Risk Management: Inspiration, Motivation, Preparation

3 comments 10th Mar 10 Tom

Image by Eustaquio Santimano via Flickr

If youve been keeping score at home, you know that the risk management process has three basic steps 1) identify risks and opportunities, 2) evaluate the risks and opportunities and 3) plan for risks and opportunities. However, there is some work that needs to happen before you get into the nuts and bolts of managing your risks. . This week lets talk about what needs to happen before the process begins. There are some basic activities: inspiration, motivation and preparation. Over the last few months Ive written several posts dealing with the pre-activities. Lets take a look at each of them. . (If you want to skip to the end and see the entire list for all 3 steps, check out my page How to Manage Business Risk.) .

5 Reasons You Should Care About Managing Risks

One of my earliest, and most popular posts. I briefly discuss five reasons a business owner should want to learn about and practice business risk management. This post sets the stage for why risk management makes sense for you and your business. .

I Want to Manage My Risks. Where Do I Start?

In this post, we answer the questions that need to be answered before stepping into risk identification the first step in the risk management process. What is a Risk?, Where do risks come from? and How do I find my risks? .

Fear Not Risk, My Friend. Master It!

This is one of the posts I am most proud of. It discusses how there must be risk in order for there to be success and not only in business. I share some very personal examples with you. .

Should You Go Formal or Informal?

Processes can be formal or informal. There are times when one type is more appropriate than the other. I write about the differences between formal and informal and how your risk management process should always be formalized. .

The Value of Risk

Risk can impact a business in many ways but it is often hard to put a hard value on it. This post presents a real-life example where a company made a critical decision that clearly shows how risk can have a very real value, to your business as well as to your customers. .

Permission to Make Mistakes

A company or organization with a mistake avoidance culture is striving to avoid negative events (i.e. mistakes). An organization that strives for perfection but accepts mistakes is working to create positive events. The two groups have very different characteristics that will lead to very different outcomes. .

10 Steps to a SMB Risk Management Process (guest post for ClearRisk Inc.)
I wrote this post to layout the roadmap for small and medium-sized businesses that are just starting to set up their risk management process. There are some key events that have to happen before you jump into brainstorming about the risks and opportunities facing your business.

There are ten basic steps. 1. Establish management support and buy-in. Before you can do anything, there has to be buy-in from the top. The companys ownership and/or management have to be on board with creating the risk management process and providing resources necessary to execute that process. They will need to have a basic understanding of what risk management is, why its important and (especially!) why its in their best interest to implement a formalized risk management program. If top management doesnt see the value in the exercise, stop here. Any work on additional steps will be a waste of time. 2. Learn about the process.

Now that you have the necessary sponsorship and resources, you need to do some research into the specifics. Although there are only three basic steps in risk management, there are many different techniques for accomplishing those steps. Investigate what methods are in use in your industry. Identify the best practices. Think about how your companys specific culture will come into play for your process. 3. Identify helpful resources. As you are doing the research in Step 2, start compiling a list of potential resources you can tap into. There are many websites and blogs that focus on risk management. You will also find professional advisors who can help you consultants, bankers, investors, insurance brokers, directors, etc. This resource pool doesnt necessarily need to be expensive. Many of the stakeholders in your business will be happy to help you if you ask. 4. Create a plan. A plan will be critical to successful implementation. Plans provide a means for communication and accountability. They also help pull a team together if the plan is generated with input and agreement from the team members. Your plan should include details on schedule, budget, approach and resources to be used. The plan should also identify your companys risk management champion. Dont forget to include the steps Craig wrote about in his post here: Big Companies Get it, Why Don't SMBs? 5. Identify your risks and opportunities. Its time to take the first step in the risk management process itself identify your risks and opportunities. Dont worry about creating an exhaustive list. Its more important to just get started. Hold a brainstorming meeting or a series of meetings. It will be helpful to focus your brainstorming sessions on specific categories e.g. risks/opportunities to facilities, risks/opportunities to revenue, risks/opportunities to expenses, etc. Remember that identification is an ongoing process. 6. Evaluate your risks. Risk evaluation can get complex. Start simple. Estimate a probability of occurrence to each risk and opportunity using three levels high probability, medium probability and low probability. Next, estimate a potential impat of each risk using three levels high impact, medium impact and low impact. When you are done, sort the list so the high probability/high impact items are at the top, followed by the high probability/medium impact items and so on. You can always incorporate more complex risk evaluation techniques later. 7. Plan for your risks. Now that you have a ranked list of risks and opportunities, start putting plans together for the heavy hitters the high probability/high impact items. Dont worry about any others at this point. Get your risk mitigation and opportunity exploitation plans created for the first group. A rifle approach

