The Risk Management Strategies

Published Date: 02 Nov 2017

This unit presents two intentions: first, to increase business risk awareness and to develop skills in assessing, monitoring and controlling business risks; second, to develop an appreciation of the implications of business risks. But in order to achieve these, the following points are necessary: understanding business risk management function; know-how of business risk assessment; realizing the effects of business risks and learning viable approaches to crisis management and business continuity planning. Thus, assignment one and two are a prerequisite to understanding this unit.

In assignment one, we are given the task to give advice about risk assessment and how it should be managed in their new business. In establishing a new business, it is then important to know what are the risks involved and to understand how to assess and manage them. What does the term "risk" mean? Risk is the possibility whether high or low, that somebody could be harmed. Risk involves chances of hazards to persons or places which can likely put them in an extremely bad or dangerous situation. Whether with a very little probability or with a strong probability, risk is anything which may pose a threat of damage, injury, liability, loss, or any other negative occurrence caused by external or internal vulnerabilities. However, any risk well assessed may be avoided through pre-emptive action.

In all types of undertaking, there is the potential for events and consequences which can provide opportunities for benefits or threats to success. Thus defining clearly the risks that would be involved is important for effective management. Risk management is increasingly recognised as being concerned with both positive and negative aspects of risk. Therefore to consider risk from both perspectives is significant. Generally in the safety field, only negative consequences are recognized and the management of safety risk is focused on prevention and mitigation of harm. Basically in business, setting policy and strategy for risk management become the role of risk management. However, policies allow management to guide operations without constant management intervention.

Building a culture on risk awareness within the organisation includes appropriate education, creating internal risk policy and structures for business units and designing and reviewing processes for risk management. It is also important to co-ordinate the various functional activities which advise on risk management issues within the organisation. Developing risk response processes including contingency and business continuity programmes and preparing reports on risk for the board and the stakeholders will also help in raising risk awareness. An understanding of risk management can provide a rational basis for better decision making in regards to all risks.

Furthermore, risk management plays a serious role in many organisations. As a result, the department must be aligned with corporate objectives and direction. Risk management function should be part of the strategic decision-making team. It has an essential role in merger and acquisition regarding investments in technology platforms, expansion, plant upgrades, facility closures, workforce reductions and supply chain management. The focus of good risk management is the identification and treatment of these risks. Increasing maximum sustainable value to all the activities of the organisation is the objective of good risk management. It marshals the understanding of the potential upside and downside of all those factors which can affect the organisation. Good risk management provides strong probability of success and lessens both the probability of failure and the uncertainty of achieving the organisation’s overall objectives. In the organization’s strategy and its implementation, risk management must be a continuous and developing process must address methodically all the risks surrounding the organisation’s activities past, present and more specifically the future. The culture of the organisation with its effective policy and a programme led by the most senior management must integrate good risk management procedures, too. This would require translating the strategy into tactical and operational objectives and assigning responsibility throughout the organisation with each manager and employee responsible for the management of risk as part of their job description. In order to promote operational efficiency in all levels, accountability, performance measurement and reward must be part of risk management.

Another benefit of risk management is to protect and to value more the organisation and its stakeholders. Providing a framework for an organisation to enable future activity to take place in a consistent and controlled manner can ensure stability and business continuity.

Risk management requires improving decision making, planning and prioritising through comprehensive and structured understanding of business activity, volatility and project opportunity/threat. With good risk management, there will be more efficient use/allocation of capital and resources within the organisation, reduced volatility in the non-essential areas of the business, protected and enhanced assets and company image. Members of the organization will also be developed and supportive of the organisation’s knowledge base, thus, optimising operational efficiency.

