Table Of Contents
What Is Risk Management?
Risk management is a process carried out by an organisation that seeks to identify, measure, monitor and control risks an organisation faces. Business is complex and where there is complexity there is risk. Business managers find themself with many decisions to make, constrained resources, competing priorities and environmental factors to consider as well. Businesses face many different risks such as environmental risk, political risk, business risk, financial risk and more.
Objectives of Risk Management
Risk managements objective is to find out which risks a business faces, find ways to quantify and measure those risks, create methods to monitor risks and finally come up with treatment methods which mitigate or eliminate risk. The overall objective to create a business that is less susceptible to risks and therefore enhance the safety of investors in the business.
Identification of risks is the first objective of risk management. Risk exists because the future is never certain. In any given aspect of a businesses operations there are always variables at play. While it is possible for variables to move positively it is the potential of a negative movement that risk management is mostly concerned with. Let’s take the simple example of a farmer who plants crops. Among the risks that can be identified by this farmer are drought, conversely floods, insects, disease, theft and price drops. Through all these things the plans for harvest and income can be affected adversely much to the detriment of the farmer. As a primary objective risk management must identify all possible risks to the future viability of a venture.
Measurement of risks is the next step in the objectives of risk management. Once the risks have been identified it is then important to create a system through which the risks can be measured and their potential impact quantified. ISO 31000 on Risk Management updates the standard for the risk register. The risk register is a document that is used to quantify risk values in monetary terms and identify the likelihood of the risks occurring. Let us continue with our crop farmer example. The probability of drought or floods is based on weather patterns in the past while the impact is based on the sensitivity of the crop to the conditions. These details would be kept in a risk register and this would give our farmer an overview of the degree of risk involved with each variable and the value at risk; the potential amount that can be lost through that risk. This information will be important later on. Measuring risks is important for any business.
Once we have both identified and measured the risks that are present in a business the next risk management objective to fulfill is to continuously monitor risks. Risks are not static things, in reality the probability of risk events occurring fluctuates from time to time. Our farmer makes a perfect example of this through weather related risks. At the time of planning and planting the weather department would have given an outlook on their expectation of the weather that will prevail.through the cropping season. It is customary for the department to continue updating people on the expected weather patterns as it is very difficult to accurately predict weather, especially for longer periods. Continually checking the weather is a form of monitoring the risk. In the case of theft the farmer may join other farmers in the community to share information about patterns of theft in the area and also carry out an assessment of the security at his premises and see how effective it is at preventing theft. The farmer may also keep an eye on market prices for his crops to monitor price risk.
Finally risk managements objective is to control risk. When risks are identified, measured and monitored the final objective is to assess just how the risk can be dealt with or controlled. The various risk management methods available to businesses and people come at a cost and this is where the aforementioned value at risk becomes important again. A business must consider the size of the risk and compare it with the cost of controlling the risk to evaluate if it is worth it. Risk is controlled through one.of four methods namely transferring, tolerating, treating or terminating.
Risk is transferred through the use of contracts such as sale or insurance contracts. We discussed before that the farmer has risks of theft and adverse weather. In the case of drought or floods the farmer can take an insurance policy against adverse weather. As mentioned before this comes at a cost of premiums and whether or not these are worth paying will.be determined by the probability of the occurrence and the value at risk. Another example of transferring the risk would be entering into a sale contract for the crop at a prearranged price. This will transfer the price risk that the farmer faces. This method is usually suitable for high value low probability risks.
In some cases it is perfectly acceptable to tolerate risks as a part of doing business. This treatment method is usually preferred where the risks are low value and low probability. Say our farmer assesses through monitoring that the possibility of crop theft is very low and as such decides to invest in security for his farm but determines that the cost of say theft insurance is too high a price to pay for a low risk occurrence.
Treating risks is a method of risk control that seeks to insulate a business from the risk. This is done by adapting the systems within the business to prevent the identified risk from becoming a threat down the line. As a risk management objective controlling risk involves changing the business if need be. Turning back to our farmer let’s assume that through monitoring we learn that there is a high risk of drought this season. If the farmer receives this information before planting he can switch to a drought resistant variety of the same crop. This treats the risk in the sense that if it it transpires there is drought the effect will be low. It is not a simple undertaking and is recommended for moderate probability and high risk situations.
Finally termination can be used as a risk control method. The objective of risk management is prevent loss of value to investors through adverse occurrences. In some cases, particularly where the value at risk and probability are both very high, the best alternative may be to terminate the risk altogether. This may take many forms but to continue with our farmer example we may elect to cancel the cropping project altogether and go into another form of farming .
What our farmer case study lacks in nuance it makes up for in its ability to lay bare the objectives of risk management. Understanding the importance of identifying, measuring and monitoring risks provides us with the necessary foundation to understand how risk can be controlled. Whether we choose to transfer, treat, tolerate or terminate depends on a combination.of the value at risk and the probability of the risk.