focusing on a few key items will be much more effective than a shotgun approach. You can come back to the risks and opportunities farther down the list later. 8. Take action on your plans. The hard part is done. Youve got the plans. Now all you have to do is execute them. Go forth and have some fun! 9. Check your progress against your plan. Dont forget to monitor your progress against your original plan from step 4. Check on how you did against schedule and budget. Evaluate if your actions were effective. Communicate your progress throughout the company. Leverage your early successes to build support for your continuing effort. 10. Repeat steps 5 through 10. Risk management is an ongoing process. Review your risks on a regular basis to account for new risks and opportunities, changes in probabilities or impacts and adjustments to mitigation plans. Remember to communicate, communicate, communicate. Thats it. Ten simple steps. Not too bad, right? Take that first step. Once you are started you will feel the momentum build and the once overwhelming project wont seem so bad after all. You can do it. What do you see as the biggest obstacles facing you in implementing a risk management process at your business? Leave a comment and lets talk about it.

THE OBJECTIVES, TASKS AND MOTIVATION OF THE RISK MANAGEMENT PROCESS

The core competences of Sampo Group's business are skillful pricing of risks, selection of risks and proper risk and capital management. A high quality risk management process is a necessary prerequisite for successful business. In Sampo Group, the key objectives for risk management are

to ensure that all the risks affecting the profitability and other material risks are identified, assessed and analyzed;

to ensure that capitalization in the form of capital and foreseeable profitability of businesses is adequate in terms of current risks inherent in business activities and existing business environment; to ensure that risk bearing capacity is allocated into different business areas according to chosen strategies and that risks are properly priced; to limit and mitigate fluctuations in the economic values of Group companies; and to ensure the overall efficiency, security and continuity of operations. To meet these objectives Sampo Groups risk management process includes following tasks depicted in the 'Risk management process' figure.

A high-quality risk management process provides shareholder value for the following reasons

Clients get reliable service from a reputable institution with an effective risk management. Risk premium required by investors will be smaller when risks are transparent and the risk management process is clearly described and communicated. The motivation of the personnel strengthens when strategies, authorizations, limits, targeted return and reward criteria are clearly defined and communicated. Supervisory authorities confidence in companys ability to control the risks associated with its activities further bolsters co-operation with the authorities.

What is Risk Management?

Risk management is defined as identification, assessment and economic control of those risks that endanger the assets and earning capacity of a business. A risk can be tolerated if:

The likelihood of its occurrence is sufficiently remote. The consequences are not severe.

Risk can be eliminated or reduced by:

Changes in the processes. Transferring all or part of the risk.

Each companys Risk Management system is different because:

Their risks are different. Their operations and organisations are unique. Their corporate culture is unique.

Basic activities in any risk management system are:

Risk Identification. Risk Assessment. Risk Control.

Risk Management is a process through which the companies control their level of risk and the key elements of an effective risk management programme are: policy, procedures and standards.

Policy describes the objectives of the Risk Management programme. Procedures determine how the policy will be implemented. Standards provide guidance on particular issues.

Risk Management is particularly necessary to a business which has:

A number of different sites. A size that precludes any individual knowing the details of every threat. A business with overseas operations. A range of processes. Many subcontractors, or suppliers or other business associates who are not under the direct control of the business. A site that it has used for more than thirty years. Old sites sometimes have equipments and work practices dating from times when lower standards were acceptable.

In short, the larger or more complex the business, the more it will benefit from risk assessment. Why is Risk Management Growing in Importance? 1. Legislation is becoming tougher.

Legislation is now more extensive. Legislation is now more stringent. Risk Assessment is growing more common in many areas of legislation.

2. Insurance is more expensive and more difficult to obtain.

Insurance is no longer the cheap option. Open ended cover is no longer widely available. Insurance companies like their clients to actively manage their risks. Insurance does not compensate the full loss.

Insurance pay outs may be delayed.

3. Customer Attitudes.

Corporate customers want to pass on their legal responsibilities to their suppliers. Customers are more litigious. Shareholders are more aware of the risks.

4. A More Critical Public. 5. Management Attitudes.

Management have learned from other firms disasters. Companies are becoming professional. Companies are becoming global.

Why is risk management important?

December 27, 2005

The author is a faculty member at the ICFAI Institue for Management Teachers, Hyderabad.

