Risk Management in an Organisational Setting

Introduction

In a dynamically changing external environment, any organization developing a development strategy uses a set of economic indicators to assess its activities. For the successful operation of enterprises and survival in the competitive struggle, it is necessary not only to form certain advantages but also to systematically take into account the negative factors affecting the results of this activity. The economic reforms, the crisis, and the general development aroused interest in the issues of considering risk in economic activity. The theory of risk itself in the process of formation of market relations not only received further development but also became practically in demand.

Risk Theories

Risk management theory is based on three main concepts: utility, regression, and diversification. In the first group, a risk is considered a characteristic of any conscious human activity to achieve some goal (Zio, 2018). The activity of the subject is carried out in conditions of limited resources, information uncertainty, and the possibility for the subject to choose an alternative way to achieve the goal.

In the theory of optimal control, the main attention is paid to studying such properties of risk as utility, consistency, and dynamic probability. The universality of risk is characterized by the fact that risk is an integral part of the economic activity of a person striving to improve the quality of life (Zio, 2018). The universality of risks manifests itself in the form of an abstract and concrete opportunity. Although abstract risks may occur, there is no set of necessary and sufficient conditions for them (Zio, 2018). Thus, for example, the innovation process leads to the formation of new industries and the displacement of old ones, but this does not mean that this process will inevitably lead to the bankruptcy of enterprises in the old sector. Specific risks can be quantified over time, and necessary resources are available to minimize them.

Consistency considers risks as a property that is inherent in any complex system. The development of system concepts is characterized by a gradual transition from simple to complex – from structural concepts to methods of functioning that determine the effectiveness of systems. In accordance with this process, databases and knowledge bases must also evolve. That is, they must be constantly processed, re-sorted, and re-evaluated. Socio-economic dynamics assess risks regarding the asymmetric distribution of information and their constant change over time (Chentukov et al., 2021). Changes influence the equilibrium of local systems in systems of a higher order. Therefore, the probability of occurrence and the level of most risks depend on polysystemic effects, which are beyond the control of those who make decisions on the choice of economic policy instruments.

For the practical implementation of methods for optimal risk management, a number of successive stages are performed. It is necessary to analyze the existing risks inherent in various types of production and investment activities at the enterprise to determine their composition and classification. One also need a system of indicators for quantitative risk assessment and methods for assessing their economic efficiency. As an approach to investment decisions under risk in foreign practice, a utility function is often used. It subjectively reflects the dependence of the utility of the investment result obtained on the costs of obtaining it. As a rule, FP has the property of diminishing marginal effectiveness; that is, each subsequent cost unit gives a lower result than the previous one.

Regression

The second approach to determining the essence of the risk category can be characterized as the result of the accumulation of regressive potential. Since this approach is based mainly on theories of technological progress, it also focuses on the relevant characteristics of destructive risks:

  • the irreparability of the loss of properties and qualities of values that were needed in the past, but unclaimed in the present;
  • the emergence of new properties and qualities of values, the regressive potential of which in the future is not yet clear;
  • lowering the level of threshold security due to the creation of new technologies, increased environmental threats, and more (Vetter & Schober, 2018).

The scientific literature provides many facts that the increase in the scale of economic activity leads to a quantitative and qualitative change in relations, to which various social groups cannot constantly adapt. It causes the risk of their social and economic non-adaptation (Vetter & Schober, 2018). If one thinks carefully, one can understand that any result of economic activity contains sprouts of regressive potential.

Diversification

The point of risk management is not to completely eliminate it but to use it for the company’s benefit, diversify and avoid it. Risk diversification is one of the fundamental concepts in investment theory. It is a method of reducing risk by building a diversified portfolio of small risks instead of taking on one of the same types (Malhotra et al., 2017). It is a way of reducing the total risk exposure of a portfolio by allocating funds among different assets whose prices are weakly correlated with each other. The investor builds his portfolio from various types of financial instruments and, at the same time, considers different approaches, using simple or complex diversification.