On the other hand, business functions are processes or operations performed routinely to carry out a part of the mission of an organisation. How does risk management affect different business functions? On strategic aspect; risk management concerns long-term strategic objectives of the organisation. Areas such as capital availability, sovereign and political risks, legal and regulatory changes, reputation and changes in the physical environment can be affected by risk management. Another aspect is operational. The day-today issue the organisation needs to be dealt with as it strives to deliver its strategic objectives is a concern for risk management. In terms of financial, it concerns the effective management and control of the finances of the organisation and the effects of external factors such as availability of credit, foreign exchange rates, interest rate movement and other market exposures. Likewise with knowledge management, another concern for risk management is the effective management and control of the knowledge resources, the production, protection and communication. There also business factors which can be external or internal which may involve risks and therefore should be managed. The external factors might be unauthorised use or abuse of intellectual property, area power failures, and competitive technology while internal factors might be system malfunction or loss of key staff. Important issues such as health & safety, environmental, trade descriptions, consumer protection, data protection, employment practices and regulatory must be the concern of the organization in risk management. It is necessary to assess these concerns in different areas most of the time to lessen and even prevent the occurrence of harm to the people and to the organisations.

To identify the hazards is first and foremost. This means working out how people could be harmed. One easily overlooks some hazards if one works daily in a place. There could be reasonably an expected harm so it important to walk around ones workplace and look at what could be the cause of danger. Asking the employees or their representatives who are working on the floor can provide information on the hazards that may affect business functions. It is important that one be observant and sensitive while working.

Second is to decide who might be harmed and how. For good risk management, there must be clarity for each hazard and who might be harmed. It is good to identify groups of people like those people working in different departments (HR department, storage area, kitchen area, healthcare department). Each department could collaborate in identifying how they might be harmed and could give further information on what type of injury or ill health might occur. Given a situation like a ‘healthcare provider may suffer back injury from incorrect handling of service users’. One must be aware that some workers such as new and young workers, new or expectant mothers and people with disabilities have particular requirements and may be at particular risk. It is good to consider what are some hazards for cleaners, visitors, contractors, maintenance workers and others, who may not be in the workplace all the time and members of the public. Could they be hurt by your activities? How does your work affect others present as well as how do their work affects your employee? These are questions which are important to talk with the staff.

The third is to evaluate the risks and decide on precautions. It is required by the law that any organization should do everything ‘reasonably practicable’ to protect people from harm. Perhaps, the easiest way is to compare what you are doing with good practice. Try to see what you’re already doing; think about what controls you have in place and how the work is organised. Then compare this with the good practice and find out if there’s more you should be doing to bring yourself up to standard. Consider the following questions: Can I get rid of the hazard altogether? If not, how can I control the risks so that harm is unlikely? It is wise try a less risky option when controlling risks. For example, use the less hazardous ones when ordering chemicals. Be "always on the watch" to prevent access to hazard. Putting barriers or signage on areas that could cause harm to others can reduce exposure to the hazard. Make personal protective equipment (such as clothing, footwear, goggles and aprons) available is another good example of preventing hazard. Provision of welfare facilities for first aid and washing facilities for removal of contamination is important. Thinking of health and safety in the area and doing precautionary measures must be the priority. Failure to take simple precautions can cost lot more if an accident does happen. Involving the staff or employee will ensure that what you propose to do will work in practice and won’t introduce any new hazards to the work place.

The fourth one is to record your findings and implement them. It makes a lot of difference as you look for people and your business when the results of the risk assessment are put into practice. It is advisable that one writes down the results of the risk assessment and shares them with your employees. Writing down results of risk assessment can be helpful to review something changes happen. They must be simple and direct to the point. Some examples are ‘tripping over rubbish: bins provided, staff instructed, weekly housekeeping checks’. Risk assessment is expected not to be perfect, but it must be suitable and sufficient. It should provide the following points: a proper check was made; consideration of who might be affected; appropriate and immediate measures with all the significant hazards, and accountability of the number of people who could be involved, reasonable precautions are reasonable and low remaining risk. It is always beneficial to involve the staff or their representatives in the process of risk assessment. Make a plan of action dealing with the most important things first. Health and safety inspectors acknowledge the efforts of businesses that are clearly trying to make improvements. A good plan of action ensures the inclusion of different aspects such as: a few cheap or easy improvements that can be done quickly, perhaps as a temporary solution until more reliable controls are in place or a long-term solutions to those risks most likely to cause accidents or ill health. Arrangements for training employees on the main risks that remain and how they are to be controlled, regular checks to make sure that the control measures stay in place and clarity of responsibilities are important, too for a good plan of action. Prioritise and tackle the most important things first all the time.

