Tag Archives: managing business risk

It’s Oxymoron– Managing Risk and Uncertainty: An Organization Without Risk is Organization Stuck in a Rut…

Risk is a basic ingredient for innovation… Risk implies uncertainty and an inability to fully control the outcomes or consequences of an event… It’s an uncertain world and organizations must accept the fact that they operate in a world of unknowable risk… According to Donald J. Riggin; regardless of the nature of risk it’s impossible to manage; in fact, the expression ‘risk management’ is an oxymoron, because if risk was manageable it would no longer be considered risk…

However, understanding risks is a critical step to knowing how to deal it… According to Steve Tobak; the notion that– Big Risk beget Big Reward is nonsense… Whether it’s the world’s top– hedge fund traders, venture capitalists, real estate tycoons… these billionaire insiders look for opportunities that provide asymmetrical risk/reward… This is fancy way of saying that ‘reward’ is drastically disproportionate to ‘risk’…

In the article Decision-Making Under Risk and Uncertainty by Samia Rekhi writes: The starting point in decision-making is the distinction among three different states of a decision environments: certainty, risk, uncertainty. The distinction is drawn on the basis of the degree of knowledge or information possessed by the decision-maker… Certainty can be characterized as a state in which the decision-maker possesses complete and perfect knowledge regarding the impact of all of the available alternatives…

Often when making decisions the two terms ‘risk’ and ‘uncertainty’ are used synonymous… Both imply ‘lack of certainty’, but there is a difference between the two concepts; risk is characterized as a state in which decision-makers have imperfect knowledge– incomplete information but enough to assign a probability estimate to possible outcomes of a decision…

These estimates may be subjective judgments or they may be derived mathematically from a probability distribution… Uncertainty is a state in which the decision-maker does not have enough information to make a subjective probability assessments… It was Frank Knight who first drew a distinction between risk and uncertainty; risk is objective, whereas uncertainty is subjective… risk can be quantified, whereas uncertainty cannot… Uncertainty implies that probabilities of various outcomes are unknown and cannot be estimated… It’s largely because of these two characteristics that decision-making, in risk environment, involves primarily subjective judgment…

All business decision-making have common characteristics. The traditional approach requires precise information and thus often leads management to underestimate uncertainty and risk factors, which can be downright dangerous for an organization… According to Hugh G. Courtney, Jane Kirkland, and S. Patrick Viguer; making sound decisions under uncertainty requires an approach that avoids the dangerous binary view of risk…

Available relevant business decision information tends to fall into two categories… First, it’s often possible to identify clear trends, such as; market demographics… Second, it’s also possible to identify not so clear trends, such as; customer psychographics…The uncertainty or risk factors that remains tend to fall into one of four broad levels …

  • Level one: Clear enough future: The uncertainty is irrelevant and risk factors are relatively low for making decisions… hence, management can make reasonable precise decisions… Also management can use traditional information gathering, such as; market research, analyses of competitor costs and capacity, value chain analysis, Michael Porter’s five-forces framework, and so on…
  • Level two: Alternative futures: The future can be described as one of a few discrete scenarios… Although probability analysis is useful it cannot precisely identify which outcome is most likely to occur…
  • Level three: Range of futures: A range of potential futures can be identified… A limited number of key variables define the range and most likely outcome can lie anywhere within the range. There are no natural discrete scenarios for the outcome. Organizations in emerging industries or entering new geographic markets often face this uncertainty…
  • Level four: True ambiguity: A number uncertainties and risk factors create an environment that is virtually impossible to predict. And it’s impossible to identify a range of potential outcomes, let alone scenarios within a range. It might not even be possible to identify, much less predict, all the relevant variables that define the future. This situation is rare– black swan events– although they do exist.

Knowing how to assess risk is an organizational competency that must be fostered for long-term sustainability… To do so requires new language and tools to facilitate effective decision-making and decisive action. According to Ralph Jacobson; in developing business strategy it’s important to determine an organization’s ‘risk appetite’, i.e.; how much risk it’s willing, and can afford, to accept… This involves identifying and understanding the scope of risk required in a decision. Typically there are four options– avoid it, accept it, transfer it, share it…

But often decision-makers are confronted with unknowns– these are ‘unknown unknowns’… These unknowns are things that haven’t even been thought of as possible– black swan occurrence– rare but they do pop-up every now and then… situations where management tries to understand more about what they don’t know, than what you do know... These are precisely situations where innovation thrives– it’s when innovators push the edges, challenge status quo, break boundaries in the realm of uncertainty and risk taking. According to Dan Gregory and Kieran Flanagan; uncertainty suggests taking risks, going beyond the known and knowable– thinking scared, thinking stupid, thinking different…