Simple (linear) diversification may include several securities belonging to the same category of financial instruments. For example, from a collection of several illiquid stocks or a set of debt instruments with similar risk levels. With the help of linear diversification, it is possible to reduce specific risks significantly. Share prices depend on the events taking place with the company to which they relate (Malhotra et al., 2017). Events can be either negative (corporate actions restricting the rights of minority shareholders, loss of licenses) or positive (client growth, good financial results). However, coincidences in some instances are very rare for companies. Therefore, practice shows that when the price of shares of one company falls, the shares of another will rise.

Broad diversification is tuned to optimize risk management and includes multi-level diversification. In this case, the portfolio may include several types of assets, for example, less liquid stocks, corporate bonds, blue chips, and some other investment instruments (Malhotra et al., 2017). At the same time, for all types of assets, there is a specific variety of securities that includes diversification by industry. Investors choose the line of ratios between less risky and more risky assets within the portfolio based on the strategy they consider more profitable.

Identification of Risks in the Organization

When identifying risks in the management system, one should not only identify the risks currently in the organization but also monitor emerging risks. For the most effective response of the system, it is necessary to create a list of structured information that gives a complete and comprehensive answer about the events leading to risk and the areas of the enterprise’s activities that are most exposed to a high level of risk. Before such a system is created, not only a description of the risks is required, but also the preparation of a SWOT analysis, that is, a matrix of opportunities and threats for the enterprise in order to identify possible risk areas for the enterprise. Only then can potential threat areas be identified and a risk matrix compiled.

The matrix should be created on the basis of a risk map, in which the risks are located on the coordinate plane, where one axis represents the probability of the occurrence of risks, and the other is the number of losses from the probability of the occurrence of risks. Each organization independently chooses the concept and level of danger, but as a rule, this is lost profit. As an example, it can be assumed that up to 33% is not dangerous, up to 66% the danger is acceptable, and more is unacceptable. Then, the probability range can be divided into three groups from 0 to 1: unlikely, likely, and very likely. By assigning a range to each factor, one can mark it on the risk map and see which zone each factor falls into (Risk management, 2018). In addition to the graphical form, risk maps can be displayed in tabular form by putting a ‘+’ sign in the cell by risk factor.

The list of risks should be compiled by an expert who is obliged to fully and accurately describe the risk and then choose the method for calculating and forecasting the amount of losses from the occurrence of a risk event. After assessing the risks, one can proceed to the development of a risk management plan. The main task of creating a management strategy is to reduce or increase any risk to its acceptable level. The strategy should include the following:

  • a complete list of risks with the most accurate description of all their characteristics;
  • risk management methods;
  • action plan to minimize potential risks;
  • assessment of the costs of carrying out preventive measures;
  • the amount of the self-insurance fund;
  • the value of the probability of risk occurrence and its possible size;
  • list of methods for covering possible damage to the enterprise (Risk management, 2018).

Finally, monitoring should be carried out, as effective control over the results of the system requires constant monitoring of the actual use of risk reduction methods. Monitoring can be carried out in the form of current and scheduled inspections (Risk management, 2018). At the same time, one needs to know that current checks are the most effective. They allow for timely identification and eliminate the shortcomings of the risk management system that can lead to losses. Planned ones should take place after the occurrence of the relevant events and causing losses to the enterprise. The final stage also involves updating and supplementing information on risks, allowing to respond to them promptly.

Risk management tools and techniques are the things and ideas used to control company risks. Today, there are a different number of tools that allow to work in different areas and with different risks. For example, Optial is a flexible, multi-module software platform for managing key business security measures, including risk, compliance, and auditing (The top 10 enterprise, 2021). The platform has been designed to work with companies in industries such as finance, manufacturing, and healthcare. The platform allows teams to track key risk indicators, KPIs, and critical control indicators over time and use scenario analysis to determine the worst and best impact.

SRM and ERM

Companies often have to do the right thing to stay ahead of the competition. In terms of execution, this entails maintaining the order of operations as well as determining a viable approach. However, many businesses miss market opportunities because they neglect financial risk. Although operational risks are a problem, strategic risks are often underestimated even though they can have a more significant effect, so strategic risk management plans are essential.

