In the world of uncertainty, every organisation faces a threat to incur the risk. To make its position in the competitive world, each and every firm needs to control and keep the level of risk exposure at the minimum acceptable range. And there are different types of risk associated with a business that can hamper the operation of a startup business. Risk management helps to identify, assess, manage, control and reduce the potential risks. The risk manager and the related parties usually try to identify all kinds of risks associated with the different business functions like production, sales, marketing, human resource management, research and development etc. Through various risk management strategies, business organisations or firms try to remove the consequences of each potential risk associated with the operation.
Risk assessment is the organised way to identify and evaluate possible opportunity and risk. It informs companies about the actions to respond to the risk. In the case of assessment of risk, it is needed to identify the main drivers of business risk: management, customer base, competitor, operational efficiency, financial efficiency, trade secrets, economic conditions, projections, etc. Methods of assessing risk can be divided into three parts: Tree Diagram, Monte Carlo simulation Method, and Expert Method.
In order to shine in the business, it is needed to have smooth continuity in the business process. Any uncertainty may hamper the smooth continuity of business. Damage and interruption of the operation and financial performances are consequences of business process interruption. In a word, through practical risk assessment, a firm can manage multiple levels of risk at a time.
In the current dynamic world, risk lurks at every step; many organisations are now focusing on their risk management strategies. These strategies provide firms with various options to deal with their potential problems and uncertainties. Any business organisation can act more confidently to make better future decisions based on the risk management strategy. Thus risk management helps a company to achieve its strategic goals and to gain a competitive position. So control of risk is very crucial for the business survival and growth. At the same time, Risk Assessment can be defined as a systematic process to find out possible threats and opportunities that could prolong the business’s achievement. (Faisal, Banwet and Shankar, 2007). Such events are widespread in both the external environment and the organisation’s internal environment. The risk assessment process is the foundation for a solid and successful risk management program in a business.
2. Risk management
2.1 Explanation of risk management:
Risk management is a structured and continuous process to identify, analyse, assess, control, avoid, decline or eliminate the unacceptable risk and find out the best possible solution and precautionary steps to prevent or curb the risk exposure in the upcoming future (Holmes, 2002). Typically risk leads the firms to negative results and consequences, but by using risk management strategies, the business firms try to lessen or remove the effects of each potential risk. For example, any likely firms or investors can manage their risk by diversifying their investment and asset classes.
According to Mark S Dorsman, “Risk management is the logical development and carrying out of a plan to find out the opportunities and to deal with potential losses.” (Riskmanagement.georgetown.edu, 2014).
The process of risk management can be easily realised through the below-given chart:
2.2 How risk management affects different business functions?
It is critical to identify all related and potential risks in all the facets of a specific business. Sometimes an organisation can face unique risks that need to be managed with care and efficiency by observing the situations. In the case of risk management, the related parties usually try to identify legal, physical, financial, intellectual and technological risk associated with the different business functions like production, sales, marketing, human resource management, research and development etc.
- Sales function & risk management:
The selling level of a business can be affected by arrogance risk (overlook customer need), information risk (poor data quality management), strategic risk (choose the wrong strategy), tactical risk (right strategy execution in a wrong way), ethical risk (the more revenue-focused not trust enhancing) and reputation risk etc. Firms need to specify their sales-related risk and take a strategy to reduce or eliminate or transfer potential risk.
- Production & risk management:
The production function also faces different risks like political risk, strategic risk, natural risk, information risk, reputation risk. For example, due to political turmoil, raw material supply can be hampered and affects production, and due to strategic risk, production level and quality can be significantly impacted.
- Marketing & risk management:
Risk management allows removing the market obstacle and risks by ensuring growth, improving accountability, transparency and speed to market. Key risk management indicators focus on informational risk like the change in the customer perception, behaviour and demand, operational risk like inactive processes or people and technological risk etc. These indicators permit the organisation to decide on what is required to mitigate to increase the efficiency of the marketing functions.
- R&D and risk management:
The research and development function mainly faces the technological threat. Technology change can obliterate the functionality of any product. Risk management helps to identify such risks and take prior initiatives before the obliteration of the products.
- Administration & risk management:
Administration functions of a business firm are associated with business, financial, legal, political, country risk etc. A good management strategy helps to find out which chance is the most crucial one for the firms. According to the identification, firms can take initiatives to mitigate or remove the risk.
So, risk management helps to search for the obstacles and provides guidelines to get rid of the challenges. As risk management is a proactive function, firms can make decisions to prevent risk as much as possible.