Thinking scared is simply understanding that fear drives all decision-making– it might be the fear of taking action or fear of not taking action. These twin forces often govern negative behavior… but they can also be marshaled and used for positive motivation– the fear of missing out is perhaps most potent motivation in many organization. It’s human nature to resist change and this same nature can be used to drive innovation that embraces risk and uncertainty, and thinks beyond scared, thinks beyond stupid, thinks beyond different…

Challenge of Managing Business Risk– Basis for Sustainability: Know and Understand Uncertainty and the Risk Landscape…

Risk is defined as the probability of an unforeseen incident, and its penalty on the business… Whatever the purpose of an organization, the delivery of its objectives is surrounded by uncertainty which both poses threats to success and offers opportunity for increasing success…

You can safeguard your business and increase its success rate by having an effective risk management policy in place. By identifying the risks before they occur, you will have the time and space to prepare and to put solutions in place if needed… Risk management may seem scary when you are planning your business. But by having business risk plan in place, you can ensure that you protect the viability of your business…

risk1 th

Risk is defined as the uncertainty of outcome, and it must be assessed with respect to a combination of the likelihood of something happening, and the impact if it does actually happen. Risk management includes; identifying and assessing risks (‘inherent risks’) and then responding to them… The resources available for managing risk are finite and so the aim is to achieve an optimum response to risk, prioritized in accordance with an evaluation of the risks.

Risk is unavoidable, and every organization needs to take action to manage risk in a way which it can justify to a level which is tolerable. The amount of risk which is judged to be tolerable and justifiable is the ‘risk appetite’.  Response to a risk situation may involve one or more of the following actions:

  • TOLERATE: The business’ exposure may be tolerable without any further action. Even if it’s not tolerable, the ability to do anything about some risks may be limited, or the cost of taking any action may be disproportionate to the potential benefit gained…
  • TREAT: The greater number of business risks will be addressed in this way. An action is taken to constrain the risk to an acceptable level…
  • TRANSFER: For some business risks the best response may be to transfer them to either reduce the exposure of the organization or because another organization is more capable of more effectively managing the risk, however, some risks are not (fully) transferable…
  • TERMINATE: Some risks will only be treatable, or containable to acceptable levels, by terminating the activity, and this might become more clear when the cost/benefit relationship is in jeopardy…

Effective risk management requires understanding more about what you don’t know than what you do know. In particular, it must recognize when new risks are emerging. Too often, risk assessment plot the usual ‘known knows’, leaving executives and directors under-whelmed because the process doesn’t really tell them anything they don’t already know…

World Economic Forum’s Global Risks 2013 Report is an annual survey of more than 1,000 experts from industry, government, academia and civil society who are asked to review a landscape of 50 global risks. .. The global risk respondents rated most likely to manifest over the next 10 years is ‘severe income disparity’, while the risk rated as having the highest impact if it were to manifest is ‘major systemic financial failure’.

There are also two risks appearing in the top five of both impact and likelihood; ‘chronic fiscal imbalances’ and ‘water supply crisis’…Unforeseen consequences of life science technologies’ was the biggest mover among global risks when assessing likelihood, while ‘unforeseen negative consequences of regulation’ moved the most on the impact scale when comparing the result with last year’s…

Resilience is the theme that runs through this report. It seems like an obvious one when contemplating the external nature of global business risks because they are beyond any organization’s or nation’s capacity to manage or mitigate on its own. And yet these global risks are often diminished, or even ignored, in current enterprise risk management. One reason for this is that global risks do not fit neatly into existing conceptual frameworks, and fortunately this is changing…

The report advises that building resilience against external risks is of paramount importance and alerts directors to the importance of scanning a wider risk horizon than that normally scoped in risk frameworks… When considering external risks, directors need to be cognizant of the growing awareness and understanding of the importance of emerging risks…

The 2014 annual Emerging Risks Survey (poll of more than 200 risk managers predominantly based at North American re/insurance companies) reported the top five emerging risks as follows: Financial volatility (24% of respondents). Cyber security/interconnectedness of infrastructure (14%). Liability regimes/regulatory framework (10%). Blowup in asset prices (8%). Chinese economic hard landing (6%)… It’s interesting to observe the diversity in understanding of emerging business risk definitions. For example; Lloyds: An issue perceived to be potentially significant but may not be fully understood or allowed with respect to– insurance terms and conditions, pricing, reserving or capital setting… PWC: Large-scale event, circumstances beyond direct capacity to control that impact in ways difficult to imagine today… S&P: Risks that do not currently exist…

