Category Risk Management

Enterprise Risk Management Function

Firmsconsulting Leave a comment

Enterprise risk management refers to the new strategic process of structured identification and evaluation of all the risks and opportunities of the enterprise, determination of appropriate ways of managing and controlling such risks, and monitoring of this risk management process.

History of risk management

The origin of risk management as a role within a company is attributed to Fayol who is regarded as a father of management. In his 1916 article he proposed 6 functions of management which included a security function. The security function was associated with protection of people and property. The current risk management function is much more comprehensive but Fayol’s security function was a first glimpse of the current risk management function. The importance of a proper risk management function was acknowledged in 1960s in USA and thereafter spread around the world.

The term “risk management” was formally used only from the 1950s. Initially, the risk management function was closely associated with insurance. This slowed down the development of the function. The first book on risk management was entitled “Risk management in the business enterprise” was written by Robert I Mehr.

Enterprise Risk Management and Culture

Enterprise risk management incorporates risk awareness into the culture of the organization. The risk culture of the organization significantly contributes to the success of the enterprise risk management. Employees need to see risk as an integral variable which needs to be managed, controlled and monitored. Each employee needs to understand their role in the risk management of the enterprise. Leadership support of the importance of risk management significantly contributes to adequate risk management culture.

Enterprise risk management uses advances in technology for management of risk.

Enterprise-wide in the enterprise-wide risk management refers to the elimination of barriers between functions, departments and other groupings within the organization.

Risk management infrastructure & risk management capabilities – To ensure effective enterprise risk management processes, organizations need to establish an adequate set of risk management capabilities. Risk management capabilities refer to the abilities of an organization that allow it to undertake effective risk management processes. It includes abilities which allow for identification, measurement, management and monitoring of risks.

An appropriate set of risk management capabilities allows the organization to have a clear understanding of how their risk management decisions affect the bottom line and long term wealth maximization of the shareholders, which is the ultimate objective of the enterprise.

If an evaluation established that additional risk management capabilities are required, it is important to undertake cost-benefit analyses to ensure that the cost of additional risk management capabilities will be more than offset by the benefits that it will bring.

Certain risk capabilities which are adequate in one company to manage specific risk may be inadequate for another company which attempts to manage the same risk. Each organization must select risk management capabilities suitable to its particular individual needs, based on the particular risk exposure.

Risk management process monitoring and adjustment

The existing business environment is very turbulent. Risk exposures and factors affecting risks may alter all the time. Therefore, ongoing risk monitoring and adjustment of risk management strategies become an increasingly important step in the enterprise risk management process.

An organization needs to gain a good understanding of the risk management process. The main goal of the risk management monitoring process is to assess how effective the risk management process is.

Why risk management monitoring is important?

The main goal of risk management monitoring is to determine effectiveness of the enterprise risk management process. If the risk management process is not adequately monitored, shortcomings of the process may negatively affect achievement of the strategic objectives of the enterprise.

Ongoing monitoring of the performance of the risk management process and risk management environment leads to continuous improvement of the entire enterprise risk management process.

To monitor risk management performance, risk management performance standards should be established against which performance can be measured. Such standards may include areas such as time tables within which certain goals should be achieved, budgets and specific areas of enterprise’s performance which is vital for organizational success. After performance standards are established, they must be monitored on an ongoing basis.

The Rise of Corporate Governance

Firmsconsulting Leave a comment

Over the last few years Corporate Governance became a very important consideration for any business around the world. After corporate scandals such as Enron and Worldcom in the USA and Independent Insurance Co in the UK, investors and governments demanded better corporate governance practices by the businesses.

Various measures were taken by governments to prevent further corporate scandals. For example, US introduced the Sarbanes-Oxley Act 2002, to comply with which placed a significant financial burden on businesses.

Ehlers and Lazenby define corporate governance in the narrow sense as the formal system of accountability of the board of directors to shareholders and in the broad sense as an informal and formal relationship between the corporate sector and its stakeholders and the impact of the corporate sector on society.

To succeed in contemporary environment, companies need to have reputation of having a strong corporate governance. Triple bottom line principle (“people, planet, profit” or “the three pillars”) became prominent. It refers to the principle according to which enterprises measured by and must report on it’s economic, social and environmental performances. This is in contrast with the past when only reporting on economic performances (single bottom line) were required.

Corporate governance is beneficial to the firm in many respects. What is most important is that it increases long-term performance on the enterprise-wide basis. Therefore, it increases shareholder’s wealth, which is the main objective of the business.

Proper corporate governance also benefits society and country as a whole. For example, if country’s businesses are known for maintaining proper corporate governance, foreign capital will flow into the country as foreign investors will be interested in investing in the country’s businesses.

Within the country, resources also will be used more efficiently due to good corporate governance. In such environment investors will be investing into companies with biggest potential to deliver value to customers and inefficient management will be replaced in underperforming businesses.

Further, society and communities will benefit in various ways. For example, enterprises with proper corporate governance comply with laws and regulations, such as requirements with respect to pollution. Overall, good corporate governance benefits all stakeholders of the enterprise and is a prerequisite for success of any business.