2.3 Evaluation of methods of assessing risk in business:
Risk assessments are strategic preventive tools that can help enterprises keep up their existence in the most adverse situation. It informs companies about the actions to respond to the risk. The methods of assessing risk can be divided into three parts, such as:
- Tree Diagram:
A tree diagram is the organised and scheme oriented description of the projects. Influence tree, decision tree, casual tree, failure, consequence tree, cause and effect tree are some examples of decision trees. It helps to find out the risk easily and quickly, and it is a good tool for teamwork and communication.
- Monte Carlo Method:
It is a simulation method based on the utilisation of the gradation of random and pseudorandom numbers. Its application can vary from calculation accuracy to calculation speed. It is a standard and flexible method for the risk assessment task.
- Expert Method:
The expert method for risk assessment can be divided into two different parts. These are verbal and numeric.
- Verbal method: one takes a decision based on the availability and received information. Example: the brainstorming and the what-if analysis etc.
- Numeric method: Helps to detect parts of the projects in danger and compare the more solutions.
Besides these two, the expert method can use the other three analyses to assess the risk. These three analyses are:
- Failure mode and effect analysis
- Universal matrix of risk analysis
- SWOT analysis
2.4 Evaluation of approaches to manage risk in a business:
In the dynamic world, all business firms need to be prepared for uncertainty and unexpected consequences to continue their operation in the changing business world. Though the kinds and level of potential risks vary from company to company, approaches to manage risk follow a relatively similar and familiar pattern. The approaches are as follows:
- Mitigate risk:
Once the area, level and priority of risk are identified, related authorities need to take initiatives to reduce the risk. Thus the cost and time will be saved.
- Transfer risk:
Risk can be transferred to third parties like insurance companies. It is a perfect solution for the uncertainties like fire, accident and hazard from natural calamities.
- Eliminate risk:
Elimination of risk is only possible in a few cases. For example, one company can eliminate its arrogance risk by producing customer need oriented products.
- Accept risk:
When there is no way or only a few suitable ways to mitigate, transfer, or eliminate risk, the firms need to accept the risk. It is pretty common to risk getting an extra return or holding a better competitive position.
- Avoid risk:
It indicates avoiding the whole project related to risk.
Comparative analysis of these approaches:
It usually seems to all rational persons that elimination of risk is the best approach to manage risk. But in reality, it is not possible to eradicate the risk in all cases. Sometimes, firms become concerned to lessen the level of trouble at the lowest possible level accepting a minimum level of risk. Risk transfer often helps to lower the risk level. In which cases, the bearing of risk can threaten the reputation and existence of the firm; it is the best solution to avoid the risk.
So, the efficiency and effectiveness of these risk management approaches vary from case to case. But before applying any of these approaches, the risk manager needs to be concerned about the time frame and cost associated with these approaches. If these two provide any unsatisfactory indication, managers need to make a cost-benefit analysis of the possible solutions.
In these ways, any business firm will be able to manage its level and exposure of risk.
3. Risk assessment
3.1 Significant drivers of business risk
Business Risk refers to the uncertainty of profits or loss of earnings due to some unforeseen events. A business person may face risks in every function of the business. So, it is needed to identify the main drivers of business risk. It may be the following types:
The development of any company depends on its proper management. If any of these management team members have been missing, the firm may face difficulty in its success.
- Customer support & market acceptance
It is challenging for a new product to convince the customer and make a higher profit. If the customer doesn’t like the latest product, it will sustain in the market for an extended period.
Competition among firms is one of the risk drivers of business risk. Because competitors always try to take the chance to grab the lion share of the company’s intended market. So, a person in business should have to be aware of his existing and potential competitors.
- Market preference & Operational efficiency
The company’s revenues and operating results may vary in case of changes in the purchasing patterns of customers, competitive pricing, changing economic scenarios, etc. There is no guarantee about the successful inauguration of the new product.
- Financial efficiency
Financial efficiency may also adversely affect the Company’s business. For example,
It is essential to project about break-even points and how much the rate of return will be for investors in the first five-year timeframe before the launch of the business. If the projection is not appropriate, it may cause the company’s dissolution within very few periods.
- Proprietary Rights & trade secrets
Many companies rely on special trade secrets for gaining a competitive position. In order to become successful, it is needed to protect intellectual property which the Company has acquired or developed. Neither, the reveal of trade secrecy of the business may demolish the company’s uniqueness in its market.
