Challenge of Managing Business Risk– Basis for Sustainability: Know and Understand Uncertainty and the Risk Landscape…

Risk is defined as the probability of an unforeseen incident, and its penalty on the business… Whatever the purpose of an organization, the delivery of its objectives is surrounded by uncertainty which both poses threats to success and offers opportunity for increasing success…

You can safeguard your business and increase its success rate by having an effective risk management policy in place. By identifying the risks before they occur, you will have the time and space to prepare and to put solutions in place if needed… Risk management may seem scary when you are planning your business. But by having business risk plan in place, you can ensure that you protect the viability of your business…

risk1 th

Risk is defined as the uncertainty of outcome, and it must be assessed with respect to a combination of the likelihood of something happening, and the impact if it does actually happen. Risk management includes; identifying and assessing risks (‘inherent risks’) and then responding to them… The resources available for managing risk are finite and so the aim is to achieve an optimum response to risk, prioritized in accordance with an evaluation of the risks.

Risk is unavoidable, and every organization needs to take action to manage risk in a way which it can justify to a level which is tolerable. The amount of risk which is judged to be tolerable and justifiable is the ‘risk appetite’.  Response to a risk situation may involve one or more of the following actions:

  • TOLERATE: The business’ exposure may be tolerable without any further action. Even if it’s not tolerable, the ability to do anything about some risks may be limited, or the cost of taking any action may be disproportionate to the potential benefit gained…
  • TREAT: The greater number of business risks will be addressed in this way. An action is taken to constrain the risk to an acceptable level…
  • TRANSFER: For some business risks the best response may be to transfer them to either reduce the exposure of the organization or because another organization is more capable of more effectively managing the risk, however, some risks are not (fully) transferable…
  • TERMINATE: Some risks will only be treatable, or containable to acceptable levels, by terminating the activity, and this might become more clear when the cost/benefit relationship is in jeopardy…

Effective risk management requires understanding more about what you don’t know than what you do know. In particular, it must recognize when new risks are emerging. Too often, risk assessment plot the usual ‘known knows’, leaving executives and directors under-whelmed because the process doesn’t really tell them anything they don’t already know…

World Economic Forum’s Global Risks 2013 Report is an annual survey of more than 1,000 experts from industry, government, academia and civil society who are asked to review a landscape of 50 global risks. .. The global risk respondents rated most likely to manifest over the next 10 years is ‘severe income disparity’, while the risk rated as having the highest impact if it were to manifest is ‘major systemic financial failure’.

There are also two risks appearing in the top five of both impact and likelihood; ‘chronic fiscal imbalances’ and ‘water supply crisis’…Unforeseen consequences of life science technologies’ was the biggest mover among global risks when assessing likelihood, while ‘unforeseen negative consequences of regulation’ moved the most on the impact scale when comparing the result with last year’s…

Resilience is the theme that runs through this report. It seems like an obvious one when contemplating the external nature of global business risks because they are beyond any organization’s or nation’s capacity to manage or mitigate on its own. And yet these global risks are often diminished, or even ignored, in current enterprise risk management. One reason for this is that global risks do not fit neatly into existing conceptual frameworks, and fortunately this is changing…

The report advises that building resilience against external risks is of paramount importance and alerts directors to the importance of scanning a wider risk horizon than that normally scoped in risk frameworks… When considering external risks, directors need to be cognizant of the growing awareness and understanding of the importance of emerging risks…

The 2014 annual Emerging Risks Survey (poll of more than 200 risk managers predominantly based at North American re/insurance companies) reported the top five emerging risks as follows: Financial volatility (24% of respondents). Cyber security/interconnectedness of infrastructure (14%). Liability regimes/regulatory framework (10%). Blowup in asset prices (8%). Chinese economic hard landing (6%)… It’s interesting to observe the diversity in understanding of emerging business risk definitions. For example; Lloyds: An issue perceived to be potentially significant but may not be fully understood or allowed with respect to– insurance terms and conditions, pricing, reserving or capital setting… PWC: Large-scale event, circumstances beyond direct capacity to control that impact in ways difficult to imagine today… S&P: Risks that do not currently exist…

In the article Managing Risk: Where Are You on the Curve? by Ralph Jacobson writes: The management of business risk is now forefront for senior leader’s key agenda items. Knowing how to assess risks and properly manage them is a critical organization competency that must be fostered for long-term business sustainability. To do so requires new language and tools to facilitate effective strategic thinking, decision-making, and decisive action…

