence or impact than others. This will assist in providing a better understanding of the possible impact of a risk, or the likelihood of it occurring in order to make a decision about committing resources to control the risk.

Risk analysis involves combining the possible consequences, or impact, of an event, with the likelihood of that event occurring. The result is a ‘level of risk’. That is: “Risk = Consequence x Likelihood”.

In the article “How Managing Political Risk Improves Global Business Performance” by PwC writes: Companies doing business internationally are grappling with political issues that sometimes surprise even the most experienced. A new study by ‘PwC and Eurasia Group’ shows that despite current efforts, a high percentage of multinational companies believe they are not doing all they could to manage political risk effectively: PwC and Eurasia Group believe that more effective management of political risk can help companies protect their investments and take advantage of new opportunities, thereby improving global business performance.

When it comes to improving global business performance, managing political risk helps in two fundamental ways. First, it protects new and existing global investments and operations by helping management anticipate the business risk implications of political change or instability.  Second, for a company constantly on the lookout for new opportunities, monitoring political risk within target regions or across continents can help management hone in on political developments that foretell a business boom, beating competitors to the punch.

Businesses face many risks, therefore risk management should be a central part of any business’ strategic management. Risk management helps you to identify and address the risks facing your business, and risk assessments will change as your business grows or as a result of internal or external changes. This means that the processes you have put in place to manage your business risks should be regularly reviewed.

Such reviews will identify improvements to the processes and equally they can indicate when a process is no longer necessary. There are four ways of dealing with, or managing, each risk that you have identified. You can:

  • Accept it.
  • Transfer it.
  • Reduce it.
  • Eliminate it.

Traditionally, risk management was thought of as mostly a matter of getting the right insurance. However, this impression of risk management has changed, dramatically. With the recent increase in government rules and regulations, employee-related lawsuits and reliance on key resources, risk management is becoming a management practice that is every bit as important as financial or facilities management. 

Organizations should regularly undertake comprehensive and focused assessments of potential risks to dramatically reduce its chances of experiencing a catastrophic event that could ruin or severely impair the organization.  According to ‘Risk Management Insight’ management doesn’t really care about security… they care about risk.  They want answers to questions like:

  • “How much risk do we have?”
  • “How much more (or less) risk, will we have if…?”
  • “What am I getting for the money I’m spending on security today?”
  • “Which risk issues are most significant, and how do they compare to the other business issues I have to deal with?

When we are able to describe the value of security in terms of; ‘how it affects risk’ (the frequency and magnitude of loss), management listens more carefully because we’re speaking in terms that they understand and care about…

“Risk management should be an enterprise-wide exercise and engrained in the business culture of the organization.” ~Julie Dickson