The fifth and last is to review your risk assessment and update if necessary. Most of the workplaces are bringing in new equipment, substances and procedures that could lead to new hazards. Therefore there is a need to review what you are doing on an on-going basis. Formally reviewing every year or so, will help you to see where you are and to make sure whether you are still improving or at least not sliding back. Try to evaluate your risk assessment by asking questions constantly. Have there been any changes? Are there improvements still needed to make? Have your workers spotted a problem? Have you learnt anything from accidents or near misses? Risk assessment must stay up to date. They say, in business it’s all too easy to forget about reviewing risk assessment – until something has gone wrong and it’s too late. Before any dangerous thing happen, set a review date for risk assessment. Regular check or review is indispensable. During the year, if there is a significant change, don’t wait for the date. After checking your risk assessment, amend it right away when necessary. When planning for a change, it is reasonable to review risk assessment also.

There are different approaches in managing risk. The first step is to identify risks. Risks are can be events that, when triggered, cause problems. Hence, risk identification can begin with finding the source of problems, or with the problem itself. Knowing source or problem, one can examine the events that the source may cause or the events that lead to a problem.

Analysis of the risk is the next step. It is a technique by which factors that may jeopardize the success of a project or achieving a goal are identified and assessed. This technique helps to define preventive measures by reducing the probability of the hazards from occurring and to identify countermeasures to successfully deal with the constraints that develop to avert possible negative effects on the competitiveness of the company.

The third step is to prioritize and map out the risk. Prioritize different risks as serious, moderate or mild. Use of colour coding system for easy graphical analysis can help in mapping out risks. Having all the data laid out, one will be in a position to rank individual risks. If risks are improperly assessed and prioritized, it will be a waste of time in dealing with risk of losses that are not likely to occur. Time must not be spend too much in assessing and managing unlikely risks for they can divert resources that could be used more profitably. Such is the reason why in this stage prioritizing is critical.

The fourth step is to resolve the risk. In resolving risk it is vital from the perspective of enterprise risk management. What will you do if the risk materializes? Can you do something to overcome the risk? Can you take some measures to lessen its impact? Considering all these questions and coming up with a risk treatment and contingency plan is necessary. Ways in which to control as well as to overcome the risk conditions must be included.

The last step is to monitor the risk. In monitoring, make sure proper communication between the different departments involved in the process are considered. Communication is very crucial for it can affect the entire process both negatively as well as positively. In all the processes, the key to effective risk management is an efficient means of identifying problems beforehand and an inescapable methodology for taking action proactively against the most serious risks.

ASSIGNMENT TWO

Risk assessment

There are many drivers of business risk. The first driver is the strategic risk. These are threats or opportunities that materially affect the ability of an organisation to survive. Fast-growing business starts with an idea, which turns into the business plan. And due to tight business competitions, strategy might revolve around marketing a new product or promoting an existing product or service applied or delivered in a new way. I have been working in the health care organisation and I have noticed that they are using a positive strategy in encouraging older people to stay in the nursing home that they are running. Example of which is the different kinds of activities that they are given to the residents. The management is taking risk in introducing a new activity for the residents. And they are getting a positive feedback from the residents itself and even from their relatives.

Operational risk represents another key driver. Operational risk in the organisation drives try very hard to support strongly safe, reliable and compliant operations. It involves the use of capability and judgement to identify, assess and manage operating risks. The organization assures there are strong action plans to control or mitigate operational risks. In the nursing home that I’ve been to, they are very particular about the safety of the service users and the service providers. They do risk assessment first before they introduce new equipment to the service users to prevent any hazard or accident to happen.