- Economic Factors
The company’s financial success may be crucial to the changes in economic conditions in the country, such as recession, inflation, unemployment, and interest rate fluctuations. Such changing conditions can impact negatively on demand for the product. And, Company has no control over these factors. (Bradley, 2011).
Management has prepared their planning of business based on their projection of the company. And it is very critical to forecast based on past matters but also to overlook the future. Many predictions of the business get ruined over time because of the managers’ of the company.
3.2 Impact of different types of risks
There are different types of risk related to a business that minimises the success of a start-up business (Mehr and Hedges, 1963). For example,
- Market and opportunity risk
The success of a company depends on the size of the market. It is easy to get a win in a large market rather than a small market.
- Competitive risk
The company may face competitive risk from its present and potential competitors. If the company does not handle its market share efficiently through continual innovation, proper customer services, it may suddenly lose its customer base to its competitors.
- Market entrance strategy risk
The selection of inappropriate pricing, marketing, or distribution strategy has a significant potential risk. For example, in the first year, huge marketing is needed to create knowledge about the company to customers. And it may be hazardous for this newly launched business to depend on the social websites proclaiming to offer a free service and live on ad revenues without a considerable marketing investment.
- Political & economic risk
Unexpected changes in the Political and economic conditions may cause the customers not to get the company’s product. For example, the surprising inclusion of taxes and tariffs may cause an increase in the price of a product that customers may not be interested in because of the high cost.
- Technology risk
New technologies have both positive and negative impacts on a business. Such technologies, especially those characterised as “paradigm shifts” or “disruptive”, may have long and costly acceptance cycles or may run into unpredictable performance or manufacturing problems. Medical technologies are also expensive due to high legal testing requirements, approval processes, and insurance validation cost.
- Operational risk
Some businesses require substantial supportive or administrative infrastructures. For example, vehicle fuel improvements need available service stations and maintenance shops to ensure their viability. Even small operations can be the reason for the breaking downs of specialised equipment and complex support processes.
3.3 Analysis of severity and likelihood of risk
In order to assess the risk of any business, it is needed to predict the severity and the likelihood of the risk. The risk of a business can be calculated through the Severity of risk and the possibility of occurrence of this risk.
Risk =Severity of Harm x Likelihood of occurrence
This simple computation gives a risk value of between 1 and 9, enabling a rough and ready comparison of risks.
In this case, the lower the number, the greater the risk will be. So that control action can be targeted at higher stakes.
3.4 Suggested Risk management strategies
Typically Risk leads the firms to negative results and consequences. Any potential firms or investors can manage their risk by properly diversifying their investment and its asset classes.
Though the kinds and level of potential risks vary from company to company, strategies to manage risk follow a relatively similar and familiar pattern. Such as:
- Mitigate risk
- Transfer risk
- Eliminate risk
- Accept risk
- Avoid risk
Usually, in order to manage risk, a rational businessman wants to eliminate the risk. It may not be possible to eliminate the risk in all cases. Sometimes, firms become concerned to lessen the level of threat at the lowest possible level accepting a minimum level of risk. Risk transfer often helps to lower the risk level. In which cases, the bearing of risk can threaten the reputation and existence of the firm; it is the best solution to avoid the risk. So, the efficiency and effectiveness level of these risk management strategies can vary from case to case.
3.5 Approaches to crisis management
Crisis management refers to the action that is taken by the organisation to prevent any unexpected event with a negative effect that threatens the success and continuation of the operation of the business (Scarborough and Zimmerer, 2000). Through crisis management, a business person can understand the nature of the crisis, the impact of the situation in the organisation, its management tools, etc.
In order to deal with the unknown, a two-phased planning process is necessary:
- Phase -1: Preplanning, which is related to risk assessment and mitigation. For example, A backup system is crucial for a computer-based information system to be safe in a system crash.
- Phase -2: Crisis assessment and management planning, which means incident resolution. In this phase, it is needed to
- identify potential crisis that might affect the business
- Determine how the owner of the firm intends to minimise the risks of these disasters occurring?
- set up how the owner of the company will react if a disaster occurs in a business continuity plan
- Tests the plan regularly.
If the company has proper crisis management, it implies to customers, insurers and investors that your business is robust enough to cope with anything that might be thrown at you – possibly giving you the edge over your competitors.
3.6 Impact of breaks in business continuity
The business may face a lot of disaster in the continuation of its operation. Any type of disaster significantly affects its day to day regular operation.
