What Is An Enterprise Risk

Published Date: 02 Nov 2017

Introduction

1.0 Explanation of Risk Management:

1.1 What Is An Enterprise Risk?

The external environment is full of certainties and for a company initiating a business must take into account all the maximum possible risks into consideration in order to analyze the future prospects corresponding to those risks.

Risks may take many forms, the most commonly identified and reported risks are as follows:

Financial Risk: it includes all the risks related to cost of claims, loans, and liability adjustments.

Operational Risk: any activity hindering the operation of the organization including production, distributing, marketing etc lies in this context example the threatening labor unions and strikes.

Perimeter Risks: they are of broader scope typically fairly outside organizational control including weather changes, poor climatic conditions and political pitfalls.

Management Risk: if there is loss of good will and reputation as a consequence of management change then it is a management risk.

1.2 What is Risk Management?

All the above described risks are equally operational in the industry and for a start up business these risks musts be handled, analyzed and treated in a way to minimize their impact. Dealing with such risks require risk mitigation strategies and contingency plans other than the basic core strategic plans of the firm, this strategic approach is termed as "Risk Management". Effective strategies are undertaken and monitored prior to the exposure of these types of risks so that when a certain risk hits the company, the already available risk mitigation strategies can reverse their effect or at least cause minimum loss.

http://www.marquette.edu/riskunit/riskmanagement/whatis.shtml

2.0 Risk Management at Different Business Functions Level:

Effective risk management and assessment can be conducted at various business functions for any organization meeting the start up phase in the industry. Risk management follows depicts a snowball effect for any organization.

Risk management allows three major benefits affecting the organization to follow a more secured path in a highly uncertain unpredictable environment:

Through efficient and effective risk management activities, the organizations objectives and goals show more inclination towards achievement, as expected.

The bad things including damages etc are less likely to happen, or become completely non-existent in some cases as well.

The beneficial activities are more likely to be achieved with more consistency, reliability and efficiency.

Almost every single business domain carries out proper and complete risk management and assessment analysis in order to streamline the tasks and keep the business on the track in times of panic and economic down turn. Few major departments (functions) that are found closely integrated with risk management are as follows:

2.1 Administration and Management:

The upper management allows the most trustable and competent professionals to study the market trends and from past experiences design standards for the upcoming year. Strategic and business planning comes into play and more focus is on the outcome of the strategic planning to risk management. The unwelcomed shocking scenarios are reduced and their probability to occur again is also relatively reduced. More focus is on the new opportunities and the unexplored ways of getting benefitted. The coordination and communication between inter departments and intra departments is also enhanced to an extent where every employee knows how to deals and handle the risks and feels a part of the organization in meeting the objectives. It also enables the management to reassure the stakeholders of the organizations position and structure is in the safe hands and is running in a smooth manner.

2.2 Compliance and Quality Assurance:

A platform of continuous improvement is the significant goal to be achieved at every point in time. Even during the crisis, the business must not compromise on quality and price trade-offs and must retain the goodwill of the organization. Risk management is quite helpful when there is a promoting culture of continuous improvement and quality sustainability. Risk management allows functions to be more focused on internal audits programs.

2.3 Finance and Resource Allocation:

Through risk management, the resources are allocated and utilized in an intelligent and cost effective manner. The use of scarce resources at uncertain time is the real game and winning point for any organization. Keeping the valuable resources intact, such as low employee turnover, low employee downsizing, less over times, and less cost incurrence etc are some grade points retained via effective risk management.

http://portal.surrey.ac.uk/portal/page?_pageid=823,181132&_dad=portal&_schema=PORTAL

http://www.whatisriskmanagement.net/

3.0 Evaluation of Methods of Assessing Risks in Business:

3.1 Risk Assessment:

The sequence of events mostly uncertain are likely to occur during the course of achieving organizations objectives and goals, may affect the organization positively or negatively, risk assessments analyzes, evaluates and monitors the flow of these events diminishing the unwelcomed crisis through contingency planning and mitigation strategies. The basic aim of risk assessment is to identify, list down, and evaluate the trends followed by every single activity leading to the completion of organizational goals and objectives.

3.2 Risk Assessment Methods:

There is a number of risk assessment methods employed at every level in every different organization. We are concerned with the risk assessment methods filtered and employed for a new born organization which is relatively more vulnerable to the current market trends, industry and more prone to competition.