Certainly, no business can grow without the right funding, thus financial risk is another driver. Financial risk is the possibility of the organisation defaulting on its bonds, which would cause bondholders to lose money. It is critical to find the right form of financial backing at the right time.

Last but not least is the information risk driver. Information, in whatever form, is a valuable asset to any organisation. It is the basis on which strategic decisions are made and daily tasks are performed. Corrupted or compromised information that threatens to undermine good information can cause a wide range of problems. Some misleading information are simply annoying to those who could have a major impact on an organisation’s future. Information risk includes a wide range of challenges that result from an organisation’s need to control and protect its information.

Managing all drivers can be a complex challenge. As the business grows, so new approaches may be required in each area. New approaches need a different form of capital injection, a new type of staff reward structure, an improved financial reporting system and good training for health and safety procedures. As regards information risk the organisation’s success greatly depends on the trust and goodwill of staff, suppliers, customers, and the public at large. Therefore, it is vital that all information must be properly managed, controlled and protected.

Different types of business risk exist in the economic market. There are different implications for each risk and business owners must find ways and means to overcome any risk involved. The overall economic conditions can affect business and can pose different risks. Changes in government monetary or fiscal policy often can create more risky situations for businesses.

Strategic business risk occurs from the amount of competition in the economic market. Increasing competitiveness can create lower market share and fewer profits for a company. And business owners will eventually spend more time and money educating consumers on why their product is superior to a competitor. Smaller business organisations may be more fragile than larger business organizations which may be able to withstand higher amounts of competition.

Financial risk involves losing money from consumer sales or facing strict credit requirements. In an attempt to make more money to cover business expenses, business owners may sell inventory or other items to consumers at reduced prices. Sales on account can also create difficult business situations. Most companies try to find ways to collect their money, but the company may lose money from consumers who cannot pay future bills. Strict credit requirements can create unfavourable financing terms for businesses for they limit loan amounts or provide increase interest rates.

Operational business risk has the possibility that a company faces deteriorating situations in its production process. Such situations may result from inefficient facilities, broken equipment or theft. If a business owner is confronted with high operational risks, it will result to decrease of production output, low-quality consumer products and poor production efficiency. In such situations a competitor can take advantage of stepping in and of taking away the company and market share. And if the company must continually spend money to repair or correct operational issues, it will face high financial risks.

On the other hand, there are high-risk areas in the business. One of them is company data which is a valuable business asset. Operating its day-to-day business, effectively, a company must be well skilled at collecting, storing, processing, and transforming data. It is necessary to locate, identify, and classify sensitive data to reduce data privacy risks. Lowering potential data sharing exposure and improving compliance must be observed. Critical information should be protected like any other valuable asset.

The practice of system integrity begins with selecting and deploying the right hardware and software components to authenticate a user’s identity and help prevent others from assuming it. Effective administrative functions must restrict access to administrator-level and must provide administrators processes and controls to manage changes to the system. Individual components to system integrity, such as vulnerability assessment, antivirus, and anti-malware solutions must be well considered, too. The ultimate goal from an access control standpoint is to prevent the installation and execution of malicious code while protecting valuable data from the beginning.

Reputational risk is a type of risk related to the trustworthiness of business. If a firm's reputation is damaged, there can be a lost revenue or destruction of shareholder value, even if the company is not found guilty of a crime. Reputational risk can be a matter of company trust which serves also as a tool in crisis prevention. This type of risk can be informational in nature or even financial. In extreme cases may even result to bankruptcy. It is really true what Warren Buffett has famously said that a "reputation takes twenty years to build and five minutes to ruin."

Another high risk is the financial theft. Someone can steal your identity. Identity theft happens when someone, often using illegal, clever and complicated methods access enough information about someone’s identity (such as their name, date of birth, current or previous addresses) to commit identity fraud. Victim of identity theft can lead to fraud which can have a direct impact on one’s personal finances and can make it difficult to obtain loans, credit cards or a mortgage until the matter is resolved.