Most importantly, strategic risks arise when companies struggle to meet consumer needs. Essentially, companies face risks and setbacks in order to achieve their goals. All internal options carry the risk of making the wrong decision (Hirth & Chesley, 2017). To complicate matters further, competitive risks do not depend solely on arbitrary judgments. On the other hand, external factors such as consumer demand can also contribute to this.

Strategic risk management focuses on the most significant and significant risks to shareholder value. Strategic risk management is the process of identifying, assessing, and managing risks and uncertainties that are affected by internal and external events or scenarios that may interfere with an organization’s ability to deliver on its strategy and strategic objectives, with the ultimate goal of creating and protecting value for shareholders and stakeholders (Hirth & Chesley, 2017). It is the core component and essential foundation of enterprise risk management.

Enterprise risk management (ERM) in business includes the methods and processes organizations use to manage risks and seize opportunities associated with achieving their goals. ERM provides a framework for managing risk, which typically includes identifying specific events or circumstances relevant to the organization’s objectives, assessing them in terms of likelihood and magnitude of impact, defining a response strategy, and monitoring the process (Frigo & Anderson, 2011). By identifying and proactively addressing risks and opportunities, businesses protect and create value for their stakeholders, including owners, employees, customers, regulators, and society at large.

Once a company has reached the required level of experience and duration of ERM, its CFOs and other members of the management team may already consider this system as the basis for a more strategic approach to risk management. Strategic risk management is a method of assessing risks, analyzing their possible consequences, and taking appropriate measures to minimize them (Frigo & Anderson, 2011). Enterprise risk management allows an organization to consider the potential implications for a risk profile from an organization-wide or portfolio perspective.

Risk Management Strategies

Risk management becomes part of the process of making managerial decisions under conditions of uncertainty. In this regard, in order to increase the effectiveness and efficiency of such decisions, it is necessary to deepen knowledge and improve business skills in the field of risk management. From the management’s point of view, strategy is a long-term system of measures to provide an organization with a long-term competitive advantage. The development of a strategy consists of choosing the most optimal direction for the organization’s development. The main goal of the risk management strategy is to achieve significant competitive advantages in the field of risk management.

To exclude (eliminate) the organization’s risk factors, a combination of risk management strategies (minimizing the negative consequences of the organization’s risks) can be used. Strategies reduce the negative impact of risks on key economic indicators of the organization. Since, in practice, the organization will not be able to eliminate potential risk factors completely, risk elimination is an important component of the organization’s integrated risk management system.

Management methods used by enterprises are usually divided into strategic and tactical. The first relates to the long-term and the plans of the enterprise. They are focused on the entire process of the life of the enterprise. Tactical management deals with the implementation of specific practical tasks within a certain period of time. Strategic risk management deals with the analysis, planning, and overcoming of negative trends in case of their occurrence. The strategy involves the development of methods and principles of the company’s behavior, taking into account their forecasting and analytical preparatory work. Careful work with risk management allows to an increase the company’s investment attractiveness and increases the confidence of counterparties, partners, and third-party organizations providing services. Strategy development permits to create a set of alternative solutions and responding flexibly to crisis events.

Defining Roles

Clear assignment and consolidation of risk management roles and responsibilities are essential to building a solid risk management culture within an organization. The risk management strategy is determined by the management of the enterprise (firms, business units, and more) (Ferreira de Araújo Lima et al., 2020). That is done within the framework of a single strategy of the organization and is aimed at preserving the existing and creating new capital of the organization. The risk management model largely depends on the industry specifics and the resources of the organization. It can be built around the classic concept of three lines of defense.

Business unitsManagers, business unit managers, as well as employees are responsible for the timely identification of risks, their assessment, management, reporting, and monitoring as part of their functional duties. Top management and the board of directors determine the risk management strategy, approve risk appetites, and monitor risks.
Risk management functionsRisk managers (including departments responsible for security, insurance, and financial unit) are business consultants and are responsible for developing the methodology, training, raising awareness, accompanying the process, and support. Sometimes the risk management team also performs the function of quality control and aggregate risk information.
Internal auditIndependent bodies such as internal audit and internal control units provide independent control over the fact that the organization’s risk management is carried out as described in the schemes and procedures.