In the article Managing Risk: Where Are You on the Curve? by Ralph Jacobson writes: The management of business risk is now forefront for senior leader’s key agenda items. Knowing how to assess risks and properly manage them is a critical organization competency that must be fostered for long-term business sustainability. To do so requires new language and tools to facilitate effective strategic thinking, decision-making, and decisive action…

Here are some thoughts to help senior leaders transition to a world characterized by significant risk, for example; the S-curve is effective for evaluating risk and determining the various kinds of action that should be taken at specific points in time. The curve suggests that growth and change happen along an almost predictable trajectory of three distinct phases… Knowing where issues falls on the curve determines most effective action.

risk thFYE0ZRV6

One of the powerful attributes of the model is that it can provide a timely way to determine when a new discontinuous change occurs and its relationship to the current state. The S-curve can be used to determine the types of organization and leadership issues that will be encountered on the journey… It’s a Collision of two worlds: The generic S-curve suggests that when a few pioneers start a new S-curve (green line) they are initially ignored by those who remain intent on achieving the historical performance metrics and objectives… The existing stakeholders (pink line) view the green line as an unnecessary drain on resources at a time when financial and people assets will be at lower levels because the organization is experiencing ‘stage-3’ decline..

risk th0SBWAF3I

Caught between these forces are those who resist change and those who under-appreciate the accomplishments of the past… senior leaders must help each side understand the need to do both; maintain the past approaches long enough to reap short-term benefits and focus on establishing the successful implementation of the new-to-achieve long-term benefits… The concept of the S-curve helps leaders frame the situation so that players depersonalize their negative energies, and help each side find value in the other. It’s in this manner that the senior leader can help balance such risks the ‘long and short-term’; current financial model and the new model…

Historically companies have viewed business risk through a functional lens (financial risk, human capital risk, supply chain risk, etc.), and by focusing on one distinct ‘silo’ you can miss the interrelatedness of risk to a company. that is, miss those connections and you may misfire when attempting to manage it… According to Robert S. Kaplan and Anette Mikes; Organizational biases inhibit the ability to discuss risk and failure. In particular, teams facing uncertain conditions often engage in ‘group think’: Once a course of action has gathered support within a group, those that are not yet on board tend to suppress their objections, however valid and fall in line… Which means that many business rather than mitigating risk, they actually incubate risk by tolerating minor failures and defects– treating early warning signals as false alarms– rather than alerts to imminent danger…

According to Gerard Joyce; managing business risk makes company’s actions more predictable, thus more successful. The ISO 31000:2009 standard outlines principles and guidelines to follow in implementing a structured process for managing business risk effectively Managing business risk in a systematic way can be an enabler,e.g.; decision-making is more informed, presumptions and assumptions are challenged, and actions taken are more likely to achieve desired outcomes. A structured process highlights the ‘Key Risk Indicators (KRIs)’ or early warning signs that need to be monitored. These enables the organization to take pre-emptive action to avert or mitigate significant outcomes…

According to Jeanne Lauf Walpole; business risk management is identification, assessment and economic control of those risks that can endanger assets and earning capacity of business… Once a complete list of risks has been established, then each risk should be assessed for its probability of occurrence, for example: Very likely to occur; Some chance to occur; Small chance to occur; Very little chance to occur… Also, it’s important to evaluate potential financial damage that can result from each risk, and respond appropriately. Business risk management decisions must be based upon preventing, as much risk as possible although complete eradication may not be realistic, and/or mitigating risks at a level that’s at least tolerable for the business…

risk thNJXROOYI

According to Peadar Duffy; risk and strategy are intertwined, and one cannot exist without the other, and they must be considered together. Such consideration needs to take place throughout the execution of strategy. Consequently, it’s vital that consideration is given to ‘risk appetite’ when business strategy is formulated– and that requires a well-conceived business strategy and superior execution, on the one hand… and very serious risks assessment and process, on the other…

According to Adi Alon, Wouter Koetzier, Steve Culp; most companies opt to reduce uncertainty by leveraging the traditional– stage-gate innovation process. Stage gates are designed to identify the best ideas by putting them through multiple reviews or gates… This concept, in principle, is extremely effective but in reality new opportunities tend to be defined very narrowly.

As a result, promising news ideas that are a little off center are often smothered. And while many of innovation initiatives that do gain approval are low risk, they offer only low returns– incremental improvements that usually do little more than maintain market share. Whereas, prudent risk-taking when managed properly is the foundation for business growth and sustainability…