In: Categories » Business » Management » Mapping Your Business Risk Profile
| Conducting business has always been a risky proposition, and all businesses have some tools in place to manage risk. Companies insure against losses, institute safety, health, and environmental procedures, lobby governments, hedge currencies, trade commodity futures, and protect their IT systems with firewalls and other measures. But generally these decisions are silo-based: managed by plant managers, country managers, finance departments, and IT administrators. While these may have sufficed in the past, they are inadequate in the era of interdependent risk. No one department or business unit (or even one company) has the peripheral vision needed to manage these risks. What’s more, the trend in corporate governance reform over the past few years means that more corporate boards have new legal responsibilities for enterprise-wide risk management. Since the mid- 1990s and particularly after the accounting scandals at Enron, WorldCom, and others, standards bodies in Australia, New Zealand, Canada, Germany, the United Kingdom, and the United States have all emphasized the board’s responsibility in identifying and managing business risks. Facing greater risks, many businesses are at a loss, and ask questions such as: “What can we do about acts of God or terrorists?” or “Aren’t my competitors just as vulnerable as I am?” They may believe that they cannot afford to take risks, or, having taken risks already, they cannot afford to invest in risk mitigation, believing that it will increase their costs, slow them down, and make them less competitive. Managing risk, however, is about becoming more flexible and competitive, not less. Risk must be examined in the overall context of corporate strategy and market opportunity, but the old adage still applies, “There is no reward without risk.” As a result, companies are turning to strategic risk management to improve outcomes while continuing to actively engage a volatile global business environment. More than just a checklist of safety measures, a strategic risk management approach identifies the core processes that drive a company’s earnings and monitors both internal processes and external events to ensure that risk and reward are continually reevaluated and rebalanced. It is a dynamic approach demanded by a dynamically changing global business environment. The ultimate goal is, through an iterative process, to help companies evaluate their risk management process in the context of a structured “stages of excellence” approach. Rather than cataloguing all the possible risks a company might face, the first stage in strategic risk management is to understand the company’s internal processes in order to isolate the most relevant and critical risks. Once a company understands its own internal vulnerabilities, it can monitor the external environment for danger signs and then begin to create mitigation and contingency plans accordingly. While companies may not be able to prevent disasters, they can reduce the impact by understanding how their operations may be affected. The goal is not to eliminate risk altogether (an impossible proposition) but to develop operational resilience, foster the ability to recover quickly, and plot alternative courses to work around the disruption. While global corporations are vulnerable to many of the same risks, each company has a unique risk profile. There are five key steps in the development of this profile: Prioritize earnings drivers. The first step is to identify and then map a company’s earnings drivers, which provide operational support for the overall business strategy. These are the factors that would have the biggest impact on earnings if disrupted, and a shock to any one could endanger the business. For example, a financial services firm might depend on information technology to the extent that even 10 minutes of downtime could have a major impact on earnings. A consumer products company depends on its brand reputation. Identify critical infrastructure. The next step is to identify the infrastructure —including processes, relationships, people, regulations, plant, and equipment—that supports the firm’s ability to generate earnings. Brand reputation, for example, might depend on product quality control processes, supplier labor practices, and key spokespeople within the firm. Research and development might depend on specific laboratory loca tions, critical personnel, and patent protection. Again, every company is unique, and even companies in the same industry will prioritize their drivers differently. The goal is to identify the essential components required for the earnings driver. One way to do this is by asking, “What are the processes which, if they failed, would seriously affect my earnings?” Locate vulnerabilities. Having mapped the critical operational infrastructure, the next step is to identify the main vulnerabilities. What are the weakest links, the elements on which all of the others depend? It could be a single supplier for a critical component, a border that 80 percent of your products must cross to get to your key markets, a single employee who knows how to restore data if the IT system fails, or a regulation that makes it possible for you to stay in business. Vulnerabilities are characterized by: • An element on which many others depend; a bottleneck • Processes with no alternatives • Association with high-risk geographic areas, industries, and products (war or flood zones, or economically troubled industries, such as airlines) • Insecure access points to important infrastructure Notice that the focus is still on the internal processes rather than potential external events. In many ways, the impact of a disruption does not depend on the precise manner in which these elements fail. Whether your key supplier fails because of a fire in a plant, an earthquake, a terrorist attack, or an economic crisis, you may have the same response plan. Develop responses. After mapping its risk profile, a company will have detailed knowledge of its operational vulnerabilities and how these relate to its strategic goals and earnings. Simply understanding these vulnerabilities at the enterprise level will clarify critical decisions. The decision to move production from South America to China, for example, will have a clear impact on the company’s risk profile, as will a decision to adopt new corporate social responsibility standards. But completing a risk profile will also bring to light opportunities to reduce risk while at the same time indicating the value to be gained. Risk mitigation plans can be put into two broad categories: flexibility and redundancy. Flexible responses generally require advanced planning but little or no upfront investment and include: • Identifying alternate suppliers • Identifying alternate modes of transportation • Using products designed for rapid switching of components • Adopting manufacturing designs for rapid switching of products • Having multiple (flexible) locations for various tasks • Identifying additional production capacity • Cross-training employees Redundant solutions, on the other hand, generally require an investment in capacity that may not be needed and include: • Increasing inventory • Developing a cadre of alternate suppliers • Preparing back-up IT and