Risk Management Strategies

Risk management is dealing with adverse effects of risk and understanding potential opportunities. The potential cascade effect of failing to address a safety issue may have effects on the level or type of risk experienced in all areas of the organisation. All risk management processes and systems must complement one another. They must be acceptable within the organisation’s culture and must work in collaboration towards the same goals.　

In terms of health and safety policy, it must meet legislative requirements and must value that risk management is good practice. In order to ensure success in an organization, it is integral part to have an effective work health and safety management program. This will assure that the health and safety needs of the employees are properly addressed. It can also offer a range of benefits including reduced injuries and illnesses, compliance with legislation, reduced workers compensation costs, improved operational efficiency, and better corporate governance.

Employment practices must guarantee that written policies, procedures, records, employer-employee relations, leaves of absence, and other management practices are handled consistently, fairly, and in compliance with the local law. Employees are one of the organisation’s most valuable assets. Thus, hiring the right employees, motivating them, and providing training and development opportunities are of strategic significance.

In fraud prevention measures, every department in the organisation has to be responsible. The management is in-charged of assessing the risk of fraud and implementing appropriate anti-fraud programs. Such controls to reduce that risk must be at an acceptable level. Setting proper examples by executives can play an important role in determining the ethical tone of the company. Employees have a right to expect that their leaders set high standards. Management integrity is necessary so that fraud cannot pervade in the company. Management must facilitate a mechanism for employees to report concerns about unethical behaviour, actual or suspected fraud, or violations of the entity's code of conduct or ethics policy.

There are different approaches in crisis management. Crisis management is the process by which an organisation deals with a major event that threatens to harm the organisation, its stakeholders, or the general public. Business continuity planning is one essential way of responding to crisis. This plan sets out how the business will operate following an incident and how it expects to return to ‘business as usual’ in the quickest possible time afterwards. It provides agreed arrangements for bringing events under control, the necessary resources for maintaining critical business functions and the staff required for co-ordinating actions. It must be clearly presented. Vague internal references and abbreviations must be avoided. It must be structured in such a way that people can quickly find and understand what is expected from them.

A well-designed business continuity plans and crisis management processes will help in recovering the business in a methodical way and within specified timeframes. Such plans are strengthening factor so that essential operations can carry on in the event of an interruption and that damage to one’s business’s reputation, employees, assets and commercial viability is kept to a smallest possible.

In the organisation, it is necessary to have control risks’ business continuity and crisis management advisors. They become an effective support throughout the entire business continuity lifecycle. How they do it? First, they provide business impact analysis. They identify key business processes, people, systems and dependencies, and the impact their interruption would have on the business. Second, they do risk assessment. They organise and run convincing simulations to test organizational plans and systems. They help members of the organization to develop the knowledge and skills they need to manage crises. Third, they work to investigate and develop strategies for regaining before any serious impact is suffered. Fourth, they document agreed strategies, implement crisis management structures and create clear lines of growth and communications. Fifth, they see to it that business continuity teams are given the chance to exercise their roles and responsibilities when the plan is implemented. In this stage too, advisors offer awareness training to a broader group of employees to build their knowledge of the plans. Sixth, they helps clients review and maintain their business continuity plans to ensure they continue to reflect changing threats. Seventh, they manage an interruption. In the event of an interruption, expertise from control risks can assist in keeping the impact, costs and reputational damage to a minimum.

After answering assignments one and two, I think I am able to understand the risk management function in business, how business risk is assessed and managed. It is also a learning experience to know the effects of business risks and the possible approaches to crisis management and business continuity planning. It is my hope that I can impart what I have learned from this unit to the organisation I am currently connected. If the future I would have the opportunity of putting up my own business, certainly this assignment will really be a valuable guide in coping with risks, its assessment and management.