What is risk management and why does it matter?

19 June 2015 Kieron Johnson

Risks are an inevitable part of everyday life. No risks, no rewards.

In the hallowed words of Albert Einstein: “A ship is always safe at the shore, but that is not what it is built for.”

That said, we all need to manage risk. Whether you are an individual investor on the financial markets or part of a company looking to drive performance and revenue growth, risk management is serious business.

Taking some risks (and not taking certain others) could literally spell curtains for your business, so having a no-nonsense risk management strategy in place and clearly communicating it across your company minimises the possibility of a poor result. After all, prevention is better than cure.

According to a 2015 Risk in Review survey carried out by PricewaterhouseCoopers, 73% of respondents agreed that risks to their companies are increasing. Meanwhile, only 31% of respondents reported having a fully-integrated risk management strategy. Not a good look.

Have a read through our guide to managing risks and, with any luck, you’ll be encouraged to position your business on the right side of these stats.

Risky business

What is risk? And risk management?

Risk is the possibility of a negative or undesirable outcome.

So, risk management is simply the process of controlling poor outcomes by identifying and addressing the risks facing your business.

Once you’ve carried out a risk assessment and you’re aware of the risks involved, there are four ways of managing each one:

  • Accept it.
  • Transfer it.
  • Reduce it.
  • Eliminate it.

You can always crystallise these options in a risk management policy, which outlines your business appetite for risk and its approach to risk management.

Adopting risk management is a win-win situation because not only do you lessen the odds of a calamity, you also seriously increase the chances of achieving your overall business objectives (more on this later).

In a tad bit more detail, here are five steps you should take when carrying out the risk management process:

1.Identify the risks surrounding your business activities.
2.Assess the probability of an event happening.
3.Determine the response to the event.
4.Implement systems to handle the consequences of the event.
5.Monitor the effectiveness of your risk management approach and controls.

What’s your type?

Businesses face all manner of risks, but the main categories are:

  • Strategic: these are linked to working in a particular industry. For instance, a new competitor entering the market.
  • Legal/compliance: these are associated with the necessity of your business abiding by laws and regulations. The introduction of new health and safety legislation is a prime example.
  • Financial: these are connected to the financial structure of your business, the transactions it does and the financial systems in place. For example, a customer defaulting on payment or increased interest charges on a business loan.
  • Operational: these are related to the operational and administrative procedures of your business. Theft or breakdown of essential equipment falls into this group.

Sizing-up the risks

By now, you know what the risks are. Evaluation is next up on the agenda.

Risk evaluation is an uber-powerful tool, which allows you to assess the seriousness of the risks to the business and make a judgement call on whether to accept them or take action to prevent or minimise them.

Here’s a three-point plan for evaluating risks:

1.Rank the risks by considering the probabilities and consequences of events.
2.Plot the probabilities and consequences on a risk map.
3.Incorporate systems and controls to handle the consequences.

Better business

As we hinted at earlier, risk management makes for better business. The process:

  • Improves your decision-making, planning and prioritisation.
  • Helps you distribute capital and other resources more efficiently.
  • Aids your anticipation of unwanted outcomes, minimising the time spent fire-fighting or, worse still, preventing serious financial loss (or even meltdown).
  • Significantly increases the chances of you delivering your business plan on time and within budget.

Take home message

Don’t forget to insert the threats identified during your risk assessment exercise into your business continuity plan (BCP).

A BCP sets out what staff should do if a certain incident occurs, for example, if a fire breaks out and guts your entire office. If you’re wondering what a BCP looks like, it’s probably a very dusty-looking document that has rarely seen the light of day.

Increasingly, insurance companies are demanding to see evidence that risk is being responsibly managed (minimising the likelihood of a claim) before they provide cover.

With a proper risk management strategy at play, your firm will no longer be engaging in risky business. It will simply be hedging its bets.