Strategic Risk Assessment:

Strategic risk assessment is a method undertaken by the senior level or top management to risk assessment. Planning and strategies formulation by the senior top management takes place here. The risks adhered to the organizations’ mission and objectives are evaluated here critically. Formal or informal, depending in the degree of formality of the agenda and senior management, meetings and strategic planning sessions are arranged and active participation is required to come up with effective strategies.

Operational Risk Assessment:

It is the evaluation of the risks as the consequence of poorly performed procedures, functionality and operations of the people, processes and systems leading to loss or other external incontrollable events. The risks of loss may be due to financial performance as well. Developing regulators to analyze and weigh the expected exposure to such external events are significant to risk assessment and the probability of their occurrence. Different functions collaborate to assess the risks or even an independent function can be called for advisory risk assessments.

Compliance Risk Assessment:

All the risks related to the best practices a business is conformed to function, the organizational culture, ethics, code of conduct, standardized rules and regulations, policies, the guidelines of performing tasks and running and monitoring processed and procedures are broadly evaluated, discussed and handled here. The compliance domain or the quality control function is the core department dealing with all these inputs here directly.

Financial Statement Risk Assessment:

The evaluation of risks related to misstated financial statements including input of figures and facts via the internal and external auditors, the financial managers, the controllers, third party (account receivables/ account payables) etc are dealt here. The misstatement of material, excessive budgets and cost, unnoticed unreported profits/ losses, taxes etc are evaluated here.

Market Risk Assessment:

The evaluation of all the risks related to the market including extreme demand changes, competitors price wars, distributors’ monopoly (wholesaler / retailer), and other market movements such as commodity and currency risks, alternative substitute risks, bargaining power of buyers, and retailers, interest rate risks etc. the marketing risk personnel comprising the marketing function perform this.

Customer Risk Assessment:

This method includes the customers’ risk performance profile significant to an organizations current position, performance and reputation. The customers’ willingness to buy your products, CLTV – Customer Life Time Value, customers’ intent and trustworthiness, affiliations etc all are intensely evaluated here. The managers dealing with the customers’ data repository managing and controlling their data assessments basically carry out this.

Product Risk Assessment:

These include the evaluation of the risk factors related to the organizations own products, from designing to manufacturing, from marketing to distribution and selling, till acquiring and ultimately disposal. The products differentiation relative to other brands, the strength of the product branded, its reliability, cost and quality, the usage experience and impact on customer, society and environment all are discussed here.

http://www.pwc.com/en_us/us/issues/enterprise-risk -management/assets/risk_assessment_guide.pdf

4.0 Evaluation of Approaches to Managing Risks in Business:

Managing risks is directly related to the types of risks available and faced by a start up organization. It is a new organization and there is no past record of failures or success stories to use as standard and estimate the future trends. Hit and trial methods are sometimes fruitful. Depending upon the true experiences of the heads of each of the functions, their skills, intuition, judgments and feeling and similar companies’ profiles are valuable in this regard. Approaches to managing risks include the follows two main principles:

Principle # 1: Each of the risk situations is analyzed to an extent it is completely and critically broken down into maximum number of dimensions. Each of the dimensions related to the broad statement of risk satiation is considered and specific measures are configured to each of them. All this is handled by the risk management personnel whereas succinct input is taken from all the functions to which the broad risk statement is directly or indirectly related.

Principle # 2: the more standardized and strategic valuable worldwide accepted risk solutions are adapted similar to your organizations’ set up. This limits the participation of the internal risk management staff to a minimum. This way the risk situation is reduced globally by taking into account less direct means. This confers to the generally accepted guidelines and applying those guidelines to your organization reduces the work pressure and extra cost of and utilization of resources of your organization.

Based on various risk management practices, two most commonly discussed risk management approaches are stated next:

4.1 Direct and Individual Risk Management:

This approach discusses the risk in risk management policy framework as

Identify all possible and maximum number of risks an organization is expected to be exposed to.

After listing them down, determine their level of complexity and severity for each of the risks.

Measure the risks through appropriate tools and methods and also ensure their constant monitoring throughout.

Ensure a constant evaluation and monitoring of each of the individual risks at hand and ensure that appropriate decisions are taken to control, reduce and transfer each of the risks.

4.2 Global and Indirect Risk Management:

This involves the identification of all the precursors and elements causing the risks to occur and happen in unexpected ways and times

Systematically classification of the enlisted elements in a way they are being handled, the highly prioritized being handled first.

