I often get asked what risk management is
about. If it is about statistics, probabilities and complex modelling? I
disagree. I think risk management is one of the most natural things we
do, and one of the most important. Risk management is about asking six
easy questions;
- What am I trying to achieve?
- What obstacles might stand in my way or hinder me?
- Which obstacles are the most important?
- What actions can be done about it?
- Having taken the actions, did they work?
- What changed?
These six steps make up the risk
management process; objective setting; risk identification; risk
analysis and evaluation; risk treatment; risk monitoring and risk
communication, and can be applied to any simple or complex situation, be
it in our personal lives, public or private sector.
This management science demonstrates how
to get clarity on complicated situations, how to decide between options,
but most of all how to embrace opportunities and to minimise threats.
Business and enterprise is about taking
chances, just as life is about making difficult choices. Risk management
provides the framework to enable difficult decisions to be made in a
managed and structured way in order to maximise the opportunities for
success and minimise the threats. We call this risk based
decision-making.
Organisations of all types and sizes face
internal and external factors and influences that make it uncertain
whether and when they will achieve their objectives. The effect this
uncertainty has on an organisation’s objectives is “risk”.
Life does not exist without uncertainty and the effect that uncertainty has on our objectives.
All modern industries (aviation, stock
markets, manufacturing etc.) have grown in an environment where the
risks were uncertain. The consequent impacts of the uncertainties on the
wider public were almost unimaginable. Yet chances were taken, losses
were sustained but the consequent benefit to the businesses and
enterprises involved, and to wider society, were arguably such that the
risk was worth taking. Without some understanding of risk and its
components, particularly the mathematics behind risk and uncertainty,
life today would be quite different.
Too many people forget that managed risk
must be taken in order for business to survive and to thrive – and this
applies particularly to the risk and safety professionals who can become
obsessive in their zeal to minimise threat. In creating the strictures
of the risk frameworks, processes, lists and bureaucracy, they can wrap
the business into complicated agonising knots that can stop the
organisation moving forward and innovating.
Risk, governance and compliance together
can present a frightening array of hard-to-follow processes and results
and unfathomable language and jargon. That is not to say that these are
not important. They are. But they need to be translated into simple,
elegant tools and knowledge systems for the Board to be able to make
sensible, life-giving risk managed decisions for the business and for
the stakeholders in a managed context. We will explore these in later
articles.
Yet at other times wholesale chances are
taken without due regard to the capacity of the organisation to take the
consequences of not balancing capacity against exposure. The result of
unbridled, bureaucratic and complex risk management is that the senior
management and Board members break free of the process and do their own
thing. Strategic decisions are made regardless of possible impacts, or,
worse still, the process is bent to make the analysis fit the desired
result. Risk management is relegated to that process that the rest of
the business should or must do and strategic threats that can damage the
whole enterprise are sometimes taken without proper diligence. There is
often a layer of self-delusion when the Board think that a risk is
being managed within its given risk appetite and capacity, when in fact
the reality might be far from that.
Risk management is for the whole
organisation where there should be a culture about taking managed risk
and avoiding unmanaged risks. This requires a programme to bring about
openness and transparency about the opportunity or threat being taken as
well as a clear and truthful accounting of the value in the business –
whether that is capital, reputation or liquidity.
Risk management strategies are designed
to avoid, accept, minimise, transfer and retain risk exposures. These
strategies should be customised to fit your businesses culture and
liabilities, and should therefore evolve as your exposures and
opportunities change.
Here are three steps to winning business through taking managed risks;
First, you must assess the situation at
hand. Uncover potential risks by evaluating your location, the context
of circumstance and any historical data. This information helps uncover
potential risks, and also helps you weigh the probabilities and
consequences of the risk.
Next, you need to develop a plan of
action. Consider the key objectives you’re hoping to accomplish, along
with the level of risk you’re willing to accept. Consider the likelihood
of an undesired outcome and what it would cost you, your business or
your stakeholders if it transpired. Is the risk worth taking? If so, go
for it! If not, reconsider your options.
Finally, implement your risk management
plan. Just remember that things can change and you need to keep an eye
on those changes and adjust your tactics as required.
- Mbonu, studied Engineering, is an experienced Banker and Enterprise Risk Management specialist. Has undergone post graduate studies in Risk Management at Stern – New York University, and is a member of the UK Institute of Risk Management. Can be reached on 09092092046 (SMS Only); email: rm4riskmgt@gmail.com
No comments:
Post a Comment