telecom systems • Holding unused capacity • Fostering long-term supplier contracts Monitor the risk environment. For each vulnerability, there will be a number of potential responses. In order to evaluate which responses are most appropriate, it is necessary to look at the external environment. To be sure, some risks—notably, the wild cards, such as a worldwide pandemic or a simultaneous resurgence of terrorism in several countries—defy easy countermeasures. But most other risks—those that affect a specific country, region, or industrial sector—are manageable. By gauging the likelihood of various events, the company can evaluate how much to invest for each vulnerability. A company’s risk profile is constantly changing —economic and market conditions change, consumer tastes change, the regulatory environment changes, as will products and processes. It is essential that the company’s risk map change in tandem, implementing an early warning system so contingency plans can be activated as soon as possible. Although a detailed development of a company’s risk management profile is a fairly elaborate process, a simple self-assessment can quickly identify the largest gaps. Clearly, being able to reduce the costs of a disaster is a major benefit of risk management. But risk management is much more than an insurance policy that kicks in after disaster strikes. By understanding the relationship between corporate strategy and risk profile, corporations can ensure that they are not taking unnecessary risks, while at the same time reducing the potential impact of essential risks. Through flexibility and redundancy, companies can react quickly to changes in the marketplace, whether those changes are as common as varying consumer demand or as rare as political revolutions. The agility that results will ultimately allow corporations to maintain their equilibrium and come out on top, even in a world perpetually out of balance.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
For many enterprises, the challenges have been met by pursuing four management initiatives: 1. Provide systematic and comprehensive knowledge management distributed widely throughout the enterprise and guided (not controlled) from central management. KM is backed up by monitoring, incentives, and detailed understanding of knowledge mechanisms to ascertain appropriate actions everywhere. 2. Pursue integrative management practices on personal, departmental, and business unit levels,...
2. Relevant Decision Information and Management Practices
No sound decisions are possible in a business setting without relevant information being available to the decision-maker. This axiom applies to all types of decision situations, whether large or small. The value creating company has established information sources and access to this information to enable persons at all levels to make rational trade-offs, whenever faced with an issue to be decided. This requires several supportive management practices: • Sharing of relevant information. • Decision...
3. The Five Step Problem Solving Approach
People who are really good at solving problems go about it systematically. They have a way of placing the problem in context. They don’t jump to conclusions. They evaluate alternatives. A good way to become a systematic problem solver is to adopt the following five-step problem-solving process. Identify the problem. This is critical: you must try to solve the right problem. Don’t try to solve a problem the customer sees as low priority or unimportant. Identify the...
4. Account Managing Versus Account Leading
Let’s look at the difference between managing and leading. The two terms are sometimes used interchangeably—such as when people refer to someone in a management position as a leader—but there are important distinctions. The difference between managing and leading is the difference between doing things right versus doing the right things. Doing things right means being efficient. Doing the right things means being effective. Sales leaders are efficient when they get quotes and other work...
5. How to Become an Exceptional Sales Professional
The two things that salespeople must do are to sell and to keep customers happy. It’s not complicated, but it’s not easy. One of my assignments while at AT&T involved designing a sales competency model. We wanted some way of assuring ourselves that our salespeople could sell effectively. We wanted to know we could relied on them to consistently deliver results that we and customers wanted. We were especially concerned about preventing mistakes by identifying the skills or knowledge they needed ahead of time....
6. Economic Incentives when creating a company
One of the critical attributes of the value creating company is the degree of attention paid to providing appropriate near-term and long-term incentives to its managers and employees. There should be a true causeand- effect phenomenon surrounding incentives and results. If a company’s incentives are based on some of the common, broad accounting measures such as return on equity, or return on assets, or even earnings per share, there is a real risk that decisions, large and small, will suffer from the economic disc...
7. Management Philosophy Choices Practices and Actions
Management Philosophy The company’s management pursues the hologram philosophy whereby each employee is a replica of the whole and understands management’s visions and the company’s daily business situation and long-term strategy. That allows employees to make independent decisions to implement corporate strategy, while taking into account short-term tradeoffs, broad business implications, and other consequences. The management recognizes that people are “incredibly ...
8. General errors and mistakes that commited by Business Companies
Companies have worked hard at restructuring themselves in response to the dramatic changes that have occurred in the economy and in their marketplaces in recent years. Here are a few thoughts concerning some of the serious errors companies have committed in their efforts to change: Mistake 1: Laying Off Only Lower-Level Support Staff Personnel decisions are made by senior and middle management— who, of course, are not going to choose themselves for outplacement. As a result, the company ends up ...
9. Risk Assessment Form
Purpose Risk assessment forms are used to capture outputs from the risk management process so that key stakeholders are aware of both risks identified and the evaluations thereof. Some risk assessment forms are built with risk mitigation information as well, so as to track the responses and the outcomes of those responses. The risk assessment form is a component of a comprehensive risk archive. They may stand alone or be a component of a project status report. Application Risk assessment forms ...
10. Work Results
Purpose Work results are the output of any project effort. The documentation for work results is a record that the effort has been completed and the output has been produced. It is used as proof that the effort was put forth. As with technical documents, work results are used for a wide variety of purposes associated with the varied nature of the work that was completed. Application Documentation from work results is used as affirmation that work has been accomplished as prescribed. If work was...