Determine the security goals and policy

Ensure using appropriate tools to manage and mitigate these risks and restricting them to a confined limit.

http://www.clusif.asso.fr/fr/production/ouvrages/pdf/CLUSIF-risk-management.pdf

Part II:

Risk Assessment

1.0Key Drivers of Business Risk:

For any new or old business there are numerous risk elements associated with it with varying degrees of complexity and severity. These business risk drivers called as the precursors of business risk are of different types depending upon the nature of the business. Though, the external factor including the haphazard movements in the uncertain natural environment such as famine, floods, earthquake, fire, etc are all the same for each type of business. Following are the main drivers of business risk:

1.1 Business Risk:

Business risk mainly involves the strategy setting and execution of strategy. The top management is concerned with strategy formulation and designing the whole strategy framework. Not every time the top management and strategist make the right strategies for the business and probably miss out the most important points. In addition to this they may lack potential or take the relatively less crucial risk factors as secondary and continue to handle the prioritized risk factors leaving behind the less important ones. Unfortunately the less important risks merges together, multiplies and gives rise to an intensified potential threat to the organizational structure and design.

Moreover, if the strategy formulation process goes fine and appropriate strategies best for all situations and times have been chalked out, even then the basic success lies in their proper and right in-time implementation. The strategies must be flexible enough so that the managers can mould the workforce and manage them to follow strategies in eliminating business risks. Mitigation strategy implementation is a genuine pitfall of all times reported commonly today.

1.2 Credit Risk:

Credit risk lies where there is dislocation of the wholesaler and retailers. The credit purchases disrupt the real economy. The lending of goods on credit and delayed acceptances of accounts receivables is critical to organization’s success, profitability and strength. To compensate for the credit risks, the retail creditors are given restricted time frames to pay back and the processes of recovery have been enhanced to a level feasible for both the involved parties- the retailer and the producer. Our surrounding reports plenty of such fears and horror stories leading to credit crunches. This risk driver impacts not just the particular organization but the whole industry and upsetting the natural set up of the business environment leading to lack of trust and involvement.

1.3 Legal and Regulatory Risk:

This risk comprises of the environment where the organization operates. Every organization possesses some legal constraints and operates within the framework of such legal boundaries. This activity is to ensure the success and impartiality of individual organization included in the industry and the protection of the environment as well. The laws and contractual agreements signed, display a transparency of the system enrolled. The standards available worldwide with respect to quality and price are best practices generally acceptable. The financial losses are resisted due to restricted legal obligations. Moreover the processes are legalized to abide by the rules and regulations documented by an organization.

1.4 Market Risk:

The market risk involves the interest rates, changes in foreign exchanges, and spreading of equity credit. The interest rates may blow up decreasing the profits of an organization. More market players for the same product can decrease the demand of the product as supply overpasses the demand. Inflation can disturb the economy and the customers would restrict themselves to low purchase volumes or even look for lower substitutes.

1.5 Insurance Risk:

Insurance risk includes mortality, longevity, morbidity, and persistency.

1.6 Product Risk:

The product risk is of broader spectrum. The design, packaging price, quality distribution, acquiring, using, and disposal of product involve the application and adherence of risk to it.

1.7 Operational Risk:

Operational risk involves legal and regulatory framework for carrying out the processes, customer treatment, the manufacturing and distribution of products and services, the utilization of resources and running of processes, the involvement of people, government and management change and also the fraud and criminal acts.

1.9 Financial Risk:

It involves liquidity and funding mechanisms, capital stick and investments, liability and assets equivalency ratios, disclosure and taxation, financial and regulatory reporting and internal audits etc.

http://www.lloydstsb-annualreport.com/businessreview/risk management/risk_drivers/principal_risks/

2.0 Impact of Different Types of Risks:

The risks described above have direct impacts on the strength and sound framework of organizational design, structure and functioning. The financial risks have impact on the organizations’ stability and design. Without sufficient finances, investments and equity, the organization produce, market, sell its products and compete in the industry leaving to almost non-existent to functioning of the organization. The compliance risks are adhered to quality and without standardized quality of processes and procedures; a quality product cannot be produced and distributed leaving to no use of mass production etc. The product risk is the most significant risk its impact is double faceted impacting the customers and the producer. A poorly designed product is not going be sold and all the many will be wasted it also involves the process and production technologies etc. market risk is also of enough criticality as the market decides the acceptance and rejection of every product.

All the risks have their direct impact on the running and functioning of a business. These risks are recognized in order to avoid the potential threats estimated to have occurred in the future. For a smooth processing for the organization these risks must be assessed and their impacts must be studied in order to design sound and fool proof risk mitigation strategies. Furthermore the impacts of these risks are:

On the customer for inconvenience in buying and using the product and service.

The recovery costs incurred by the organization as a result of these risks.

