Risk is everywhere—from the time you get up to the time you go to bed, and even while you sleep (earthquake, fire, carbon monoxide poisoning, sleep apnea, alien landing, etc.). The question always is: How much risk is tolerable, or reasonable? What kinds of risk need to be controlled the most? What is the cost benefit in doing so? Where is the trade-off?
Over the last decade risk management has become big business
Universities now provide advanced degrees in risk management. The Division of Social and Economic Sciences, part of the National Science Foundation, is writing grants for studying risk. A plethora of risk organizations has bloomed as well, including the Decision Analysis Society, Society for Judgment and Decision Making, Society for Risk Analysis, Risk Management Association, Global Association of Risk Professionals, Risk Management Society, American Risk and Insurance Association, Security Analysis and Risk Management Association, and others.
Can you get too carried away with risk management?
Probably—that said, though, there is a direct correlation between low levels of risk and high levels of productivity, efficiency, and quality—which usually translates into higher profits. How much should you invest in risk management? It depends on several key factors, including the nature of the business and management’s own risk tolerance.
There was lots of interest in risk management during the Great Recession — with already reeling profits, companies didn’t want to take any risks that could be crippling (whereas a few years ago those risks might have been simply damaging, or even just annoying); the recession also provided more downtime to spend on studying risk.
However, now that the economy is recovering, risk management is under pressure as some companies refocus on profits and growth.
In a recent article on www.analyticsearches.com, Patton McGinley writes that, because of the cautious overall recovery and recent strong performances in the financial sector, “firms have seen increased risk appetites with pressure to expand and boost profits. Respondents are struggling to manage risk, with more than three out of five citing growing complexity in their organizations’ risk exposures. Two-thirds of respondents say external risks pose a greater challenge to their institutions than internal ones, yet only 52 percent say their risk management processes are well placed to deal with this volatility and complexity.”
McGinley indicates the momentum of revamping and strengthening risk management may have peaked, since the percentage of respondents is the same compared to last year when questioned about confidence in having a clearly defined risk management strategy. “Year on year, the proportion of respondents who are increasing investment in the risk function has fallen slightly across IT, data, training and recruitment,” he says. “Silos continue to hamper risk management progress. Although the risk function has been elevated, organizations still lack strong and open relationships between the risk function and lines of business.”
If there was ever a field with unlimited potential, it is risk management—for the simple reason that risk is everywhere and can still be capricious and unpredictable (Japan’s earthquake and nuclear meltdown, for example). Risk is also in the eye of the beholder—large companies, especially those with multiple international locations, tend to behold a lot, because complex business structures have more opportunities for things to go wrong, as well as make it harder to find the “little” things that could evolve into something major. Risk connections through a company’s operations are endless; if something goes wrong here, something else probably goes wrong there, and it moves on like a Mousetrap game—unless the risk interactions have been studied and the controls are in place.
Risk-management officers and vice presidents have more influence today than they did 10 years ago, supported by the growing body of research and case studies that delve into risk. Dealing with risk is changing the way companies approach their operations on every level—regulatory documents, controlled documents, records management, retention regulations and policies, manufacturing processes, employee management, legal, and the increasingly monitored and scrutinized supply chain. There is also the call by profit-driven shareholders to focus more resources on identifying areas of potential risk. Risk-management officers and IT leaders are also being pressured to keep up with the latest in information management systems—the key to effectively managing risk.
So—where do you start? How do you start?
First, discuss the issue with all levels of management; make a company-wide appeal for input on the topic of risk; it’s important that all employees have the opportunity to contribute because they are the experts in the potential risks in what they do, not management. Find the vulnerable spots.
The second step is a comprehensive, unbiased risk assessment of your entire operation—this is where a third-party risk specialist with deep experience in your market is required, who has a wider perspective of risks impacting your industry. This will allow you to:
- Identify, quantify, and prioritize risks across your company
- Examine the controls needed to successfully mitigate these risks
- Identify processes needed to control losses in case an adverse event occurs
An advanced software solution does all these things for you and can be customized to meet a company’s individual needs. The program provides a centralized risk framework for documenting and managing all risks faced by the company. Capabilities include computing risk profiles, prioritizing risk threats and response strategies, developing policies and procedures, 24/7 documentation, benchmarking, tracking events in real time to enable risk evaluation, and enforcing standardized processes. Executive dashboards provide company-wide visibility into the entire risk management process and highlight issues when they arise, permitting quick remediation and keeping losses to a minimum. All these processes and more can be accessed globally and displayed in real time.
Implementing an integrated risk management system is the best way to minimize operational disruptions and increase process efficiencies, quality, and compliance—which means less liability, happier customers, smiling regulators, better profits, and as the word spreads—increased market share.