Here are some thoughts to help senior leaders transition to a world characterized by significant risk, for example; the S-curve is effective for evaluating risk and determining the various kinds of action that should be taken at specific points in time. The curve suggests that growth and change happen along an almost predictable trajectory of three distinct phases… Knowing where issues falls on the curve determines most effective action.

risk thFYE0ZRV6

One of the powerful attributes of the model is that it can provide a timely way to determine when a new discontinuous change occurs and its relationship to the current state. The S-curve can be used to determine the types of organization and leadership issues that will be encountered on the journey… It’s a Collision of two worlds: The generic S-curve suggests that when a few pioneers start a new S-curve (green line) they are initially ignored by those who remain intent on achieving the historical performance metrics and objectives… The existing stakeholders (pink line) view the green line as an unnecessary drain on resources at a time when financial and people assets will be at lower levels because the organization is experiencing ‘stage-3’ decline..

risk th0SBWAF3I

Caught between these forces are those who resist change and those who under-appreciate the accomplishments of the past… senior leaders must help each side understand the need to do both; maintain the past approaches long enough to reap short-term benefits and focus on establishing the successful implementation of the new-to-achieve long-term benefits… The concept of the S-curve helps leaders frame the situation so that players depersonalize their negative energies, and help each side find value in the other. It’s in this manner that the senior leader can help balance such risks the ‘long and short-term’; current financial model and the new model…

Historically companies have viewed business risk through a functional lens (financial risk, human capital risk, supply chain risk, etc.), and by focusing on one distinct ‘silo’ you can miss the interrelatedness of risk to a company. that is, miss those connections and you may misfire when attempting to manage it… According to Robert S. Kaplan and Anette Mikes; Organizational biases inhibit the ability to discuss risk and failure. In particular, teams facing uncertain conditions often engage in ‘group think’: Once a course of action has gathered support within a group, those that are not yet on board tend to suppress their objections, however valid and fall in line… Which means that many business rather than mitigating risk, they actually incubate risk by tolerating minor failures and defects– treating early warning signals as false alarms– rather than alerts to imminent danger…

According to Gerard Joyce; managing business risk makes company’s actions more predictable, thus more successful. The ISO 31000:2009 standard outlines principles and guidelines to follow in implementing a structured process for managing business risk effectively Managing business risk in a systematic way can be an enabler,e.g.; decision-making is more informed, presumptions and assumptions are challenged, and actions taken are more likely to achieve desired outcomes. A structured process highlights the ‘Key Risk Indicators (KRIs)’ or early warning signs that need to be monitored. These enables the organization to take pre-emptive action to avert or mitigate significant outcomes…

According to Jeanne Lauf Walpole; business risk management is identification, assessment and economic control of those risks that can endanger assets and earning capacity of business… Once a complete list of risks has been established, then each risk should be assessed for its probability of occurrence, for example: Very likely to occur; Some chance to occur; Small chance to occur; Very little chance to occur… Also, it’s important to evaluate potential financial damage that can result from each risk, and respond appropriately. Business risk management decisions must be based upon preventing, as much risk as possible although complete eradication may not be realistic, and/or mitigating risks at a level that’s at least tolerable for the business…

risk thNJXROOYI

According to Peadar Duffy; risk and strategy are intertwined, and one cannot exist without the other, and they must be considered together. Such consideration needs to take place throughout the execution of strategy. Consequently, it’s vital that consideration is given to ‘risk appetite’ when business strategy is formulated– and that requires a well-conceived business strategy and superior execution, on the one hand… and very serious risks assessment and process, on the other…

According to Adi Alon, Wouter Koetzier, Steve Culp; most companies opt to reduce uncertainty by leveraging the traditional– stage-gate innovation process. Stage gates are designed to identify the best ideas by putting them through multiple reviews or gates… This concept, in principle, is extremely effective but in reality new opportunities tend to be defined very narrowly.

As a result, promising news ideas that are a little off center are often smothered. And while many of innovation initiatives that do gain approval are low risk, they offer only low returns– incremental improvements that usually do little more than maintain market share. Whereas, prudent risk-taking when managed properly is the foundation for business growth and sustainability…