For Risk Management Implementation, It Is Imperative To Have A Structured And Involved Process And Must Begin At The Top
Risk Management though not a new jargon, is rapidly gaining immense importance and is certainly not an “over beer” management discussion anymore. Companies are dawning to realise the importance of risk management. Especially since regulators, investors and debt rating agencies are increasing their scrutiny on the risk management processes of companies.
No longer can an entrepreneur wait till disaster strikes, and in today’s agile business scenario, one never knows when it may. Businesses are risk averse for their vulnerability to disruptions and disruptions too have become a requirement – for new businesses to succeed and old ones to reinvent, sustain and scale up.
What Is Risk Management? Does Your Business Need It?
Simply defined, it is the identification and evaluation of RISK at every stage/process of business resolving which maximizes the realization of opportunities or minimizes the impact of unforeseen events for a sustainable growth or even existence, improving shareholder value.
To give the example of our own organization, we were startled when incorporated risk management into the systems. Right from a Jr. Supervisor to the President, every key member was required to work on a structured risk-based analysis process for every key decision. Implementing this system has changed the thought process of every involved individual towards continual improvement.
While most entrepreneurs have an inbuilt knack for identifying and managing risk, not every key employee has the same thought process like that of the owner. Hence, a structured risk management strategy is required for a continual and sustainable growth.
Managing Risk And Factors For Sustainability And Scalability
While corporate sustainability focuses on profitability and growth, it also requires pursuing environmental and societal goals. For now, let’s focus on risk management for scalability and sustainability.
For risk management implementation, it is imperative to have a structured and involved process and must begin at the top. As an organisation develops the context of the risk to be managed, every individual must identify the type of risk and manage it accordingly. Typically the risk types include:
- Strategic risk: This risk needs to be identified by top management. These will support organizational goals, competition, social trends, capital availability etc.
- Financial risk: This requires the involvement of top and senior management. These will address financial reporting, pricing, currency, liquidity etc.
- Operational risk: Assessed by senior, mid and lower management. These will resolve risk w.r.t. sales and marketing, product performance, resource management, etc.
- Compliance risk: This risk involves the entire organization. These will address regulatory and statutory requirements including legal, environmental and societal amongst others.
With the risk types identified, the next step is to manage them. The various steps in managing risk should be:
- Establishing the context: Understanding of the current conditions in which the organization operates on an internal and external risk management context.
- Identifying Risks: Documentation of material threats to the organizations, achievements of its objectives and opportunities it may exploit for competitive advantage.
- Quantifying Risks: Metering of the risks and evaluating the results.
- Integrating Risks: Aggregating various risks to assess the impact on the organisation’s performance.
- Prioritizing Risks: Assessing the contribution of each risk and appropriate prioritization to resolve.
- Treating Risks: This is most critical as this involves strategizing and addressing risks. This is where the entire exercise focuses.
Monitoring And Reviewing: Continual Measurement And Monitoring Of The Risk Management Strategies
Primarily the owner must own the responsibility and ensure that adequate and timely risk management is performed. The sooner the risks are identified, the sooner the plans be made to manage the risk. Involving an individual, external agency or a consultant is unlikely to succeed and may appear for the organisation trying to indulge in risk management without actually doing it. The next requirement will be to have a formal framework across the organization for managing risk optimally.
Risk Management Governance Framework
Every management tool requires the highest commitment from the leadership and this must be formally structured into the organization to achieve specific goals. Some of the basic requirements to have a framework are:
- Leadership Involvement: Get a list of the key risk objectives on the companies objectives list so that this can be formally monitored and addressed. Make a commitment to the shareholders to have RM updated on its progress.
- Team Building: Avoid it being just another management project. Build a cross-functional, operational team to ensure theory meets practicality. Ensure their queries are answered and are committed to the cause. Ensure that the personnel involved receiving specific training in risk management technology.
- Define the work and explore: Before you indulge, it is important to have the context of risk management understood across the organization. Furthermore, it is also important to learn from what has been done by others in this arena.
- Develop assessment tools: These tools are internal to an organization and must identify, measure, evaluate risk. Easier said than done, these tools are always a Work In Progress but are substantiated by expertise and experience.
- Loop it to achieve the best: Difficult to perfect, develop a framework which loops the process to continually assess and improve delivering the best possible. Periodic assessment and matching with organizational objectives ensure the maintenance of the process.
While regular businesses need standard procedures, we might need to pay special attention to new generation businesses especially in this day and age where disruption is a standard. Disruption evolves from innovation and Risk Management for innovation is a separate challenge. Though innovation is not limited to startups, it’s interesting how old business and startups view risk management.
Risk Management For Innovation
It would not be incorrect to mention that responsible risk management entails a cautious approach to innovation. Startups can afford to venture the risk of failure. While established companies circumvent uncertainty by leveraging a traditional, step-by-step innovation process. Here, few decision makers want to take responsibility for a failed experiment.
Extreme caution prevails when new ideas are assessed and opportunities tend to be captured at a slower pace. But with risk management systems in place, the same decision makers could be confident that their innovation risks were transparent and well managed.
Companies that thrive on innovation today have come to recognize that systematic risk management is a key enabler of long-term growth and profitability. The way ahead for both these situations would be to build capabilities to support innovation with organization-wide risk governance structures delivering value to shareholders.
Risk Management In The New Age
As risk management becomes system driven, data management becomes the key concern while addressing risk. And with the complexity of the subject, the amount of data collected is exponential. It is not just its sheer volume but the assimilation too needs to be timely and accurately and, we must be able to analyze it quickly and effectively.
With risks manifesting through digital systems and platforms, such as email and social media, is it a possibility to harness the power of digital tools when establishing your risk management strategies? There are companies in the IT space which provide solutions for Risk Management based on mobile apps and sector (Finance, Energy, Insurance, etc.) specific to mitigate risk. Meeting these challenges is beyond any one provider. A joint approach is needed in which different partners come together to offer unique solutions. It is only a matter of time as awareness increases so will the demand, the supply will follow.
Besides these new generation solutions, it is a wonder why industries and sectors cannot bank on industry colleagues to share and resolve Risk Management issues. There are industry associations formed to address government policy issues, which at times have not much of a mandate with reduced license raj. There are peer to peer platforms such as ASCENT Foundation where like-minded individuals meeting to discuss professional concerns. With individuals coming from varied backgrounds bring in a different perspective, identifying risk and resolving it too would be an easier shared task.
With increased awareness of Risk Management, these I believe would be the best support systems to discuss and address Risk Management. In the fast-moving, ever-evolving digital age, risk management is no longer an option that’s relegated to a few select industries; it’s a necessity for nearly every organization. After all, recruiting a clerk in a bank to issue LOUs too is a risk to manage.