Risk management is a process that identifies loss exposures faced by an organization and selects the most appropriate techniques for treating such exposures. Because the term risk is ambiguous and has different meanings, risk managers typically use the term loss exposure to identify potential losses.
Risk management is a scientific approach to the problem of risk that has as its objective the reduction and elimination of risks facing the business firm. Risk management evolved from the field of corporate insurance buying and is now recognized as a distinct and important function for all businesses and organizations.
In the broad sense of the term, risk management is the process of protecting one’s person and assets. In the narrower sense, it is a managerial function of business that uses a scientific approach to dealing with risks. As such, it is based on a specific philosophy and follows a well-defined sequence of steps.
DEFINITION OF RISK MANAGEMENT
“Risk management is a scientific approach to dealing with risks by anticipating possible losses and designing and implementing procedures that minimize the occurrence of loss or the financial impact of the losses that do occur.”
Risk management is usually the responsibility of the top management and performed by risk managers. These managers must consider economic, social, political legal factors while taking decisions as the decision taken by these managers have b impact on not only their business but also on the entire economy. In case of and controversy, decision-makers must be able to justify the decisions. They are accountable to the whole nation for their decisions. Stakeholders, shareholders, consumers, government, creditors etc. are interested in the details of the risk analysis, as well as the overall results. It is the duty of top management to satisfy the stakeholders with their decision even if there is some additional cost or risk involved in it.
Risk Management can therefore be defined as
“A group of actions that are integrated within the wider context of a company organisation, which a directed toward assessing and measuring possible risk situations as well as elaborating the strategies necessary for managing them.”
“The process of identification, analysis and either acceptance or mitigation of uncertainty in investment decision-making.”
“Risk management is a series of steps whose objectives are to identity, address, and eliminate software risk items before they become either threats to successful software operation or a major source of expensive rework.”
According to Boehm “The identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks. An organization may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy for combination of strategies) in proper management of future events.”
“Risk management is an integrated process of delineating specific areas or risk, developing a comprehensive plan, integrating the plan, and conducting ongoing evaluation.”
In nut shell risk management is a very wide concept and includes activities related to risk identification, assessment, control and minimisation. It also considers all types of risks that affect the performance of a company and damage the reputation of the company and national and international economy. From this point of view, therefore, risk management has become a significant function which requires the risk takers, policy makers, auditors and everyone associated with the risk to consider not only quality, quantity but also probability of negative impact on profits of the organisation.
Risk management thus helps an organisation to:
• enhance the value already created by the organisation;
• creating future opportunities for the growth of organisation
The methods/techniques of risk management may differ from company to company or different types of risk.
OBJECTIVES OF RISK MANAGEMENT
Risk management has important objectives. These objectives can be classified as follows:
Important objectives before a loss occurs include economy, reduction of anxiety, and meeting legal obligations.
PREPARATION FOR POTENTIAL LOSSES IN MOST ECONOMICAL WAY: The first objective means that the firm should prepare for potential losses in the most economical way. This preparation involves an analysis of the cost of safety programs, insurance premiums paid, and the costs associated with the different techniques for handling losses.
REDUCTION IN ANXIETY: The second objective is the reduction of anxiety. Certain loss exposures can cause greater worry and fear for the risk manager and key executives. For example, the threat of a catastrophic lawsuit because of a defective product can cause greater anxiety than a small loss from a minor fire.
MEETING ANY LEGAL OBLIGATIONS: The final objective is to meet any legal obligations. For example, government regulations may require a firm to install safety devices to protect workers from harm, to dispose of hazardous waste materials properly, and to label consumer products appropriately. Workers’ compensation benefits must also be paid to injured workers. The firm must see that these legal obligations are met.
Risk management also has certain objectives after a loss occurs. These objectives include survival of the firm, continued operations, stability of earnings, continued growth, and social responsibility.
SURVIVAL OF FIRM: The most important post-loss objective is survival of the firm. Survival means that after a loss occurs, the firm can resume at least partial operations within some reasonable time period.
CONTINUATION OF OPERATIONS: The second post-loss objective is to continue operating. For some firms, the ability to operate after a loss is extremely important. For example, a public utility firm must continue to provide service. Banks, bakeries, and other competitive firms must continue to operate after a loss. Otherwise, business will be lost to competitors.