The inconvenience caused by the management as the management has to be under severe stress and pressure to deal with these risks.

The real seriousness of the penalty of these risks to each of the particular business domain.

http://www.clusif.asso.fr/fr/production/ouvrages/pdf/CLUSIF-risk-management.pdf

3.0 Analysis of Severity and Likelihood of Risk:

There are a number of tools available to categorize the risks according to their response, frequency, probability, severity and likelihood. The impacts of these risks are reversed according to the risk response activities designed by a comprehensive tool explained next.

As per the above tool (table) on the y-axis which is the dependent axis, lies the probability factor. These depict the degree of likelihood of the risk factors to occur, whereas on the independent x-axis, the factors of severity lie. If a risk factor is moderate in severity and it is possible probability to occur then it is of high importance and response must be generated to overcome it.

As per the expert opinions, the probability criteria must be managed and filled out first followed by listing down the severity criteria corresponding to it. The basic objective of doing so is to help identify those risks that are highly prioritized, urgent and must be avoided. The middle level risks are treated afterwards and steps are taken to avoid them next leading to those that can be transferred and reduced whereas the last category includes those that can be retained and even ignored.

http://www.juliasilvers.com/embok/Risk/RiskAssessmentMgmt/probabilityseverity_analysis.htm

4.0 Suggested Risk Management Strategies:

For successful and workable standing put risk management strategies, it is significant to understand, evaluate and prioritize each of the risks and flow of uncertain events. Risks are evaluated in order to define and identify their probability and severity means. The probability and severity delineates a model, framework to strategy design and implementation for the risks and securing the business from threats and heavy losses.

4.1 Risk Avoidance:

The cost of risk is severely high in magnitude costing a business a lifetime to recover depending upon the severity of the risk involved. It is better to avoid the risks from occurring instead of incurring costs later to reverse and correct the after effects.

4.2 Risk Reduction:

At times, risks are there in the market, and you cannot root them out, but you can limit their magnitude of severity and probability to occur to reduce the losses significantly. For example the cost of producing some parts of the product is very high, to cut on the huge expenses due to lack of technological equipment r other factors, you can outsource their production and thereby reduce the risks of condition and availability.

4.3 Risk Sharing:

The transferring of risks to other parties is termed as risk sharing to evade the risk. This happens where the cost of risk is too high to be borne by the organization. To help this, organizations insure their processing etc in order to shade the risk costs with the insurance agencies in crucial circumstances.

4.4 Risk Retention:

Some types of risks are retained by the organizations when the costs are controllable and their impact is minimal and under control. For example the faulty management cannot result in limiting the business actions or risk sharing for reduction etc but the management can be controlled and effects are monitored to ensure the credibility of the business and managing the business through extensive training, learning and motivation.

http://voices.yahoo.com/what-risk-management-strategies-business-7512590.html

5.0 Approaches to Crisis Management:

5.1 Crisis Management:

Crisis management is a technique a unique framework designed to protect the organization, its processes and people, employees, stakeholders, government and general public. Following approaches are undertaken to managing the crisis situation:

5.2 Crisis Management Model:

It is evident to understanding how to handle a particular type of crisis before their occurrence. Gonzalez-Herrero and Pratt identified three phases in any Crisis Management:

Diagnosis of the approaching danger.

Selecting an appropriate and right mitigation strategy.

Implementation and monitoring the change process.

Management Crisis Planning

Crisis management planning encircles around the best practices utilized while dealing with the crisis. Effective and sound planning is significant to controlling the crisis and attracts as less media coverage and avoids public scrutiny.

Contingency Planning

An organization must prepare itself for the uncertain crisis by preparing and formulating contingency plans prior to the arrival of the crisis. A series of simulated scenarios can be used as a drill while preparing for the crisis. Preparing contingency plans in advance, as part of a crisis management plan, is the first step to ensuring an organization is appropriately prepared for a crisis. Speed, working performance and efficiency is required in following the contingency plans lest they would be of no use.

Business Continuity Planning

A business continuity plan is vital to the organization to minimize its impact when an impending crisis is going to strike the business. Critical functions, methods and processes are identified in order to keep them running. Design a separate contingency plan for each of the individual business division. Testing of these contingency plans over and over by simulating scenarios can help the teams to respond actively and quickly when a crisis occurs.

Structural-Functional Systems Theory

Accurate and update flow of information is pivotal to effective crisis management in an organization. Structural-functional systems explain the significance of the intricacies of the information and communication networks and levels of power giving rise to the organizational communication.

http://en.wikipedia.org/wiki/Crisis_management