Risk management function is the center of competence for risk management in the company and is responsible for independent, timely, and quantitative analysis of the risks of decisions made. This model requires the risk manager to be directly involved in the process of making critical business decisions and assumes that the risk manager is responsible for the decisions made on an equal basis with other managers. In certain cases, the risk manager has the mandate to block precarious transactions that do not correspond to the strategic goals of the company.

Choosing a Strategy

Strategic groups are important factors for a firm in formulating its strategy if the strategic group influences risk management. Strategic groups are collections of companies in an industry that exhibit similar characteristics in some key characteristics. Firms with similar characteristics are in the same pool of competitors, and they may collude or compete with each other (Nettayanun, 2014). Groups targeting different product lines will have different risk characteristics. Various risk characteristics can affect the performance of an insurer. If the strategic group focuses on specific states, regulatory differences between those states can directly affect pricing and performance.

Management has overall responsibility for managing risk for the organization, but it is essential that senior management goes further and increases dialogue with the board of directors and stakeholders. Risk management must be used to gain a competitive advantage (Standard Deviations, 2018). Through improved risk management, senior management and the board of directors will better understand how explicit consideration of risk can benefit strategy choices.

Conclusion

Various types of risk management will be applied to different types of risk management, ranging from complete rejection of risk to absolute risk insurance. The feasibility of carrying out each risk management activity should be assessed based on the principles and stages of the risk management system. However, the ultimate goal of risk management corresponds to the target function of entrepreneurship. It consists of obtaining the most significant profit at the optimal profit ratio and risk acceptable to the entrepreneur. Strategic risk management, a core element of enterprise risk management (ERM), focuses on the types of risk that can affect stakeholder value. As a result, senior managers must devote time to managing and countering this danger. Risk management is supported by an infrastructure that provides the framework and organizational arrangements for its development, implementation, monitoring, review, and continual improvement. When developing a risk management infrastructure, responsibilities, authorities, and related competencies are established.

References

Chentukov, Y., Omelchenko, V., Zakharova, O., & Nikolenko, T. (2021). Assessing the impact of higher education competitiveness on the level of socio-economic development of a country. Problems and Perspectives in Management, 19(2), 370–383. Web.

Ferreira de Araújo Lima, P., Crema, M., & Verbano, C. (2020). Risk management in smes: A systematic literature review and Future Directions. European Management Journal, 38(1), 78–94. Web.

Frigo, M. L., & Anderson, R. J. (2011). What Is Strategic Risk Management? STRATEGIC FINANCE.

Hirth, R. B., & Chesley, D. L. (2017). Enterprise Risk Management Integrating with Strategy and Performance. COSO.

Malhotra, A., Schmidt, T. S., Haelg, L., & Waissbein, O. (2017). Scaling up finance for off-grid renewable energy: The role of aggregation and spatial diversification in derisking investments in mini-grids for Rural Electrification in India. Energy Policy, 108, 657–672. Web.

Nettayanun, S. (2014). Essays on Strategic Risk Management. [Dissertation, Georgia State University]. Web.

Risk management – guidelines. (2018). BSI.

Standard Deviations: A Risk Practitioners Guide to ISO 31000. IRM’s risk management standard. (2018). Web.

The top 10 enterprise risk management tools. Inflectra. (2021). Web.

Vetter, T. R., & Schober, P. (2018). Regression. Anesthesia & Analgesia, 127(1), 277–283. Web.

Zio, E. (2018). The Future of Risk Assessment. Reliability Engineering & System Safety, 177, 176–190. Web.

Removal Request
This essay on Risk Management in an Organisational Setting was written by a student just like you. You can use it for research or as a reference for your own work. Keep in mind, though, that a proper citation is necessary.
Request for Removal

You can submit a removal request if you own the copyright to this content and don't want it to be available on our website anymore.

Send a Removal Request