STABILITY OF EARNINGS: The third post-loss objective is stability of earnings. Earnings per share can be maintained if the firm continues to operate. However, a firm may incur substantial additional expenses to achieve this goal (such as operating at another location), and perfect stability of earnings may be difficult to attain.
CONTINUED GROWTH OF THE FIRM: The fourth post-loss objective is continued growth of the firm. A company can grow by developing new products and markets or by acquiring or merging with other companies. The risk manager must therefore consider the effect that a loss will have on the firm’s ability to grow.
DISCHARGING SOCIAL RESPONSIBILITY: Finally, the objective of social responsibility is to minimize the effects that a loss will have on other persons and on society. A severe loss can adversely affect employees, suppliers, customers, creditors, and the community in general. For example, a severe loss that shuts down a plant in a small town for an extended period can cause considerable economic distress in the town.
PRINCIPLES OF RISK MANAGEMENT
The principles of risk management are as follows:
- Organizational Context: Every organization is affected to varying degrees by various factors in its environment (Political, Social, Legal, and Technological, Societal etc). For example, an organization may be immune to change in import duty whereas a different organization operating in the same industry and environment may be at a severe risk. There are also marked differences in communication channels, internal culture and risk management procedures. The risk management should therefore be able to add value and be an integral part of the organizational process.
- Involvement of Stakeholders: The risk management process should involve the stakeholders at each and every step of decision making. They should remain aware of even the smallest decision made. It is further in the interest of the organization to understand the role the stakeholders can play at each step.
- Organizational Objectives: When dealing with a risk it is important to keep the organizational objectives in mind. The risk management process should explicitly address the uncertainty. This calls for being systematic and structured and keeping the big picture in mind.
- Reporting: In risk management communication is the key. The authenticity of the information has to be ascertained. Decisions should be made on best available information and there should be transparency and visibility regarding the same.
- Roles and Responsibilities: Risk Management has to be transparent and inclusive. It should take into account the human factors and ensure that each one knows it roles at each stage of the risk management process.
- Support Structure: Support structure underlines the importance of the risk management team. The team members have to be dynamic, diligent and responsive to change. Each and every member should understand his intervention at each stage of the project management lifecycle.
- Early Warning Indicators: Keep track of early signs of a risk translating into an active problem. This is achieved through continual communication by one and all at each level. It is also important to enable and empower each to deal with the threat at his/her level.
- Review Cycle: Keep evaluating inputs at each step of the risk management process – Identify, assess, respond and review. The observations are markedly different in each cycle. Identify reasonable interventions and remove unnecessary ones.
- Supportive Culture: Brainstorm and enable a culture of questioning, discussing. This will motivate people to participate more.
- Continual Improvement: Be capable of improving and enhancing your risk management strategies and tactics. Use your learning’s to access the way you look at and manage ongoing risk.
BENEFITS OF RISK MANAGEMENT
Major benefits include the following:
- Forecasts Probable Issues: One of the benefits of risk management is that it changes the culture of a business organization. Companies that tend to focus more on risk management tend to be more proactive as compared to other companies which can be reactive. Risk management forces the companies to take a hard look at each of their business processes and decide what can possibly go wrong. This detailed what-if analysis helps companies become more proactive and forecast probable issues.
Companies that extensively use risk management have fewer business disruptions as such issues are foreseen and taken care of at an early stage. The proactive approach is very helpful since it helps companies to identify failed projects at an early stage. The continuous feedback helps companies to decide whether investing additional money in a failed project will help it turn around or whether it is just throwing good money after bad!
- Avoiding Catastrophic Events: Risk management prepares the companies for all kinds of shocks. Risk managers try to foresee the small shocks which affect the day-to-day business of any firm. However, they also try to focus on catastrophic events. Such events have a very low probability of occurring. However, if they do occur, then companies need to be prepared to deal with them without going bankrupt. Such events have gained prominence in recent years. These events are called “black swan” events.
- Enables Growth: Prima facie, risk management sounds like a defensive business activity. It has a negative connotation and the assumption is that the activity is performed to avoid losses. However, during risk management, companies are forced to study their processes and risk factors in detail. The management is aware of all the possible things that can go wrong.
When new products have to be launched or when new markets have to be entered, companies have a ready framework that can be deployed in order to avoid these risks. Hence, in a way, risk management ends up enabling companies to take calculated risks and expedite their growth. Extensive risk management processes mean that the company has a lot of data. This data can be mined in order to gain meaningful insights which ultimately leads to better decisions.