In order to shine in the business, it is needed to have smooth continuity in the business process. Depending on specificities, a company can tolerate only concise (seconds or minutes) or relatively long (days) breaks of business continuity.
For example, nowadays, Business organisations greatly depend on systems based on information-communication technology, which are subject to failures and crashes. Suppose this does not insure against such things as physical damages of information-communication technology. In that case, the company can’t cover the losses of costs covering the material loss, additional working cost, lost revenue from business interruption, etc. Although insurance can cover the material loss, cost of different working, and the lost revenue from business interruption, it does not typically cover the loss of:
- Customers’ loss
- Business opportunities’ loss
- Reputation’s loss
- Brand value’s loss
Besides this, breaks into business continuity may also affect a business such as:
- Force to take longer to respond to the event;
- Force to take longer to recover its critical functions;
- Passion for making more incorrect decisions in the early stages;
- Bound to have more significant problems communicating with its stakeholders.
But actual cost does not consider all these above-given criteria. It only finds costs that can’t be insured.
Risk management is not a reactive plan; instead, it is a proactive one to foresee the risk, estimate the impacts and make a response to the reduction of risk and hazard. Proper understanding and treatment of risks help the organisations save from unnecessary difficulties later and prepare the related parties for the unavoidable incidences and issues. The risk assessment process forms the basis of an effective risk management program. Through practical risk assessment, firms can respond to multiple risks at a single time. So, an effective risk management and risk assessment system provides forward-looking insights that allow organisations to avoid risks. It also provides more meaningful clarity around the risks they face and gives an idea about all possible and available solutions.
Bradley, J. (2011). BUSINESS PLAN RISK FACTORS. [online] Goodfaithpropertymanagement.com. Available at: http://www.goodfaithpropertymanagement.com/t98-business-plan-risk-factors [Accessed 28 Apr. 2014].
Crouhy, M., Galai, D. and Mark, R. (2000). Risk management. 1st ed. New York: McGraw Hill.
Ecs.hr, (2012). Establishing Business Continuity Management System | ECS — Eurocomputer Systems. [online] Available at: http://www.ecs.hr/en/ict-business-consultancy/establishing-business-continuity-management-system/ [Accessed 28 Apr. 2014].
Edmead, M. (2007). Understanding the Risk Management Process. [online] Theiia.org. Available at: http://www.theiia.org/intAuditor/itaudit/archives/2007/may/understanding-the-risk-management-process/ [Accessed 28 Apr. 2014].
Elliott, D., Swartz, E. and Herbane, B. (2002). Business continuity management. 1st ed. London: Routledge.
Faisal, M., Banwet, D. and Shankar, R. (2007). Information risks management in supply chains: an assessment and mitigation framework. Journal of Enterprise Information Management, 20(6), pp.677–699.
Gibb, F. and Buchanan, S. (2006). A framework for business continuity management. International Journal of Information Management, 26(2), pp.128–141.
Hester, R. and Harrison, R. (1998). Risk assessment and risk management. 1st ed. Cambridge, UK: Royal Society of Chemistry.
Holmes, A. (2002). Risk management. 1st ed. Oxford, U.K.: Capstone Pub.
Hotchkiss, S. (2010). Business continuity management. 1st ed. Swindon, U.K.: BCS, the Chartered Institute for IT.
Mehr, R. and Hedges, B. (1963). Risk management in the business enterprise. 1st ed. Homewood, Ill.: R. D. Irwin.
Mehr, R. and Hedges, B. (1963). Risk management in the business enterprise. 1st ed. Homewood, Ill.: R. D. Irwin.
Pharmadirections.com, (2014). Risk Management | PharmaDirections. [online] Available at: http://www.pharmadirections.com/risk-management [Accessed 28 Apr. 2014].
Riskmanagement.georgetown.edu, (2014). Risk Management Overview. [online] Available at: http://riskmanagement.georgetown.edu/assessment/ [Accessed 28 Apr. 2014].
Scarborough, N. and Zimmerer, T. (2000). Effective small business management. 1st ed. Upper Saddle River, N.J.: Prentice Hall.
Walter, E. (2013). 10 Tips For Reputation And Crisis Management In The Digital World. [online] Forbes. Available at: http://www.forbes.com/sites/ekaterinawalter/2013/11/12/10-tips-for-reputation-and-crisis-management-in-the-digital-world/ [Accessed 28 Apr. 2014].