 

Risk Categories

Firmsconsulting Leave a comment

There are two main risk categories, speculative risk and an event risk.

The ultimate goal of the firm is to maximize shareholder’s wealth. The environment is changing rapidly and any change may result in additional risks and losses. Therefore, effective enterprise risk management is essential to ensure achievement of the main objective of the enterprise, which is maximizing wealth of the shareholders. Both risk categories should be diligently managed.

Speculative risks can result in a gain or loss, such as fluctuating interest rates. An enterprise may protect itself from adverse effects of speculative risks by various techniques such as hedging. Speculative risks are further subdivided into core business risks and incidental risks.

Core business risks are part of the main business of the enterprise and reflected in the mission statement. Core business risks may negatively impact the operating profit of the enterprise. Core business risks can be specific (unsystematic) and market (systemic).  Specific risks include risks which impact only the enterprise and do not impact the economy as a whole. Specific risks include those associated with sales variability, operating leverage, resource risk, profit margin and turnover. Specific risks are also called diversifiable risk. Systemic risks are risks which impact the economy and the enterprise. Systemic risks entail occurrence of a negative market-wide event such as the risk of collapse of an entire market. It is also called un-diversifiable risk. Investors require higher returns for increases in systemic risk.

Incidental risks are risks that occur naturally in the business but are not part of the main business. However, control of such risks is vital to ensure survival of the enterprise.

Whether a risk is considered to be core or incidental sometimes depends on the activities of the enterprise. For example, interest rate risk will be a core business risk for financial institution and incidental business risk for a manufacturing enterprise.

Event risks can result in losses, such as fire, or can result in no loss but cannot result in any gain. A business may protect itself from adverse effects of event risks by various techniques such as insurance. Event risks can be fundamental or particular.

Fundamental event risks refer to impersonal losses on the macro level.

Particular event risks refer to personal losses on micro level such as a car accident.

Event risks are subdivided into operational and external downside risks:

Operational risks further subdivided into people, processes and systems risks. It refers to risks which occur due to failures during execution of operations.

External downside risks are risks that cannot be directly controlled by an enterprise and which can occur due to external factors. External downside risks are all risks that occur due to external factors that may have no affect or adverse effect on the enterprise. External downside risks are very difficult to manage. Examples of external downside risks include natural disasters, terrorist attacks, criminal threats and litigation.

Blogbschool.com is powered by www.firmsconsulting.com. Firmsconsulting is a training company that finds and nurtures tomorrow’s leaders in business, government and academia via bespoke online training to develop one’s executive presence, critical thinking abilities, high performance skill-set, and strategy, operations and implementation capabilities. Learn more at www.firmsconsulting.com.

Sign up to receive a 3-part FREE strategy video training series here.

The Theory of Probability

Firmsconsulting Leave a comment

Probability refers to the chance that an event will occur. To calculate probability of the outcome we need to take number of occurrences and divide it by total number of possible outcomes.The lowest probability is 0 and the highest is 1.

Probability = number of occurrences / total number of possible outcomes

For example, we can take number of household fires over certain period in a certain area and divide it by total number of households in the same area. This will give us a probability of fire in the households in this particular area.

 

What is Risk?

Firmsconsulting Leave a comment

So what is risk? Risk is the possibility that actual results will differ from desired or expected results. It implies the presence of uncertainty (uncertainty about the occurrence of event and uncertainty that it will display a particular outcome).

The degree of risk is determined by 2 factors:

  1. How often an event will occur?
  2. What is the probability the particular outcome will occur?

In business, it is generally accepted that as the risk increases, the expected or required return should also increase. It is not good for businesses to eliminate all risk because with elimination of risk, profits will likely decrease.

When thinking about risk and uncertainty the following description may help. Risk is binary. There is either risk or there is no risk. It’s either a yes or no. The degree of risk is the uncertainty. So we can say that yes, there is a risk it will rain in Paris today. We think there is high certainty it will happen. We are 80% confident it will happen. So there is either a risk (1) or no risk (0). The degree of risk (uncertainty) can be any number from 0 to 1. Risk is a possibility while uncertainty is a probability.

What is needed for an effective risk management process?

Risk management processes refer to the procedures that consist of systematic control activities and monitoring of risk management performance to ensure that risks in the organization are adequately managed.

According to Lore and Borodobsky, risk management have 3 dimensions:

  1. Upside management – taking advantage of opportunities where the business has very good chances to achieve success.
  2. Downside management – controls must be implemented to prevent or decrease losses due to operating environment.
  3. Uncertainty management – using techniques and methods to decrease deviations from expected results.

For effective risk management, organizations must deploy consistent risk measures, identify and manage all important risks, undertake proper management controls and support management of risks through performance evaluation on the business unit and organizational level.

Certainty and uncertainty

Certainty occurs when the outcome is 100% going to happen as expected. For example, the sun will rise tomorrow.

Uncertainty occurs when one does not have knowledge about future outcomes. Uncertainty is not the same as risk.There are different degrees of uncertainty, from almost certain to completely uncertain. Uncertainty increases the further into the future we attempt to plan. One’s access to information and ability to use available information in the decision making process determines the perceived degree of uncertainty.