- Helps to Stay Competitive: Risk management helps companies to minimize their losses at critical times. These are the times when poorly managed companies struggle to stay afloat. On the other hand, companies that have risk management processes in place tend to minimize their loss. Hence, the competitiveness of such companies stays constant. In fact, it may improve also.
It is a known fact that when adverse events such as recessions occur, companies with better risk management practices continue to stay afloat and have a lot of cash. This is the reason that during a crisis some companies seem to have the extra cash required in order make acquisitions. Risk management processes also force different departments as well as different stakeholders to actively communicate with each other. This communication is helpful since it increases the competitiveness of the company.
- Business Process Improvement: The day-to-day processes of risk management force companies to collect more and more information about their processes and operations. As a result, companies are able to identify the parts of the process which are inefficient or where there is scope for improvement.
Risk management departments are supposed to continuously monitor the working or various departments in relation to external entities and look for things that can go wrong. The end result is that during the process many opportunities are identified and processes are improved. Risk management processes often work hand in hand with business process reengineering and quality improvements in the process.
- Enables Better Budgeting: Companies that have risk management processes in place have better control of their finances as opposed to other companies. This is because they often have a close look at their financial numbers and try to trim any waste. The end result is that these companies have a better knowledge of their processes. As a result, these companies also have a better knowledge of their budgets. They can create more efficient budgets wherein funds can be allocated to achieve the goals of the company in the most optimized manner possible. In such companies, budgets do not have to rely on guesswork.
APPROACHES TO RISK MANAGEMENT
The approaches commonly followed in the risk management process have been detailed below:
- Risk Avoidance: The most basic strategy is called risk avoidance. Under this approach, the company avoids taking on risks as much as possible. However, this strategy is not viable for many companies. This is because most activities have a certain amount of risk attached. Hence, if a company simply tries to avoid taking risks, it would have to drastically reduce the scope of its activities. The end result of this approach is that there is very little incentive for any activity to take place.
- Diversification: Diversification is one of the oldest and most basic strategies in risk management. Under this approach, the company deliberately tries to engage in business activities that are very different from one another. Since the activities are very different from one another, they generally do not experience adverse business events at the same time. The end result is that if some activities are facing a negative outcome, the others automatically face a positive outcome and the overall results are stabilized. The problem with this policy is that there it cannot be applied everywhere. It can only be applied in conglomerates that operate in diverse businesses.
- Risk Transfer: Another way to manage risks is to transfer risk to an external party. There are many external parties such as insurance companies who are willing to assume risks in return for a fee. However, insurance policies cannot be found for every risk. This is also where derivatives come into play. Derivatives are financial instruments where the underlying cash flow changes based on the occurrence of certain risky events. Derivatives help companies to contractually transfer their risk to outside parties. It is important to realize that in these cases, the risk is not completely eliminated. The company still faces counterparty risk i.e. the risk that the counterparty will not pay up in case an adverse event takes place.
- Risk Retention: Risk retention is a strategy under which, the company decides to retain the risk on its books. This policy may be the result of the high cost of the transfer. Alternatively, it could also be because the company is very confident of its internal controls. Companies that have a good operational risk control process in place tend to retain risks. This is because they are confident that they will be able to manage the impact of the risk on their own. However, it is important for a company to have a strong cash flow in place so that it can wither any shocks which may arise as a result of not transferring risks.
- Risk Sharing: There are hybrid approaches to risk management as well. Under these approaches, the company faces the consequences of risk up to a certain threshold level. Once the threshold level is breached, the risk gets transferred to an external party. The idea here is to make risk management cost-effective. The company may be able to bear the smaller losses. However, it will get help in the event of catastrophic losses. Since catastrophic losses are less likely, the premium to be paid for transferring these risks is less. Risk-sharing can be used as an effective strategy to obtain wider coverage at a lower cost.
- Loss Control: This strategy is used by organizations that have a certain amount of liquid assets on hand. They tend to hold on to the assets till a certain predefined threshold is reached. This threshold is often called the “stop-loss” point. Once the threshold is reached, there are automatic orders in place to sell the assets and minimize the loss. The idea behind this strategy is to ensure that assets are not sold at minor valuation differences. However, when a significant drop in valuation is detected, assets must be sold in order to minimize the losses.