Corporations operate in a dynamic environment. Hence the future remains uncertain to a large
extent, allowing for fate to play a part in the results that are achieved by the companies. However, the role of fate has reduced considerably over the years. With the help of probability theory and careful evaluation of the environment, companies are now able to predict, to some extent, the various risks that may have a critical impact on their business. The primary objective of any company is to maximise shareholders' wealth. The shareholders appoint agents (read managers) who take various investing and financing decisions to achieve the firm's objectives. The main criteria are to maximise returns and minimise risks related to any decision. The point of discussion in this article is the part of decision-making that deals with minimising risk. Ignorance or mismanagement of risk will result in loss of shareholders' wealth and loss of reputation apart from other undesirable consequences. A number of cases have occurred in the recent past which very well brings to light the lack of foresight and pro-activity on the part of the management in managing risk. 'Risk management' therefore is an integral part of managing a business. From the recent devastation in the United States, we have come to realise that companies like Wal-Mart and Home Depot, which have active risk management programmes in place were much better poised to deal with hurricane Katrina than the government or other companies who have not yet embraced the advantages of risk management.

Companies face various types of risks. Some may be external in nature, which are not under the direct control of the management, like the political environment, the changes in exchange rates or the changes in interest rates. The others may be internal in nature which the management can control to a great extent, for example risks associated with non-compliance in financial reporting or non-compliance with labor laws. A company would need to identify the risks that it faces in trying to achieve the objectives of the firm. Once these risks are identified, the risk manager would need to evaluate these risks to see which of them will have critical impact on the firm and which of them are not significant enough to deserve further attention. The critical risks that could have adverse impact on the firm's business are then given maximum importance and strategies are formulated to deal with them or hedge against them. The entire process of identifying, evaluating, controlling and reviewing risks, to make sure that the organisation is exposed to only those risks that it needs to take to achieve its primary objectives, is known as 'risk management.' Risk management is a proactive process, not reactive. The best example is Shell Oil which has many offices in the New Orleans region but dealt with hurricane Katrina rather well due to the rigorous risk management procedures that it has in place. Risk cannot be eliminated. However, it can be:

Transferred to another party, who is willing to take risk, say by buying an insurance policy or entering into a forward contract; Reduced, by having good internal controls; Avoided, by not entering into risky businesses; Retained, to either avoid the cost of trying to reduce risk or in anticipation of higher profits by taking on more risk, and; Shared, by following a middle path between retaining and transferring risk.

There are various tools available to the management to manage risks. Some of them being, derivative products like Forwards, Futures, Options and Swaps. The others involve having better internal controls in place, due diligence exercises, compliance with rules and regulations, etc. Reserve Bank of India Governor Dr Y V Reddy has been stressing the need to disclose the risk management practices followed by the companies for sometime now and rightly so. It is very important for the investors to know if the companies in which they are investing are managing the risks as efficiently as they claim to maximise returns. Infosys, for example, gives a detailed outline of the various risks facing their business, the policies of the company regarding each of them, the measures that are taken to deal with these risks, the implementation of strategies to manage risks and finally their review process. However, there are large numbers of companies which are still ignorant or chose to ignore the importance of risk management and deal with situations as and when they arise. It is time the management of such companies sits up and takes note of the risks that their company faces.

Creating value with Risk Management Having discussed the basics of Risk Management and its advantages, it is important for you to understand managing risk through hedging activities is not free, there is a cost associated with hedging any investor who is a shareholder in any company can diversify his risk by investing in many companies, so he may not have to incur extra charges, for diversifying the firm the specific risk through hedging. This is situation in Friction less markets, whether is no cost of bankruptcy or taxes in reality markets are not frictionless and in this presentation we will see how managing risk can in fact increase firm value even though there is a cost associated with managing risk AGENDA We will learn how managing risk reduces bankruptcy cost, income volatility, weighted average cost of capital, probability of debt overhang and information asymmetry. All these factors contribute in increasing the value of the firm, which is the basic aim for any firm and its shareholders. Reducing Bankruptcy Costs A firm is financed by debt and equity. Whenever the firm faces a situation in which it is unable to pay to its debt holders, it has to file for bankruptcy. The costs associated with bankruptcy may be high, and hence, as the probability of this situation increases, the investors demand higher return in order to take higher risk. Hence, there is a need to reduce the default probability so as to ensure investor confidence. Risk management can help in lowering this default probability and hence lower the bankruptcy cost. From the graph we can see that the cost of bankruptcy decreases only up to the point X, after which the cost of risk management exceeds the benefit from reducing bankruptcy cost. Reducing Taxable Income Volatility We know that there are varying tax rate slabs and it also varies every year. Firms can also defer their tax liabilities to future years without incurring any time value of money on the deferred taxes. As such, firms can redistribute their payable taxes through effective risk management activities. We know that any activity that reduces the present value of the firms liabilities can help in increasing firm value. If a higher tax is deferred from present to lower tax in the future, it can result in a lower present value of payable taxes and help in increasing the firm value. This can also be seen in the graph.